Kubernetes and drone, docker.io rate limits

masterkain · February 10, 2021, 3:23pm

Failed to pull image "drone/placeholder:1": rpc error: code = Unknown desc = Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit

I have drone and drone-runner-kube installed on kubernetes via the official helm charts.

I need to apply a docker configuration (or secret?) somewhere to use the paid docker.io user I have to avoid rate limits and I cannot find a way to do that, I’ve read the FAQ.

Any hint? Thanks.

bradrydzewski · February 10, 2021, 3:50pm

Mount the docker config.json file into the runner container, and then tell the runner container the location at which it can load this file using the DRONE_DOCKER_CONFIG configuration parameter.

masterkain · February 10, 2021, 4:20pm

solution:

apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
  name: drone-runner-kube
  namespace: drone
  annotations:
    fluxcd.io/ignore: "false"
spec:
  releaseName: drone-runner-kube
  chart:
    git: https://github.com/drone/charts.git
    ref: master
    path: charts/drone-runner-kube
  values:
    imagePullSecrets:
    - name: regcred
    replicaCount: 2
    env:
      DRONE_NAMESPACE_DEFAULT: drone
      DRONE_RPC_SECRET: drone-secret
      # DRONE_TRACE: true
      # DRONE_DEBUG: true
      DRONE_DOCKER_CONFIG: /root/.docker/config.json
    extraVolumeMounts:
      - name: auth
        mountPath: /root/.docker/
    extraVolumes:
      - name: auth
        persistentVolumeClaim:
          claimName: drone-runner-kube-auth
    rbac:
      buildNamespaces:
        - drone

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: drone-runner-kube-auth
  namespace: drone
  labels:
    app.kubernetes.io/instance: drone-runner-kube-auth
    app.kubernetes.io/name: drone-runner-kube-auth
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: efs

bradrydzewski · February 10, 2021, 4:41pm

thanks for taking the time to share your solution … out of curiosity, could you also mount from a secret?

    extraVolumes:
      - name: auth
        secret:
          secretName: my-registry-credentials-secret

masterkain · February 10, 2021, 4:51pm

good idea, I’m going to try given I already have a secret, will report back – the problem is that I don’t have a clear indicator (beside failure) that credentials are in use and working (not rate limited at this time)

masterkain · February 10, 2021, 9:21pm

seems fine, thanks for the hint

Guillaume_Viscarret · February 11, 2021, 8:37pm

Thanks a lot for this solution
I still have this message when the build step starts
Registry credentials or Docker config not provided. Guest mode enabled.
Is it normal ? How can I check that, while building a docker image with plugins/docker, the credentials are used to pull the base image ?
Thanks a lot for your help

masterkain · February 11, 2021, 8:54pm

not sure about that but you might try adding

image_pull_secrets:
- mysecretname

in your .drone.yml