我正在使用 ECR Public Gallery 在频繁运行的 CI 管道中提取一些图像。我时不时会遇到这个错误,但令我困扰的是,它只在使用
docker
时才会发生。当我使用 podman
拉取图像时,它永远不会抱怨任何配额限制。
# docker pull public.ecr.aws/docker/library/alpine:latest
latest: Pulling from docker/library/alpine
toomanyrequests: Rate exceeded
甚至有时,这个错误会出现在拉取结束时:
# docker-compose pull
Pulling nginx ...
Pulling haproxy ...
Pulling haproxy ... pulling from docker/library/haproxy
Pulling nginx ... pulling from docker/library/nginx
Pulling nginx ... pulling fs layer
Pulling nginx ... pulling fs layer
Pulling nginx ... pulling fs layer
Pulling nginx ... pulling fs layer
Pulling nginx ... pulling fs layer
Pulling nginx ... pulling fs layer
Pulling nginx ... waiting
Pulling nginx ... waiting
Pulling nginx ... waiting
Pulling nginx ... downloading (100.0%)
Pulling nginx ... verifying checksum
Pulling nginx ... download complete
Pulling nginx ... downloading (1.0%)
Pulling nginx ... downloading (1.0%)
...
Pulling nginx ... extracting (94.1%)
Pulling nginx ... extracting (100.0%)
Pulling nginx ... pull complete
Pulling nginx ... extracting (100.0%)
Pulling nginx ... extracting (100.0%)
Pulling nginx ... pull complete
Pulling nginx ... extracting (100.0%)
Pulling nginx ... extracting (100.0%)
Pulling nginx ... pull complete
Pulling nginx ... extracting (100.0%)
Pulling nginx ... extracting (100.0%)
Pulling nginx ... pull complete
Pulling nginx ... extracting (100.0%)
Pulling nginx ... extracting (100.0%)
Pulling nginx ... pull complete
Pulling nginx ... digest: sha256:2bcabc23b45489fb08...
Pulling nginx ... status: downloaded newer image fo...
Pulling nginx ... done
ERROR: for haproxy toomanyrequests: Rate exceeded
ERROR: toomanyrequests: Rate exceeded
然后,我继续在我的帐户下创建了一个公共注册表,认为我可以更好地控制这些限制,并推送了我需要的所有图像:
docker pull public.ecr.aws/<my_repo_id>/alpine:latest
但是我遇到了同样的问题。
我认为由于它在我的账户下,我可以更改速率限制,但是当在 AWS UI 中进行配额管理时,我遇到了:
Rate of unauthenticated image pulls
->
1
并且它是“不可调整”这也是文档所说的:
https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html
这引发了几个问题:
1
是什么意思?每秒拉动 1 次?
看起来您正在使用 docker-compose 拉取两个图像,这就是您收到此错误的原因。
我猜测 Podman 可能不会同时执行此操作(我不使用 podman)。
您最好的选择是使用带有经过身份验证的请求的私有注册表和/或拉取缓存。