request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

Retry with debug logs:docker --debug pull <image>

Validate DNS and connectivity to the registry host from the same machine.

If you use a proxy, ensure Docker is configured to use it (daemon + CLI env).

If the registry is internal, confirm health and TLS cert validity.

DNS, firewall, proxy, or VPN is blocking registry traffic.

The registry is temporarily unavailable or overloaded.

Corporate proxies are interfering with TLS or long-lived connections.

Re-run the original pull/push and confirm it completes.

Confirm CI runners can reach the same registry endpoint.

Use a proxy/cache registry to reduce dependence on upstream availability.

Keep runner network configuration consistent (DNS/proxy/firewall).