You can connect a data center to a virtual private cloud (VPC) in Alibaba Cloud by using VPN Gateway, an Express Connect circuit, and Smart Access Gateway. This allows servers in the data center to access Container Registry Enterprise Edition instances. The servers in the data center can push images to and pull images from Container Registry Enterprise Edition instances. This topic describes how to access a Container Registry Enterprise Edition instance from a data center.

Prerequisites

Obtain the IP addresses that are used to create routing rules

You need to obtain the IP addresses of the Object Storage Service (OSS) bucket that is used as the backend storage, Container Registry Enterprise Edition instance, and authentication service in the VPC. You can create routing rules in the data center based on the obtained IP addresses.

  1. Obtain the following three domain names:
    • The domain name of the OSS bucket in the VPC.

      The domain name of an OSS bucket in a VPC is in the format of ${InstanceId}-registry.oss-${RegionId}-internal.aliyuncs.com.

      Note If you use a custom OSS bucket, the domain name is in the format of ${CustomizedOSSBucket}.oss-${RegionId}-internal.aliyuncs.com.
    • The domain name of the Container Registry Enterprise Edition instance in the VPC.

      The default domain name of a Container Registry Enterprise Edition instance in a VPC is in the format of ${InstanceName}-registry-vpc.${RegionId}.cr.aliyuncs.com.

    • The domain name of the authentication service in the VPC.
      Run the following command to obtain the domain name of the authentication service in the VPC:
      curl -vv https://${InstanceName}-registry-vpc.${RegionId}.cr.aliyuncs.com/v2/
      Authentication service
  2. Obtain the IP addresses that are used to create routing rules.
    On an ECS instance in the VPC, ping the domain names that you obtained in Step 1 to obtain the IP addresses.
    Note After you obtain the IP addresses, you can create routing rules based on these IP addresses. The method of creating routing rules varies with the data center type. Create routing rules based on the type of your data center.

Verify the access to the Container Registry Enterprise Edition instance from the data center

Run the docker login command to log on to an image repository in Container Registry. Then, run the docker pull command to pull an image to the data center.
Note For more information about how to push and pull images, see Use a Container Registry Enterprise Edition instance to push and pull images.
Pull an image

If the progress bar for pulling the image is displayed, the access configuration is valid and takes effect.