To guarantee secure access to a Container Registry Enterprise Edition instance over the public network, you must configure a whitelist for the public network.

Prerequisites

After a Container Registry Enterprise Edition instance is created, it is inaccessible over the public network by default. Therefore, you must enable access over the public network before configuring the whitelist for the public network.
Note After you enable access over the public network, the Classless Inter-Domain Routing (CIDR) block 127.0.0.1/32 is automatically added to the whitelist.
Enable access over the public network

Procedure

  1. Log on to the Container Registry console. In the top navigation bar, select the target region.
  2. In the left-side navigation pane, choose Enterprise Instances > Instances.
  3. On the Instances page, click the Container Registry Enterprise Edition instance to be configured.
  4. In the left-side navigation pane, choose Repositories > Access Control.
    Note If you want to configure access control for Helm charts, choose Helm Chart > Access Control.
  5. On the Internet tab, click Add Internet Whitelist.
  6. In the Add Internet Whitelist dialog box that appears, enter the CIDR block that is allowed to access the Container Registry Enterprise Edition instance and its description.
  7. Click OK.
    After the CIDR block is added, Elastic Compute Service (ECS) instances in the CIDR block can access the Container Registry Enterprise Edition instance.
    Notice If you want to allow all ECS instances on the public network to access the Container Registry Enterprise Edition instance, enable access over the public network but delete all items from the whitelist. If you do so, the Container Registry Enterprise Edition instance is completely exposed to the public network and may be attacked. Perform this operation with caution.