Saturday, May 28, 2022

[How To] Avoid Hitting Docker Pull Rate Limit by Authenticate Pull Request

When demoing kubernetes platform, I definitely need sample application to deploy. There are some great reference here: https://williamlam.com/2020/06/interesting-kubernetes-application-demos.html, where most of the source container images are coming from Docker registry. If you try to deploy the app manifests, you might hit error like the following:

429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit.

This happened because starting November 2020, Docker apply pull rate limit (reference: https://www.docker.com/blog/what-you-need-to-know-about-upcoming-docker-hub-rate-limiting/). To avoid that, basically you need to authenticate your pull. For my purpose, I register for free Docker hub account.

  • Create a free Docker hub account.
  • Create secret using Docker hub account

NAMESPACE=default
DOCKER_HUB_USER=REDACTED
DOCKER_HUB_PASSWORD=REDACTED
DOCKER_HUB_EMAIL=REDACTED
kubectl create secret docker-registry docker-hub-creds \
--docker-server=docker.io \
--docker-username=$DOCKER_HUB_USER \
--docker-password=$DOCKER_HUB_PASSWORD \
--docker-email=$DOCKER_HUB_EMAIL \
--namespace=$NAMESPACE

  • Modify Service Account to use created secret

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "docker-hub-creds"}]}' --namespace=$NAMESPACE
  • Repeat above step 2-3 for every namespace to be applied.
That's it! Considering my pull rate, free account serves the purpose.

Credit goes to my colleague Steven Liang who outline the steps above.

No comments:

Post a Comment