Container Registry Enterprise Edition is an enterprise-grade platform designed to manage the lifecycle of cloud-native application artifacts, including container images, Helm charts, and Open Container Initiative (OCI) artifacts. You can manage images in a Container Registry Enterprise Edition instance. This way, you can use images to create applications. This topic describes how to use a Container Registry Enterprise Edition instance to push and pull images.

Prerequisites

Step 1: Obtain the username for logging on to the image repository

  • If you use an Alibaba Cloud account, the name of the Alibaba Cloud account is the username for logging on to the repository.
  • If you use a Resource Access Management (RAM) user, the string before .onaliyun.com is the username for logging on to the repository. For example, if the name of your RAM user is 123@1234567810111213.onaliyun.com, the username for logging on to the repository is 123@1234567810111213.

Step 2: Set a password for logging on to the image repository

If you are logging on to the Container Registry console for the first time, you must set a password for logging on to the image repository. Then, you can use this password to log on to the image repository before you can push and pull images.
Note If this is not the first time that you log on to the Container Registry console and you forget the password for logging on to the image repository, you can configure access credentials. For more information, see Configure an access credential.
  1. Log on to the Container Registry console.
  2. Click Reset Docker Login Password.
  3. In the Reset Docker Login Password dialog box, set the Password and Confirm Password parameters and click Confirm.

Step 3: Create a Container Registry Enterprise Edition instance

  1. Log on to the Container Registry console.
  2. In the left-side navigation pane, click Instances.
  3. On the Instances page, click Create ACR EE.
  4. On the Container Registry Enterprise Edition page, configure the basic information and click Buy Now.
    Parameter Description
    Region The region where the Container Registry Enterprise Edition instance resides.
    Instance Type The type of the Container Registry Enterprise Edition instance. For more information, see What is Container Registry?.
    Instance Name The name of the instance.
    Instance Storage Valid values: Default and Custom.
    • Default: By default, an OSS bucket is created under your account to store container images.
    • Custom: You can select an existing OSS bucket to store container images.
    Select Bucket Select an existing OSS bucket to store container images.
    Note This parameter is displayed only when you set the Instance Storage parameter to Custom.
    Time Duration You can select one, two, three, or six months. If you require a longer duration, you can select one to five years.
    Note You can specify whether to enable auto-renewal.
  5. On the Confirm Order page, confirm the configurations, select I have read and agree to Container Registry Enterprise Edition Agreement of Service, and then click Pay.
  6. On the Purchase page, click Purchase.

    On the Instances page, the status of the new instance is Starting. The status changes to Running after about 10 seconds.

Step 4: Create a namespace

  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Instances.
  4. On the Instances page, click the Container Registry Enterprise Edition for which you want to create a namespace.
  5. On the management page of the Container Registry Enterprise Edition instance, choose Repository > Namespace in the left-side navigation pane.
  6. On the Namespace page, click Create Namespace.
  7. In the Create Namespace dialog box, set the Namespace, Automatically Create Repository, and Default Repository Type parameters. Click Confirm.

Step 5: Create an image repository

  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Instances.
  4. On the Instances page, click the Container Registry Enterprise Edition for which you want to create an image repository.
  5. On the management page of the Container Registry Enterprise Edition instance, choose Repository > Repositories in the left-side navigation pane.
  6. On the Repositories page, click Create Repositories.
  7. In the Repository Info step, set the Namespace, Repository Name, Repository Type, Tags, Accelerated Image, Summary, and Description parameters, and click Next.
  8. On the Code Source wizard page, set the Code Source, Build Settings, and Build Rules parameters, and then click Create Repositories.
    Parameter Description
    Code Source The code source.
    Build Settings
    • Automatically Build Images When Code Changes: If you select this option, an image is automatically built when code is committed from a branch.
    • Intelligently Build Overseas Sources: If you select this option, images are built on servers outside Chinese mainland and then pushed to the repository in the specified region.
    • Build Without Cache: If you select this option, the system pulls the base image for every image to be built. This may prolong the build time.
    Build Rules After the repository is created, you can go to the Build page to create build rules. For more information, see Create a repository and build images.

Step 6: Configure access control

  • If your Docker client uses a virtual private cloud (VPC), you must configure access to the Container Registry Enterprise Edition instance over VPCs to allow the client to connect to the instance. For more information, see Configure access over VPCs.
  • If your Docker client uses the Internet, you must configure the access to the Container Registry Enterprise Edition instance over the Internet to allow the client to connect to the instance. In this example, Internet access is enabled.
  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Instances.
  4. On the Instances page, click the required Container Registry Enterprise Edition instance.
  5. On the management page of the Container Registry Enterprise Edition instance, choose Repository > Access Control in the left-side navigation pane.
  6. On the Access Control page, click the Internet tab, turn on the Access Portal switch, and then click Add Internet Whitelist.
  7. In the Add Internet Whitelist dialog box, enter the CIDR block and description of your Docker client, and then click Confirm.
    After the CIDR block is added, the Docker clients whose IP addresses fall within the CIDR block can access the Container Registry Enterprise Edition instance.
    Notice If you want to allow all Docker clients to access the Container Registry Enterprise Edition instance over the Internet, clear the whitelist that controls Internet access. After you clear the whitelist, the Container Registry Enterprise Edition instance is completely exposed to the Internet and may be attacked. Proceed with caution.

Step 7: Push and pull an image

The following commands must be run on the Docker client. Install and configure the Docker client in advance.

  1. Run the following command to log on to the image repository:
    Note If you push images to or pull images from a public image repository, you can turn on the Pull from Anonymous Users switch on the Overview page in the Container Registry console. Then, you can push images to or pull images from the public image repository anonymously without logging on to the console. 
    docker login --username=<Username for logging on to the image repository> <Name of the Container Registry Enterprise Edition instance>-registry.<Region ID of the Container Registry Enterprise Edition instance>.cr.aliyuncs.com
    Example:
     docker login --username=123@1234567810111213 m**-registry.cn-hangzhou.cr.aliyuncs.com

    At the command prompt, enter the logon password that is specified in Step 2: Set a password for logging on to the image repository. If login succeeded is displayed, the logon is successful.

  2. Push an image.
    1. Run the following command to tag the image: 
      docker tag <Image ID> <Name of the Container Registry Enterprise Edition instance>-registry.<Region ID of the Container Registry Enterprise Edition instance>.cr.aliyuncs.com/<Name of the Namespace>/<Name of the image repository>:<Tag of the image>
      Example:
      docker tag Digest m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest
    2. Run the following command to push the image to the Container Registry Enterprise Edition instance: 
      docker push <Name of the Container Registry Enterprise Edition instance>-registry.<Region ID of the Container Registry Enterprise Edition instance>.cr.aliyuncs.com/<Name of the Namespace>>/<Name of the image repository>:<Tag of the image>
      Example:
      docker push m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest
      On the Repositories page, click the name of the image repository. On the page that appears, click Tags. If the image name appears on the Tags page, the image is pushed to the image repository.
  3. Run the following command to pull an image: 
    docker pull <Name of the Container Registry Enterprise Edition instance>-registry.<Region ID of the Container Registry Enterprise Edition instance>.cr.aliyuncs.com/<Name of the namespace>/<Name of the image repository>:<Tag of the image>
    Example:
    docker pull m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest
    Run the docker images command. If the image name appears in the command output, the image is pulled from the image repository.