Container Registry provides the cloud-native application delivery chain feature. This feature allows you to freely combine tasks such as image building, image security scanning, image synchronization, and image distribution in a single delivery chain. The cloud-native delivery chain can be fully observable, traceable, and secured. This topic describes how to create a delivery chain so that you can build, scan, synchronize, and distribute images around the world only by submitting source code changes.

Step 1: Configure basic information

  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Instances.
  4. On the Instances page, click the required Container Registry Enterprise Edition instance.
  5. On the management page of the Container Registry Enterprise Edition instance, choose Delivery Chain > Chain in the left-side navigation pane.
  6. In the upper-left corner of the Chain page, click Create Delivery Chain.
  7. On the Create Delivery chain page, set the following parameters:
    • Name
    • Description: optional.
    • Scope: Select a namespace and an image repository in the namespace.

Step 2: Configure image building rules

  1. On the Create Delivery Chain page, click the Image Building icon.
  2. In the Chain section, create or modify image building rules.
    • To create a rule, click Add Build Rule. In the Add Build Rule dialog box, set parameters.
    • To modify a rule, find the rule and click Modify in the Actions column. In the Modify dialog box, modify parameters.
    The dialog boxes contain the following parameters:
    • Type: The type of the source code repository. Valid values: Branch and Tag.
    • Code Branch/Tag: The code branch that is used to build images.
    • Dockerfile Directory: The directory where the Dockerfile is stored.
      Note The specified directory is a relative directory, with the root directory of the code branch as its parent directory.
    • Dockerfile Filename: The name of the Dockerfile. Default value: Dockerfile.
    • Tags: The tag of the image, for example, latest.
  3. Click Confirm.
    Note

    After you configure image building rules, images are automatically built in the image repository based on the rules.

    In the Chain section, you can view the created or modified image building rules.

Step 3: Configure the blocking rule for image security scanning

Image security scanning ensures the security when images are synchronized and distributed.

  1. On the Create Delivery Chain page, click the Security Scan icon.
  2. In the Node configuration section, configure the blocking rule.
    • Blocking: You must set the Vulnerability Severity and Number of vulnerabilities parameters to define the blocking rule.

      If an image meets the conditions that are defined in the blocking rule, the system stops performing follow-up steps for the image.

    • Non-blocking: The system proceeds with follow-up steps for all images.

Step 4: Configure image synchronization rules

After you configure image synchronization rules, updated images are automatically synchronized between Container Registry Enterprise Edition instances based on the rules.

  1. On the Create Delivery Chain page, click the Trigger Synchronization icon.
  2. In the Chain section, click Create Rule.
  3. In the Create Rule dialog box, enter a rule name, configure the destination Container Registry Enterprise Edition instance, and then click Next.
    Note If access over the Internet is disabled, images can be automatically synchronized between regions.
  4. In the Replication Information step, configure the synchronization information of the source instance.
    1. Set the Replication Level parameter.
      • Namespace: All images in the specific namespace of the source instance are synchronized.
      • Repository: Only images in the specific repository are synchronized.
    2. Select the namespace of the source instance to be synchronized.
    3. Optional:If the Replication Level parameter is set to Repository, select the source repository.
    4. Enter a regular expression to filter image tags in the repository. By default, all image tags are synchronized.
  5. Click Create Rule.
    In the Chain section, you can view the created image synchronization rules.

Step 5: Configure distribution triggers

You can configure distribution triggers to automatically distribute images so that applications can be automatically redeployed.

  1. On the Create Delivery Chain page, click the Distribution Trigger icon.
  2. In the Chain section, click Create.
  3. In the Create Trigger dialog box, enter the trigger name.
  4. Enter the URL to which the distribution trigger sends notifications.
  5. Set the Trigger parameter.
    • All: All images are distributed.
    • By RegExp: You need to enter a regular expression to filter images. Only images that match the regular expression are distributed.
    • By Tags: Select image tags. Only images with the selected tags are distributed.
  6. Click Confirm.
    In the Chain section, you can view the created distribution triggers.
  7. On the Create Delivery Chain page, click Create.

Result

On the Chain page, you can view the created delivery chain.

After source code is updated in the code repository, you can log on to the Container Registry Enterprise Edition instance and go to the Record page. On this page, you can view the status and result of each step in the delivery chain. Finally, you can verify that the images are updated in the Kubernetes cluster.