• beerclue@lemmy.world
    link
    fedilink
    English
    arrow-up
    32
    arrow-down
    2
    ·
    2 months ago

    Are You guys really pulling more than 40 images per hour? Isn’t the free one enough?

    • pop@lemmy.ml
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      7
      ·
      2 months ago

      On Lemmy, it’s a sin to make money off your work, especially if it is opensource core projects providing paid infrastructure/support. You can only ask for donations and/or quit. No in-between.

    • sugar_in_your_tea
      link
      fedilink
      English
      arrow-up
      10
      ·
      2 months ago

      Even at work we don’t pull that many, and we have dozens of developers.

    • gencha@lemm.ee
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      3
      ·
      2 months ago

      A single malfunctioning service that restarts in a loop can exhaust the limit near instantly. And now you can’t bring up any of your services, because you’re blocked.

      I’ve been there plenty of times. If you have to rely on docker.io, you better pay up. Running your own NexusRM or Harbor to proxy it can drastically improve your situation though.

      Docker is a pile of shit. Steer clear entirely of any of their offerings if possible.

      • beerclue@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        I use docker at home and at work, nexus at work too. I really don’t understand… even a malfunctioning service should not pull the image over and over, there should be a cache… It could be some fringe case, but I have never experienced it.

        • gencha@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          2 months ago

          Ultimately, it doesn’t matter what caused you to be blocked from Docker Hub due to rate-limiting. When you’re in that scenario, it’s most cost efficient to buy your way out.

          If you can’t even imagine what would lead up to such a situation, congratulations, because it really sucks.

          Yes, there should be a cache. But sometimes people force pull images on service start, to ensure they get the latest “latest” tag. Every tag floats, not just “latest”. Lots of people don’t pin digests in their OCI references. This almost implies wanting to refresh cached tags regularly. Especially when you start critical services, you might pull their tag in case it drifted.

          Consider you have multiple hosts in your home lab, all running a good couple services, you roll out that new container runtime upgrade to your network, it resets all caches and restarts all services. Some pulls fail. Some of them are for DNS and other critical services. Suddenly your entire network is down, and you can’t even get on the Internet, because your pihole doesn’t start. You can’t recover, because you’re rate-limited.

          I’ve been there a couple of times until I worked on better resilience, but relying on docker.io is still a problem in general. I did pay them for quite some time.

          This is only one scenario where their service bit me. As a developer, it gets even more unpleasant, and I’m not talking commercial.

    • Pieisawesome@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      2 months ago

      One of the previous places I worked at had about a dozen outbound IP addresses (company VPN).

      We also had 10k developers who all used docker.

      We exhausted the rate limit constantly. They paid for an unlimited account and we just would queue an automation that would pull the image and mirror it into the local artifact repo