DockerCon EU 2015: What's New with Docker Trusted Registry
Download as PPTX, PDF3 likes6,801 views
Docker Trusted Registry (DTR) version 1.4.0 enhances the management and security of Docker images within enterprise environments. Key features include user interface improvements, LDAP integration, image deletion, and support for Docker Content Trust to ensure image authenticity. The release is focused on facilitating CI/CD workflows while providing compliance with security and regulatory requirements.
DockerCon EU 2015: What's New with Docker Trusted Registry
- 1. What’s New with Docker Trusted Registry (v1.4.0)? Jon Chu & Rajat Goel PM, Enterprise Director of Engineering, Enterprise
- 2. Docker Trusted Registry Recap 2 Registry for building, storing and managing images securely, within your firewall Maintain control over Docker images to meet your security or regulatory compliance requirements.
- 3. Content is King…to Build-Ship-Run Run Trusted Registry Base Image Tested Production Development Test Staging Production Scale Out Build Ship
- 4. DTR Primary Usage Scenarios CI/CD with Docker • Centrally located base images • Store individual build images • Pull tested images to production Containers as a Service • Deploy Jenkins executors or Hadoop nodes • Instant-on developer environment • Selected curated apps from a catalog • Dynamic composition of micro-services (“PAAS”)
- 5. Pre DTR 1.4 General Features • Admin & Health UI • Registry Storage Status • LDAP/AD Integration • RBAC API (Admin, R/W, R/O) • User actions/API audit logs • Registry v2 API & v2 Image Support • One click install/upgrade Platform Features • Storage drivers for filesystem, s3, and azure • Support Tooling • Support for Ubuntu, RHEL, CentOS • Tested at 300 concurrent pulls/instance
- 6. DTR 1.4 Release General Features • Orgs, Teams & Repo permissions UI • Search index, API & UI • Interactive API documentation • Image deletion from index • Image garbage collection Experimental • Docker Content Trust: View Docker Notary signatures in DTR
- 7. Architecture Datastore Storage Drivers Admin UIAudit and Event logs Directory Services Load Balancer Registry ServersAdmin Server Auth Server Log Aggregator Docker Engines PostgreSQL LDAPS 636Local Syslog Docker Client > docker HTTPS 443
- 8. Demo Time 8
- 11. 11 Deep Dive: Garbage Collection
- 12. 12 Overview: Docker Content Trust ● Built on TUF ● Designed to make good security easy! ● Validates the publisher, not the safety of their content!
- 13. 13 Overview: Docker Content Trust ● Built on TUF ● Designed to make good security easy! ● Validates the publisher, not the safety of their content!
- 14. 14 Overview: Docker Content Trust Image Forgery
- 15. 15 Overview: Docker Content Trust Why not GPG? Replay Attacks
- 16. TOFUs 13
- 17. 17 Docker Content Trust Integration Docker Universal Control Plane Integration Future Plans and Features
- 18. Docker Universal Control Plane Integration ● End-to-end authn integration with LDAP/AD ● Cross product RBAC across orgs ● Complete CI/CD visibility Description
- 19. DCT: Image Promotion & Policy Enforcement ● Cryptographically signed layers ● Promote images through signatures ● dev signed -> QA signed -> prod signed ● Policy enforcement through integrations Description Sysadmin Dev Prod Ops
- 20. International Availability Docker Subscription available for Europe Hourly and annual subscriptions available from AWS Marketplace Subscription licenses available L1 and L2 support for US and Europe Bring your own license to deploy Docker VHD in Azure Marketplace to European zones www.docker.com/aws www.docker.com/ibm www.docker.com/microsoft 30 day free trial www.docker.com/try-dtr
- 21. Thank you! Jon & Rajat @chu_jon, [email protected] @rajat_g, [email protected]