Docker finally enforces pull rate limits, but reckons only 1.5% of users are affected

Amnesty period ends, time to control those 'runaway processes' or pay up


Container crew Docker has completed rolling out new pull limits for non-paying users, but claimed that only 1.5 per cent of users are affected.

Products veep Donnie Berkholz made this statement in a post about the company's progress with limiting container pulls from Docker Hub for free users, part of an effort to become financially sustainable.

Anonymous users are now limited to 100 container image requests per six hours, and authenticated free users to 200 image requests per six hours. Between 2 and 18 November, the company used a "progressive enforcement" policy allowing higher rates but informed over-quota users where possible.

Some users, said Berkholz, had hitherto undiscovered bugs in their procedures, like "runaway processes downloading once every 3 seconds."

Berkholz said that only 1.5 per cent of unique IP addresses, or about 40,000, are impacted by the new limits. The usage of that small percentage is high, though, with "roughly 30 per cent of all downloads" from 1 per cent of anonymous users.

That said, some of these may be cloud providers rather than greedy or misconfigured individual users. Google and AWS have explained that some configurations would lead to excessive usage. On Google's cloud, for example, image pulls from private clusters are routed via a single NAT gateway so presumably would show to Docker as a single IP address.

Going on Berkholz's figures, it looks like Docker may be relieved of a bit more than 30 per cent of its volume of free downloads from Docker Hub. While that is useful, the other side of this coin is that even with the new limits the company is supporting millions of developers pulling container images for free. There are more than 13.6 billion pulls per month, Berkholz said.

There may be a further benefit from users who have taken the opportunity to rationalise or cache Docker Hub pulls, which will be good both for them and for Docker. The new public registry announced by AWS will also have a significant impact.

Everybody likes free, but if it encourages unconstrained resource usage there is a downside. ®


Biting the hand that feeds IT © 1998–2020