The domain name compatibility feature lets you use Personal Edition instance domain names to access an Enterprise Edition instance — without retagging or redeploying your images. Traffic is routed to the Enterprise Edition instance based on the namespace name, so existing Kubernetes manifests, CI/CD pipelines, and deployment scripts continue to work unchanged.
Prerequisites
Before you begin, ensure that you have:
-
A Container Registry Enterprise Edition instance. For more information, see Create a Container Registry Enterprise Edition instance
-
Migrated your images from the Personal Edition instance to the Enterprise Edition instance. For more information, see Import images from a Personal Edition instance to an Enterprise Edition instance
-
The Enterprise Edition instance added to the whitelist. To apply, submit a ticket
Limitations
-
The feature can be enabled for only one Enterprise Edition instance per region.
-
Pulling third-party images by using a Personal Edition domain name only works for public images. Private images hosted by third parties on the Personal Edition instance are not accessible.
-
If the Enterprise Edition instance has a namespace with the same name as a namespace in the Personal Edition instance, images in the Personal Edition namespace cannot be pulled. Avoid using ACK-specific strings such as
acsas namespace names in your Enterprise Edition instance — this can break access to official Container Service for Kubernetes (ACK) container images. -
To use a public domain name of the Personal Edition instance, you must manually configure domain name resolution. The VPC private domain name is resolved automatically.
-
If a RAM user needs to log in to the Enterprise Edition instance and pull images, configure access credentials on the Enterprise Edition instance and grant the RAM user permissions on the corresponding resources. For more information, see RAM authentication rules.
Choosing the right access method
| Scenario | Domain name compatibility feature | Enterprise Edition endpoints |
|---|---|---|
| Images are used at scale in environment building, project coding, and application deployment. The building and distribution environments are fixed, so one-time DNS configuration is low-cost. | Recommended | Not recommended |
| The image distribution environment is complex (for example, images are shared with third parties), making domain name resolution configuration costly. | Not recommended | Recommended |
| You need to access private images that other users host on a Personal Edition instance in the same region. | Not recommended | Recommended |
How it works
The Personal Edition domain name resolves to the public or VPC endpoint of the Enterprise Edition instance.
On Alibaba Cloud (VPC): Alibaba Cloud DNS PrivateZone (PrivateZone) automatically adds the VPC domain name of the Personal Edition instance to a zone and resolves it to the VPC endpoint of the Enterprise Edition instance. Use the VPC domain name — it requires no manual configuration.
On Alibaba Cloud (public): PrivateZone does not automatically resolve the public domain name. You must configure PrivateZone manually to resolve the public domain name to the public endpoint of the Enterprise Edition instance.
On premises: Configure your local DNS to resolve the Personal Edition domain name to the Enterprise Edition endpoint. When images are pushed or pulled, traffic is routed based on the namespace name. If the namespace exists in the Enterprise Edition instance, traffic goes to the Enterprise Edition instance; otherwise, it falls through to the Personal Edition instance.
Domain name reference
From September 9, 2024, Container Registry adjusts endpoints of Personal Edition instances. For more information, see Limits on new Personal Edition instances.
Personal Edition instance domain names — China (Hangzhou) region:
| Type | Domain name |
|---|---|
| Public domain name (aliyun.com) | registry.cn-hangzhou.aliyuncs.com |
| Private domain name (aliyun.com) | registry-vpc.cn-hangzhou.aliyuncs.com |
| Public domain name (alibabacloud.com) | registry-intl.cn-hangzhou.aliyuncs.com |
| Private domain name (alibabacloud.com) | registry-intl-vpc.cn-hangzhou.aliyuncs.com |
Enterprise Edition instance domain names — China (Hangzhou) region:
| Type | Domain name |
|---|---|
| Default public domain name | <instance-name>-registry.cn-hangzhou.cr.aliyuncs.com |
| Default private domain name | <instance-name>-registry-vpc.cn-hangzhou.cr.aliyuncs.com |
| Custom domain name | Any registered domain name |
Step 1: Enable the domain name compatibility feature
Before enabling the feature, submit a ticket to add the Enterprise Edition instance to the whitelist.
-
Log on to the Container Registry console.
-
In the top navigation bar, select a region.
-
On the Instances page, click the Enterprise Edition instance you want to manage.
-
In the left-side navigation pane, choose Repository > Domain.
-
On the Domain page, turn on Support Personal Edition Instance Domains.
-
In the Configure Resolution dialog box, select Confirm to Enable the feature of supporting personal edition instance domains, and then click Confirm.
After the feature is enabled, the public and private domain names of the Personal Edition instance appear on the Domain page. For example, in the China (Hangzhou) region, you will see registry.cn-hangzhou.aliyuncs.com (public) and registry-vpc.cn-hangzhou.aliyuncs.com (private).
Enabling the feature takes a few seconds. During this time, the namespace and network access control features are unavailable.
Step 2: Configure domain name resolution
How you configure domain name resolution depends on which domain name type you use.
VPC private domain name (recommended)
No action needed. PrivateZone automatically resolves the VPC private domain name of the Personal Edition instance to the VPC endpoint of the Enterprise Edition instance.
Public domain name
Configure resolution manually:
-
Add your local host's CIDR block to the public endpoint whitelist and get the public domain name of the Personal Edition instance.
-
Log on to the Container Registry console.
-
In the top navigation bar, select a region.
-
In the left-side navigation pane, click Instances.
-
In the left-side navigation pane of the Enterprise Edition instance management page, choose Repository > Access Control.
-
Click the Internet tab.
-
Copy the Domain address shown on the tab.
-
Turn on Endpoint, and then click Add Internet Whitelist.
-
In the Add Internet Whitelist dialog box, enter the CIDR block and description of the local host, and then click Confirm.
-
-
Query the IP address of the Personal Edition instance:
ping <Endpoint of the Personal Edition instance>Note the IP address in the output.
-
Add the following entry to your local hosts file and save it:
<IP address of the domain name> <Public domain name of the Personal Edition instance>
Step 3: Log in and push images
-
On the Domain page, copy the public domain name of the Personal Edition instance. This example uses
registry.cn-hangzhou.aliyuncs.com. -
Log in to the Enterprise Edition instance from the Docker client:
docker login registry.cn-hangzhou.aliyuncs.comEnter your account name and password when prompted.
Login Succeededconfirms a successful login. -
Tag the image:
docker tag <Image ID> registry.cn-hangzhou.aliyuncs.com/<Namespace name>/<Image repository name>:<Image tag> -
Push the image:
docker push registry.cn-hangzhou.aliyuncs.com/<Namespace name>/<Image repository name>:<Image tag> -
Verify the result: in the left-side navigation pane of the Enterprise Edition instance management page, choose Repository > Repositories. Click the image repository name and select the Image Version tab. If the pushed image appears, the domain name compatibility feature is working correctly.
What's next
-
Use a Container Registry Enterprise Edition instance to push and pull images — learn how to pull images directly using Enterprise Edition endpoints.