About Docker Hub pull limit

Target audience

--Those who are developing or operating services using managed services that use containers, such as EKS and GKE. --Those who are familiar with images that are operated by pulling directly from Docker Hub instead of the private registry


wrap up

--From November 1, 2020, there will be a limit on the number of image pulls from Docker Hub for Free users. -Download rate limit --Docker --In particular, among Free users, the limit on the number of times Anonymous users who are not logged in is 100 pulls / 6 hours.


Arrangement of response methods and their investigation

The following three methods can be considered. 1 is the easiest and 3 is the most troublesome.

  1. Somehow docker login on each managed service host
  2. Use GitHub Container Registry
  3. Migrate the images you are pulling from Docker Hub to a private registry

1. Somehow docker login on each managed service host

It would be easiest if this could be done, but the conclusion seems impossible. In the first place, it seems that the managed service around the container is premised on using the private registry, and even if I googled with "EKS (or GKE) docker login" etc., no particular information came out.

2. Use GitHub Container Registry

GitHub will publish a public and free container registry. See the article below for details.

-Started service as "GitHub Container Registry" public beta. Public image of container can be published for free

As you can see in this article, there is no explanation so far that there are some restrictions on the use of the free range. Therefore, it may be used as a second Docker Hub that does not require login and can pull an unlimited number of images. On the other hand, the GitHub Container Registry is still in public beta at this stage, and it's unclear how far support will go by November 1, 2020. Therefore, at least at this time (2020-09-30), this method is difficult to use.

3. Migrate the images you are pulling from Docker Hub to a private registry

The most solid method. Is the procedure as follows?

  1. Identify all the container images used by the service and scrutinize whether they have been pulled directly from Docker Hub.
  2. Push the image you are pulling directly from Docker Hub to the private registry.
  3. Change the pull destination from Docker Hub to the private registry.

Finally

I think this story can be a serious problem depending on the service, but I can't get much information even if I look it up. If you have any knowledge, I would be very grateful if you could comment.

Recommended Posts

About Docker Hub pull limit
Docker Hub pull limit has already begun
About Docker
About Docker
About Docker capacity
Docker Container pull has a rate limit enforced
Find out about Docker
About Java 10 Docker support
Check the rate limit application status of docker pull
GitHub Actions users now prepare for Docker Hub pull limits
About simple operation of Docker
About Docker, disguise server and container