Mirroring container images from Docker Hub?

Hi all, I’ve been wondering: do some people mirror container images from Docker Hub?

I’m thinking of a situation where I have an application deployed using a container image from Docker Hub, say node as an example but could be anything, and then some day that image isn’t available. It’s been taken down from Docker Hub for whatever reason.

Or perhaps the tagged version I’m using has been removed.

Or perhaps the tagged version has been replaced - and suddenly the tagged version that I’ve tied myself to and tested my app against is now different and could break my app.

Should I be mirroring these images into my own container registry and deploying from there in order to mitigate these risks?

Definitely yes.
In addition, you could face problems due to Docker Hub pull limits.

Good point also - not something I’ve hit yet, but another good reason to mitigate

I already use a container registry for my own images (in GitLab), so putting in place something to mirror the container images I need to there should be fairly straightforward I think.

You can install https://github.com/ContainerSolutions/trow inside your cluster and use it as a registry cache so you don’t have to pull all the time

Thanks, I’ll take a look at that

If you use GitLab already and the concern mostly is the rate limit, then you may want to check out the integrated GitLab dependency proxy which caches images for you. For anything else a custom mirror is a good way to go (using something like the above mentioned Trow or any other solution).

This is a great project also: https://github.com/estahn/k8s-image-swapper

Thanks for all the suggestions - this is not an area that I’ve considered much in the past, but I’ll look into these options. It’s all interesting stuff