10 pulls per hour per IP will even impact my homelab deployment if I'm not updating for a few weeks and I bump version of every software I run at once.

If you're homelab is proper, you likely own a /56 range, also known as 256x /64 which is what they're limiting. I've always known my prefix would come in handy! Now, I only need to work out how to make it work without having to define all 256 network interfaces.

Or you set up a mirror and don't abuse a free service

It's hard to call it "abuse" when Docker has been allowing -- and IMO tacitly encouraging -- this usage pattern for most/all of their existence.

I get that bandwidth is expensive, but this feels a bit like the usual "make it free to get lots of users, and then start charging when everyone is locked in" plan.

If they really just want to reduce their own costs, they should be evangelizing the use of a caching proxy, and providing a super easy way for people to set one up, both on the server and client side. (Maybe they already do this; I haven't looked.)

Sure, they were encouraging usage of the docker hub, but it's been at least a couple of years since they started pushing on the other way, when they introduced the first rate-limits.

If everybody did a fair-use of the Docker Hub maybe we wouldn't have the rate-limits in the first place? But I think we all learned that won't be happening in the open Internet.

Setting up a pull-through cache is pretty straight-forward, you can find the instructions in Docker's documentation: https://docs.docker.com/docker-hub/image-library/mirror/

See my comment above for the numbers (https://news.ycombinator.com/item?id=43127004), but the free limits haven't changed in magnitude, rather they've reduced how bursty the requests can be (which is somewhat interesting, in that for the free levels you'd expect the usage to be more bursty, and the more paid levels to be more consistent given more workers and more tooling happening at all hours).

This is obviously the first time a big Silicon Valley company took back the free lunch and slapped a price tag on it. How could we have ever learned our lesson before this?

Do you have any pointers for a drop-in docker hub mirror I could install?

Something that doesn't require me to go through 50+ container setups and manually move every one of them to use my custom proxy?

To accomplish what exactly? The mirror would be similarly limited.

Which would help exactly ZERO in my homelab scenario...

Sorry, my homelab is clearly not proper. I have a sad IPv4 /32, in a residential IP block.

Many ISP's provide /56 or at least /64 these days, but at any rate you can always get some from cloud providers and use Wireguard to tunnel the rest... There really isn't much excuse for not supporting IPv6 at homelab scale.