To migrate an image from a Container Registry Personal Edition instance to a Container Registry Enterprise Edition instance, you must make efforts to change the domain name of the image. To solve this issue, Container Registry Enterprise Edition publishes the domain name compatibility feature to support domain names of Personal Edition instances. This feature allows you to use domain names of Personal Edition instances to access Enterprise Edition instances without changing the domain names of images.
Prerequisites
An Enterprise Edition instance is created. For more information, see Create a Container Registry Enterprise Edition instance.
Data on the Personal Edition instance is migrated to the Enterprise Edition instance. For more information, see Import images from a Personal Edition instance to an Enterprise Edition instance.
You must add an Enterprise Edition instance to a whitelist before you can use domain names of Personal Edition instances to access the Enterprise Edition instance.
Limits
In one region, the domain name compatibility feature can be enabled only for one Enterprise Edition instance.
If you use a domain name of a Personal Edition instance to pull images that a third party hosts on the Personal Edition instance, you can pull only public images of the third party.
If the namespace name in the Enterprise Edition instance is the same as the namespace name in the Personal Edition instance, you cannot pull images from the namespace of the Personal Edition instance. Therefore, do not use a Container Service for Kubernetes (ACK)-specific string, such as acs, in the namespace name of your Enterprise Edition instance. This can prevent failure in access to official ACK container images.
If you use a public domain name of the Personal Edition instance, you must manually configure to resolve the public domain name of the Personal Edition instance to the public endpoint of the Enterprise Edition instance.
If you want to use a RAM user to log on to the Enterprise Edition instance and pull images, you must configure access credentials on the Enterprise Edition instance and then grant the permissions on corresponding resources to the RAM user. For more information, see Configure policies for RAM users to access Container Registry.
Background information
The domain names supported by Personal Edition and Enterprise Edition instances include:
Examples: Domain names supported by Personal Edition instances in the China (Hangzhou) region:
Default public domain name on the China site (aliyun.com): registry.cn-hangzhou.aliyuncs.com
Default private domain name on the China site (aliyun.com): registry-vpc.cn-hangzhou.aliyuncs.com
Default public domain name on the international site (alibabacloud.com): registry-intl.cn-hangzhou.aliyuncs.com
Default private domain name on the international site (alibabacloud.com): registry-intl-vpc.cn-hangzhou.aliyuncs.com
Examples: Domain names supported by Enterprise Edition instances in the China (Hangzhou) region:
Default public domain name: <Name of the Enterprise Edition instance>-registry.cn-hangzhou.cr.aliyuncs.com
Default private domain name: <Name of the Enterprise Edition instance>-registry-vpc.cn-hangzhou.cr.aliyuncs.com
Custom domain names: all registered domain names.
How it works
The domain name of the Personal Edition instance is resolved to the public endpoint or VPC endpoint of the Enterprise Edition instance in your private environment.
On the cloud: The system automatically uses Alibaba Cloud DNS PrivateZone (PrivateZone) to add the VPC domain name of the Personal Edition instance to a zone and resolves the VPC domain name of the Personal Edition instance to the VPC endpoint of the Enterprise Edition instance. If you want to access the Enterprise Edition instance by using the public domain name of the Personal Edition instance, you must manually configure PrivateZone. Then, PrivateZone resolves the public domain name of the Personal Edition instance to the public endpoint of the Enterprise Edition instance. We recommend that you use the VPC domain name of the Personal Edition instance to access the Enterprise Edition instance.
On premises: You must configure to resolve the domain name of the Personal Edition instance to the endpoint of the Enterprise Edition instance. When images are pushed or pulled, the system distributes traffic based on the namespace name in the endpoint of the Enterprise Edition instance. If the namespace name exists in the endpoint of the Enterprise Edition instance, the traffic is distributed to the Enterprise Edition instance. Otherwise, the traffic is distributed to the Personal Edition instance.
