Docker registry as a pull through cache with AWS ECR repository

We are hosting a private docker registry in AWS ECR and we have development team in several sites around the world.
Having a docker pull through cache would help to reduce the time each engineer spend trying to pull down the image
from the AWS cloud to their local site (basically, all engineer at one site will share the same cache so if an
image is already pulled, it will be served directly from the local cache).

Lets consider there are two machines as follows:

  • Machine A (Has a local registry)
  • Machine B (Client machine, from where we will pull an images)

I am trying to setup an environment as follows:

  • Docker pull request will be send to “Machine A” (local registry) from “Machine B” (client machine).
  • I am expecting that, “Machine A” should check the differences between an images from the local registry and remote
    repositories (AWS ECR Private Registry in my case).
  • If there is any difference in requested image then it will fetch from remote repository otherwise it will pull from local registry.

[Diagramatic view is attached for reference]

I have tried following approaches to make it work according to docker documentation:

  • Added following configuration in /etc/registry/config.yml in “Machine A” (local registry):
    remoteurl: https://<your-ecr-registry>.dkr.ecr.<region>
    username: <username>
    password: <your-ecr-authorization-token>

  • Added following configuration in /etc/docker/daemon.json in “Machine B” (client machine):
    "registry-mirror": ["https://<my-docker-mirror-host>"]

After using above approach, I am getting manifest unknown error on “Machine B” (client machine). It means, my local registry is unable to fetch requested docker image from AWS ECR (remote repository).

Any related information or insights related to the steps outlined above would be highly beneficial for a comprehensive understanding and troubleshooting of the proxy configuration in the Docker environment for ECR Private Registry.

I found some issues reported regarding above. But unfortunately, I did not find any solution to achieve my requirement.

I have attached some reference links: