This document describes how to purchase a Tencent Container Registry (TCR) Enterprise Edition instance, configure a network access policy, and push and pull container images.
To use the TCR Personal Edition, please see Image Registry User Guide.
The TCR Enterprise Edition is currently in the beta phase. If you do not have the qualifications to use TCR Enterprise Edition beta, submit an application.
If you already have a Tencent Cloud account, ignore this step.
Otherwise, go to the Tencent Cloud Account Registration page and sign up for an account.
If your enterprise is qualified for TCR Enterprise Edition beta but has not activated the TCR service, activate TCR and authorize TCR to access your COS and VPC resources. To activate TCR, use a root account or a sub-account with admin permissions. If you are using a sub-account, grant the sub-account corresponding permissions first. For more information, see Examples of Enterprise Edition Authorization Schemes.
Log in to the TCR console and go to the "Instance List" page.
Click Create. In the "Create Instance" window, configure your exclusive Enterprise Edition instance by referring to the information shown in the figure below.
docker logincommand to log in to the instance.
After completing the configuration, click OK to start creating an Enterprise Edition instance.
You can check the instance creation progress on the "Instance List" page. This process takes about 1 minute.
When the instance status changes to Running, the instance was successfully created and is running properly. You can perform the following procedure to configure the access control policy of the instance and log in to the instance to push or pull images.
To protect your data, all Internet and private network access is denied by default after the instance is created. Before you log in to the instance and push and pull images, configure the network access policy.
Click Access Control in the left sidebar of the console, select Public network or Private network as needed, and configure the network access policy by referring to the following procedure.
In the upper part of the "Public network" page, select the created instance.
Click Open Internet Access Entry in the upper right corner. The button status changes to Opening. See the figure below.
After Internet access is enabled, the Docker client can access the image repositories through the Internet.
When the button status changes from Opening to Close Internet Access Entry, Internet access has been successfully enabled. Then, click Add a Public IP Allowlist in the upper left of the list to add the public IP addresses that are allowed to access the image repositories.
In the "Create Public Network Access Allowlist" window, add the public IP addresses or IP ranges that are allowed to access the image repositories and add remarks for this rule (optional). See the figure below.
We do not recommend that you add
0.0.0.0/0 to allow all Internet access. Alternatively, delete this rule before formally activating the instance.
Select Namespace in the left sidebar. On the "Namespace" page displayed, click "Create".
Namespaces are used to manage image repositories in the instance. They do not directly store container images, but can map to teams, product projects, or other custom layers in an enterprise.
In the "Create a Namespace" window, configure the namespace information and click OK. See the figure below.
Click Image Repository in the left sidebar to go to the "Image Repository" list page.
Click Create. In the "Create an Image Repository" window, configure the image repository information and click OK. See the figure below.
In the "Namespace" drop-down list, you can select a created namespace. "Name" can be a multi-level path, and "Detailed Description" supports the Markdown syntax.
After completing the preceding steps, you have created an instance and image repository. Next, you can perform the following operations to push an image to or pull an image from the image repository.
In this step, you need to use a CVM or CPM with Docker installed and ensure that the target client is in the Internet or private network access allowlist defined in Configure the Network Access Policy.
docker login demo-tcr.tencentcloudcr.com
Login Succeededis displayed in the command line tool, you have logged in to the instance successfully.
You can create a container image on the local server or obtain a public image from DockerHub for testing.
This document uses the official and latest Nginx image on Docker Hub as an example. In the command line tool, run the following commands sequentially to push this image. Note that you need to replace
nginx with the actual instance, namespace, and image repository names you have created.
docker tag nginx:latest demo-tcr.tencentcloudcr.com/project-a/nginx:latest
docker push demo-tcr.tencentcloudcr.com/project-a/nginx:latest
This document uses successfully pushed Nginx image as an example. In the command line tool, run the following command to pull this image:
docker pull demo-tcr.tencentcloudcr.com/project-a/nginx:latest
If you encounter a problem while using TCR, locate and solve the problem by referring to FAQ. Alternatively, you can submit a ticket, and we will solve the problem for you as soon as possible.