About the Replicated Proxy Service
This topic describes how the Replicated proxy service can be used to grant proxy access to your application's private images.
Overview
If your application images are available in a private image registry exposed to the internet such as Docker Hub or Amazon Elastic Container Registry (ECR), then the Replicated proxy service can grant proxy, or pull-through, access to the images without exposing registry credentials to your customers. When you use the proxy service, you do not have to modify the process that you already use to build and push images to deploy your application.
To grant proxy access, the proxy service uses the customer licenses that you create in the Replicated vendor portal. This allows you to revoke a customer’s ability to pull private images by editing their license, rather than having to manage image access through separate identity or authentication systems. For example, when a trial license expires, the customer's ability to pull private images is automatically revoked.
The following diagram demonstrates how the proxy service pulls images from your external registry, and how deployed instances of your application pull images from the proxy service:
View a larger version of this image
About Enabling the Proxy Service
The proxy service requires read-only credentials to your private registry to access your application images. See Connecting to an External Registry.
After connecting your registry, the steps the enable the proxy service vary depending on your application deployment method. For more information, see: