<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:23:29 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2820] SPIKE: Docker Hub download rate limiting</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2820</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Starting this month, with full enforcement by Nov 1, Docker Hub will begin enforcing download rate limits:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://docs.docker.com/docker-hub/download-rate-limit&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://docs.docker.com/docker-hub/download-rate-limit&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The practical upshot:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Unauthenticated &lt;tt&gt;docker pull&lt;/tt&gt; requests are limited to 100/6 hrs from any one IP&lt;/li&gt;
	&lt;li&gt;Authenticated &lt;tt&gt;docker pull&lt;/tt&gt; requests are limited to 200/6 hrs for free accounts&lt;/li&gt;
	&lt;li&gt;Authenticated &lt;tt&gt;docker pull&lt;/tt&gt; requests for paid accounts are unlimited, but note: Limits are applied based on the user doing the pull, and not based on the image being pulled or its owner.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Since standing up a full FOLIO environment involves about 60 &lt;tt&gt;docker pull&lt;/tt&gt; requests, this has imminent implications for our CI builds. In addition, other implementers (hosting providers, etc.) will start to run into issues.&lt;/p&gt;

&lt;p&gt;Things to consider:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Do we need to set up a paid account for our CI to avoid any possibility of blocking based on rate limits?&lt;/li&gt;
	&lt;li&gt;How do we authenticate &lt;tt&gt;docker pull&lt;/tt&gt; requests in the context of Okapi-based module orchestration? 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;OKAPI-912&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/OKAPI-912&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Docker pull with authenticated user (X-Registry-Auth)&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            OKAPI-912
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
&lt;/li&gt;
	&lt;li&gt;What other contexts for &lt;tt&gt;docker pull&lt;/tt&gt; need to be considered, and how can authentication be integrated in those context?&lt;/li&gt;
	&lt;li&gt;Does it make sense to move the FOLIO container registries to another service, e.g. &lt;a href=&quot;https://github.blog/2020-09-01-introducing-github-container-registry/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;GitHub Container Registry&lt;/a&gt; or in our own Nexus repository?&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="81767">FOLIO-2820</key>
            <summary>SPIKE: Docker Hub download rate limiting</summary>
                <type id="10005" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium">Story</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5f9abc1eb45b2e007453f423">John Malconian</assignee>
                                                                <reporter accountid="5c706fbb47a54a6728e59df2">Wayne Schneider</reporter>
                                    <labels>
                            <label>devops-backlog</label>
                    </labels>
                <created>Tue, 6 Oct 2020 13:09:30 +0000</created>
                <updated>Tue, 3 Nov 2020 14:33:39 +0000</updated>
                            <resolved>Mon, 2 Nov 2020 16:32:33 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>7</watches>
                                                                <comments>
                                                            <comment id="197257" author="5f9abc1eb45b2e007453f423" created="Tue, 6 Oct 2020 17:00:55 +0000"  >&lt;p&gt;One idea may be to use the FOLIO Nexus repository as a caching Docker proxy to Docker Hub similar to the way it&apos;s used for NPM and Maven Central.   This potential option is really only a viable for FOLIO project CI infrastructure and not for general use by the community, however.   I&apos;m not sure there is a way to make the proxy transparent,  but we can look into that.   Otherwise, we&apos;d have to update various build pipelines to use the Nexus Docker proxy registry.     In this scenario,  the authenticated Docker user would be Nexus.  &lt;/p&gt;</comment>
                                                            <comment id="197260" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 13 Oct 2020 13:41:05 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f9abc1eb45b2e007453f423&quot; class=&quot;user-hover&quot; rel=&quot;5f9abc1eb45b2e007453f423&quot; data-account-id=&quot;5f9abc1eb45b2e007453f423&quot; accountid=&quot;5f9abc1eb45b2e007453f423&quot; rel=&quot;noreferrer&quot;&gt;John Malconian&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; we&apos;ve discussed that the least intrusive way is to wait for 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;OKAPI-912&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/OKAPI-912&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Docker pull with authenticated user (X-Registry-Auth)&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            OKAPI-912
