I am currently building a private docker infrastructure in my institut to support fast and light weight distribution of containerd software and applications.
To get straight to my issue, I do not want that the clients in my network can pull images from external registries which I don’t control. I am also providing a private registry in the network where only admins can pull images from public registries. I have not found a solution yet in any thread that was related to the topic.
To put it short is there any way to deny the access to other registry than my own?
Well, there are different subjects/needs mixed in here.
To stop people from pulling images from outside is a standard firewall/proxy measure (old problem, old solution). You block pulling the same way you block downloads in general.
Your private registry must be known so that images are explicitly pulled from “myregistry.something/imagename” (where “myregistry.something” is a local DNS name). That is usually enough for most cases.
A “plus” is to set a private registry as a registry-mirror. I wrote something about it in this article for Artifactory, but it should work with any registry.