Container Registry is deprecated. Effective March 18, 2025, Container Registry is shut down and writing images to Container Registry is unavailable. For more information about the Container Registry deprecation and how to migrate to Artifact Registry, see Container Registry deprecation.
Securing Container Registry in a service perimeter
Stay organized with collections
Save and categorize content based on your preferences.
VPC Service Controls improves your
ability to mitigate the risk of unauthorized copying or transfer of data
from Google-managed services.
With VPC Service Controls, you can configure security perimeters around the
resources of your Google-managed services and control the movement of data
across the perimeter boundary.
Using Container Registry with VPC Service Controls
If you are using Container Registry and Google Kubernetes Engine private clusters in a
project within a service perimeter, you can access container images inside the
service perimeter as well as Google-provided images.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["VPC Service Controls helps prevent unauthorized data copying or transfer from Google-managed services."],["Security perimeters can be configured around resources, controlling data movement across the boundaries."],["Container Registry within a service perimeter allows access to container images inside the perimeter and Google-provided images."],["Container Registry can be accessed via default Google APIs/services domains or special IP addresses like `199.36.153.4/30` (`restricted.googleapis.com`) and `199.36.153.8/30` (`private.googleapis.com`)."],["Artifact Analysis can be added to your perimeter to be secured within the VPC service."]]],[]]
