tencent cloud

Tencent Container Registry

Release Notes and Announcements
Release Notes
Announcements
User Tutorial
Product Introduction
Overview
TCR Service Levels and Capacity Limits
Strengths
Scenarios
Purchase Guide
Billing Overview
Purchase Methods
Notes on Arrears
Getting Started
Quick Start
TCR Individual Getting Started
Operation Guide
Creating an Enterprise Edition Instance
Access Configuration
Manage Image Repository
Image Distribution
Image Security
Image Cleanup
DevOps
OCI Artifacts Management
Operation Guide for TCR Individual
Terminating/Returning Instances
Use Cases
TCR Personal migration
TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
Synchronizing Images to TCR Enterprise Edition from External Harbor
TKE Serverless Clusters Pull TCR Container Images
Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
Nearby Access Through Image Synchronization Between Multiple Global Regions
Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access
API Documentation
History
Introduction
API Category
Making API Requests
Instance Management APIs
Namespace APIs
Access Control APIs
Instance Synchronization APIs
Tag Retention APIs
Trigger APIs
Helm Chart APIs
Image Repository APIs
Custom Account APIs
Data Types
Error Codes
FAQs
TCR Individual Edition
TCR Enterprise Edition
Related Agreement
Service Level Agreement
Contact Us
Glossary
DokumentasiTencent Container RegistryOperation GuideImage SecurityConfiguring Image Tag Immutability

Configuring Image Tag Immutability

PDF
Mode fokus
Ukuran font
Terakhir diperbarui: 2025-12-22 17:33:21

Overview

Tencent Container Registry (TCR) Enterprise Edition supports protection for the hosted container image tags. Container image security is a key part of cloud-native application delivery. It enables tag immutability feature for the images hosted in TCR, which ensures the images of the same tag will only be successfully pushed once, thus effectively reduce the risk of tag overwriting caused by misoperation in the production environment. TCR supports tag protection at the namespace level. Users can fine-grainily define the repositories and image tags covered by the feature according to service demands.

Directions

Creating tag immutability rule

1. Log in to the TCR console and select Tag Management > Tag Immutability on the left sidebar.
2. Select the region where the instance is located and the instance name on the “Tag Immutability” page.
3. Click Create Rule. In the Create Tag Immutability Rule window, configure the rule based on the following information. See the figure below:


Configuration Item
Description
Associated instance
The instance which has been selected currently.
Namespaces
The current instance needs to enable the namespace for tag protection. Only a rule can be created in a single namespace.
Immutability rule
latest: in all repositories in the current namespace, all image tags are not allowed to be overwritten except the latest tag.
Custom: customize the configuration of the repository and image tag that need to be matched.
Repository matching: select filter type for the image repository, and enter the name of the repository which needs to be filtered.
Tag matching: select filter type for the image tag, and enter the name of the tag which needs to be filtered.
Rule switch
The rule is effective as of creation by default.
Enabling means the rule takes effect. You can enable/disable the rule in the configuration.
4. Click Confirm to create the rule.

Managing tag immutability rule

You can view the rules on the “Tag Immutability” page after creation, and take the following actions to manage the rules.
Configuration: you can reconfigure the instance tag immutability rule but cannot modify the namespace for which it takes effect.
Delete: delete the tag immutability rule under the instance.
Topik sebelumnya: Container Image Security ScanningTopik selanjutnya: Blocking the Deployment of High-Risk Images

Bantuan dan Dukungan

Apakah halaman ini membantu?

masukan