Failed to pull image "drone/placeholder:1": rpc error: code = Unknown desc = Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
I have drone and drone-runner-kube installed on kubernetes via the official helm charts.
I need to apply a docker configuration (or secret?) somewhere to use the paid docker.io user I have to avoid rate limits and I cannot find a way to do that, I’ve read the FAQ.
Any hint? Thanks.
Mount the docker config.json file into the runner container, and then tell the runner container the location at which it can load this file using the DRONE_DOCKER_CONFIG configuration parameter.
solution:
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
name: drone-runner-kube
namespace: drone
annotations:
fluxcd.io/ignore: "false"
spec:
releaseName: drone-runner-kube
chart:
git: https://github.com/drone/charts.git
ref: master
path: charts/drone-runner-kube
values:
imagePullSecrets:
- name: regcred
replicaCount: 2
env:
DRONE_NAMESPACE_DEFAULT: drone
DRONE_RPC_SECRET: drone-secret
# DRONE_TRACE: true
# DRONE_DEBUG: true
DRONE_DOCKER_CONFIG: /root/.docker/config.json
extraVolumeMounts:
- name: auth
mountPath: /root/.docker/
extraVolumes:
- name: auth
persistentVolumeClaim:
claimName: drone-runner-kube-auth
rbac:
buildNamespaces:
- drone
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: drone-runner-kube-auth
namespace: drone
labels:
app.kubernetes.io/instance: drone-runner-kube-auth
app.kubernetes.io/name: drone-runner-kube-auth
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: efs
thanks for taking the time to share your solution 
… out of curiosity, could you also mount from a secret?
extraVolumes:
- name: auth
secret:
secretName: my-registry-credentials-secret
good idea, I’m going to try given I already have a secret, will report back – the problem is that I don’t have a clear indicator (beside failure) that credentials are in use and working (not rate limited at this time)
seems fine, thanks for the hint 
Thanks a lot for this solution 
I still have this message when the build step starts
Registry credentials or Docker config not provided. Guest mode enabled.
Is it normal ? How can I check that, while building a docker image with plugins/docker, the credentials are used to pull the base image ?
Thanks a lot for your help
not sure about that but you might try adding
image_pull_secrets:
- mysecretname
in your .drone.yml
I found all suggested options very unpractical. It should be in GUI like secrets, preferably as a global setting for all jobs.
I set global creds on the entire Kubernetes node (to avoid being banned on DockerHub, because someone didn’t set a drone.yml properly)
In /etc/crio/crio.conf
global_auth_file = "/etc/kubernetes/dockerauth.json"
podman login docker.io --authfile=/etc/kubernetes/dockerauth.json
There are many options for providing credentials (not all are discussed in this thread). See How to prevent DockerHub pull rate limit errors
We try to avoid global configuration in the user interface; Drone has hundreds of configuration parameters and creating and maintaining a UI to manage all of them would require substantial effort with (in my opinion) limited overall benefit.
I think the best option is to provide the global credentials to the runner is to provide a json credentials file (as shown in the link I provided). This may not be as easy as managing the setting in the user interface, but it is also not that difficult.