Updated TLDR;
At the time of answering this question originally, there wasn't a good solution. You can read my original answer. Or just scroll down to the update section where I tell you that Harbor v2.1's blog says they now support this.
Original Answer
I can answer part of your problem. But the answer to part 2 is that you can't. I can link you the issue to show you that they explicitly chose not to due to technical limitations. The good news is that they are aware that this is still somethign that the community wants.
Part 1
One thing you may not know, repos on hub.docker that do not have a project group (like docker pull nginx
), still need a project in your harbor that match. It will match on the project name library
. So make sure you have a project named library
. Not having this library
project probably wont effect pass through caching but it definately effects replication.
My setup contains:
harbor url: harbor.mydomain.com
project:
- library
- cache_proxy-hub-docker
I got my pulls to work with the following example:
docker pull harbor.mydomain.com/cache_proxy-hub-docker/goharbor/redis-photon:v2.1.0
v2.1.0: Pulling from cache_proxy-hub-docker/goharbor/redis-photon
b2823a5a3d08: Pull complete
...omitted...
369af38cd511: Pull complete
Digest: sha256:11bf4d11d81ef582401928b85aa2e325719b125821a578c656951f48d4c716be
Remember, for something like docker pull ngninx
, you have to do it as if it were actually library/nginx
docker pull harbor.mydomain.com/cache_proxy-hub-docker/library/nginx
Using default tag: latest
latest: Pulling from cache_proxy-hub-docker/library/nginx
d121f8d1c412: Pull complete
...ommitted...
Digest: sha256:fc66cdef5ca33809823182c9c5d72ea86fd2cef7713cf3363e1a0b12a5d77500
When I look in projects/cache_proxy-hub-docker I see:
- cache_proxy-hub-docker/library/nginx
- cache_proxy-hub-docker/goharbor/redis-photon
Please also remember, the pull command with the prefix, is also going to be what that image will be known as on your machine after the pull. You'll have to retag it to what you're expecting it to really be. That's why the docker daemon solution is so appealing...
Part 2
I ran around on this same issue. Finally, I suspected they didn't implement it this way. That is correct:
https://github.com/goharbor/harbor/issues/8082#issuecomment-698012277
question:
Is there anyway to configure harbor 2.1 as a transparent docker hub mirror? ...
answer:
not at this time ... we couldn't find a good enough solution in 2.1, but this requirement is known to us.
UPDATE
The Harbor blog for v2.1 indicates that they have now fully added this feature. My answer above is accurate for versions prior to 2.1. I haven't personally tested this but I will link the blog post talking about it.
Blog: https://goharbor.io/blog/harbor-2.1/