I randomly happened upon this article on the Google Cloud Platform blog:
It refers to an announcement by Docker stating that anonymous docker hub pulls will shortly be limited:
Earlier this summer, Docker announced it will begin rate-limiting the number of pull requests to the service by “Free Plan” users. For pull requests by anonymous users this limit is now 100 pull requests per 6 hours; authenticated users have a limit of 200 pull requests per 6 hours. When the new rate limits take effect on November 1st, they might disrupt your automated build and deployment processes on Cloud Build or how you deploy artifacts to Google Kubernetes Engine (GKE), Cloud Run or App Engine Flex from Docker Hub.
At which point in the balena deploy process are images pulled from Docker Hub?