From 2c2eb87fa8b6563a727fba16bb2626de0abfe645 Mon Sep 17 00:00:00 2001 From: Frank Wang Date: Tue, 27 Oct 2020 21:37:46 -0400 Subject: [PATCH 1/2] Update executor-types.md --- jekyll/_cci2/executor-types.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jekyll/_cci2/executor-types.md b/jekyll/_cci2/executor-types.md index 9114c6357d2..71658027e7d 100644 --- a/jekyll/_cci2/executor-types.md +++ b/jekyll/_cci2/executor-types.md @@ -54,6 +54,8 @@ In this example, all steps run in the container created by the first image liste - If you encounter problems with rate limits imposed by your registry provider, using [authenticated docker pulls]({{ site.baseurl }}/2.0/private-images/) may grant higher limits. +- CircleCI has partnered with Docker to ensure that our users can continue to access Docker Hub without rate limits. As of November 1st 2020, with few exceptions, you should not be impacted by any rate limits when pulling images from Docker Hub through CircleCI. However, these rate limits may go into effect for CircleCI users in the future. That’s why we’re encouraging you and your team to [add Docker Hub authentication]({{ site.baseurl }}/2.0/private-images/) to your CircleCI configuration and consider upgrading your Docker Hub plan, as appropriate, to prevent any impact from rate limits in the future. + - Avoid using mutable tags like `latest` or `1` as the image version in your `config.yml file`. It is best practice to use precise image versions or digests, like `redis:3.2.7` or `redis@sha256:95f0c9434f37db0a4f...` as shown in the examples. Mutable tags often lead to unexpected changes in your job environment. CircleCI cannot guarantee that mutable tags will return an up-to-date version of an image. You could specify `alpine:latest` and actually get a stale cache from a month ago. - If you experience increases in your run times due to installing additional tools during execution, it is best practice to use the [Building Custom Docker Images Documentation]({{ site.baseurl }}/2.0/custom-images/) to create a custom image with tools that are pre-loaded in the container to meet the job requirements. From f05319e180d44adcd59169d84d0fe399cd86906d Mon Sep 17 00:00:00 2001 From: Frank Wang Date: Tue, 27 Oct 2020 21:45:10 -0400 Subject: [PATCH 2/2] Update private-images.md --- jekyll/_cci2/private-images.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jekyll/_cci2/private-images.md b/jekyll/_cci2/private-images.md index 24135b48e9b..7a8b7e19450 100644 --- a/jekyll/_cci2/private-images.md +++ b/jekyll/_cci2/private-images.md @@ -15,7 +15,7 @@ This document describes how to authenticate with your Docker registry provider t Authenticated pulls allow access to private Docker images. It may also grant higher rate limits depending on your registry provider. -Starting [November 1, 2020](https://www.docker.com/blog/scaling-docker-to-serve-millions-more-developers-network-egress/), Docker Hub will impose rate limits based on the originating IP. Since CircleCI runs jobs from a shared pool of IPs, it is highly recommended to use authenticated Docker pulls with Docker Hub to avoid rate limit problems. +CircleCI has partnered with Docker to ensure that our users can continue to access Docker Hub without rate limits. As of November 1st 2020, with few exceptions, you should not be impacted by any rate limits when pulling images from Docker Hub through CircleCI. However, these rate limits may go into effect for CircleCI users in the future. That’s why we’re encouraging you and your team to add Docker Hub authentication to your CircleCI configuration and consider upgrading your Docker Hub plan, as appropriate, to prevent any impact from rate limits in the future. For the [Docker]({{ site.baseurl }}/2.0/executor-types/#using-docker) executor, specify username and password in the `auth` field of your [config.yml]({{ site.baseurl }}/2.0/configuration-reference/) file. To protect the password, place it in a [context]({{ site.baseurl }}/2.0/contexts), or use a per-project Environment Variable.