Skip to content

Commit d0e601b

Browse files
chaomonicachaomonica
authored
Merge pull request #22474 from chaomonica/SEG-1124
docs: Added section explaining how RAM configurations restricting Docker hub interacts with mirror registries
1 parent 7b9471d commit d0e601b

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

content/manuals/docker-hub/image-library/mirror.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,21 @@ Hub can be mirrored.
4545
The Registry can be configured as a pull through cache. In this mode a Registry
4646
responds to all normal docker pull requests but stores all content locally.
4747

48+
### Using Registry Access Management (RAM) with a registry mirror
49+
50+
If Docker Hub access is restricted via your Registry Access Management (RAM) configuration, you will not be able to pull images originating from Docker Hub even if the images are available in your registry mirror.
51+
52+
You will encounter the following error:
53+
```console
54+
Error response from daemon: Access to docker.io has been restricted by your administrators.
55+
```
56+
57+
If you are unable to allow access to Docker Hub, you can manually pull from your registry mirror and optionally, retag the image. For example:
58+
```console
59+
docker pull <your-registry-mirror>[:<port>]/library/busybox
60+
docker tag <your-registry-mirror>[:<port>]/library/busybox:latest busybox:latest
61+
```
62+
4863
## How does it work?
4964

5065
The first time you request an image from your local registry mirror, it pulls

content/manuals/security/for-admins/hardened-desktop/registry-access-management.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,7 @@ earlier Linux kernel series).
8989
This will be resolved in the updated 5.15 series Linux kernel.
9090
- Images pulled by Docker Desktop when Docker Debug or Kubernetes is enabled,
9191
are not restricted by default even if Docker Hub is blocked by RAM.
92+
- If Docker Hub access is restricted by RAM, pulls on images originating from Docker Hub are restricted even if the image has been previously cached by a registry mirror. See [Using Registry Access Management (RAM) with a registry mirror](/manuals/docker-hub/image-library/mirror.md).
9293

9394
Also, Registry Access Management operates on the level of hosts, not IP
9495
addresses. Developers can bypass this restriction within their domain

0 commit comments

Comments
 (0)