Docker Hub: Provide pull through cache in private registries

[joshriverscambia2019]

As a business customer, I would like to consolidate image lifecycle management to rely on Docker Hub. This is already well supported for privately created images as well as those published to the public Docker Hub and allowed by my organization. I would like to also use Image Access Management to control access to images pulled from other public sources (gcr, ghcr, gitlab, ecr, quay, etc.).

I imagine this would be provided by allowing Docker Hub repositories to be configured as automated mirrors or pull through caches of images sourced on other public registries. The mirrored or cached images could then be controlled by organization policies and would be reliably available in the event of an outage for those foreign registries.

This is a request for Docker Hub paid plans.

Currently I need to use other registry hosting solutions or self-host in order to manage my public image sources. I cannot consolidate on Docker Hub. It is possible to manually mirror external images into private repositories, but this seems to require a regularly run mirroring system to scan for updates and retag and re-push them to private Docker Hub repositories.

I believe this general feature would also resolve https://github.com/docker/roadmap/issues/117