You may have heard about the latest Docker Statement , It involves the rate limit of container image extraction . from 11 month 1 The day begins ,Docker Will start according to your Subscription level Limit Docker Hub Use , and mandatory Block pull requests that exceed the limit . More Than This ,Docker There was also a new retention policy , Free account ,6 Images that have not been active for months will be deleted （ Originally set to 11 month 1 Japan , because Community feedback , The policy has been postponed to 2021 Mid term ）. These new restrictions will be on how to use the world Open Of Docker Container mirroring has a significant impact .
Docker Has set an example for open source projects , Provides a higher level of deployment tools and methodology for the open source community . without doubt . The new restrictions don't have a serious impact on individual developers , contrary , They will bring new challenges to large and medium-sized development teams . The bigger your team , Produced The greater the impact . This may just be the beginning ; We may hope to see new policies in the future , These policies will affect Docker Hub And other uses .
The good news is , There are many tools available for management Docker Mirror image , To ensure the development of the organization Assembly line Will not be affected in any way .JFrog Artifactory It's the most popular Product warehouse , stay Docker Hub function Release I've been acting as Docker Registry. Use Artifactory, You will be able to continue in your own private Docker Containers Hub in Manage container images , At the same time, reduce the amount of Docker Hub The dependence of .
below Let's dig deeper Docker The real meaning of the two restrictions announced .
Docker The new image retention policy of
up to now ,Docker Images can be stored indefinitely in Docker Hub in . therefore , Developers don't have to Focus on This storage space Size . Now? , According to the new Docker Subscription plan Define a new image retention policy , The strategy will be in 2021 Effective in the middle of . for example , idle 6 After a month , Images owned by free accounts will be removed .
Docker New download restrictions for
Docker Will be taken from 11 month 1 New data transfer restrictions for free accounts have been set up since July , Anonymous users 100 Serathi , Authentication / Free users 200 Serathi , Every IP Address or unique user per 6 Once an hour . Every time 6 Hours 200 CIRA take A simple calculation will give you about 0.55 Time Pull . This may not be enough for you , Reaching the limit will mean you're stuck waiting for the next 6 Within an hour time frame . Besides , Even if you don't download Mirror image , The existing image will also be calculated . For the company network IP Smaller businesses （ Sometimes it's due to the company VPN）, This restriction For users challenging It's the biggest .
stay Artifactory Store and protect your Docker Mirror image
Use Artifactory As DockerHub, You can store... Unlimited Docker Mirror image , You don't have to worry about mirror expiration and deletion . Use Artifactory, You can cache images and manage them in the way that works best for your team Hub And retention policies （ As best practice , Designed to continuously maintain and store only the required images - This will optimize DockerHub Maximum download rate limit ）. Use Artifactory, You don't have to worry about a storage explosion . Check sum storage based on usage ,Artifactory Make the most of your storage The ability of .
Reduce to Docker Hub The pull times of
Will also Artifactory Acting as an agent Docker Hub Remote repository for , You can cut down on Docker Hub Number of pull requests made .Artifactory Once from Docker Hub Ask for the mirror image you need , And use Artifactory Make these images available to all your internal teams , Without having to go back Docker Hub.Artifactory Allow you to use Docker Account to Docker Hub Authentication , So each request will be authenticated and counted based on your account type .
Besides , In the use of Artifactory 7.10 And higher And using the proxy remote repository , come from Docker Hub Of Pull The mechanism can now effectively use new queries to better utilize the internal cache . It means Artifactory Sending new GET request （Docker Think it's Pull , Regardless of your new restrictions ） Before , Will send HEAD Request to compare manifest files , And update the cached list only when needed .Artifactory Will be taken from Docker PULL Take a mirror image , And make mirrors available throughout the organization , To avoid your extraction restrictions . You can always Control cache rhythm , In order to reduce the number of DockerHub Call to .
transcend DockerHub： Protect and distribute Docker Mirror image
You can rest assured that your image will always be available , And will not receive Docker A restriction or hindrance to , Then you are ready to address the rest of the container's lifecycle The problem. .
The company is right Docker One of the main concerns of mirror images is “ Russia Dolls ” Of problem , The complexity of multiple containers in a container that is invisible to standard tools layer layers . thankfully , With the help of JFrog Xray Yes Artifactory Zhongcun Store In depth recursive scanning of the container , It can expose all layer And identify vulnerabilities , And then production . except Docker outside , For most common package types , This security scanning function can be used immediately .
JFrog The platform also includes a variety of tools , It's safe , Quickly distribute software to edge. With the help of p2p download function ,JFrog Can help you handle burst downloads that mirror containers （ It's usually a number GB） To hundreds of nodes and clusters . This reduces the waiting time , It also reduces the pressure on a single repository .JFrog Distribution The product also allows you to protect distributions that contain containers , And deliver it to the edge and verify software updates .
JFrog The location of the platform is unique , It can be remedied Docker The risk of further product changes , And provide you with Docker Registry Tools other than functions to manage containers Release The entire life cycle .