M10 finding: Docker Hub rate limit blocks lasuite-docs upgrade — A1 registry creds needed (5/6 green)
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
10
DECISIONS.md
10
DECISIONS.md
@ -105,6 +105,16 @@ Architecture decisions and dead-ends. One line of rationale each. (§0, §8)
|
||||
matrix-synapse, multi-service+S3/object-storage=lasuite-docs); n8n adds a 6th real deployable app
|
||||
(workflow automation) behind the normal terminate-at-Traefik path.
|
||||
|
||||
- **Docker Hub rate limit + mid-breadth prune — FINDING (2026-05-27).** D10 real-`!testme` breadth
|
||||
runs exhausted Docker Hub's anonymous pull rate limit (lasuite-docs, 9 images, upgrade stage:
|
||||
`toomanyrequests`). Two lessons: (1) **registry pull creds are an A1 operator input** needed for
|
||||
reliable heavy-recipe deploys under load (request + sops-store + wire into docker daemon). (2)
|
||||
**Don't `docker image prune -af` mid-breadth** — it evicts cached recipe images and forces re-pulls
|
||||
that hit the limit. The first lasuite failure was disk pressure (90% full); pruning fixed disk but
|
||||
triggered re-pulls → rate limit. Better: rely on the daily autoprune, prune only `dangling`
|
||||
(not `-a`) between runs, or grow disk so heavy images stay cached. Net for D10: 5/6 recipes green
|
||||
via real !testme; lasuite-docs gated on the rate limit (transient ~hours; durable fix = creds).
|
||||
|
||||
## Open (defaults from §8, to confirm as reality lands)
|
||||
|
||||
- **Deploy mechanism — SETTLED (M0):** `nixos-rebuild switch --flake /root/cc-ci#cc-ci` run *on
|
||||
|
||||
Reference in New Issue
Block a user