To make sure that a Container Registry Enterprise Edition instance can be accessed from the Internet with security, you must configure a whitelist for the Internet.
Prerequisites
By default, Container Registry Enterprise Edition instances cannot be accessed over the Internet. Therefore, you must enable access over the Internet before you configure the access control policy for Internet access.
Note After you enable access over the Internet, the Classless Inter-Domain Routing (CIDR) block 127.0.0.1/32 is automatically added to the whitelist.
Procedure
- Log on to the Container Registry console.
- In the top navigation bar, select a region.
- In the left-side navigation pane, click Instances.
- On the Instances page, click the required Container Registry Enterprise Edition instance.
- On the management page of the Container Registry Enterprise Edition instance, choose in the left-side navigation pane.
Note If you want to configure access control for Helm charts, choose
.
- On the Access Control page, click the Internet tab.
- On the Internet tab, click Add Internet Whitelist.
- In the Add Internet Whitelist dialog box, specify the CIDR block that is allowed to access the Container Registry Enterprise Edition instance and the description.
- Click OK.
After the CIDR block is added, Elastic Compute Service (ECS) instances whose IP addresses belong to the CIDR block can access the Container Registry Enterprise Edition instance.
Notice You may want to allow all ECS instances to access the Container Registry Enterprise Edition instance over the Internet. To achieve this purpose, you can enable access over the Internet and delete all IP addresses from the whitelist for Internet access. After you perform the preceding operation, the Container Registry Enterprise Edition instance is completely exposed to the Internet and may be attacked. Proceed with caution.