When applications in Account A need to pull images from Container Registry Enterprise Edition instances owned by Account B, routing traffic over the public internet increases latency and exposes image transfers to external networks. The VPC sharing feature lets multiple Alibaba Cloud accounts create resources in a shared, centrally managed virtual private cloud (VPC), so Account A can pull images from Account B's Enterprise Edition instances entirely over the private network.
Prerequisites
Before you begin, make sure you have:
-
Alibaba Cloud DNS PrivateZone activated for Account A. PrivateZone is a billable service — see Billing for pricing. If not already activated, activate PrivateZone.
-
Container Registry granted access to PrivateZone. If not already done, complete RAM Quick Authorization for Account A.
-
An Enterprise Edition instance in Account B. If not already created, see Create a Container Registry Enterprise Edition instance.
-
The VPC in Account A shared with Account B. If not already shared, see Resource owner enables VPC sharing.
Limitations
VPC sharing has specific constraints that apply to cross-account access. Review the VPC sharing limitations before proceeding.
Configure cross-account VPC access for an Enterprise Edition instance
Perform all steps in this section using Account B — the account that owns the Enterprise Edition instance.
-
Log on to the Container Registry console.
-
In the top navigation bar, select a region.
-
In the left-side navigation pane, click Instances.
-
On the Instances page, click the Enterprise Edition instance you want to configure.
-
In the left-side navigation pane of the instance management page, choose Repository > Access Control.
-
On the VPC tab of the Access Control page, click Add VPC.
-
In the Add VPC dialog box, select the VPC and vSwitch that belong to Account A, then click Confirm. Wait until the Status of the VPC and vSwitch changes to Running.
Next steps
For more information about the VPC sharing feature, see VPC sharing.