The article is a continuation ΠΈ articles, it will answer frequently asked questions about the new restrictions on the use of services from Docker, which will come into force on November 1, 2020.
What are the Docker Terms of Service?
is an agreement between you and Docker that governs your use of Docker products and services.
When do the new terms of service take effect?
The updated terms of service are effective immediately.
What changes have been made to the terms of service?
Section 2.5 has undergone the most significant changes. To learn about all the changes, we recommend that you read the full .
What is the inactive image storage limit and how will it affect my account?
Image storage is based on the download or upload activity of each individual image stored using a user account. If an image hasn't been downloaded/uploaded for 6 months, it will be labeled "inactive". All images marked as "inactive" are scheduled for deletion. Accounts with a data plan are subject to this limitation. Free for individual developers and companies. A new dashboard for Docker Hub will also be available, giving you the ability to view the status of all your container images across all repositories associated with your account.
What will be the new storage limits for container images?
Docker has introduced a new container image storage policy for inactive images, effective November 1, 2020. The storage policy for inactive container images will apply to the following pricing plans:
- Free plan: there will be a 6-month storage limit for inactive images;
- Pro and Team plans: There will be no age limit for inactive images.
What is an "inactive" image?
An inactive image is a container image that has not been downloaded or pushed to the Docker Hub image repository for 6 months.
How can I check the status of my images?
In the Docker Hub repository, each label (and the last image associated with the label) has a "Last pushed" date, which can be easily seen in the Repositories if you are logged into your account. A new dashboard that offers the ability to view the status of all images across all repositories in your account, including the most recent label as well as previous versions of the label, will be available on Docker Hub. Account holders will be notified by e-mail about inactive images that are planned to be removed.
What happens to inactive images once the retention limit is reached?
Starting November 1, 2020, all images marked as "inactive" will be scheduled for deletion. Account holders will be notified via e-mail of "inactive" images scheduled for deletion.
How do I get unlimited storage times for my images?
These restrictions will apply only to the tariff plan Free. Account users with billing plans Pro or Team are not subject to restrictions. If you have a Free plan account, you can easily upgrade to a Pro or Team plan that costs .
Why did Docker introduce a new "inactive" image retention policy?
As the world's largest container image repository, Docker Hub stores over 15PB of data. Docker's internal analytics tools showed that of those 15PB images stored on Docker Hub, more than 10PB have not been requested for more than six months. Digging deeper, we found that around 4.5PB of these inactive images are associated with accounts with a Free plan.
Docker, after the introduction of such a restriction, will be able to economically scale and provide free services for developers and teams using services to build and ship applications around the world.
If we are a repository-based customer, will the retention policy apply to us?
No, customers with any paid plan will not have any retention limits.
Will Official Images be subject to an "inactive" image retention policy?
No. The inactive image retention policy will not apply to Official Images. None of the images contained in the "library" namespace will be deleted. Images published from verified publishers will also not be restricted by the inactive image retention policy.
Will the retention policy apply to repositories, tags, or images?
The policy will only apply to repository images that have not been accessed in the last 6 months, including unreferenced images and previous image labels. For more information see .
For example, if the tag ":latest" is downloaded, will that keep all previous versions from being deleted?
No. If the tag ":latest" is downloaded, only the latest version of ":latest" will be marked as active. The status of previous versions of the label will not change.
What happens after deleting an inactive image?
An image that hasn't been accessed in the last 6 months will be marked as "inactive" and will also be marked for deletion. Once an image is marked as inactive, it can no longer be downloaded. Inactive images will also be visible (in the Image Control Panel) for a while so that customers will be able to restore the images.
Can deleted images be recovered?
An inactive image will be visible for a short time (in the Image Control Panel) before deletion, so that customers can restore such images.
If I have a legacy (repository-based) plan, will the inactive image retention policy and download restrictions apply to my account?
Existing legacy subscriptions are not targeted by the policy and download restrictions. Please remember that such customers will need to upgrade by January 31, 2021 to .
What are the limits for downloading images from a Docker Hub repository?
Docker image download restrictions are based on the account type of the user requesting the image, not the image owner account type. They are defined .
This will apply the maximum user rights based on their personal account and any organizations to which it belongs. Unauthorized downloads are "anonymous" and are limited by IP address instead of user ID. To learn more about authorized image uploads, see .
How is download determined to limit download frequency?
The download request consists of up to two UTL GET requests of the repository of the form /v2/*/manifests/*.
This is because downloading the manifest for multi-arch images requires downloading a list of manifests and then downloading the correct manifest for the required architecture. HEAD requests are not counted.
Note that all downloads, including downloads for images you already own, are counted this way. It's a compromise not to count individual layers.
Can I run my own Docker Hub mirror?
See to do so. Because it uses HEAD requests, they won't be counted for download rate limits. Also note that the initial image requests are not cached, so they will be honored.
Do image layers count?
No. Since we are limiting manifest requests, there is no limit to the number of layers (blob requests) when downloading at the moment. This is a change to our previous policy based on feedback from the community. The goal of the change is to make the policy more user friendly so that users don't have to count the layers of every image they can use.
Are anonymous downloads rate-limited based on IP address?
Yes. The request rate is limited per IP address (for example, for anonymous users: 100 requests in 6 hours from one address). See more .
Are download requests from users logged into their accounts limited by IP address?
No, download requests from authorized users are based on accounts, not IP. Free accounts are limited to 200 requests per six hour period. Paid accounts are unlimited.
Will the restrictions apply if I log into my account and then someone anonymously hits the restriction from my IP?
No, users signed in to their image download accounts will be restricted based on account type only. If an anonymous user from your IP receives a restriction, it will not affect you until you are authorized, or you will not hit your restriction.
Does it matter which image I download?
No, all images are considered the same. The limits are entirely based on the account level under which the user is downloading the images, not on the account level of the repository owner.
Will these restrictions change?
We will be watching the restrictions closely and making sure they are relevant to typical use cases according to their level. In particular, Free and anonymous restrictions should always satisfy the normal workflows of a single developer. Corrections will be made on this principle and as necessary. you also can your opinion on limits.
What about CI systems where downloads are anonymous?
We understand that there are circumstances in which multiple anonymous downloads are acceptable. For example, cloud CI providers can run builds based on PRs for open source projects. Project owners may not be able to securely use their credentials from Docker Hub to authorize downloads in this case, and the scale of such vendors will likely cause restrictions to kick in. We will, of course, resolve such cases on demand and continue to improve mechanisms for limiting the frequency of downloads to improve interaction with these providers. Write to us at if you are having difficulty.
Will Docker offer separate pricing plans for open source projects?
Yes, Docker, as part of the support of the Open Source community, will later announce new pricing plans for them. To apply for such a tariff plan, fill out .
Note On lessons , which was recorded in Slurm in the summer of 2020, the speakers talk in detail about working with images at an advanced level. Join now!
Source: habr.com