search

Azure / acr

Azure Container Registry samples, troubleshooting tips and references
https://aka.ms/acr
Other
164 stars 112 forks source link

Docker Hub rate limiting #705

Closed gatti2602 closed 1 year ago

gatti2602 commented 1 year ago

I'm not clear on this email that our team received: image Seems Docker hub is already enforcing the rate limits since 2020 so what is changing on September 30 that we have to be aware of?

terencet-dev commented 1 year ago

Hi @gatti2602, thanks for reaching out to us. @JXavierMSFT can help out with this question.

bkarakashev commented 1 year ago

Hi @terencet-dev @JXavierMSFT any update on this? we have the same question.

squillace commented 1 year ago

Hi @gatti2602 if you have not been affected by "anonymous-pull" rate limiting from Azure IPs, there's a chance that this is because Azure IP ranges are exempted from rate limiting until the end of the month of September. BUT there is also the chance that you simply do not pull frequently enough to be limited or that you're doing authenticated pulls with Docker credentials. In both of the latter cases, you won't see any change in behavior. We can't know how much you pull from Docker Hub library, so please do some testing to discover whether you're exceeding the documented limits for authenticated pulls from the library content.

If you are currently pulling anonymously from Docker Hub library more than the documented limits, you may begin to see rate limiting take effect in October.

And I should also mention that all public registries do rate limiting; this discussion is merely that the content in the Docker Hub library is so frequently used that it's easy to pull more than the anonymous limits without thinking about it. The fact that Azure and Docker have supported this up until now has "masked" the situation. If you use ACR Caching service, however, you're going to a) skip worrying about this and b) be able to establish a more reliable and performant delivery of DH library content going forward.

Does this help? Please, feel free to continue asking questions here about your situation.

gatti2602 commented 1 year ago

I understand that Azure IPs in case that:

  1. Private network does not have a load balancer with outbound rules
  2. The VM pulling the image does not have a public IP

Are a shared pool of IP addresses across different users in the cloud (Azure names it Default outbound IPs if I'm not mistaken) so if other users are anonymously pulling images from Docker Hub my limit can be affected, correct?