I am experimenting with Sonatype Nexus 3 OSS in my company so we can have hosted and proxy docker repositories. And in a proxy repository, that proxies to an upstream repo, we are trying to filter what can be pulled, through the proxy repo, from the upstream repo.
The Routing Rule feature, as described in the docs, seem like they do just that.
There's a docker image with 2 tags that exist in the upstream repo, that I can pull via the proxy repo, using these commands:
docker image pull [proxy repo DNS addres]/dkr/asso/asso-app:k8-feature-gtl-zoner
docker image pull [proxy repo DNS addres]/dkr/asso/asso-app:d82fa665
I can try both commands, and both tags will get pulled as expected.
The routing rule configuration screen lets me test the rules. They pass the test. One docker tag is accepted, the other is not.
testing routing rule 1 testing routing rule 2
But then I save and associate this routing rule to the proxy repo, and try again downloading the docker images. But both images get error:
Error response from daemon: unauthorized: access to the requested resource is not authorized
Nothing at all, actually, can be pulled from the proxy repository.
And there's another problem. I cannot undo the association between the routing rule and the repo. I go to repo setup. Routing rule. The routing rule name is there. Choose "none". Save. Go back to the repo setup screen. The routing rule is still there.
I tried in a different repo, with different routing rule and different images. Same issue. Tried deleting the Nexus installation and starting over from scratch. Same issue.
My setup:
Nexus OSS 3.41.1-01
Running on Kubernetes (AWS EKS) cluster version 1.21, with a persistent volume for folder /nexus-data
