Rathandev Chiluka's Blog
Overcoming Docker Image Pull Rate Limits During Istio Upgrades

Overcoming Docker Image Pull Rate Limits During Istio Upgrades

Rathandev Chiluka's photo
Rathandev Chiluka
·

2 min read

Table of contents

Intro

This blog is all about the issues that I’ve faced in real time while doing an Istio upgrade due to the Docker Hub usage and limits on image pulling that came into effect for non-premium users.

The error

❌ “You’ve reached your pull rate limit. You may increase the limit by authenticating and upgrading… (refer snippet for detailed error log)”.

The Reason behind the error

Docker has come up with a change, for non-premium users docker has started enforced the image pull rate limit

  • Unauthenticated users: 10 pulls/hour

  • Authenticated users with a free account: 100 pulls/hour

https://docs.docker.com/docker-hub/usage/

How to Overcome this issue

There are two ways that I know to overcome is,

  1. Obviously get the premium subscription for unlimited image pull.

  2. Use any other free container repository.

What I choose to overcome

I don’t want to pay money when I can do this with the free alternate options, So we can pull the Istio image from Google Cloud Artifact Registry (GCR).

  1. First check the rate limit of your instance by using any one of the below command
TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/alpine:pull" | jq -r '.token')

curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/library/alpine/manifests/latest

If the output is shown “RateLimit-Remaining: 0” it means you’ve reached the Docker Hub image pull limit.

  1. Since Istio is an Open source platform, the images are public and available in GCR.

    While installing Istio with ./bin/istioctl install command along with specific configurations you require, just add --set hub=gcr.io/istio-release in the end. ✅

This successfully install/upgrade the Istio by pulling the image from GCR.

Conclusion

  • By leveraging Google Cloud Artifact Registry with GitHub as a remote repository, organizations can overcome Docker Hub’s rate limits without incurring additional costs.

  • Be mindful of Docker’s rate limits, especially when working in CI/CD or large-scale environments.⚠️

  • Consider alternative image registries like GCR, ECR, or a self-hosted registry to avoid disruptions.🔄

DevopsKubernetes#istiodocker imagesDockerdockerhubAWS