As we have been implementing rate limiting on Docker Hub for free anonymous and authenticated image pulls, we’ve heard a lot of questions from our users about how this will affect them. And we’ve also heard a number of statements that are inaccurate or misleading about the potential impacts of the change. I want to provide some answers here to help Docker users clearly understand the changes, quantify what is involved, and help developers choose the right Docker subscription for their needs.
First let’s look at the realities of what rate limiting looks like, and quantify what is still available for free to authenticated Docker users. Anyone can use a meaningful number of Docker Hub images for free. Anonymous, unauthenticated Docker users get 100 container pull requests per six hours. And when a user signs up for a free Docker ID, they get 2X the quantity of pulls. At 200 pulls per six hours, that is approximately 24,000 container image pulls per month per free Docker ID. This egress level is adequate for the bulk of the most common Docker Hub usage by developers. (Docker users can check their usage levels at any time through the command line. Docker developer advocate Peter McKee shows how to get your usage stats in this blog.)
Here is the schedule for final implementation of the rate limits for unauthenticated and free Docker Hub users: these do NOT apply to Docker Pro and Team Subscribers:
|Date||Spike Hours (PST)||Anonymous LImit (per 6 hours)||Free Limit w/ Docker ID (per 6 hours)|
|11/16/2020||3am–3pm (12 hrs)||250||250|
|11/18/2020||No Spike (final)||100||200|
Images hosted on Docker Hub range in size from megabytes to gigabytes, so many common container images will quickly consume multiple GB of repository data in a CI/CD pipeline. With Docker Hub, you don’t have to worry about the size of images being pulled, but rather you can focus on the frequency and contents of your builds instead. And not all repositories are created equal: Docker Hub features Docker Official and Docker Certified images of hundreds of popular packages, so you can be confident in official images as being vetted by Docker before incorporating into your CI/CD pipeline.
Another common question we get is about using an internal mirror to pull images for an organization. This is absolutely a supported deployment model and a best practice that allows your developers to access the images they use the most from within your firewall. In this case all you would need to do is create a Docker Team account and assign one of the users as a service account to pull the images needed. Mirroring can be done with a range of technologies including Docker Registry. Our engineering team is reaching out to users who are making an unusually high number of requests to Docker Hub. In many cases, the excessive use is a result of misconfigured code that hasn’t been caught previously. For many of these users, once their code is remediated, the quantity of requests decreases dramatically.
Designed for Developers
Along with a different approach to measuring pulls vs image sizes, we also believe our pricing model is right for developers. Docker subscription pricing is straightforward and predictable. Starting at $5 per month, per user, developers and dev teams can sign up, budget, and grow at a rate that is predictable and transparent. Many of the “free” offerings out there instead bill against cloud resources consumed by images being stored or consumed. Budgeting for developer seats against variable resources can be a challenge with this model: we believe our model is both easier to understand and budget, and delivers meaningful value to subscribers.
We also recognize the needs of Open Source Software projects, who need advanced capabilities and greater throughput while operating as non-profit entities. We are committed to open source and providing sustainable solutions for open source projects. For qualifying projects, we announced our Open Source Software program so these projects can use Docker resources without charge. To date, over 40 projects of all sizes have been approved as part of this program. OSS teams can submit their projects for consideration through this form.
Finally, Docker Subscriptions are about more than just additional access to container pulls. Last week we announced a number of new features for Docker Pro and Team subscribers, including enhanced support and access to vulnerability scan results in Docker Desktop. Docker subscribers will continue to see new capabilities and functionality added every month. For a good overview of the features available to Docker Pro and Team subscribers, visit the Docker Pricing Page.
I want to thank the Docker community for their support during this transition. Reducing excessive use of resources allows us to build a sustainable Docker for the long term. Not only does this help us invest more money into being responsible stewards of the Docker project, but it also improves performance and stability of Docker resources for all of our users.
This syndicated content is provided by Docker and was originally posted at https://www.docker.com/blog/rate-limiting-questions-we-have-answers/