If you want to extend the features of images of Personal Edition instances, such as security scanning, image replication, and image acceleration, you can use the image import feature. The feature allows you to import images from Personal Edition instances to Enterprise Edition instances without using external tools.
Precautions
The system automatically creates a service-linked role named AliyunServiceRoleForContainerRegistryConnectCustomerVPC when you import images in Alibaba Cloud public cloud. This role allows Container Registry to transfer image data through your virtual private cloud (VPC), which accelerates the import process.
NoteFor more information about the service-linked role AliyunServiceRoleForContainerRegistryConnectCustomerVPC, see Service-linked roles for VPC access.
After you import an image from a Personal Edition instance to an Enterprise Edition instance, you need to use a domain name of the Enterprise Edition instance to access the Enterprise Edition instance. If you want to use a domain name of the Personal Edition instance to access the Enterprise Edition instance, you must enable the feature of supporting domain names of Personal Edition instances for the Enterprise Edition instance. For more information, see Use the domain name of a Personal Edition instance to access an Enterprise Edition instance.
Description
You can still use your Enterprise Edition and Personal Edition instances during the import process.
You can import all information about namespaces and repositories, including the namespace name, whether repositories can be automatically created in the namespace, the default repository type, the repository name, and the repository type.
You can import a specified number of latest uploaded images in each repository from the Personal Edition instance to the Enterprise Edition instance. You can use regular expressions to filter the images that you want to import.
You can import image building configurations, including building rules and information about the source code that is bound to the repositories. You cannot import building records.
Step 1: Bind a VPC to the Enterprise Edition instance
Skip this step if you have bound a VPC to your Container Registry Enterprise Edition instance in the Container Registry console and a security group whose inbound rule opens TCP port 443 has been created. Skip this step if you use Alibaba Finance Cloud or Alibaba Gov Cloud.
Create a VPC, vSwitch, and security group in the region where the Enterprise Edition instance is located. The inbound rule of the security group must open TCP port 443 of the VPC CIDR block. For more information, see the "Create a VPC and a vSwitch" section of the Create and manage a VPC topic, the "Create a vSwitch" section of the Create and manage a vSwitch topic, and Create a security group.
Log on to the Container Registry console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Instances.
On the Instances page, click the Enterprise Edition instance that you want to manage.
In the left-side navigation pane of the management page of the Container Registry Enterprise Edition instance, choose .
On the VPC tab, click Add VPC.
In the Add VPC dialog box, select a VPC and a vSwitch, and click Confirm.
The VPC is added. Wait until the status of the VPC changes from Creating to Running.
The VPC and vSwitch that are bound to the Enterprise Edition instance must reside in a zone that supports the Personal Edition image import feature. The following table lists the zones that support the feature.
Cloud type | Region | Supported zone |
Alibaba Cloud public cloud | China (Beijing) |
|
China (Hangzhou) |
| |
China (Shenzhen) |
| |
China (Shanghai) |
| |
China (Zhangjiakou) |
| |
China (Hong Kong) |
| |
Singapore |
| |
Indonesia (Jakarta) |
| |
US (Virginia) |
| |
US (Silicon Valley) |
| |
UK (London) |
| |
Germany (Frankfurt) |
| |
Japan (Tokyo) |
| |
Australia (Sydney) Closing Down |
| |
China (Chengdu) |
| |
China (Heyuan) |
| |
Alibaba Finance Cloud | China (Hangzhou) |
|
(Optional) Step 2: Bind a source code hosting platform to the Enterprise Edition instance
Bind the source code hosting platform that is already bound to the Personal Edition instance to the Enterprise Edition instance. For more information, see Bind a source code hosting platform. Skip this step if you do not need to migrate image building configurations.
Step 3: Create an import rule
Log on to the Container Registry console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Instances.
On the Instances page, click the Enterprise Edition instance that you want to manage.
In the left-side navigation pane of the management page of the Container Registry Enterprise Edition instance, choose .
On the Image Import page, configure the import rule parameters and then click Confirm.
Parameter
Description
VPC
To accelerate the image import process, you must use VPCs. If a VPC is added, Bound is displayed on the right side of the VPC parameter. If no VPC is added, Unbound is displayed on the right side of the VPC parameter.
Source
The type of the source from which images are imported. You can import images from Object Storage Service (OSS) buckets or Container Registry Personal Edition instances. In this example, Instance of Personal Edition is selected.
Region
The region of the source. Select the region in which your Personal Edition instance resides.
Namespace
The name of the namespace from which you want to import images.
Select Images
Specifies the method to select the images that you want to import.
You can specify the number of latest images that you want to import from each repository. Valid values: 0 to 1000. A value of 0 indicates that no images are imported.
You can specify a regular expression to filter a specified number of latest images. By default, all latest images are imported. A value of release-v.* indicates that only images whose tag names contain the prefix release-v are imported.
Overwrite Image
Specify whether to overwrite the existing image in the Enterprise Edition instance that has the same tag as the image of the Personal Edition instance but has different digest information. By default, the existing image is overwritten.
In the Import Rules section, click Trigger Task.
In the Tips dialog box, click OK.
If Success is displayed in the Results column, images are successfully imported from the Personal Edition instance to the Enterprise Edition instance.
NoteIf The verification failed is displayed in the Results column, the import task failed. You can hover over The verification failed to check the cause of failure.
What to do next
View import task details
On the Image Import page, select the import task that you want to manage and click Details in the Actions column. On the import task details page, you can view the total amount of imported data (GB), the current transmission speed (MB/s), the total number of images, the number of images imported from each repository, the number of images that are successfully imported, the number of images that failed to be imported, and the cause of failure.
Update the import rule
On the Image Import page, click Update Rule in the Import Rules section. In the Update Import Rule dialog box, modify the rule and click Confirm. Click Import Again. In the Tips dialog box, click OK to import images based on the updated rule.
References
You can use the secret-free component provide by Container Service for Kubernetes (ACK) to pull the images. For more information, see Use the aliyun-acr-credential-helper component to pull images without using a secret.