You can push container images to multiple Container Registry Enterprise Edition instances in different regions at the same time to implement geo-disaster recovery and avoid potential risks.
Prerequisites
Container Registry Enterprise Edition instances are created in at least two different regions. For more information, see Create a Container Registry Enterprise Edition instance.
Procedure
Step 1: Configure a custom endpoint for the instances
Configure the same custom endpoint for the instances in different regions and use the custom endpoint to pull container images in the cluster. For more information, see Use a custom domain name to access a Container Registry Enterprise Edition instance.
Step 2: Configure synchronization rules for the instances
Configure image replication rules for instances in different regions to ensure that core business images exist on instances in different regions. For more information, see Replicate images within same account and Replicate images across accounts.
Step 3: Configure access control lists (ACLs) for the instances
If you want to implement cross-region access over an internal network, you must configure a virtual private cloud (VPC) ACL for the instances. For more information, see Configure a VPC ACL.
NoteTo implement geo-disaster recovery by pulling images over an internal network, you must establish a connection between the instances and the VPC. You can establish the connection between the instances and the VPC by using Cloud Enterprise Network (CEN). For more information, see Obtain the IP addresses that are used to create routing rules.
If you want to implement cross-region access over the Internet, you must enable Internet access for the instances. For more information, see Enable Internet access.
Step 4: Modify the Alibaba Cloud DNS (DNS) resolution setting of the source instance to implement geo-disaster recovery
In this example, Instance A is deployed in the China (Hangzhou) region and Instance B is deployed in the China (Zhangjiakou) region. The following table describes the basic information of Instance A.
Instance ID | Edition | Public endpoint | VPC that is associated with the instance | Custom endpoint |
cri-aaaaa | Basic Edition instances | a-registry.cn-hangzhou.cr.aliyuncs.com | vpc-aaaaa | cross-region.registry.io |
If you cannot pull images from Instance B or push images to Instance B for some reason, you can modify the Alibaba Cloud DNS PrivateZone resolution settings of the custom endpoint of the VPC that is associated with Instance B. This way, you can pull the synchronized image from Instance A across regions. Perform the following operations:
Log on to the Alibaba Cloud DNS console.
In the left-side navigation pane, click Private DNS (PrivateZone).
On the Built-in Authoritative Module tab, enter the custom endpoint
cross-region.registry.io
of Instance A and Instance B to search for zones. Two zones are displayed. Click the zone that is associated with thevpc-bbbbb
VPC.On the Resource Record Settings tab, find the record that you want to edit and click Edit in the Actions column.
In the Modify Record dialog box, configure the parameters. The following tables describe the parameters. Then, click OK.
If you want to implement geo-disaster recovery by pulling images over the Internet
Parameter
Description
Record Type
Select CNAME from the drop-down list.
Hostname
Set this parameter to @.
Record Value
Set this parameter to the public endpoint of Instance A:
a-registry.cn-hangzhou.cr.aliyuncs.com
.TTL
Retain the default value.
If you want to implement geo-disaster recovery by pulling images over an Internal network
Parameter
Description
Record Type
Select A from the drop-down list.
Hostname
Set this parameter to @.
Record Value
Set this parameter to the internal endpoint of Instance A in vpc-aaaaa.
TTL
Retain the default value.