Kubernetes and drone, docker.io rate limits

Failed to pull image "drone/placeholder:1": rpc error: code = Unknown desc = Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit

I have drone and drone-runner-kube installed on kubernetes via the official helm charts.

I need to apply a docker configuration (or secret?) somewhere to use the paid docker.io user I have to avoid rate limits and I cannot find a way to do that, I’ve read the FAQ.

Any hint? Thanks.

Mount the docker config.json file into the runner container, and then tell the runner container the location at which it can load this file using the DRONE_DOCKER_CONFIG configuration parameter.

solution:

apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
  name: drone-runner-kube
  namespace: drone
  annotations:
    fluxcd.io/ignore: "false"
spec:
  releaseName: drone-runner-kube
  chart:
    git: https://github.com/drone/charts.git
    ref: master
    path: charts/drone-runner-kube
  values:
    imagePullSecrets:
    - name: regcred
    replicaCount: 2
    env:
      DRONE_NAMESPACE_DEFAULT: drone
      DRONE_RPC_SECRET: drone-secret
      # DRONE_TRACE: true
      # DRONE_DEBUG: true
      DRONE_DOCKER_CONFIG: /root/.docker/config.json
    extraVolumeMounts:
      - name: auth
        mountPath: /root/.docker/
    extraVolumes:
      - name: auth
        persistentVolumeClaim:
          claimName: drone-runner-kube-auth
    rbac:
      buildNamespaces:
        - drone

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: drone-runner-kube-auth
  namespace: drone
  labels:
    app.kubernetes.io/instance: drone-runner-kube-auth
    app.kubernetes.io/name: drone-runner-kube-auth
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: efs

thanks for taking the time to share your solution :slight_smile: … out of curiosity, could you also mount from a secret?

    extraVolumes:
      - name: auth
        secret:
          secretName: my-registry-credentials-secret

good idea, I’m going to try given I already have a secret, will report back – the problem is that I don’t have a clear indicator (beside failure) that credentials are in use and working (not rate limited at this time)

seems fine, thanks for the hint :+1:

Thanks a lot for this solution :star_struck:
I still have this message when the build step starts
Registry credentials or Docker config not provided. Guest mode enabled.
Is it normal ? How can I check that, while building a docker image with plugins/docker, the credentials are used to pull the base image ?
Thanks a lot for your help

not sure about that but you might try adding

image_pull_secrets:
- mysecretname

in your .drone.yml