When an Alibaba Cloud Container Registry (ACR) instance receives a pull request, it uses domain name routing rules to return a download URL for the corresponding image layer. This URL points to a specific Object Storage Service (OSS) domain name, such as the default bucket domain name, an OSS accelerator endpoint, or a custom domain name.
How it works
Container images in an ACR Enterprise Edition instance are hosted in an OSS bucket. When an ACR instance receives a pull request, it redirects the request to the corresponding image layer download URL. The client then downloads the image from OSS. By default, ACR Enterprise Edition provides download URLs based on the following policies:
If a client uses the virtual private cloud (VPC) endpoint of an ACR Enterprise Edition instance to pull an image, the returned download URL for the image layer uses the default internal same-region endpoint of OSS.
If a client uses the public endpoint of an ACR Enterprise Edition instance to pull an image, the returned download URL for the image layer uses the default public endpoint of OSS.
You can adjust the domain name routing rules to change the download URLs that the ACR instance returns. For example, you can configure the instance to return a download URL for the image layer that uses a custom OSS domain name when a client pulls an image using the ACR VPC endpoint.
Applicability
This feature is available only for ACR Enterprise Edition instances.
You have enabled the required domain name features for your OSS instance:
Acceleration endpoint: For more information, see Access OSS through transfer acceleration.
Accelerator endpoint: For more information, see Use the OSS accelerator.
Custom domain name: For more information, see OSS custom domain names.
This feature is available only to whitelisted users. To use this feature, submit a ticket.
Procedure
Log on to the Container Registry console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Instances.
On the Instances page, click the Enterprise Edition instance that you want to manage.
-
In the navigation pane on the left of the instance management page, choose . On the Domain Routing tab, click Add Configuration.
-
Configure the following parameters and click Confirm.
Parameter
Description
Example
Enable Access over Internet
The type of access entry point for the ACR instance.
The following options are supported:
-
Public Ingress
-
VPC Access Entry Point
Instance Domain Name
The domain name of the ACR instance.
The following three types of ACR instance domain names are supported:
Default public domain name
Default internal same-region domain name
Custom domain name
OSS Endpoint
The OSS endpoint used to pull images for the specified Enable Access over Internet and Instance Domain Name.
-
If Public Access is set to Public Access, the following types of OSS endpoints are supported:
OSS acceleration endpoint
OSS custom domain name
OSS default public endpoint
-
If Access Entry Point is set to VPC Access Entry Point, the following types of OSS endpoints are supported:
OSS accelerator endpoint
OSS default internal same-region endpoint
-
OSS PrivateLink domain name
Important-
The PrivateLink domain name can be accessed only from within the associated VPC. To access it across VPCs, you must connect the VPCs using services such as Cloud Enterprise Network (CEN).
-
To configure a PrivateLink endpoint, you must append the OSS bucket name to the domain name. The format is https://${privateLinkEndpoint}/${bucketName}.
-
-