Disaster recovery for Container Registry Enterprise Edition instances - Container Registry

Push container images to Container Registry Enterprise Edition instances across multiple regions to achieve geo-disaster recovery.

Prerequisites

Create Container Registry Enterprise Edition instances in at least two different regions. For more information, see Create a Container Registry Enterprise Edition instance.

Procedure

Step 1: Configure a custom domain name

Configure the same custom domain name for instances in different regions, and use it to pull container images in your cluster. For more information, see Use a custom domain name to access a Container Registry Enterprise Edition instance.

Step 2: Configure synchronization rules

Configure image synchronization rules between instances in different regions to replicate critical images to each region. For more information, see Replicate images within the same account and Cross-account instance synchronization.

Step 3: Configure access control

To use an internal network for cross-region access, configure VPC access control for the instances. For more information, see Configure a VPC access control list.

Note
To pull images over an internal network for geo-disaster recovery, connect the networks of the instances. You can use Cloud Enterprise Network (CEN) to establish the connection. For more information, see Access Enterprise Edition instances across regions or from an IDC.
To use the Internet for cross-region access, enable Internet access for the instances. For more information, see Configure public access control.

Step 4: Fail over by modifying DNS resolution

This example uses two instances: Instance A in the China (Hangzhou) region and Instance B in the China (Zhangjiakou) region.

Instance ID	Edition	Public endpoint	Associated VPC	Custom domain name
cri-aaaaa	Basic Edition	a-registry.cn-hangzhou.cr.aliyuncs.com	vpc-aaaaa	cross-region.registry.io

If Instance B in China (Zhangjiakou) becomes unavailable, fail over to Instance A by modifying the Private Zone record for your custom domain name. This redirects requests from the VPC of Instance B to Instance A, allowing clients to pull replicated images across regions.

Log on to the Alibaba Cloud DNS console.
In the navigation pane on the left, choose Private Zone.
On the Authoritative Zone tab, search for the zone name cross-region.registry.io, which is the custom domain name for both instances. In the search results, click the zone associated with vpc-bbbbb.
On the Settings tab, find the desired resource record and click Modify in the Actions column.

In the Modify Record dialog box, configure the parameters and click Confirm.

To perform the failover over the Internet

Parameter	Configuration
Record Type	Select CNAME.
Hostname	Set to @.
Record Value	Enter the public endpoint for Instance A: `a-registry.cn-hangzhou.cr.aliyuncs.com`.
TTL	Use the default value.

To perform the failover over an internal network

Parameter	Configuration
Record Type	Select A.
Hostname	Set to @.
Record Value	Enter the private IP address of Instance A in `vpc-aaaaa`.
TTL	Use the default value.