- Updates and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Creating an Enterprise Edition Instance
- Access Configuration
- Manage Image Repository
- Image Distribution
- Image Security
- Synchronization and Replication
- Configuring Image Tag Retention
- Image Cleanup
- DevOps
- OCI Artifacts Management
- Operation Guide for TCR Individual
- Terminating/Returning Instances
- Practical Tutorial
- TCR Personal migration
- TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
- Synchronizing Images to TCR Enterprise Edition from External Harbor
- TKE Serverless Clusters Pull TCR Container Images
- Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
- Nearby Access Through Image Synchronization Between Multiple Global Regions
- Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance Management APIs
- DescribeInstances
- DescribeInstanceStatus
- CreateInstanceToken
- CreateInstance
- ModifyInstanceToken
- DescribeInstanceToken
- DeleteInstanceToken
- DeleteInstance
- RenewInstance
- CheckInstanceName
- CheckInstance
- ModifyInstance
- DescribeRegions
- DescribeInstanceCustomizedDomain
- DescribeImageAccelerateService
- DeleteInstanceCustomizedDomain
- DeleteImageAccelerateService
- CreateInstanceCustomizedDomain
- CreateImageAccelerationService
- Namespace APIs
- Image Repository APIs
- Custom Account APIs
- Trigger APIs
- Instance Synchronization APIs
- Access Control APIs
- Helm Chart APIs
- Tag Retention APIs
- Data Types
- Error Codes
- FAQs
- Related Agreement
- Contact Us
- Glossary
- Updates and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Creating an Enterprise Edition Instance
- Access Configuration
- Manage Image Repository
- Image Distribution
- Image Security
- Synchronization and Replication
- Configuring Image Tag Retention
- Image Cleanup
- DevOps
- OCI Artifacts Management
- Operation Guide for TCR Individual
- Terminating/Returning Instances
- Practical Tutorial
- TCR Personal migration
- TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
- Synchronizing Images to TCR Enterprise Edition from External Harbor
- TKE Serverless Clusters Pull TCR Container Images
- Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
- Nearby Access Through Image Synchronization Between Multiple Global Regions
- Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance Management APIs
- DescribeInstances
- DescribeInstanceStatus
- CreateInstanceToken
- CreateInstance
- ModifyInstanceToken
- DescribeInstanceToken
- DeleteInstanceToken
- DeleteInstance
- RenewInstance
- CheckInstanceName
- CheckInstance
- ModifyInstance
- DescribeRegions
- DescribeInstanceCustomizedDomain
- DescribeImageAccelerateService
- DeleteInstanceCustomizedDomain
- DeleteImageAccelerateService
- CreateInstanceCustomizedDomain
- CreateImageAccelerationService
- Namespace APIs
- Image Repository APIs
- Custom Account APIs
- Trigger APIs
- Instance Synchronization APIs
- Access Control APIs
- Helm Chart APIs
- Tag Retention APIs
- Data Types
- Error Codes
- FAQs
- Related Agreement
- Contact Us
- Glossary
Overview
Tencent Container Registry (TCR) Enterprise Edition supports protection for the hosted container image tags. Container image security is a key part of cloud-native application delivery. It enables tag immutability feature for the images hosted in TCR, which ensures the images of the same tag will only be successfully pushed once, thus effectively reduce the risk of tag overwriting caused by misoperation in the production environment. TCR supports tag protection at the namespace level. Users can fine-grainly define the repositories and image tags covered by the feature according to service demands.
Directions
Creating tag immutability rule
- Log in to the TCR console and select Tag Management > Tag Immutability on the left sidebar.
- Select the region where the instance is located and the instance name on the “Tag Immutability” page.
- Click Create Rule. In the Create Tag Immutability Rule window, configure the rule based on the following information. See the figure below:
Configuration Item Description Associated instance The instance which has been selected currently. Namespaces The current instance needs to enable the namespace for tag protection. Only a rule can be created in a single namespace. Immutability rule latest: in all repositories in the current namespace, all image tags are not allowed to be overwritten except the latest tag. Custom: customize the configuration of the repository and image tag that need to be matched. - Repository matching: select filter type for the image repository, and enter the name of the repository which needs to be filtered.
- Tag matching: select filter type for the image tag, and enter the name of the tag which needs to be filtered.
Rule switch The rule is effective as of creation by default. NoteEnabling means the rule takes effect. You can enable/disable the rule in the configuration.
- Click Confirm to create the rule.
Managing tag immutability rule
You can view the rules on the “Tag Immutability” page after creation, and take the following actions to manage the rules.
- Configuration: you can reconfigure the instance tag immutability rule but cannot modify the namespace for which it takes effect.
- Delete: delete the tag immutability rule under the instance.
Yes
No
Was this page helpful?