dockercon eu 2015: what's new with docker trusted registry
TRANSCRIPT
![Page 1: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/1.jpg)
What’s New with Docker Trusted Registry (v1.4.0)?
Jon Chu & Rajat GoelPM, EnterpriseDirector of Engineering, Enterprise
![Page 2: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/2.jpg)
Docker Trusted Registry Recap
2
Registry for building, storing and managing images securely, within your firewall
Maintain control over Docker images to meet your security or regulatory compliance requirements.
![Page 3: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/3.jpg)
Content is King…to Build-Ship-Run
Run
Trusted Registry
Base Image Tested Production
Development Test Staging Production Scale Out
Build Ship
![Page 4: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/4.jpg)
DTR Primary Usage Scenarios
CI/CD with Docker
• Centrally located base images• Store individual build images• Pull tested images to production
Containers as a Service
• Deploy Jenkins executors or Hadoop nodes• Instant-on developer environment• Selected curated apps from a catalog• Dynamic composition of micro-services (“PAAS”)
![Page 5: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/5.jpg)
Pre DTR 1.4
General Features
• Admin & Health UI• Registry Storage Status• LDAP/AD Integration• RBAC API (Admin, R/W, R/O)• User actions/API audit logs• Registry v2 API & v2 Image Support• One click install/upgrade
Platform Features
• Storage drivers for filesystem, s3, and azure• Support Tooling• Support for Ubuntu, RHEL, CentOS• Tested at 300 concurrent pulls/instance
![Page 6: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/6.jpg)
DTR 1.4 Release
General Features
• Orgs, Teams & Repo permissions UI• Search index, API & UI• Interactive API documentation• Image deletion from index• Image garbage collection
Experimental • Docker Content Trust: View Docker Notary signatures in DTR
![Page 7: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/7.jpg)
Architecture
Datastore
Storage Drivers
Admin UIAudit and Event logs
Directory Services
LoadBalancer
Registry ServersAdminServer
AuthServer
Log Aggregator
Docker Engines
PostgreSQL
LDAPS 636Local Syslog
Docker Client
> docker
HTTPS 443
![Page 8: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/8.jpg)
Demo Time
8
![Page 9: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/9.jpg)
9
Deep Dive: Delete
![Page 10: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/10.jpg)
10
Deep Dive: Delete
![Page 11: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/11.jpg)
11
Deep Dive: Garbage Collection
![Page 12: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/12.jpg)
12
Overview: Docker Content Trust● Built on TUF● Designed to make good security easy!● Validates the publisher, not the safety of their
content!
![Page 13: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/13.jpg)
13
Overview: Docker Content Trust● Built on TUF● Designed to make good security easy!● Validates the publisher, not the safety of their
content!
![Page 14: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/14.jpg)
14
Overview: Docker Content Trust
Image Forgery
![Page 15: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/15.jpg)
15
Overview: Docker Content Trust
Why not GPG?
Replay Attacks
![Page 16: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/16.jpg)
TOFUs
13
![Page 17: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/17.jpg)
17
Docker Content Trust Integration
Docker Universal Control Plane Integration
Future Plans and Features
![Page 18: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/18.jpg)
Docker Universal Control Plane Integration
● End-to-end authn integration with LDAP/AD
● Cross product RBAC across orgs● Complete CI/CD visibility
Description
![Page 19: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/19.jpg)
DCT: Image Promotion & Policy Enforcement
● Cryptographically signed layers● Promote images through signatures
● dev signed -> QA signed -> prod signed● Policy enforcement through integrations
Description
Sysadmin
Dev
Prod Ops
![Page 20: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/20.jpg)
International AvailabilityDocker Subscription available for Europe
Hourly and annual subscriptions available from AWS Marketplace
Subscription licenses available
L1 and L2 support for US and Europe
Bring your own license to deploy Docker VHD in Azure Marketplace to
European zones
www.docker.com/aws www.docker.com/ibm www.docker.com/microsoft
30 day free trial www.docker.com/try-dtr
![Page 21: DockerCon EU 2015: What's New with Docker Trusted Registry](https://reader035.vdocument.in/reader035/viewer/2022062901/58f260ba1a28ab20468b4609/html5/thumbnails/21.jpg)
Thank you!Jon & Rajat@chu_jon, [email protected]@rajat_g, [email protected]