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 and authenticate  with DockerHub through a non-limited account (&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ced27478b03050f27825a93&quot; class=&quot;user-hover&quot; rel=&quot;5ced27478b03050f27825a93&quot; data-account-id=&quot;5ced27478b03050f27825a93&quot; accountid=&quot;5ced27478b03050f27825a93&quot; rel=&quot;noreferrer&quot;&gt;Peter Murray&lt;/a&gt; is trying to get a non-limited account for FOLIO).&lt;/p&gt;</comment>
                                                            <comment id="197263" author="5ced27478b03050f27825a93" created="Tue, 13 Oct 2020 14:36:40 +0000"  >&lt;p&gt;I&apos;m pursuing two tracks.  First is to get us recognized as an open source project (
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2722&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2722&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Set up Docker Hub organization beyond &amp;quot;Free&amp;quot; tier&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-2722
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
) and in the course of doing so ask if we can have an account for the CI that wouldn&apos;t be affected by the rate-limiting.  Second&#8212;if needed&#8212;I&apos;ll work with Scott Anderson (OLF Treasurer) to get a Docker Hub account paid for through the Foundation.&lt;/p&gt;</comment>
                                                            <comment id="197266" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 20 Oct 2020 13:20:37 +0000"  >&lt;p&gt;with 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;OKAPI-912&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/OKAPI-912&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Docker pull with authenticated user (X-Registry-Auth)&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            OKAPI-912
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 implemented and released we still need the following things:&lt;/p&gt;

&lt;p&gt;1. update ansible to make use of the new Okapi feature&lt;br/&gt;
2. update Jenkins pipelines to allow specifying DH auth and registry (to use CI&apos;s Nexus)&lt;br/&gt;
3. Helm charts used for scratch env deployment &lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f2840580d8b1a001bd02aae&quot; class=&quot;user-hover&quot; rel=&quot;5f2840580d8b1a001bd02aae&quot; data-account-id=&quot;5f2840580d8b1a001bd02aae&quot; accountid=&quot;5f2840580d8b1a001bd02aae&quot; rel=&quot;noreferrer&quot;&gt;Stanislav Miroshnichenko&lt;/a&gt; Any ideas about the 3. thing?&lt;/p&gt;</comment>
                                                            <comment id="197269" author="5f2840580d8b1a001bd02aae" created="Tue, 20 Oct 2020 22:57:20 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt; Rancher can store auth. credentials for Docker Registry, such as DockerHub. But these credentials will be available for team&apos;s members in Rancher for reading.&lt;/p&gt;</comment>
                                                            <comment id="197272" author="5ced27478b03050f27825a93" created="Mon, 2 Nov 2020 17:16:45 +0000"  >&lt;p&gt;Note that this may turn out to be a non-issue, as the `folioorg` and `folioci` repos would be exempted from the rate limits when the project is recognized as an open source project.  See &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2722?focusedCommentId=196453&amp;amp;page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;this comment on FOLIO-2722&lt;/a&gt; for more details.&lt;/p&gt;</comment>
                                                            <comment id="197275" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 3 Nov 2020 14:31:03 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f2840580d8b1a001bd02aae&quot; class=&quot;user-hover&quot; rel=&quot;5f2840580d8b1a001bd02aae&quot; data-account-id=&quot;5f2840580d8b1a001bd02aae&quot; accountid=&quot;5f2840580d8b1a001bd02aae&quot; rel=&quot;noreferrer&quot;&gt;Stanislav Miroshnichenko&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; We talked about using the FOLIO project Nexus proxy for pulling images from DockerHub. Wayne is going to provide Nexus access credentials to you.&lt;/p&gt;</comment>
                                                            <comment id="197278" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 3 Nov 2020 14:33:39 +0000"  >&lt;p&gt;Nexus repo for pushing scratch env images: docker.dev.folio.org&lt;br/&gt;
Nexus proxy: docker.ci.folio.org&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                                                <inwardlinks description="is blocked by">
                                        <issuelink>
            <issuekey id="81921">FOLIO-2844</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81924">FOLIO-2845</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81926">FOLIO-2846</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="54275">OKAPI-912</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81833">FOLIO-2722</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="81935">FOLIO-2860</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i01o4v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1988">DevOps: Sprint 99</customfieldvalue>
    <customfieldvalue id="1862">DevOps: Sprint 100</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 6 Oct 2020 17:00:55 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>