- What's new
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Introduction
- Permissions Management
- Basics of the Container Engine
-
Image Management
- Uploading an Image Through a Container Engine Client (Recommended)
- Obtaining a Long-Term Valid Login Command
- Uploading an Image Through SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing a Private Image
- Adding a Trigger
- Adding an Image Retention Policy
- Configuring Automatic Image Synchronization Between Regions
- Image Center
- Organization Management
- User Permissions
- Auditing
- Change History
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
- API Overview
-
API
- Organization Management
- Managing Image Repositories
- Image Tag Management
- Shared Account Management
- API Version
- Organization Permission Management
- Image Permission Management
- Image Synchronization Management
- Trigger Management
- Image Retention Policy Management
- Temporary Login Command
- Quota Management
- Other
- Example Applications
- Appendixes
- SDK Reference
-
FAQs
- General FAQs
- Login Issues
- Synchronizing Images
- Pushing an Image
- Pulling an Image
-
Troubleshooting
- Why Does the Login Command Fail to Be Executed?
- Why Does an Image Fail to Be Pushed Through a Container Engine Client?
- Why Does an Image Fail to Be Uploaded Through SWR Console?
- Why Does the docker pull Command Fail to Be Executed?
- What Should I Do If Images Cannot Be Downloaded from Private Networks?
- What Do I Do If an Error Occurs When I Call an API?
-
Other FAQs
- Why Does a CCE Workload Cannot Pull an Image from SWR and a Message "Not Logged In" Is Displayed?
- How Many Tenants Can I Share an SWR Private Image With?
- Why Is an Image Pushed Using a Container Engine Client to SWR Different in Size From One Uploaded Through the SWR Console?
- Can I Pull Images on the SWR Console to a Local PC?
- Videos
- Glossary
-
More Documents
- User Guide
- API Reference
- User Guide (Paris Regions)
- API Reference (Paris Regions)
- User Guide (Kuala Lumpur Region)
- API Reference (Kuala Lumpur Region)
-
User Guide (Ankara Region)
- Service Overview
- Overview
- Permissions Management
- Basics of Docker
-
Image Management
- Pushing an Image Through a Container Engine Client
- Obtaining a Long-Term Valid Docker Login Command
- Obtaining a Long-Term Valid containerd Pull/Push Command
- Uploading an Image Through the SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing Private Images
- Adding a Trigger
- Adding an Image Retention Policy
- Organization Management
- User Permissions
- FAQs
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- API
- Appendixes
- Permissions and Supported Actions
- General Reference
Copied.
Public Network Access
Scenarios
If your container engine client is a CCE or ECS node and is in the different region from the image repository, you can push or pull an image using a public network and the client needs to be bound to an EIP. For public network access, there are two scenarios.
Public Network Access for Single ECS
If an ECS needs to access a public network, you can bind it to an EIP. Huawei Cloud provides multiple billing modes (such as pay-per-use and pay-per-traffic). You can select one as required and flexibly unbind an unnecessary EIP.
![](https://support.huaweicloud.com/intl/en-us/bestpractice-swr/en-us_image_0000001282849578.png)
- Log in to the management console.
- Click
at the upper left corner and select the desired region and project.
- Click
and choose Computing > Elastic Cloud Server.
- In the ECS list, select the ECS to which an EIP is to be bound, and choose More > Manage Network > Bind EIP in the Operation column.
- Select an EIP and click OK.
Figure 2 Binding an EIP
- After the ECS is bound to the EIP, you can view the bound EIP in the ECS list.
NOTE:
If no EIP is available in the current region, the EIP list is empty. In this case, purchase an EIP and bind it again.
Public Network Access for Multiple ECSs
If all ECSs in your VPC need to access a public network, you can use NAT Gateway and configure SNAT rules by subnet to easily build a public network egress for the VPC. If no SNAT rule is configured, external users cannot directly access the public network IP address of the NAT gateway through a public network, which makes ECS more secure compared with public network access through an EIP.
![](https://support.huaweicloud.com/intl/en-us/bestpractice-swr/en-us_image_0000001335449429.png)
- Bind the ECS to an EIP. For details, see Public Network Access for Single ECS.
- Create a NAT gateway. For details, see Buying a Public NAT Gateway.
a. Log in to the management console.
b. Click
at the upper left corner and select the desired region and project.
c. Click
at the upper left corner, and choose Networking > NAT Gateway.
d. On the displayed page, click Buy Public NAT Gateway.
e. Configure parameters as prompted.
- Configure SNAT rules and bind EIPs to subnets. For details, see Adding an SNAT Rule.
a. Log in to the management console.
b. Click
at the upper left corner and select the desired region and project.
c. Click
at the upper left corner, and choose Networking > NAT Gateway.
d. On the displayed page, click the name of the NAT gateway that you want to add an SNAT rule for.
e. On the SNAT Rules tab, click Add SNAT Rule.
f. Configure parameters as prompted.
Figure 4 Adding an SNAT rule
If you access OBS by configuring the local /etc/hosts file, add the domain names of the OBS bucket clusters that store container images to this file. Otherwise, the images may fail to be pulled. You can submit a service ticket to obtain information about SWR's OBS bucket clusters in different regions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot