Create Replication Rules
You replicate image repositories between vSphere Integrated Containers Registry instances by creating replication rules for projects. A replication rule identifies an endpoint registry to which to replicate images.
- When you first enable a replication rule, all of the images in the project replicate to the endpoint registry.
- If the project does not already exist on the remote registry, the rule creates a new project automatically.
- After the initial synchronization between the registries, images that users push to the project on the source registry replicate incrementally to the endpoint registry.
- If users delete images from the source registry, the replication rule deletes the image from the endpoint registry.
- Replication rules are unidirectional. To establish two-way replication, so that users can push images to either project and keep the projects in sync, you must create replication rules in both registry instances.
- You have two vSphere Integrated Containers Registry instances, one that contains the images to replicate and one to act as the replication endpoint registry.
- You created at least one project, and pushed at least one image to that project.
- If the remote registry that you intend to use as the endpoint uses a self-signed or an untrusted certificate, you must disable certificate verification on the registry from which you are replicating. For example, disable certificate verification if the endpoint registry uses the default auto-generated certificates that vSphere Integrated Containers Registry created during the deployment of the vSphere Integrated Containers appliance. For information about disabling certificate verification, see Configure a Registry.
Log in to the vSphere Integrated Containers Registry instance that contains the images to replicate.
Log in at https://vic_appliance_address:443. Use the
adminaccount, or an account with Administrator privileges. If the vSphere Integrated Containers appliance uses a different port for vSphere Integrated Containers Registry, replace 443 with the appropriate port.
- Click Projects on the left and click the name of the project to replicate.
- Click Replication, then click the + Replication Rule button.
- Enter a suitable name for the new replication rule and optionally add a description.
Select or create an endpoint registry.
To select an existing endpoint registry, select an endpoint from the Endpoint Name drop-down menu.
When you select an existing endpoint registry, the URL, user name and password are filled in automatically. If only one endpoint registry exists in the system, it is selected automatically.
To create a new endpoint, check the New Endpoint check box.
- Enter a suitable name for the new replication endpoint.
Enter the full URL of the vSphere Integrated Containers Registry instance to set up as a replication endpoint.
For example, https://registry_address:443.
Enter the user name and password for the endpoint registry instance.
adminaccount for that vSphere Integrated Containers Registry instance, an account with Administrator privileges on that instance, or an account that has write permission on the corresponding project in the endpoint registry. If the project already exists and the replication user that you configure in the rule does not have write privileges in the target project, the replication fails.
Click Test Connection.
When you have successfully tested the connection, optionally check the Enable checkbox, and click OK.
If you select Enable, replication starts immediately. You can track the progress of the replication in the list of Replication Jobs.
- Click the icon in the Logs column for the replication job to check that replication succeeded without errors.
Depending on the size of the images and the speed of the network connection, replication might take some time to complete. An image is not available in the endpoint registry until all of its layers have been synchronized from the source registry. If a replication job fails due to a network issue, vSphere Integrated Containers Registry reschedules the job to retry it a few minutes later.