All Products
Search

This Product

    Container Registry:Obtain IP addresses to configure a routing rule and implement access to a Container Registry Enterprise Edition instance across regions or from a data center

    Document Center

    Container Registry:Obtain IP addresses to configure a routing rule and implement access to a Container Registry Enterprise Edition instance across regions or from a data center

    Last Updated:Jan 21, 2025

    If you want to access a Container Registry Enterprise Edition instance across regions or from a data center to push or pull images, make sure that the virtual private cloud (VPC) of the access source and the VPC of the Container Registry Enterprise Edition instance are connected. This topic describes how to obtain IP addresses that are used to configure a routing rule and implement cross-region image pushes and pulls.

    Scenarios

    • Access a Container Registry Enterprise Edition instance from a data center: You can use VPN Gateway, Express Connect circuits, and Smart Access Gateway to connect the VPC of the data center to the VPC of the Container Registry Enterprise Edition instance.

    • Access a Container Registry Enterprise Edition instance across regions: You can use Cloud Enterprise Network (CEN) to connect the VPC of the access source to the VPC of the Enterprise Edition instance across regions.

    Prerequisites

    • Elastic Compute Service (ECS) instances in the VPC can access the Container Registry Enterprise Edition instance. For more information, see Configure a VPC ACL.

    • If you want to access a Container Registry Enterprise Edition instance from a data center, you must connect the VPC of the data center to the VPC of the Enterprise Edition instance. For more information, see Connect a data center to a VPC.

    • If you want to access a Container Registry Enterprise Edition instance across regions, you must connect the VPC of the access source to the VPC of the Enterprise Edition instance across regions. For more information, see Connect VPCs in different accounts.

      Important

      • Basic Edition transit routers do not support cross-region routing. Use Enterprise Edition transit routers for cross-region routing.

      • If you want to pull images from multiple regions, we recommend that you create multiple Container Registry Enterprise Edition instances in these regions and use the global replication capability of Enterprise Edition instances to replicate images. For more information, see Replicate images within the same account.

    Obtain the IP addresses that are used to create a routing rule

    You must obtain the IP addresses of the Object Storage Service (OSS) bucket that is used as the backend storage, Container Registry Enterprise Edition instance, and authentication service in the VPC. You can create a routing rule in the data center based on the obtained IP addresses.

    1. Obtain the following endpoints:

      Important

      Make sure that the IP addresses of the following endpoints do not conflict with the IP addresses of existing services in the access source. Otherwise, the services in the access source cannot be accessed.

      • The endpoint of the OSS bucket in the VPC. For more information about internal endpoints of OSS buckets, see Internal OSS endpoints and VIP ranges.

        The endpoint of an OSS bucket in a VPC is ${InstanceId}-registry.oss-${RegionId}-internal.aliyuncs.com.

        Note

        If you use a custom OSS bucket, the endpoint of the OSS bucket is ${CustomizedOSSBucket}.oss-${RegionId}-internal.aliyuncs.com.

      • The endpoint of the Container Registry Enterprise Edition instance in the VPC.

        The default endpoint of a Container Registry Enterprise Edition instance in a VPC is ${InstanceName}-registry-vpc.${RegionId}.cr.aliyuncs.com.

      • The endpoint of the authentication service in the VPC.

        Run the following command to obtain the endpoint of the authentication service in the VPC: 

        curl -vv https://${InstanceName}-registry-vpc.${RegionId}.cr.aliyuncs.com/v2/

        77274699-B325-4a55-ACC0-D23719E29AF8.png

    2. Obtain the IP addresses that are used to create a routing rule.

      Ping the endpoints that you obtained in step 1 on an ECS instance in the VPC to obtain the IP addresses.

      Note

      • After you obtain the IP addresses, you can create a routing rule based on the IP addresses. The method that is used to create routing rules varies based on the data center type. Create a routing rule based on the type of your data center.

      • The configurations for cross-region routing may incur costs. For more information, consult the technical support of the network service that you use.

    Check the access to the Container Registry Enterprise Edition instance from the data center or across regions

    Run the docker login command to log on to the image repository, and then run the docker pull command to pull an image of the Container Registry instance from the data center.

    Note

    For more information about how to push and pull images, see Use a Container Registry Enterprise Edition instance to push and pull images.

    拉取镜像

    You can view the image pull progress bar, which indicates that you can access the Container Registry Enterprise Edition instance after the VPCs are connected.