The Tencent Container Registry (TCR) Enterprise Edition supports private network access control. A Virtual Private Cloud (VPC) access link can be used to restrict instance access by clients in the VPC. In actual production scenarios involving container computing, pulling container images through the VPC can effectively improve the pulling speed and reduce public network bandwidth costs. TCR allows users to connect their VPCs to a TCR Enterprise Edition instance to implement private network access and access control.
This document describes how to configure private network access control for a TCR Enterprise Edition instance.
Before configuring private network access control for a TCR Enterprise Edition instance, complete the following tasks:
Log in to the TCR console and choose Access Control -> Private network in the left sidebar.
On the "Private network" page, click Create.
In the "Create Private Network Access Allowlist" window, configure the VPC and subnet information, as shown in the figure below.
Click OK to start creating the VPC access link.
If "Access Linkage Status" changes to Normal linkage, and "Private network parse IP" is not empty, the VPC access link was successfully created.
Log in to the Tencent Cloud DNS console and select VPC to go to the VPC resolution configuration page. Configure the resolution records of "Instance Domain Name" and "Private network parse IP" as prompted.
Currently, VPC resolution is a beta feature of Tencent Cloud DNS. If this feature is not activated, you can configure these resolution records on a VPC node or in your own DNS service.