This article is more than 1 year old

Docker blocker: Container crew takes on The 1%... of anonymous download whales

Outlines new way of counting pull requests to avoid being swamped

Container-flinger Docker has offered further details on why it has changed the terms of service for its Hub service, blaming 1 per cent of its users for making trouble for the rest of us.

The latest explainer addresses Docker’s rate-limited plans for container image pulls.

“In determining why rate limits were necessary and how to apply them, we spent considerable time analyzing image downloads from Docker Hub,” the post explained. “What we found confirmed that the vast majority of Docker users pulled images at a rate you would expect for normal workflows. However, there is an outsized impact from a small number of anonymous users. For example, roughly 30 percent of all downloads on Hub come from only 1 per cent of our anonymous users.”

Docker’s new limits will stop this sort of thing and instead “accommodate normal use cases for developers – learning Docker, developing code, building images, and so forth.”

But doing so isn’t simple. Docker explains that it doesn’t have an API for pulling an image. “In fact, an image pull is actually a combination of manifest and blob API requests, and these are done in different patterns depending on the client state and the image in question,” the post explained.

“Historically, Docker monitored rate limits based on blobs,” the firm went on, saying it had chosen to do so because blob “a blob most closely correlated with bandwidth usage.”

But that turns out to have been a bad idea because it created “an inconsistent experience depending on how many layers the image you are pulling has, discourages good Dockerfile practices, and is not intuitive for users who just want to get stuff done without being experts on Docker images and registries.”

Docker shocker: Cash-strapped container crew threatens to delete 4.5 petabytes of unloved images


Henceforth the company will therefore calculate its rate-limiting regime by measuring manifest requests.

“This has the advantage of being more directly coupled with a pull, so it is easy for users to understand,” wrote veep of software engineering Jean-Laurent de Morlhon.

“There is a small tradeoff,” he warned, in that “if you pull an image you already have, this is still counted even if you don’t download the layers.”

The new limits are a further sign of belt-tightening brought on by a cash crunch arguably caused by Kubernetes badly beating making Docker’s “Swarm” orchestration tool and denying the container pioneer a growth market.

Docker has kept itself afloat with asset sales, but now faces the tricky task of trimming its services while retaining developer devotion. ®

More about


Send us news

Other stories you might like