Question out of curiosity (I am not a Jenkins user but I know why we had to run 'docker logins' on private runners).
Are Jenkin's Public IP addresses excluded from the Pull Rate limit? I am asking, because if not then preventing login might cause a problem with hitting 100 pulls/day/IP limit (which is extremely low for CI). I believe Apache organization images are excluded from the limit, but if some builds are pulling other images and Public IPs are not excluded - they will start hitting the limits rather soon. J On Wed, Sep 15, 2021 at 11:45 PM Chris Lambertus <[email protected]> wrote: > > It has come to Infra's attention that projects are using 'docker login' in > Jenkins jobs. This has the effect of exposing your cleartext credentials in > ~jenkins/.docker/config.json, and blocking any other projects from using > docker on whatever node your jobs runs on. > > Please stop doing this. > > Infra will be rolling out a change to prevent docker from being able to > write credentials to its config.json file in the next few days, which will > likely render 'docker login' ineffective. ASF build nodes are a shared > resource, and we need to take steps to ensure they continue to be usable > for all projects. > > We provide options for projects who wish to donate their own equipment for > exclusive use. > > -Chris > ASF Infra > > Ref: > INFRA-22180 > INFRA-22335 >
