search

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.
https://goharbor.io
Apache License 2.0
24.25k stars 4.77k forks source link

Replication rule doesn't work for proxy cache project #21194

Closed MrMamaev closed 1 week ago

MrMamaev commented 1 week ago

When creating replication rule from another Harbor it doesn't work for proxy cache project. If there are no images in the proxy cache project, they are not proxied from the target registry, which is connected as endpoint for proxy cache project. It is only works with docker pull command. Is this functionality really unavailable? Is there any plan to implement it? Has anyone encountered a similar problem? How did you solve it?

Kajot-dev commented 1 week ago

I don't think that's the use case for proxy-cached project. As I understand, you're trying to replicate a project which is proxy-cache to another project/registry and expect that new images will be created in proxy-cache project for images that are not there yet.

Replication works by listing available repositories/tags and then matching through them, so it won't try to upll images that are not already cached. I think this is desired behaviour. Instead I recommend replicating directly from the endpoint that is behind proxy cache - you don't even need to setup separate credentials.

MinerYang commented 1 week ago

Thanks @Kajot-dev ,

I will close this issue per above comment

MrMamaev commented 4 days ago

Let me describe my request in more detail: I have 3 Harbor registry in my internal network and one more Harbor registry with access to the external network. In my external harbor registry I have three proxy cache projects connected to three internal registries. I can't use just one external harbor to store all artifacts. So now I want to create one more Harbor registry in a separate network, connect my external Harbor registry as an endpoint and have an opportunity to create replication rules to pull images straight from my internal registers, but using only one endpoint. Because I don't have direct network access to the internal registries. I can use docker pull command and than push it to my Harbor in a separate network, but why it is not supported by default replication? What calls are used in replication? Maybe there are other options for solving the problem?