Scenario
To achieve geo-disaster recovery for the Cloud Container Repository, you can activate the Cloud Container Repository Enterprise Edition instances in different regions and configure instance sync rules to enhance the disaster recovery capability of the Cloud Container Repository.
Before You Begin
• Activated the Cloud Container Repository Enterprise Edition instances in different regions.
Procedure
Configuring a Sync Instance
Configure instance sync rules for Cloud Container Repository Enterprise Edition instances in different regions to ensure images are stored in instances across different regions.
Incremental Container Image Sync
For incremental container images, you can create automatic sync tasks to automatically sync images from the source instance to the target instance. The specific steps are as follows:
1. Log in to the Container Image Console;
2. On the top menu bar, select the resource pool required.
3. Choose the instance you need to synchronize in the instance page.
4. In the Enterprise Edition instance management page, select " Distribution Management " > " Instance Synchronization " from the left menu, select the " Auto Sync Rules " tab, and click " Create Rule " in the upper left corner;
5. In the " Create Rule " dialog box, configure the sync rules and then click " Confirm " to create the rules. The descriptions of the configuration parameters are as follows:
Parameter | Description |
Name | Customizing Names of Sync Rules |
Description | Customize additional descriptions, notes, and other information for sync rules |
Synchronization Content | For the content to sync, you can choose " Image " or Chart |
Source Instance | Fix as the current instance |
Source Namespace | Select the namespace in the source instance. This setting is required |
Source Repository | Select the image repository under the source namespace. This can be left blank. If you leave it blank, all image repositories under the namespace are included |
Source Version | Select the image edition to be synced. This can be left blank. If you leave it blank, all editions of the image will be synced |
Target Instance | Select the region and instance name where the target instance is located |
Target Namespace | Select the namespace to be synced to |
Overwrite | Whether to overwrite when encountering an image of the same edition in the same image repository. You can choose yes or no |
When a new container image is pushed to a repository that meets the above rules, a sync task will be triggered automatically.
On the Enterprise Edition instance management page, select " Distribution Management " > " Instance Synchronization " from the left menu, select the " Auto Sync Rules " tab, click the corresponding synchronization rule, and check the task execution status at the bottom of the rule details page.
Existing Container Image Sync
For existing container images, you can manually sync images from the source instance to the target instance by creating a manual sync task. The specific steps are as follows:
1. Log in to the Container Image Console;
2. On the top menu bar, select the resource pool required.
3. Choose the instance you need to synchronize in the instance page.
4. In the Enterprise Edition Instance Management page, select " Distribution Management " > " Instance Synchronization " on the left menu, choose the " Manual Sync Records " tab, and click " Create Sync Task " in the top left corner;
5. In the " Create Sync Task " dialog, configure the sync task, and then click the " Confirm " button to create the task.
Once the task is created, you can view the task execution status in the " Manual Sync Record " tab.
Configuring Instance Access Control
To enable cross-region access, you need to activate public access control for the Enterprise Edition instance. Here are the specific steps:
1. Log in to the Container Image Console;
2. On the top menu bar, select the resource pool required.
3. In the instance page, select the specified Enterprise Edition instance.
4. On the left menu of the Enterprise Edition instance management page, select " Instance Management " > " Access Control ". Then, click the " Add Trustlist for Public Network Access " button on the upper-left corner of the interface.
5. In the pop-up " Add Trustlist for Public Network Access " tab, enter the address segment and notes, then click the Confirm button.
After adding, the hosts with IP addresses included in the trustlist CIDR block can access the Enterprise Edition instance normally. After all trustlists are deleted, nodes on the Internet can access the Enterprise Edition instance using credentials.