Problem
We run a larger fleet of blueos devices, that are connected over LTE. Our ISP for the LTE employs CG-NAT, so publicly our IP adresse is re-used by several devices across different antenna/connections.
When we need to update blueos on several devices (via dockerhub), then we sometimes run into rate limiting by dockerhub. For anon connections, the rate limit is 100 "pulls" per 6 hours. Ref: https://docs.docker.com/docker-hub/usage/
We get met with the TOOMANYREQUESTS, with the addition of "You have reached the unauthenticated pull rate limit". Which makes sense, I can see how with multiple images, on multiple devices (on the same IP (as dockerhub sees it), that we would hit the limit.
This is frustrating, as there is no good way to get around this for our non-dev staff (besides just waiting a few hours). We've prevously gotten around this by just doing docker pulls via bash (outside of blueOS), via docker login (authenticate).
Solutions
It seems like currently blueOS has some docker login wired up, but it does not actually use the signed in accounts (root nor non-root) as far as I can tell in the code. Not sure what the auth is for (private repos?), if not being used for pulling images. It feels like we could take this login further, and try to use the authenticated credentials, with anon as a fallback. That should at least double our limit.
Another option might be to see if its possible to fetch fewer images, or NOT fetch images, unless requested (to decrease the amount of pulls).
Notes
I understand that this is a niche issue, and most people dont run multiple devices, over LTE (with CG-NAT). I'm happy to help out writing the feature, if there is a acceptance for a proposed (or different) solution to this problem.
Problem
We run a larger fleet of blueos devices, that are connected over LTE. Our ISP for the LTE employs CG-NAT, so publicly our IP adresse is re-used by several devices across different antenna/connections.
When we need to update blueos on several devices (via dockerhub), then we sometimes run into rate limiting by dockerhub. For anon connections, the rate limit is 100 "pulls" per 6 hours. Ref: https://docs.docker.com/docker-hub/usage/
We get met with the
TOOMANYREQUESTS, with the addition of "You have reached the unauthenticated pull rate limit". Which makes sense, I can see how with multiple images, on multiple devices (on the same IP (as dockerhub sees it), that we would hit the limit.This is frustrating, as there is no good way to get around this for our non-dev staff (besides just waiting a few hours). We've prevously gotten around this by just doing docker pulls via bash (outside of blueOS), via
docker login(authenticate).Solutions
It seems like currently blueOS has some docker login wired up, but it does not actually use the signed in accounts (root nor non-root) as far as I can tell in the code. Not sure what the auth is for (private repos?), if not being used for pulling images. It feels like we could take this login further, and try to use the authenticated credentials, with anon as a fallback. That should at least double our limit.
Another option might be to see if its possible to fetch fewer images, or NOT fetch images, unless requested (to decrease the amount of pulls).
Notes
I understand that this is a niche issue, and most people dont run multiple devices, over LTE (with CG-NAT). I'm happy to help out writing the feature, if there is a acceptance for a proposed (or different) solution to this problem.