[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-11。"],[[["\u003cp\u003eVPC Service Controls helps prevent unauthorized data copying or transfer from Google-managed services.\u003c/p\u003e\n"],["\u003cp\u003eSecurity perimeters can be configured around resources, controlling data movement across the boundaries.\u003c/p\u003e\n"],["\u003cp\u003eContainer Registry within a service perimeter allows access to container images inside the perimeter and Google-provided images.\u003c/p\u003e\n"],["\u003cp\u003eContainer Registry can be accessed via default Google APIs/services domains or special IP addresses like \u003ccode\u003e199.36.153.4/30\u003c/code\u003e (\u003ccode\u003erestricted.googleapis.com\u003c/code\u003e) and \u003ccode\u003e199.36.153.8/30\u003c/code\u003e (\u003ccode\u003eprivate.googleapis.com\u003c/code\u003e).\u003c/p\u003e\n"],["\u003cp\u003eArtifact Analysis can be added to your perimeter to be secured within the VPC service.\u003c/p\u003e\n"]]],[],null,["# Securing Container Registry in a service perimeter\n\n[VPC Service Controls](/vpc-service-controls/docs/overview) improves your\nability to mitigate the risk of unauthorized copying or transfer of data\nfrom Google-managed services.\n\nWith VPC Service Controls, you can configure security perimeters around the\nresources of your Google-managed services and control the movement of data\nacross the perimeter boundary.\n\nUsing Container Registry with VPC Service Controls\n--------------------------------------------------\n\nIf you are using Container Registry and Google Kubernetes Engine private clusters in a\nproject within a service perimeter, you can access container images inside the\nservice perimeter as well as [Google-provided images](/vpc-service-controls/docs/supported-products#registry).\n\nYou can access Container Registry using the\n[IP addresses for the default Google APIs and services domains](/vpc/docs/configure-private-google-access#ip-addr-defaults),\nor using these special IP addresses:\n\n- `199.36.153.4/30` (`restricted.googleapis.com`)\n- `199.36.153.8/30` (`private.googleapis.com`)\n\nFor details about these options, see\n[Configuring Private Google Access](/vpc/docs/configure-private-google-access#config). For an example\nconfiguration that uses `199.36.153.4/30` (`restricted.googleapis.com`),\nsee the documentation for [registry access with a virtual IP](/vpc-service-controls/docs/set-up-gke).\n\nFor general instructions to add Container Registry to a service perimeter,\nsee [Creating a service perimeter](/vpc-service-controls/docs/create-service-perimeters).\n\nUsing Artifact Analysis with VPC Service Controls\n-------------------------------------------------\n\nTo learn how to add Artifact Analysis to your perimeter,\nsee the [securing Artifact Analysis in a service\nperimeter](/container-analysis/docs/aa-vpc-sc-service-perimeter)."]]
