With the cloud-native application delivery chain feature of Container Registry, you can freely combine tasks such as image building, image security scanning, image synchronization, and image distribution in a single delivery chain. The cloud-native delivery chain is fully observable, traceable, and configurable. This topic describes how to create a delivery chain so that you can build, scan, synchronize, and distribute images around the world only by submitting source code changes.

Prerequisites

An image repository is created. For more information, see Build a repository.

Step 1: Configure basic information

Create a delivery chain and configure basic information about the delivery chain.

  1. Log on to the Container Registry console. In the top navigation bar, select the target region.
  2. In the left-side navigation pane, choose Enterprise Instances > Instances.
  3. On the Instances page, click the Container Registry Enterprise Edition instance to be configured.
  4. In the left-side navigation pane, choose Delivery chain > Delivery chain.
  5. On the page that appears, click Create delivery chain in the upper-left corner.
  6. In the Create delivery chain dialog box, set the following parameters:
    • Name
    • Description: This parameter is optional.
    • Scope: Select a namespace and an image repository in the namespace.
  7. Click Next.
  8. On the page that appears, click the Image Building icon. In the Task configuration section, add or modify an image building rule.

Step 2: Configure image building rules

After you configure image building rules, images are automatically built in the image repository based on the rules.

  1. In the wizard of creating a delivery chain, click the Image Building icon.
  2. In the Task configuration section, add or modify image building rules.
    • To add a rule, click Add Build Rule. The Add Build Rule dialog box appears.
    • To modify a rule, click Modify for the rule. The Modify dialog box appears.
    The dialog boxes contain the following parameters:
    • Type: Select a type for the source code repository. Valid values: Branch and Tag.
    • Code Branch/Tag: Set the code branch for building images.
    • Dockerfile Directory: Set the directory for storing the Dockerfile.
      Note The specified directory is a relative directory, with the root directory of the code branch as its parent directory.
    • Dockerfile Filename: Set the Dockerfile file name. Default value: Dockerfile.
    • Tag: Set a tag for the image, for example, latest.
  3. Click OK.
    In the Task configuration section, you can view the added or modified image building rules.

Step 3: Configure image security scanning

Image security scanning guarantees that images are safe to synchronize and distribute.

  1. In the wizard of creating a delivery chain, click the Security Scan icon.
  2. In the Node configuration section, configure the blocking rule.
    • Blocking: You must set the Vulnerability Severity and Number of vulnerabilities parameters to define the blocking rule.

      If an image meets conditions defined in the blocking rule, the system stops performing follow-up steps for the image. Otherwise, the system proceeds with follow-up steps.

    • Non-blocking: The system proceeds with follow-up steps for all images.

Step 4: Configure image synchronization rules

After you configure image synchronization rules, updated images are automatically synchronized between Container Registry Enterprise Edition instances based on the rules.

  1. In the wizard of creating a delivery chain, click the Trigger Synchronization icon.
  2. In the Task configuration section, click Create Rule.
  3. In the Create Rule dialog box, enter the rule name and configure the Container Registry Enterprise Edition instance to which you want to synchronize images.
    • If the Container Registry Enterprise Edition instance exists, select it in the target region.
    • If the Container Registry Enterprise Edition instance does not exist, click Create Instance to create it. For more information, see Create a Container Registry Enterprise Edition instance.
    Note If access over the public network is disabled, images can be automatically synchronized between regions.
  4. Click Next to go to the page for configuring synchronization information.
  5. Configure the images to be synchronized on the source instance.
    1. Set the Replication Level parameter.
      • Namespace: All images in the specific namespace of the source instance are synchronized.
      • Repository: Only images in the specific repository are synchronized.
    2. Select the namespace of the source instance to be synchronized.
    3. Optional: If the Replication Level parameter is set to Repository, select the source repository.
    4. Enter a regular expression for filtering repository versions. By default, all repository versions are synchronized.
  6. Click Create Rule.
    In the Task configuration section, you can view the newly created image synchronization rules.

Step 5: Configure distribution triggers

You can configure distribution triggers to automatically distribute images so that applications can be automatically redeployed.

  1. In the wizard of creating a delivery chain, click the Distribution Trigger icon.
  2. In the Task configuration section, click Create.
  3. In the Create Trigger dialog box, enter the trigger name.
  4. Enter the URL to which the distribution trigger sends notifications.
  5. Set the Trigger parameter.
    • Every time: All images are distributed.
    • Expression trigger: Only images matching the preset regular expression are distributed.
    • Tag triggers: Only images with the selected tags are distributed.
  6. Click OK.
    In the Task configuration section, you can view the newly created distribution triggers.
  7. In the Create delivery chain dialog box, click OK.

Result

On the Delivery chain page, you can view the newly created delivery chain.

What to do next

After source code is updated in the code repository, log on to the Container Registry Enterprise Edition instance, choose Delivery chain > Record in the left-side navigation pane, and then click Details in the Actions column of the target delivery chain. You can view the running status and result of each step. Finally, the images are updated in the Kubernetes cluster.