Tencent Container Registry Configuring Image Tag Immutability-Operation Guide-Help & Documentation-Tencent Cloud

Scenario
Tencent Container Registry (TCR) Enterprise Edition supports protecting hosted container image tags. Container image security is a crucial aspect of cloud-native application delivery. Enabling the immutability feature for images hosted in TCR ensures that the same image tag is pushed only once, effectively reducing the risk of version overwrite caused by inadvertent operations in production environments. TCR supports namespace-level tag protection, allowing users to define the granularity of repositories and image tags covered by this feature based on their business requirements.
Instructions
Creating tag immutability rule 
1. Log in to the TCR console and choose Version Management > Tag Immutability in the left sidebar.
2. Select the region where the instance is located and the instance name on the “Tag Immutability” page.
3. Click Create Rule. In the "Create tag immutability rule" window, configure the rule according to the following guidelines. As shown in the figure below:
﻿
﻿
Configuration items
Configuration Notes
Associated instance
The instance which has been selected currently.
Namespace
Select the namespace for which you want to enable tag protection in the current instance. Only one rule can be created per namespace.
Immutability rule
latest: in all repositories in the current namespace, all image tags are not allowed to be overwritten except the latest tag.
﻿
Custom: Configure the repositories and image tags to be matched according to your requirements.
Repository Matching: Select the filtering type for the image repository and enter the repository name to be filtered.
Tag Matching: Select the filter type for image tags and enter the tag names to be filtered.
Rule switch
The rule is effective as of creation by default.
Enabling means the rule takes effect. You can enable/disable the rule in the configuration.
4. Click Confirm to create the rule.
Managing tag immutability rule
You can view the rules on the “Tag Immutability” page after creation, and take the following actions to manage the rules. shown below:
﻿
﻿
﻿
Configuration: You can reconfigure a tag immutability rule but cannot modify the namespace for which it takes effect.
Delete: Remove the tag immutability rule for this instance.

Configuration items	Configuration Notes
Associated instance	The instance which has been selected currently.
Namespace	Select the namespace for which you want to enable tag protection in the current instance. Only one rule can be created per namespace.
Immutability rule	latest: in all repositories in the current namespace, all image tags are not allowed to be overwritten except the latest tag.
Immutability rule		Custom: Configure the repositories and image tags to be matched according to your requirements. Repository Matching: Select the filtering type for the image repository and enter the repository name to be filtered. Tag Matching: Select the filter type for image tags and enter the tag names to be filtered.
Rule switch	The rule is effective as of creation by default. Enabling means the rule takes effect. You can enable/disable the rule in the configuration.

Configuring Image Tag Immutability

On this page:

Scenario

Instructions

Creating tag immutability rule

Managing tag immutability rule