Add the concept of "group" or "virtual" repositories

[titou10titou10]

Is your feature request related to a problem? Please describe.

Harbor is used as our private docker repository
We want to only allow users to access one repository, where all images will be scanned for security before being deployed (We use OpenShift and Kubernetes)
For this, Artifactory and Nexus have the concept of "virtual + remote" repository (Artifactory) or "group + proxy" repositories (Nexus)
Those repositories are a logical grouping of many local or remote repositories. In our case it would be:

• local repo (harbor)
• docker hub (remote repo)
• quay (remote repo)
• any other docker repo
  One local repo may be selected as the target of push requests when done on the virtual repo

When a pull is done on this kind of repository, harbor has to try to fetch the image from the first repo, then the second etc and store it locally if coming from a remote repo
When a push is performed, the image is stored in the repository selected as the "push" repo

Currently Harbor does not implement the notion of "vitrual" nor "remote" repositories

The main benefit is that we can enforce that all the images are pulled only from harbor, and so we are sure that all the images used by anyone is scanned by clair in harbor before being deployed

Additional context

Obviously , Harbor has to implement the notion of "remote" or "proxy" repository for this to work before implementing the notion of "virtual" or "group" repo

Usefull links:
Artifactory virtual repositories
Artifactory remote repositories
Nexus group repositories
Nexus proxy repositories

[xaleeks]

@titou10titou10 this has been discussed several times internally and like you said it depends on a) proxy and b)better resource management so it acts as a fast network switch, all the while hiding all of this from the end user so no reconfiguration is needed. If you are interested in being more involved in this discussion, ping me xalex@vmware.com

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[xaleeks]

please track progress here: #8082 I'm closing this to keep issues from blowing up. @titou10titou10

[mpohle-transporeon]

Are there any news? Is this feature already implemented?

[dioguerra]

This is implemented already. But you only have a one to one match between local and remote.

[mmontesi]

Is there any way to get the same result you can achieve with Nexus groups?
I haven't found this feature in the roadmap as well.
Having a single access point to all repositories is mandatory for my company and this lack is preventing Harbor adoption.
Does anyone have a workaround?

[AurelPaulovic]

I would also like Harbor to support this feature.