Tencent Container Registry (TCR) Enterprise Edition allows you to configure and use custom domain names, which facilitates the use of the domain access service uniformly planned by your company. In addition, you can continue using the original domain name after migrating from another image registry service to TCR, which helps maintain the service continuity.
TCR Enterprise Edition instances with any specifications all support configuring multiple domain names without affecting the normal use of existing default domain names of the instances. To use a custom domain name, you need to provide the SSL certificate associated with the domain name and access the instance over HTTPS. This document describes how to use a custom domain name to access a TCR Enterprise Edition instance.
A domain name is a string of characters separated by dots. A domain name in TCR Enterprise Edition is used to access the instance service and directly determines the access address of an image repository.
An SSL certificate is used for compliance with the HTTPS protocol, so that TCR Enterprise Edition can implement encrypted transfer and identity verification over the HTTPS protocol, ensuring the transfer security.
DNSPod can route the access traffic to a custom domain name to the corresponding IP address of a TCR Enterprise Edition instance.
Before configuring and using a custom domain name, you need to complete the following:
- Get an ICP filing for you domain name if you want to use it in a public network environment.
- You do not need to get an ICP filing if your TCR Enterprise Edition instance is outside the Chinese mainland.
If your custom domain name has been filed with MIIT, and a DNS record has been added in the Domains console, you can enter it in the Domain Name input box and select a certificate.
You can use the custom domain name in the public network or VPC. We recommend you use a VPC to access the instance preferably.
Connect a VPC to the instance and confirm that the private network access IP is generated normally as instructed in Private Network Access Control.
Go to the Private DNS console, create a private domain with the added custom domain name, and associate it with the connected VPC. Use an A record to configure DNS in the private domain, and use the private network access IP of the created private network access linkage as the record value. For more information, see Private DNS.
Enable the public network access entry and open the public network access address as instructed in Public Network Access Control.
Go to the DNSPod console, configure a DNS record for the added custom domain name, select CNAME as the record type, and enter the default domain name of the instance as the record value.
If you need to update the certificate bound to your custom domain name for reasons such as certificate expiration or upgrade, go to the Domain Name Management page, click Update Certificate on the right of the row of the custom domain name and select an SSL certificate again. Certificate update requires redelivery of the SSL certificate information, during which the custom domain name can still be accessed normally.
On the Domain Name Management page, click Delete on the right of the row of the specified custom domain name to delete it. Doing so may invalidate the existing container image pull configuration and thus affect application update. Therefore, do so with caution.