Container Registry Enterprise Edition is an enterprise-grade platform designed to
manage the lifecycle of cloud-native application artifacts, including container images,
Helm charts, and Open Container Initiative (OCI) artifacts. You can manage images
in a Container Registry Enterprise Edition instance. This way, you can use images
to create applications. This topic describes how to use a Container Registry Enterprise
Edition instance to push and pull images.
Step 1: Obtain the username for logging on to the image repository
- If you use an Alibaba Cloud account, the name of the Alibaba Cloud account is the
username for logging on to the repository.
- If you use a Resource Access Management (RAM) user, the string before .onaliyun.com
is the username for logging on to the repository. For example, if the name of your
RAM user is 123@1234567810111213.onaliyun.com, the username for logging on to the
repository is 123@1234567810111213.
Step 2: Set a password for logging on to the image repository
If you are logging on to the Container Registry console for the first time, you must
set a password for logging on to the image repository. Then, you can use this password
to log on to the image repository before you can push and pull images.
Note If this is not the first time that you log on to the Container Registry console and
you forget the password for logging on to the image repository, you can configure
access credentials. For more information, see
Configure an access credential.
- Log on to the Container Registry console.
- Click Reset Docker Login Password.
- In the Reset Docker Login Password dialog box, set the Password and Confirm Password parameters and click Confirm.
Step 3: Create a Container Registry Enterprise Edition instance
- Log on to the Container Registry console.
- In the left-side navigation pane, click Instances.
- On the Instances page, click Create ACR EE.
- On the Container Registry Enterprise Edition page, configure the basic information and click Buy Now.
Parameter |
Description |
Region |
The region where the Container Registry Enterprise Edition instance resides. |
Instance Type |
The type of the Container Registry Enterprise Edition instance. For more information,
see What is Container Registry?.
|
Instance Name |
The name of the instance. |
Instance Storage |
Valid values: Default and Custom.
- Default: By default, an OSS bucket is created under your account to store container
images.
- Custom: You can select an existing OSS bucket to store container images.
|
Select Bucket |
Select an existing OSS bucket to store container images.
Note This parameter is displayed only when you set the Instance Storage parameter to Custom.
|
Time Duration |
You can select one, two, three, or six months. If you require a longer duration, you
can select one to five years.
Note You can specify whether to enable auto-renewal.
|
- On the Confirm Order page, confirm the configurations, select I have read and agree to Container Registry Enterprise Edition Agreement of Service, and then click Pay.
- On the Purchase page, click Purchase.
On the Instances page, the status of the new instance is Starting. The status changes to Running after about 10 seconds.
Step 4: Create a namespace
- Log on to the Container Registry console.
- In the top navigation bar, select a region.
- In the left-side navigation pane, click Instances.
- On the Instances page, click the Container Registry Enterprise Edition for which you want to create
a namespace.
- On the management page of the Container Registry Enterprise Edition instance, choose
in the left-side navigation pane.
- On the Namespace page, click Create Namespace.
- In the Create Namespace dialog box, set the Namespace, Automatically Create Repository, and Default Repository Type parameters. Click Confirm.
Step 5: Create an image repository
- Log on to the Container Registry console.
- In the top navigation bar, select a region.
- In the left-side navigation pane, click Instances.
- On the Instances page, click the Container Registry Enterprise Edition for which you want to create
an image repository.
- On the management page of the Container Registry Enterprise Edition instance, choose
in the left-side navigation pane.
- On the Repositories page, click Create Repositories.
- In the Repository Info step, set the Namespace, Repository Name, Repository Type, Tags, Accelerated Image, Summary, and Description parameters, and click Next.
- On the Code Source wizard page, set the Code Source, Build Settings, and Build Rules parameters, and then click Create Repositories.
Parameter |
Description |
Code Source |
The code source. |
Build Settings |
- Automatically Build Images When Code Changes: If you select this option, an image
is automatically built when code is committed from a branch.
- Intelligently Build Overseas Sources: If you select this option, images are built
on servers outside Chinese mainland and then pushed to the repository in the specified
region.
- Build Without Cache: If you select this option, the system pulls the base image for
every image to be built. This may prolong the build time.
|
Build Rules |
After the repository is created, you can go to the Build page to create build rules.
For more information, see Create a repository and build images.
|
Step 6: Configure access control
- If your Docker client uses a virtual private cloud (VPC), you must configure access
to the Container Registry Enterprise Edition instance over VPCs to allow the client
to connect to the instance. For more information, see Configure access over VPCs.
- If your Docker client uses the Internet, you must configure the access to the Container
Registry Enterprise Edition instance over the Internet to allow the client to connect
to the instance. In this example, Internet access is enabled.
- Log on to the Container Registry console.
- In the top navigation bar, select a region.
- In the left-side navigation pane, click Instances.
- On the Instances page, click the required Container Registry Enterprise Edition instance.
- On the management page of the Container Registry Enterprise Edition instance, choose
in the left-side navigation pane.
- On the Access Control page, click the Internet tab, turn on the Access Portal switch, and then click Add Internet Whitelist.
- In the Add Internet Whitelist dialog box, enter the CIDR block and description of your Docker client, and then
click Confirm.
After the CIDR block is added, the Docker clients whose IP addresses fall within the
CIDR block can access the Container Registry Enterprise Edition instance.
Notice If you want to allow all Docker clients to access the Container Registry Enterprise
Edition instance over the Internet, clear the whitelist that controls Internet access.
After you clear the whitelist, the Container Registry Enterprise Edition instance
is completely exposed to the Internet and may be attacked. Proceed with caution.
Step 7: Push and pull an image
The following commands must be run on the Docker client. Install and configure the
Docker client in advance.
- Run the following command to log on to the image repository:
Note If you push images to or pull images from a public image repository, you can turn
on the Pull from Anonymous Users switch on the Overview page in the Container Registry console. Then, you can push images to or pull images
from the public image repository anonymously without logging on to the console.
docker login --username=<Username for logging on to the image repository> <Name of the Container Registry Enterprise Edition instance>-registry.<Region ID of the Container Registry Enterprise Edition instance>.cr.aliyuncs.com
Example:
docker login --username=123@1234567810111213 m**-registry.cn-hangzhou.cr.aliyuncs.com
At the command prompt, enter the logon password that is specified in Step 2: Set a password for logging on to the image repository. If login succeeded
is displayed, the logon is successful.
- Push an image.
- Run the following command to tag the image:
docker tag <Image ID> <Name of the Container Registry Enterprise Edition instance>-registry.<Region ID of the Container Registry Enterprise Edition instance>.cr.aliyuncs.com/<Name of the Namespace>/<Name of the image repository>:<Tag of the image>
Example:
docker tag Digest m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest
- Run the following command to push the image to the Container Registry Enterprise Edition
instance:
docker push <Name of the Container Registry Enterprise Edition instance>-registry.<Region ID of the Container Registry Enterprise Edition instance>.cr.aliyuncs.com/<Name of the Namespace>>/<Name of the image repository>:<Tag of the image>
Example:
docker push m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest
On the Repositories page, click the name of the image repository. On the page that appears, click Tags. If the image name appears on the Tags page, the image is pushed to the image repository.
- Run the following command to pull an image:
docker pull <Name of the Container Registry Enterprise Edition instance>-registry.<Region ID of the Container Registry Enterprise Edition instance>.cr.aliyuncs.com/<Name of the namespace>/<Name of the image repository>:<Tag of the image>
Example:
docker pull m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest
Run the docker images
command. If the image name appears in the command output, the image is pulled from
the image repository.