Hi, is there a way to setup the docker registry as pull through proxy with DCT enabled? so whenever the docker pull target to a image that is not in cache, it will fetch the image from dockerhub and also verify its signature?

Thanks,

Can you share how you tried to configure it and what issues you had with it? I didn’t have to do it yet, but if it requires different settings than without a pull through cache, I would check what Harbor offers:

But I didn’t find anything special mentioned related to DCT.

yes, harbor does offer a feature Harbor docs | Implementing Content Trust for this but unfortunately it will be an overkill for me to launch the entire harbor suite because 90% of their features are not needed in my case

Thanks for the reply though!

If you share more details, you have a better chance to get an answer from someone who had the same issue. Harbor was just a quick idea from me, it was not meant to be a final solution to your original question.

Are you trying to deploy a pull through cache registry without any additional client-side requirement where the pull-through cache registry is the only option to pull images and that allows pulling trusted contents?