Amazon has announced a new solution to address Docker’s limited container image rates. Docker started limiting the rate at which images are pulled under their anonymous and free plans as of this month. As a result, Amazon recommends users to first identify public container images in use, then choose a mitigation approach and take the necessary steps.
Users of Amazon Elastic Container Service (ECS), and Amazon Elastic Kubernetes Service (EKS) clusters can identify Docker Hub images by searching for files named ‘Dockerfile’ in the source code for the ‘FROM’ command.
Users should also search their container application cluster configurations for public images. Amazon said it is working to automate these steps to make it easier to generate a list of all public images in source repositories.
“With the introduction of these limits, our customers should expect some of their applications and tools that use public images from Docker Hub to face throttling errors, such as when they build from a parent public image or pull a public image to run. Many of our customers have expressed concern about possible impact, so we are sharing some practical advice for managing Docker Hub’s rate limits, and announcing an upcoming AWS solution,” Amazon wrote in a blog post.
For mitigation, Amazon recommends copying public images being used into a private registry such as Amazon Elastic Container Registry (ECR) or to upgrade to a paid Docker Hub subscription. Both approaches require switching to an authenticated pull model.
Customers who update the Amazon ECS agent to the latest version using the AWS Console or CLI will also not see rate limit impacts when upgrading, as the upgrade process downloads the latest ECS agent image from Amazon S3 and does not rely on Docker Hub. However, customers who create their own AMIs for use with ECS, or use third-party AMIs, must manage installation and upgrades of the ECS agent.
All EKS add-on software that is included with EKS clusters is hosted on ECR today and will not be subject to Docker Hub rate limits.
Customers can check whether they are using a manifest with a Docker Hub image and update to use a chart that references an ECR hosted image. These charts are available in the EKS Charts GitHub repository.
Amazon also announced that it will deliver a new public container registry that will allow developers to share and deploy container images publicly.
“Developers will be able use the new registry to distribute public container images and related files like helm charts and policy configurations for use by any developer,” Amazon wrote. “A new website will allow anyone to browse and search for public container images, view developer provided details, and see pull commands — all without needing to sign in to AWS. AWS-provided public images such as the ECS agent, Amazon CloudWatch agent, and AWS Deep Learning Container images will also be available.”