Hello good people.
We have the next situation:
- We have a hosted private docker repository. With content selectors to access specific namespaces for a specific team.
- Also we have one namespace that available for all users of our private registry.
Everything works great here.
But for now, we want to create a proxy repo for the docker hub and combine them in docker-group.
And at this moment things got interesting.
When I enable anonymous pull for docker-group all our privacy for hosted repo means nothing. I am able to download any image from any hosted-repo namespace.
Is there a way to achieve next:
- Create a docker group with a mix from the hosted repo with content selectors and a proxy from the docker hub.
- When trying to pull something from the docker hub - allow it to everyone.
- When trying to pull something from hosted repo - use scheme with content-selectors and deny any access for it without being logged in and have sufficient content-selectors, privileges, and role in nexus for a specific user?