tencent cloud

Feedback

Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access

Last updated: 2024-12-02 14:34:20

    Overview

    TCR Enterprise Edition supports network access control. It allows users to access a specified VPC and allows the Docker clients within the VPC to access image data over the private network. With the popularization and practice of the concept of multi-cloud/distributed cloud, users' container cluster is no longer located in a single VPC in the designated region of Tencent Cloud, but may be distributed in complex networks of multiple cloud vendors and IDCs, and these complex networks may be interoperable through the CCN and Peering Connection network products. In this context, users need to access a single TCR Enterprise Edition instance from multiple regions and VPCs simultaneously for normal private network push and image pull.
    This document mainly introduces how an enterprise customer uses a custom domain name together with the CCN, Peering Connection, and Private DNS products to enable multiple VPCs to access a TCR instance simultaneously and distribute container images over the private network.
    In particular, if your business is distributed in multiple clouds and multiple regions, in order to realize data disaster recovery backup and nearby access, it is recommended that you refer to the following best practices and choose the most suitable scheme according to your business needs: Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud and Nearby Access Through Image Synchronization Between Multiple Global Regions.

    Prerequisites

    Check that you have completed the following preparations:
    Purchase a TCR Enterprise Edition instance and obtain the instance management permissions such as QcloudTCRFullAccess.
    Configure a valid domain name. For more information, see Configuring Custom Domain Name.
    Activate services such as CCN and Peering Connection, and access multiple VPCs.

    Overall Structure

    The customer deployed containerized business in both Guangzhou and Shanghai and used the TCR Enterprise Edition instance in Guangzhou to host and distribute container images.
    
    

    Configuration Details

    Creating a TCR Enterprise Edition instance and binding a custom domain name

    1. Purchase a TCR Enterprise Edition instance in the region where the container business is deployed. For more information, see Purchasing TCR Enterprise Edition Instance. For this best practice, select Guangzhou (ap-guangzhou, gz).
    2. Initialize the instance and upload the first image. For more information, see TCR Enterprise Edition Getting Started. For this best practice, this step is to access the specified VPC vpc-gz-01 and push images over the private network.
    3. Configure a custom domain name. For more information, see Configuring Custom Domain Name.

    Associating multiple VPCs with CCN

    1. Go to the VPC console, create a CCN instance, and associate it with the Guangzhou and Shanghai VPCs.
    
    
    2. You can choose to use the peering connection feature to associate the VPCs mentioned above.

    Configuring Private DNS for the custom domain name

    1. Go to the Private DNS console, use the bound custom domain name to create a private zone, and associate it with the VPCs mentioned above.
    2. Configure the parsing record: Select A record, use @ to directly parse the main domain name, and configure the record to the private IP corresponding to the accessed VPC.

    Scenario Verification

    Verifying the VPC connected to the instance

    1. In the connected VPC in Guangzhou, create a CVM and install the Docker client.
    2. Log in to the CVM and try to pull the image. The following is a reference command, where you need to replace demo-tcr.cn with the actual bound custom domain name and replace demo/nginx:latest with the actual image address (demo is the namespace).
    # Pull the image in the container cluster in Guangzhou
    docker pull demo-tcr.cn/demo/nginx:latest
    If the image pull is successful, the VPC connection, custom domain name, and Private DNS are configured properly, and the container cluster of the Guangzhou VPC can use the custom domain name to pull images over the private network.

    Verifying the other VPC connected to CCN

    1. In the VPC connected to CCN in Shanghai, create a CVM and install the Docker client.
    2. Log in to the CVM and try to pull the image. You can use the same path to directly pull the Enterprise Edition instance in Guangzhou.
    # Pull the image in the container cluster in Shanghai
    docker pull demo-tcr.cn/demo/nginx:latest
    If the image pull is successful, the CCN configuration is normal, and the container cluster of the Shanghai VPC can use the custom domain name to pull the image across regions over the private network.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support