[ithkuil]

But it's not transparent. In all places where you use the image you have to change the name of the image. This means more templating, more complexity etc

[donmcronald]

Assuming it’s similar to Nexus, you can combine multiple registries into a group and you configure the Docker daemon to use your local registry as the (only) mirror.

So if you have ithkuil/project on Docker Hub and donmcronald/project on GCR, you could reference them both with those short names and Artifactory or Nexus would deal with fetching them from the correct remotes.

The main downside is that you introduce the potential for namespace collisions. A second downside is that you become dependent on having that local registry aggregating images from multiple registries. Personally I don’t like it.

[richardwhiuk]

You can configure the Docker client to use the artifactory remote by default.

[ithkuil]

can you elaborate on that? Are you talking about the "registry-mirrors" option of the docker daemon?

[richardwhiuk]

Yeah - if you set that then pulls for python:3.7 say will pull from your mirror instead.

[ithkuil]

ok; so the problems with that are:

1. it requires a change on the docker daemon config. On many container environments like k8s it's hard to manipulate that setting.

2. it works only for the default "implicit" index registry, aka docker hub. Not all images are distributed from that place.

[richardwhiuk]

1) You can configure docker's daemon.json file on Kubernetes in the same way as every other system running Docker (in fact, you can apply it with a daemonset if you want to).

2) Yes, every other image mandates where you should get it from - Docker Hub's are unique in that regard.

Normally the registry the image is pulled from is configurable in the Helm chart.