Scenarios
Scenario | Use the domain name compatibility feature | Use endpoints of Enterprise Edition instances |
| Recommended. | Not recommended. |
The distribution environment of images is complex, and the cost of configuring domain name resolution is high. For example, images need to be provided to third parties. | Not recommended. | Recommended. |
You need to use private images of Personal Edition instances of other users in your region. | Not recommended. | Recommended. |
Step 1: Enable the domain name compatibility feature for the Enterprise Edition instance
Log on to the Container Registry console.
In the top navigation bar, select a region.
On the Instances page, click the Enterprise Edition instance that you want to manage.
In the left-side navigation pane of the management page of the Enterprise Edition instance, choose .
On the Domain page, turn on Support Personal Edition Instance Domains.
ImportantTo use the domain name compatibility feature, you must submit a ticket to apply for adding the Enterprise Edition instance to the whitelist.
In the Configure Resolution dialog box, select Confirm to Enable the feature of supporting personal edition instance domains and click Confirm.
After you enable the feature of supporting Personal Edition instance domains, the private domain name and public domain name of the Personal Edition instance are displayed on the Domain page. For example, if the Personal Edition instance resides in the China (Hangzhou) region, the public domain name of the Personal Edition instance registry.cn-hangzhou.aliyuncs.com and the private domain name of the Personal Edition instance registry-vpc.cn-hangzhou.aliyuncs.com are displayed on the Domain page.
ImportantSeveral seconds are required to enable the domain name compatibility feature. During this period, the namespace and network access control features are unavailable.
Step 2: Configure domain name resolution
Before you can use domain names of Personal Edition instances to access the Enterprise Edition instance, you must configure domain name resolution. The operations of configuring domain name resolution vary based on the type of the domain name.
If you use a private domain name of the Personal Edition instance, Alibaba Cloud DNS PrivateZone automatically resolves the private domain name.
If you use a public domain name of the Personal Edition instance, you must manually add the CIDR block of the local host to the public endpoint whitelist and configure domain name resolution for the Personal Edition instance. A public domain name of a Personal Edition instance is used in this example.
Add the CIDR block of the Enterprise Edition instance to the public endpoint whitelist and obtain the public domain name of the Personal Edition instance.
Log on to the Container Registry console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Instances.
In the left-side navigation pane of the management page of the Enterprise Edition instance, choose .
On the Access Control page, click the Internet tab.
On the Internet tab, find and copy the Domain address.
Turn on Endpoint, and then click Add Internet Whitelist.
In the Add Internet Whitelist dialog box, enter the CIDR block and description of the local host, and then click Confirm.
Run the following command to query the IP address of the Personal Edition instance:
ping <Endpoint of the Personal Edition instance>Obtain the IP address of the Personal Edition instance from the command output.
Enter the following information for the local host, and then save the information.
<IP address of the domain name> <Public domain name of the Personal Edition instance>
Step 3: Use a domain name of the Personal Edition instance to access the Enterprise Edition instance
After you enable the domain name compatibility feature, you can use a domain name of the Personal Edition instance to log on to the Enterprise Edition instance and push images to the image repository of the Enterprise Edition instance.
On the Domain page, find and copy the public domain name of the Personal Edition instance. The public domain name registry.cn-hangzhou.aliyuncs.com is used in this example.
Run the following command on the Docker client to log on to the Enterprise Edition instance.
docker login registry.cn-hangzhou.aliyuncs.comIn the command output, enter your account and password. If
login succeededis displayed, you are logged on to the Enterprise Edition instance.Push an image.
Run the following command to tag the image:
docker tag <Image ID> registry.cn-hangzhou.aliyuncs.com/<Namespace name>/<Image repository name>:<Image tag>Run the following command to push the image to the Container Registry Enterprise Edition instance:
docker push registry.cn-hangzhou.aliyuncs.com/<Namespace name>/<Image repository name>:<Image tag>In the left-side navigation pane of the management page of the Enterprise Edition instance, choose Repository > Repositories. Click the name of an image repository and select an Image Version. If the image that you pushed is displayed on the Image Version page, access to the Enterprise Edition instance by using the domain name of the Personal Edition instance is successful.
References
For information about how to pull Docker images from a Container Registry Enterprise Edition instance, see Push an image to a Container Registry Enterprise Edition instance and pull an image from the instance.