It was announced that it will be implemented from November 2, 2020, Docker pull Rate Limits (download rate limit), how to check the application status on the command line [Posted on Docker Blog](https://www.docker.com/blog/checking-your-current -docker-pull-rate-limits-and-status /) was done. This is a record of actually trying this.
point
--If you are not authenticated (docker login), everything is counted in the unit of anonymous (unauthenticated) regardless of the number of logins to the server. Therefore, if two people run 50 pulls at the same time, it is possible that the Rate Limit will be reached. ――Even on the same server, the restrictions on authenticated accounts and unauthenticated accounts are counted separately, so it seems that if you are authenticated, you will not be affected by others.
Download at pull as it was announced from Docker on August 24th. It seems that the ratio limit will change from November 2nd.
--100 downloads / 6 hours if not authenticated (anonymous user) --200 downloads / 6 hours if authenticated (Free account) --Unlimited login with Docker Pro / Team paid account
The latest restricted status is published on the following page.
Current Docker Hub Usage Limit Status (updated 11/2, 9:00am Pacific) Unauthenticated requests: 5,000 per six hours Free tier requests: 5,000 per six hours
--At this time (11/2 Japan time 8:00), 5,000 requests / 6 hours with or without authentication -* However, it will be revised at Pacific Time 11/2 9:00 (Japan time 11/3 9:00)
Temporary full enforcement window (100 per six hours for unauthenticated requests, 200 per six hours for free accounts): November 2, 9am-10am Pacific Time.
--Temporarily restricted to 100/6 hours of non-authentication and 200/6 hours of authentication from 11/2 9:00 to 10:00 (PT) (Japan time 11/3 2:00 to 3:00) (" Is "Temporary" a temporary coercion rather than a continuation?)
A way to validate the Rate Limit can be found on the Docker blog.
This confirms that the Rate Limit is applied in a pseudo manner by executing the command to pull the image ratelimitpreview / test.
However, as mentioned in the blog, when the command execution that executes the request is actually sending the request (pull) to Docker Hub, the command execution itself is naturally counted. Please be careful.
-- jq is required ( yum install jq for CentOS)
--If you want to see the data in detail, a command line tool such as base64 that can handle jwt as needed.
Execute this command on the environment where Docker is installed.
$ TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
then
curl -v -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest 2>&1 | grep RateLimit
< RateLimit-Limit: 100;w=21600
< RateLimit-Remaining: 99;w=21600
You can see that the current limit (Limit) is 100 and the rest (RateLimit-Remaining) is 99.
If you run the docker pull command several times and continue downloading,
$ curl -v -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest 2>&1 | grep RateLimit
< RateLimit-Limit: 100;w=21600
< RateLimit-Remaining: 95;w=21600
It can be seen that RateLimit-Ramaining is reduced to 95.
Enter the "username" and "password" on the second line when you log in to Docker Hub.
$ HISTCONTROL=ignorespace
$ TOKEN=$(curl --user 'username:password' "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
After getting the token, you can check it in the same way as anonymous.
curl -v -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest 2>&1 | grep RateLimit
< RateLimit-Limit: 200;w=21600
< RateLimit-Remaining: 198;w=21600
To simply check the currently applied Rate, use a tool that can handle jwt (JSON Web Token) for the contents of $ TOKEN, or if it is a command line
$ for line in `echo -n $TOKEN | tr "." "\n"`; do echo -n $line | base64 -d 2>/dev/null | jq 2>/dev/null && echo;done
You can also check it from the following pull_limit and pull_limit_interval.
{
"access": [
{
"type": "repository",
"name": "ratelimitpreview/test",
"actions": [
"pull"
],
"parameters": {
"pull_limit": "200",
"pull_limit_interval": "21600"
}
}
],
It seems that there is no problem for personal use, but if access from one place is concentrated in a short time in an environment where CI is rotated anonymously or through PROXY or gateway ( May be affected (without authentication).
Recommended Posts