OK, Docker pretty much invented modern containers. This meant they were first to do a lot of things. One of those things was Docker Hub — a centralised registry for storing container images. And for the longest time, Docker Hub was the de facto container registry.
However, that might be changing.
Why might it be changing.
There’s a few major reasons…
- First up, there’s a lot more choice today. For example, most of the major clouds offer their own container registry. There’s also a lot of times you need to manage your own private registry.
- Second up, some of the alternatives offer more than Docker Hub.
- And… last but not least, Docker Hub is starting to impose limits.
What are these new Docker Hub limits
As of November 2020, Docker Hub imposes the following rate limits on pull operations (image download operations).
- Unauthenticated users will be limited to 100 pulls (downloads) in any 6 hour period
- Authenticated free users will be limited to 200 pulls in any 6 hour period
- Authenticated paid users will be unlimited
To make the transition as seamless as possible, the limits will initially be higher.
Why the new limits
Docker Hub has 7M users, 7M repositories, and services over 10B pulls per month. Those are big numbers, and it costs a lot of money to maintain infrastructure to support that. And the short and skinny is that a small company like Docker, Inc. can’t afford to offer a service like that for free.
As a result, they’re rationalising.
Phase 1 of that rationalisation is throttling pull operations for free users. But who knows what future phases might bring — possibly deleting old unused images?
Update: Open-source projects can apply for exemption, and rightly so. This shows good form from Docker, Inc. and good working with the community.
What are my options
Fortunately there are options.
Option 1: Pay for a Docker Hub account
First up, you can pay for a Docker Hub account. I chose this option for a few reasons:
- It’s relatively cheap
- It keeps me independent of the major cloud providers
- Docker Hub is a good service and I’ve taken immense value from it over the years
- I get access to image vulnerability scanning
However, and this is very important… even if you upgrade to a paid Docker Hub account, you’ll need to authenticate your pull operations. This will require you to make small changes to your systems and processes.
Option 2: Move to a different registry
Fortunately, Docker Hub isn’t the only container registry and most of the big cloud providers have their own registries that are easy enough to use.
Personally, I’ve avoided these as they may be a step in the direction of lock-in. I could be totally wrong about this, but the way some of them are jumping all over this situation trying to get you to move your images to their registries makes me uneasy.
Outside of the major clouds, existing GitHub users might be interested in the new GitHub Container Registry.
Update: The following para has been updated to correct and clarify how The Artifact Hub works.
Harbor is worth a look if you need your own managed registry, and the Artifact Hub is worth a look if you’re serious about Kubernetes (the Artifact Hub doesn’t store anything, it provides simple consolidated search and discovery of artifacts such as Helm charts, operators and more).
However, moving to another registry also requires changes to your systems and processes. At the very least, you’ll need to do the following:
- Physically move your images to the new registry
- Update all image references in Dockerfiles, Compose files, Kubernetes YAML files etc
- Configure your systems to authenticate with the new registry
The changes being made to Docker have the potential to bite you hard if you don’t take action. Fortunately, there are plenty of options available.
I’m keeping a lot of my stuff on Docker Hub and paying a small monthly fee. However, GitHub Container Registry has me interested — purely because it’s GitHub. Also, the Artifact Hub is great if you’re serious about Kubernetes as it does so much more than just container images.
Share this post: