Hi,

I'm a bit confused about how the Proxy Cache works for Harbor to Harbor use case.
We have a central Harbor installation (Everything is installed, images, users, Authentication and Authorization).
We want to use this harbor installation as a Hub installation, which means that many spokes (other network locations) should have access and pull images from it.

We do not want to open network flows from all the clients to the Harbor main installation (Main endpoint), instead we want to deploy cache locations on every site. We wan to achieve this:

• Client pull image from CacheLocation Endpoint
• The Cache Location pull the image from the central installation

Question: How the authentication works ? Will the cache location makes a passthrough authentication (The central Harbor installation will handle the Auth/Authorization phase) or we need to configure the Authorization (Users, RBAC...) on the cache harbor installation too.

Thanks

Maybe you can setup a central Harbor (main endpoint in your words) which contains all images and then deploy several edge Harbor (cacheLocation endpoint in your words).

Then in every edge Harbor, you will need to add central Harbor as an registry endpoint with Auth to this central Harbor.

Also you need to create a project with Proxy Cache turned on in the edge Harbor.

You can manage RBAC through Users section and Members tab.

The proxy cache project doesn't hand over the authentication to the upstream server, the proxy cache project just use the credential stored in registry configuration to access the the upstream registry