|
| 1 | +--- |
| 2 | +description: Tutorial on how to tests if GitLab CI accesses Docker Hub directly and how to configure pull-through cache to an Kubernetes cluster working as a GitLab runner. |
| 3 | +--- |
| 4 | + |
| 5 | +# Docker Hub ratelimit |
| 6 | + |
| 7 | +The recommended way of running Docker commands in a GitLab CI Kubernets runner is to use a service to run Docker-in-Docker container (`docker:dind`). By default the `docker:dind` container pulls container images from Docker Hub without caching. This can cause problems as pulls from Docker Hub are rate-limited. |
| 8 | + |
| 9 | +This example tests how `docker pull ubuntu:24.04` commands consume Docker Hub ratelimit and provides example on how to configure pull-through cache to an Kubernetes cluster working as a GitLab runner. |
| 10 | + |
| 11 | +## How to check if `docker pull` commands are cached |
| 12 | + |
| 13 | +Create a new GitLab project with `.gitlab-ci.yml` and `scripts/check-docker-hub-ratelimit.sh` files. |
| 14 | + |
| 15 | +The `scripts/check-docker-hub-ratelimit.sh` script prints current Docker Hub ratelimit and also writes the result to a file if filename is given as first parameter. See [Docker Hub usage and rate limits](https://docs.docker.com/docker-hub/download-rate-limit/#how-can-i-check-my-current-rate) article in Docker documentation for more details. |
| 16 | + |
| 17 | +```yaml title="scripts/check-docker-hub-ratelimit.sh" |
| 18 | +---8<--- "docs/examples/gitlab-ci/docker-hub-ratelimit/scripts/check-docker-hub-ratelimit.sh" |
| 19 | +``` |
| 20 | + |
| 21 | +The pipeline defined by `.gitlab-ci.yml` tries to pull the same Docker image twice and checks if the rate limit headers are different after first and second pull. |
| 22 | + |
| 23 | +```yaml title=".gitlab-ci.yml" |
| 24 | +---8<--- "docs/examples/gitlab-ci/docker-hub-ratelimit/.gitlab-ci.yml" |
| 25 | +``` |
| 26 | + |
| 27 | +The pipeline should fail, if images are pulled directly from Docker Hub. |
| 28 | + |
| 29 | +## How to setup pull-through cache to Kubernetes runner |
| 30 | + |
| 31 | +Manifests for configuring pull-through cache and configmap are available in the repository that provides this website. |
| 32 | + |
| 33 | +```sh |
| 34 | +git clone https://github.com/kangasta/cicd-examples.git |
| 35 | +cd docs/examples/gitlab-ci/docker-hub-ratelimit |
| 36 | +``` |
| 37 | + |
| 38 | +Configure pull-through cache and configmap for GitLab runner by running `kubectl apply -f manifests/`. |
| 39 | + |
| 40 | +```sh |
| 41 | +kubectl apply -f manifests/ |
| 42 | +``` |
| 43 | + |
| 44 | +These manifests assume that GitLab runner is using gitlab-runner namespace. Edit the namespace value in [docker-config.yaml](./manifests/docker-config.yaml) if this is not the case. |
| 45 | + |
| 46 | +Modify the GitLab runner configuration so that the configmap defined in [docker-config.yaml](./manifests/docker-config.yaml) is mounted to all containers launched by the GitLab runner. Example of a full `values.yaml` help input file below. |
| 47 | + |
| 48 | +```yaml |
| 49 | +gitlabUrl: # Your instance URL |
| 50 | +rbac: { create: true } |
| 51 | +runnerToken: # Your runner token |
| 52 | +runners: |
| 53 | + config: | |
| 54 | + [[runners]] |
| 55 | + executor = "kubernetes" |
| 56 | + [runners.kubernetes] |
| 57 | + image = "alpine:3.12" |
| 58 | + privileged = true |
| 59 | + [[runners.kubernetes.volumes.config_map]] |
| 60 | + name = "dockerd-config" |
| 61 | + mount_path = "/etc/docker/daemon.json" |
| 62 | + sub_path = "daemon.json" |
| 63 | +``` |
0 commit comments