Accessing an SWR Enterprise Edition Instance Across Regions over the Private Network

Scenario

In SWR Enterprise Edition, if you need to push or pull images across regions, the VPC in the source region and the VPC in the region of the target SWR Enterprise Edition instance must be able to communicate with each other. You can take the following steps to enable mutual communication between the two VPCs:

1. Configure Cloud Connect to enable network communication across regions.
2. Obtain the required information for network connectivity.
3. Configure a VPC endpoint to access OBS.
4. Configure the IP address ranges in Cloud Connect for forwarding OBS requests.
5. Configure private DNS resolution to access the target SWR Enterprise Edition instance.
6. Verify that images can be downloaded across regions.

After completing these steps, you can push images to or pull images from the target SWR Enterprise Edition instance.

Constraints

Docker or containerd has been installed on ECS 1.

Procedure

1. Configure cross-region network connectivity.

   Enable network connectivity between vpc-10 in CN East-Shanghai1 and vpc-default in CN South-Guangzhou using Cloud Connect. For details, see Using a Cloud Connection to Connect VPCs in the Same Account But Different Regions.

2. Obtain the domain name, OBS bucket name, and IP address of the target instance.
   1. Access the SWR console and switch to the CN South-Guangzhou region.
   2. In the navigation pane, choose Enterprise Edition. On the Repositories page, click the name of the target repository to go to the repository details page.
   3. On the Dashboard page, obtain the access address and OBS bucket name.

      

   4. In the navigation pane, choose Access > Access Control > Private Network Access. On the displayed page, locate the row that contains vpc-default in the VPC column, and record the value in the IP column.

   5. Obtain the IP address of the OBS bucket in vpc-default.

      Run the ping command to obtain the IP address of the OBS domain name and record it. Ping the OBS domain name for several times to obtain multiple IP addresses.

   Table 1 Information about the target instance

   SWR Enterprise Edition Instance ID	Bucket Name	Domain Name (IP address) of SWR Enterprise Edition Instance	OBS Domain Name (IP Address)
   ${instance-id}	swr-ee-${instance-id}-registry	xxx.swr-pro.myhuaweicloud.com (192.168.0.17)	swr-ee-${instance-id}-registry.obs.${region-id}.myhuaweicloud.com (100.*.*.6, 100.*.*.7)

3. Configure a VPC endpoint for accessing OBS.
   1. Access the management console.
   2. Click in the upper left corner and select the CN South-Guangzhou region.
   3. Click in the upper left corner and choose Networking > VPC Endpoint.
   4. On the VPC Endpoint console, click Buy VPC Endpoint. Set Service Category to Cloud services, and select com.myhuaweicloud.{region_id}.swr. If this service is not found, select Find a service by name for Service Category. Configure other parameters as needed.
      • VPC Endpoint Service Name: Based on the OBS bucket name of the target instance, submit a service ticket or contact OBS O&M personnel to obtain the name of the OBS VPC endpoint service of the gateway type. Enter the OBS endpoint service name and click Verify.

      • VPC: Select vpc-default.
      • Route Table: Use the default route table of vpc-default.

4. Configure the IP address ranges in Cloud Connect for forwarding OBS requests.
   1. In the route table of vpc-default, view the routes for accessing OBS through the VPC endpoint.

      On the VPC Endpoint console, select the CN South-Guangzhou region. Then choose Virtual Private Cloud > Route Tables. Locate the row that contains the default route table rtb-vpc-default and click the name. On the displayed page, locate the route whose next hop type is VPC endpoint.

   2. Click the number in the IP Addresses column to view all IP address ranges that can access OBS. Record the values in the Destination column.

   3. On the management console, click in the upper left corner and select the CN East-Shanghai1 region. Click in the upper left corner and choose Networking > Cloud Connect. Click the name of the cloud connection created in 1. On the Network Instances tab, locate vpc-default and click Modify VPC CIDR Block.

   4. In the Other CIDR Block area, add the IP address ranges obtained in 4.b.

5. In the CN East-Shanghai1 region, configure private DNS resolution to access the target SWR Enterprise Edition instance and OBS domain name from vpc-10.
   1. Go to the Private Zones page.
   2. Click in the upper left corner and select the CN East-Shanghai1 region.
   3. In the upper right corner of the page, click Create Private Zone.
   4. Configure the private domain name used to access the target SWR Enterprise Edition instance.
   5. Enter the domain name of the target SWR Enterprise Edition instance and configure other parameters. For details, see Creating a Private Zone.

      Domain Name: xxx.swr-pro.myhuaweicloud.com

      Region: CN East-Shanghai1

      VPC: vpc-10

      Locate the created private zone, click Manage Record Sets in the Operation column, and click Add Record Set to add the IP address of the target instance. In this example, the IP address is 192.168.0.17.

   6. Repeat 5.d and 5.e to create a private zone for the OBS domain name.

      Domain Name: swr-ee-${instance-id}-registry.obs.${region-id}.myhuaweicloud.com

      Region: CN East-Shanghai1

      VPC: vpc-10

      Locate the created private zone, click Manage Record Sets in the Operation column, and click Add Record Set to add the IP addresses of OBS. In this example, the IP addresses are 100.*.*.6 and 100.*.*.7.

6. Log in to ECS 1 in CN East-Shanghai1 and verify that the image in the image repository in CN South-Guangzhou can be downloaded.