- Updates and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Purchasing Instances
- Creating an Enterprise Edition Instance
- Access Configuration
- Manage Image Repository
- Image Distribution
- Image Security
- Synchronization and Replication
- Configuring Image Tag Retention
- Image Cleanup
- DevOps
- OCI Artifacts Management
- Operation Guide for TCR Individual
- Terminating/Returning Instances
- Best Practices
- TCR Personal migration
- Using the Delivery Assembly Line to Implement Container DevOps
- TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
- Synchronizing Images to TCR Enterprise Edition from External Harbor
- TKE Serverless Clusters Pull TCR Container Images
- Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
- Nearby Access Through Image Synchronization Between Multiple Global Regions
- Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance Management APIs
- DescribeInstances
- DescribeInstanceStatus
- CreateInstanceToken
- CreateInstance
- ModifyInstanceToken
- DescribeInstanceToken
- DeleteInstanceToken
- DeleteInstance
- RenewInstance
- CheckInstanceName
- CheckInstance
- ModifyInstance
- DescribeRegions
- DescribeInstanceCustomizedDomain
- DescribeImageAccelerateService
- DeleteInstanceCustomizedDomain
- DeleteImageAccelerateService
- CreateInstanceCustomizedDomain
- CreateImageAccelerationService
- Namespace APIs
- Image Repository APIs
- Custom Account APIs
- Trigger APIs
- Instance Synchronization APIs
- Access Control APIs
- Helm Chart APIs
- Tag Retention APIs
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
- Updates and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Purchasing Instances
- Creating an Enterprise Edition Instance
- Access Configuration
- Manage Image Repository
- Image Distribution
- Image Security
- Synchronization and Replication
- Configuring Image Tag Retention
- Image Cleanup
- DevOps
- OCI Artifacts Management
- Operation Guide for TCR Individual
- Terminating/Returning Instances
- Best Practices
- TCR Personal migration
- Using the Delivery Assembly Line to Implement Container DevOps
- TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
- Synchronizing Images to TCR Enterprise Edition from External Harbor
- TKE Serverless Clusters Pull TCR Container Images
- Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
- Nearby Access Through Image Synchronization Between Multiple Global Regions
- Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance Management APIs
- DescribeInstances
- DescribeInstanceStatus
- CreateInstanceToken
- CreateInstance
- ModifyInstanceToken
- DescribeInstanceToken
- DeleteInstanceToken
- DeleteInstance
- RenewInstance
- CheckInstanceName
- CheckInstance
- ModifyInstance
- DescribeRegions
- DescribeInstanceCustomizedDomain
- DescribeImageAccelerateService
- DeleteInstanceCustomizedDomain
- DeleteImageAccelerateService
- CreateInstanceCustomizedDomain
- CreateImageAccelerationService
- Namespace APIs
- Image Repository APIs
- Custom Account APIs
- Trigger APIs
- Instance Synchronization APIs
- Access Control APIs
- Helm Chart APIs
- Tag Retention APIs
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
Using Personal Edition Domain Name to Access Enterprise Edition Instance
Last updated: 2023-02-28 16:35:24
Overview
Customers who have been using the shared Personal Edition service in production environments and want to upgrade to the exclusive Enterprise Edition instance will need to import the image data from Personal Edition into the Enterprise Edition instance, and change the image address configuration in the existing build and release systems to access the Enterprise Edition instance. In a practical production scenario, image addresses will be used in multiple links in the Kubernetes cluster, such as the build platform, the release platform, and the application YAML definition, so it is costly to modify image addresses uniformly.
In light of the above scenarios and issues, the Enterprise Edition introduces the Personal Edition domain name compatibility feature. This feature allows customers to push and pull Enterprise Edition instance images using the existing Personal Edition image address and access credentials, and supports intelligent origin-pull. If there is no corresponding image in the Enterprise Edition, the system automatically origin-pull requests the corresponding image in the Personal Edition. This minimizes the burden of image repository migration on customer Ops and R&D, accelerating customer migration to the more stable, powerful, high-performance Enterprise Edition as soon as possible.
Prerequisites
You have created an Enterprise Edition instance. For operation details, see Creating an Enterprise Edition Instance.
You have migrated data in the Personal Edition instance to the Enterprise Edition instance. For operation details, see Importing Personal Edition Instance Image to the Enterprise Edition Instance.
Currently, only users on the allowlist can use the feature of accessing the Enterprise Edition instance with a Personal Edition domain name. You need to submit a ticket to apply for the feature.
Basics
The domain names supported by Personal Edition and Enterprise Edition instances are as follows:
Domain names supported by Personal Edition instances
Do not distinguish between public and private domain names. VPC access uses the private linkage by default.
For main service regions (Guangzhou, Shanghai, Nanjing, Beijing, Chengdu, Chongqing): ccr.ccs.tencentyun.com
For other regions: independent service and domain names, for example, hkccr.ccs.tencentyun.com for Hong Kong (China)
Domain names supported by Enterprise Edition instances
Distinguish between public and private domain names, and support custom domain names.
Default domain name: {Enterprise Edition instance name}.tencentcloudcr.com。
Dedicated private domain name: {Enterprise Edition instance name}-vpc.tencentcloudcr.com。
Custom domain name: Supports registering custom domains.
Take migrating the
nginx:latest image in the team-a namespace of the Personal Edition service of the Guangzhou region to the Enterprise Edition instance company-a as an example:Personal Edition access address: ccr.ccs.tencentyun.com/team-a/nginx:latest
Enterprise Edition access address: company-a.tencentcloudcr.com/team-a/nginx:latest
How It Works
When an Enterprise Edition instance is created, the system will issue a certificate that supports Personal Edition domain names by default and supports handling Personal Edition authentication requests.
In a VPC environment, you only need to parse the Personal Edition domain name to the private network access entry of the Enterprise Edition (see Configuring Private Network Access Control). Then, when you access the Personal Edition image repository address in the VPC, you can automatically access the Enterprise Edition service and use the username and password of the Personal Edition service for verification and authentication. You can choose to use Private DNS or manage the cluster node host configure yourself to implement domain name parsing.
When you no longer need to use your Personal Edition domain name to access your Enterprise Edition instance, simply cancel the forced parsing in your VPC and you can access your Personal Edition service.
Use Limits
1. Within one region, the Personal Edition domain name compatibility feature can be enabled for only one Enterprise Edition instance.
2. If you are using a public environment, you need to manually configure parsing the domain name to the Enterprise Edition instance access entry.
3. When using the domain name of the Personal Edition to access the service of the Enterprise Edition, the image repository in the corresponding namespace of the Enterprise Edition will be requested first. Therefore, please avoid using special namespace names such as library, tke, and public in the Enterprise Edition instance; otherwise, the TKE cluster will not be able to access the official image of the product, causing basic service exceptions.
Directions
Confirming the basic environment
1. You have activated and used the Personal Edition service.
2. You have purchase the Enterprise Edition service and synchronized some images of the Personal Edition service to the Enterprise Edition instance.
3. There is a TKE cluster (including the TKE Serverless cluster), and VPC where the cluster resides has been connected to the Enterprise Edition instance. For more information, see Configuring Private Network Access Control.
4. It has been verified that the Personal Edition and Enterprise Edition images can be pulled normally over the internal network in the TKE cluster.
Configuring Private DNS
1. Go to the Private DNS console.
2. Create a private domain.
2.1 Domain name: tencentyun.com
2.2 Associated VPC: Select a VPC connected to the Enterprise Edition.
2.3 Subdomain Recursive Parsing: Keep it enabled.
2.4 Retain the default values of other parameters.
3. Configure Private DNS.
3.1 Click the created private domain to go to its details page.
3.2 Add a record with the following configuration to DNS Record:
3.2.1 Host record: For the main service region, enter ccr.ccs. For other regions, enter the corresponding domain name prefix, such as hkccr.ccs.
3.2.2 Record type: Select CNAME.
3.2.3 Record value: Domain name of the Enterprise Edition instance. Use the default or custom domain name. Check that auto parsing has been configured for the default or custom domain name in the product console.
3.2.4 Retain the default values of other settings.
3.3 Retain the default values of other parameters.
Verifying the access effect
Once the preceding configuration is completed, you can verify the effect by using the Personal Edition domain name to access the Enterprise Edition instance.
Scenario 1: Using the Personal Edition domain name to pull an image that has been migrated to the Enterprise Edition instance
1. Use a synchronization tool or manually push an image to the Enterprise Edition instance. Take the following image as an example:
company-a.tencentcloudcr.com/team-a/nginx:latest, whose corresponding Personal Edition image repository address is ccr.ccs.tencentyun.com/team-a/nginx:latest.2. Log in to the cluster node and manually pull the image, or create new workload to execute image pull. Note that:
2.1 The image address remains
ccr.ccs.tencentyun.com/team-a/nginx:latest.2.2 The access credentials remain the configured Personal Edition access credentials.
3. Verify that the cluster can pull the image successfully.
Scenario 2: Using the Personal Edition domain name to pull an image that has not been migrated to the Enterprise Edition instance
1. The Personal Edition already contains the image
ccr.ccs.tencentyun.com/team-b/apache:latest, and the image has not been synchronized to the Enterprise Edition.2. Log in to the cluster node and manually pull the image, or create new workload to execute image pull. Note that:
2.1 The image address remains
ccr.ccs.tencentyun.com/team-b/apache:latest.2.2 The access credentials remain the configured Personal Edition access credentials.
3. Verify that the cluster can pull the image successfully.
Scenario 3: Using the Personal Edition domain name to push the image to the Enterprise Edition instance
1. Use the Docker CLI or CI platform to push the image and use the Personal Edition address
ccr.ccs.tencentyun.com/team-a/nginx:latest.2. If the Enterprise Edition instance already contains a
team-a namespace, the push will be successful; otherwise, a push failure will be reported.Recommendations
Use cases
The domain name compatibility feature is recommended for the following scenarios:
Personal Edition images are widely used in environment building, project code, and application deployment, and switching to the Enterprise Edition independent domain name is costly.
The image building and distribution environment is fixed and the cost of one-time configuration of domain name parsing is low.
If the image distribution scenario is complex and it is necessary to support third-party users to access Enterprise Edition images in complex network scenarios, it is not recommended to use the Personal Edition domain name compatibility feature to avoid disrupting the deployment of the production environment.
Canary switching
When initially using the Personal Edition domain name to access the images in the Enterprise Edition instance, it is recommended to push the images to both the Personal Edition and Enterprise Edition so that the cluster can still temporarily switch to access the Personal Edition service when a parsing configuration exception occurs. Later, you can gradually adjust the existing Personal Edition image address configuration to the Enterprise Edition address and eventually stop using the domain name compatibility feature.
Yes
No
Was this page helpful?