Scribd
Upload
34 views

Develop Intelligence - Docker Docker Registry

The document discusses different options for Docker registries including Docker Hub, local private registries, and Azure Container Registry. Docker Hub is a public registry where users can store and share images. A local private registry allows users to tightly control image storage and distribution. Azure Container Registry allows storing and managing images in the cloud. Digital signatures using Docker Content Trust provide verification of image integrity and publisher.

Uploaded by

saphana9800
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
34 views

Develop Intelligence - Docker Docker Registry

The document discusses different options for Docker registries including Docker Hub, local private registries, and Azure Container Registry. Docker Hub is a public registry where users can store and share images. A local private registry allows users to tightly control image storage and distribution. Azure Container Registry allows storing and managing images in the cloud. Digital signatures using Docker Content Trust provide verification of image integrity and publisher.

Uploaded by

saphana9800
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Develop Intelligence – Docker Docker Registry

Agenda: Docker Registry


 Docker Hub
 Local / Private Registry
 Azure Container Registry

Docker Hub
Now you have a Docker image for a simple Hello World app. The image is the portable unit - you can push the
image to Docker Cloud, and anyone can pull it and run your app for themselves.
Pushing images to Docker Cloud requires a free Docker ID. Storing images on Docker Cloud is a great way to share
applications, or to create build pipelines that move apps from development to production with Docker.
An individual image record has the following identifier:
[REGISTRY_HOST[:REGISTRY_PORT]/]/[USERNAME]/REPOSITORY[:TAG]
Eg: docker.io/sandeepsoni/counterdemo:v1
DCT is associated with the TAG portion of an image. An image repository can contain an image with one tag that is
signed and another tag that is not.

Visit: https://hub.docker.com/ and create an account


To push an image:
docker login
docker tag helloworld:v1 sandeepsoni/hello-world:linux
docker image push sandeepsoni/hello-world:linux

On the VM execute the following command.


docker pull sandeepsoni/hello-world

Now again run the following command to get the latest from docker hub
docker container run -d -p 80:80 $dockerId/hello-world

Goto browser http://<IPofVM>


Docker Content Trust
Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote
Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of
specific image tags.
Through DCT, image publishers can sign their images and image consumers can ensure that the images they pull
are signed.
Develop Intelligence – Docker Docker Registry

Docker Content Trust Keys


Trust for an image tag is managed through the use of signing keys. A key set is created when an operation using
DCT is first invoked. A key set consists of the following classes of keys:
 an offline key that is the root of DCT for an image tag
 repository or tagging keys that sign tags
 server-managed keys such as the timestamp key, which provides freshness security guarantees for your
repository
The following image depicts the various signing keys and their relationships:

# Install Docker on Ubuntu VM


curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# Login as root
sudo su –
# To add dssadmin to docker group so that sudo will not be required while executing docker CLI commands
usermod -a -G docker dssadmin
exit
Logout and Login
# Login to Docker Hub
Develop Intelligence – Docker Docker Registry
docker login
# Generate offline root key
docker trust key generate soni
# Adding signer to the repository (counter)
docker trust signer add --key /home/dssadmin/soni.pub soni sandeepsoni/counter
# Pull the Image (unsigned) / create a new image
docker build -t sandeepsoni/counter:v1 .
# Make changes to your Code and Create a new image with different tag
docker build -t sandeepsoni/counter:v2 .
# Push the Image with tag v1 (without digital signature)
docker push sandeepsoni/counter:v1
# Sign the Image with tag v2
docker trust sign sandeepsoni/counter:v2
# Inspect the Trust
docker trust inspect --pretty sandeepsoni/counter:v2
# Push the Image with tag v2 (with digital signature)
docker push sandeepsoni/counter:v2
# Enable Content Trust at the Docker Host
export DOCKER_CONTENT_TRUST=1 (Linux)
PS> set DOCKER_CONTENT_TRUST=1 (Windows)
# Pull the Image
docker pull sandeepsoni/counter:v1 #This will fail
docker pull sandeepsoni/counter:v2 #This will succeed.
docker pull --disable-content-trust=true sandeepsoni/counter:v2 #use this option if environment variable
should not be checked.
# To remove remote trusted data for a tag?
docker trust revoke

Docker Private Registry (Local)


The Registry is a stateless, highly scalable server-side application that stores and lets you distribute Docker images.

Why use it
You should use the Registry if you want to:
 tightly control where your images are being stored
 fully own your images distribution pipeline
 integrate image storage and distribution tightly into your in-house development workflow
Develop Intelligence – Docker Docker Registry
Users looking for a zero maintenance, ready-to-go solution are encouraged to head-over to the Docker Hub, which
provides a free-to-use, hosted Registry, plus additional features (organization accounts, automated builds, and
more).

Users looking for a commercially supported version of the Registry should look into Docker Trusted Registry.

Step 1: Create a New VM with ubuntu 16.04.


NSG  Inbound rule  Allow port 5000

Step 2: Remote Login to VM using Putty


#Installs Docker
$ sudo apt install docker.io
#Installs Local Registery
$ sudo docker run -d -p 5000:5000 --name registry registry:2

Step 3: In local machine edit the file Windows: C:\ProgramData\Docker\config\daemon.json / Mac:


~/.docker/daemon.json
{"registry-mirrors":[],"insecure-registries":["<IpofUbuntuVM>:5000"], "debug":true, "experimental": true,"graph":
"D:\\DockerStore"}

Step4: In local machine execute following commands


docker image tag mywebappdemo:dev <IpofUbuntuVM>:5000/mywebappdemo
docker push <IpofUbuntuVM>:5000/mywebappdemo

To get the list of images in repository in lynx:


curl http://13.71.123.164:5000/v2/_catalog
OR
In Browser:
http://13.71.123.164:5000/v2/_catalog

Cloud Solution - Azure Container Registry


Azure Container Registry allows you to build, store, and manage docker container images

1. Create a resource  Containers  Azure Container Registry.


2. Under Admin user, select Enable. Take note of the following values:
Develop Intelligence – Docker Docker Registry
 Login server
 Username
 password
3. Login to ACR
docker login --username dssregistry --password 4jsf4hYlhUOp7i08Tu=k2zpIBP+dkYYk
dssregistry.azurecr.io
4. Tag Local Images
docker image tag sandeepsoni/hellowebapp dssregistry.azurecr.io/hellowebapp:v1
5. Push images to ACR
docker push dssregistry.azurecr.io/hellowebapp:v1

You might also like