All Products
Search
Document Center

Container Registry:Configure access over the Internet

Last Updated:Jan 02, 2024

You can configure access over the Internet to securely manage and access instances of Container Registry Enterprise Edition.

Prerequisites

By default, instances of Container Registry Enterprise Edition cannot be accessed over the Internet. Therefore, you must enable Internet access before you configure an access control policy for Internet access.

Note

After you enable access over the Internet, the Classless Inter-Domain Routing (CIDR) block 127.0.0.1/32 is automatically added to the whitelist.

公网访问

Procedure

  1. Log on to the Container Registry console.

  2. In the top navigation bar, select a region.

  3. On the Instances page, click the Enterprise Edition instance that you want to manage.

  4. On the management page of the instance of Container Registry Enterprise Edition, choose Repository > Access Control in the left-side navigation pane.

    Note

    If you want to configure access control for Helm charts, choose Helm Chart > Access Control.

  5. On the Access Control page, click the Internet tab.

  6. On the Internet tab, click Add Internet Whitelist.

  7. In the Add Internet Whitelist dialog box, specify the CIDR block that is allowed to access the instance of Container Registry Enterprise Edition and the description.

  8. Click OK.

    After the CIDR block is added, Elastic Compute Service (ECS) instances whose IP addresses fall within the CIDR block can access the instance of Container Registry Enterprise Edition.

    Important

    If you want to allow all ECS instances to access the instance of Container Registry Enterprise Edition over the Internet, clear the whitelist that controls Internet access. After you clear the whitelist, the instance of Container Registry Enterprise Edition is completely exposed to the Internet and may be attacked. Proceed with caution.