Manage Docker Credentials to Avoid Rate Limiting

docker credentials rate limiting authentication

Manage Docker Credentials to Avoid Rate Limiting#

Prerequisites#

  • jq JSON processor (install with sudo apt-get install jq)

  • Docker Hub account credentials

Choose one of the following methods to obtain a Personal Access Token

Method 1: Terminal#

⚠️ Security Note: Avoid storing credentials in shell history. The following method uses secure input prompts.

  1. Run the following commands to get a token from Docker Hub

read -p "Enter Docker Hub Username: " HUB_USERNAME
echo -n "Enter Docker Hub Password: "
read -s HUB_PASSWORD
echo "" 

echo "Logging in to Docker Hub..."
RESPONSE=$(curl -s -H "Content-Type: application/json" \
  -X POST \
  -d "{\"username\": \"$HUB_USERNAME\", \"password\": \"$HUB_PASSWORD\"}" \
  https://hub.docker.com/v2/users/login/)

TOKEN=$(echo $RESPONSE | jq -r .token)

# Check if login was successful
if [ "$TOKEN" = "null" ] || [ -z "$TOKEN" ]; then
    echo "Login failed. Check your username and password."
fi

  1. Create a personal access token with the authentication token

LABEL="rke2-token-$(date +%m%d)"

NEW_PAT=$(curl -s -X POST \
  -H "Authorization: Bearer ${TOKEN}" \
  -H "Content-Type: application/json" \
  -d "{
    \"token_label\": \"$LABEL\",
    \"scopes\": [\"repo:public_read\"]
  }" \
  https://hub.docker.com/v2/access-tokens/ | jq -r .token)

# Check if PAT creation was successful
if [ "$NEW_PAT" = "null" ] || [ -z "$NEW_PAT" ]; then
    echo "Failed to create Personal Access Token."
    exit 1
fi

echo ""
echo "dockercred username: $HUB_USERNAME"
echo "dockercred password: $NEW_PAT"

# Clean up sensitive variables
unset HUB_PASSWORD TOKEN

After obtaining your credentials, proceed to Apply Docker Credentials.

Method 2: Browser#

  1. Log in to Docker Hub.

  2. Click on your profile icon in the top-right corner and select Account Settings.

  3. Navigate to Settings > Personal access tokens from the left-hand menu.

  4. Click the Generate new token button.

  5. Enter a Token description for its purpose (e.g., rke2-node-access). Under Access permissions, selecting Read-only is typically sufficient if you only need to pull images.

  6. Click Generate. The token will be displayed only once. Make sure to copy and save it securely immediately, as you will not be able to see it again after closing the window.

After completing the browser method, set your credentials as environment variables:

HUB_USERNAME="your_docker_hub_username"
NEW_PAT="your_generated_token"

Now proceed to Apply Docker Credentials.

Apply Docker Credentials (Required for both methods)#

  1. Create registries.yaml

sudo mkdir -p /etc/rancher/rke2
sudo tee /etc/rancher/rke2/registries.yaml <<EOF
configs:
  "docker.io":
    auth:
      username: "$HUB_USERNAME"
      password: "$NEW_PAT"
EOF

  1. Restart rke2-server or rke2-agent

# If control node: restart rke2-server
sudo systemctl restart rke2-server

# If worker node: restart rke2-agent
sudo systemctl restart rke2-agent