Open Stack

We ran into a problem while deploying magnum when another project exhausted
the dockerhub limit on anonymous pulls from a few of the kube-system pods
that are deployed. Namely:
daemonset.apps/k8s-keystone-auth
daemonset.apps/openstack-cloud-controller-manager
deployment.apps/kubernetes-dashboard
deployment.apps/dashboard-metrics-scraper

This would fail with an error noting that dockerhub was blocking the
request as too many pulls had happened. We could get around this by adding
in a secret with a docker login, and editing those deployments and
daemonsets to use that credential.

It would appear the container_infra_prefix label can be modified to point
to a different registry. Though this would mean we would have to clone all
of the images, including images that are from registries other than
dockerhub. Leading me to wonder if there isn't an existing registry that
one can use using magnum, on quay.io or some host that isn't limiting pulls?

Alternatively, is it possible that the dockerhub images that do not pull
(some do, coredns for instance does, I suspect it is due to it having
"Sponsored
OSS" status on dockerhub) without limits could be hosted elsewhere? Or
perhaps already are and the default that magnum sets to pull could be
updated to those?

Alternatively, alternatively, I haven't found an option for giving a
dockerhub user/pass to magnum in the documentation, and looking at the code
it doesn't appear that there is a variable for one, so I suspect it is not
there. Could such an option be added?

Thank you
-- 

*Vivian Rook (They/Them)*
Site Reliability Engineer
Wikimedia Foundation <https://wikimediafoundation.org/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230223/8851fc7c/attachment.htm>