Skip to content

Document the proxy registry pull through public images pattern #2951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jan 9, 2025
Merged

Document the proxy registry pull through public images pattern #2951

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7370ae6
Describe proxy registry pull through format
pandemicsyn Jan 8, 2025
832c77e
Reorg a little bit
pandemicsyn Jan 8, 2025
44b655c
fix note blurb
pandemicsyn Jan 8, 2025
139c11f
docs edits
paigecalvert Jan 8, 2025
8261679
edits
paigecalvert Jan 8, 2025
169223d
test
paigecalvert Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions docs/vendor/packaging-public-images.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# Connecting to a Public Registry through the Proxy Registry

This topic describes how to pull images from public registries using the Replicated proxy registry.

For more information about the Replicated proxy registry, see [About the Replicated Proxy Registry](private-images-about).

## Pull Public Images Through the Replicated Proxy Registry

You can use the Replicated proxy registry to pull both public and private images. Using the Replicated proxy registry for public images can simplify network access requirements for your customers, as they only need to whitelist a single domain (either `proxy.replicated.com` or your custom domain) instead of multiple registry domains.

For public images, you can use anonymous access without configuring registry credentials.

To pull public images through the Replicated proxy registry, use the following `docker` command:

```bash
docker pull REPLICATED_PROXY_DOMAIN/anonymous/UPSTREAM_REGISTRY_HOSTNAME/IMAGE:TAG
```
Where:
* `REPLICATED_PROXY_DOMAIN` is `proxy.replicated.com` or your custom domain. For information about how to set a custom domain for the proxy registry, see [Using Custom Domains](/vendor/custom-domains-using).
* `UPSTREAM_REGISTRY_HOSTNAME` is the hostname for the public registry where the image is located. If the image is located in a namespace within the registry, include the namespace after the hostname. For example, `quay.io/namespace`.
* `IMAGE` is the image name.
* `TAG` is the image tag.

## Examples

This section includes examples of pulling public images through the Replicated proxy registry.

### Pull Images from DockerHub

The following examples show how to pull public images from DockerHub:

```bash
# DockerHub is the default when no hostname is specified
docker pull proxy.replicated.com/anonymous/busybox
docker pull proxy.replicated.com/anonymous/nginx:1.16.0
```
```bash
# You can also optionally specify docker.io
docker pull proxy.replicated.com/anonymous/docker.io/replicated/replicated-sdk:1.0.0
```

### Pull Images from Other Registries

The following example shows how to pull images from the Amazon ECR Public Gallery:

```bash
docker pull proxy.replicated.com/anonymous/public.ecr.aws/nginx/nginx:latest
```

### Pull Images Using a Custom Domain for the Proxy Registry

The following example shows how to pull a public image when a custom domain is configured for the proxy registry:

```bash
docker pull my.customdomain.io/anonymous/public.ecr.aws/nginx/nginx:latest
```
For information about how to set a custom domain for the proxy registry, see [Using Custom Domains](/vendor/custom-domains-using).

## Related Topic

[Connecting to an External Registry](packaging-private-images)
8 changes: 7 additions & 1 deletion docs/vendor/private-images-about.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# About the Replicated Proxy Registry

This topic describes how the Replicated proxy registry can be used to grant proxy access to your application's private images.
This topic describes how the Replicated proxy registry can be used to grant proxy access to your application's private images or allow pull through access of public images.

## Overview

Expand All @@ -21,3 +21,9 @@ The proxy registry requires read-only credentials to your private registry to ac
After connecting your registry, the steps the enable the proxy registry vary depending on your application deployment method. For more information, see:
* [Using the Proxy Registry with KOTS Installations](/vendor/private-images-kots)
* [Using the Proxy Registry with Helm Installations](/vendor/helm-image-registry)

## About Allowing Pull-Through Access of Public Images

Using the Replicated proxy registry to grant pull-through access to public images can simplify network access requirements for your customers, as they only need to whitelist a single domain (either `proxy.replicated.com` or your custom domain) instead of multiple registry domains.

For more information about how to pull public images through the proxy registry, see [Connecting to a Public Registry through the Proxy Registry](/vendor/packaging-public-images).
1 change: 1 addition & 0 deletions sidebars.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -592,6 +592,7 @@ const sidebars = {
'vendor/packaging-private-registry-security',
],
},
'vendor/packaging-public-images',
'vendor/tutorial-ecr-private-images',
],
},
Expand Down