There are many operations in the CI cluster that pull images from Docker Hub. After Docker enabled a download rate limit,
I am facing issues downloading the images with errors like:
toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
There are 2 simple ways to increase the rate limits.
Free Account. If you use a free account of docker hub, the limit will be increased from 100 to 200.
Premium Account. You will have unlimited downloads
Independently on the kind of account you use (even if you decide to create your own registry), you will need to provide the OC and controller with the credentials.
Add your credentials to the cluster.
This can be done cluster wise using:
kubectl create secret generic regcred \ --from-file=.dockerconfigjson=<path/to/.docker/config.json> \ --type=kubernetes.io/dockerconfigjson
If you need to create a config.json you can run:
and a file ` ~/.docker/config.json` will be created once that you finish the login.
See Create a Secret by providing credentials on the command line in Kubernetes documentation.
How to use the credentials
To be able to use the credentials we added to the cluster, we need to tell the pods to use them.
How to apply it to operations center and managed controllers:
You can update the values in the yaml with:
OperationsCenter: ImagePullSecrets: regcred
regcred is the secret created before as example.
This setting will update the pods and the secret will be added.
How to apply it to the Agents:
Using the Service Account
Agents: ImagePullSecrets: regcred
regcred is the same or similar secret as above. Helm chart will automatically add this image pull secrete to the service account used for the agents.
You can update manually the pod templates adding the same secret, something like:
apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: <your-private-image> imagePullSecrets: - name: regcred
As is explained in the k8s docs: