Trust and Image Provenance by Derek McGowan

•

5 likes•4,006 views

Trust and Image Provenance

DockerCon Europe
Introductions
Derek McGowan
Trust & Distribution Engineering Team @ Docker
dmcg on #docker-dev
dmcgowan on github
December 5, 2014

Trust

DockerCon Europe
Trust today
●
Transport level reliability
– TLS connection between client and daemon
– TLS connection between daemon and registry
●
Namespace enforced by registry
●
Basic authentication
December 5, 2014

Future of trust
● Globally federated namespace
● Distributed trust graph
● Public key cryptography
● Public key identity and fingerprint
● Chain of trust

Trust Graph
Key A3D8 Key 34F2
dmcgowan vbatts
My client's key Vincent's client's key
Key delegation
Signed by x509
Key delegation
Signed by x509
Grant vbatts “build” my images
Signed by key A3D8

Trust tool
● Trust as a tool separate from Docker
● Registers keys
● Creating and listing grants
● Key server specification
● Uses libtrust primitives

Demo
Key A3D8 Key 9B83
dmcgowan
My client's key Daemon's key
Key delegation
Signed by x509
Grant dmcgowan “run” access to
daemon
Signed by key 9B83

Image Provenance
Image provenance provides a verifiable record of
the origin and contents of an image.
● Self describing signed images
● Content addressable layers
● Digital signature
● Next generation registry
● Docker trust model
● Separation of name and transport

Get involved
● Attend trust and distribution bird of a feather
● Look at the proposals
● Look at next-generation registry design
● Provide feedback

Reference
● Trust system proposal (docker#9036)
● Authorization server proposal (docker#9081)
● Libtrust TLS (docker#8265)
● Trust tool prototype (libtrust#42)
● Next generation Registry (in the making)

Questions?

Thank You

More Related Content

Viewers also liked

DockerCon14 Contributing to Docker by Tianon

DockerCon14 Contributing to Docker by Tianon

DockerCon14 Contributing to Docker by Tianon

Distributed, Real-time Web Apps

Distributed, Real-time Web Apps

Distributed, Real-time Web Apps

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

DockerCon14 Keynote

DockerCon14 Keynote

DockerCon14 Keynote

DockerCon EU 2015: Nesting Containers: Real Life Observations

DockerCon EU 2015: Nesting Containers: Real Life Observations

DockerCon EU 2015: Nesting Containers: Real Life Observations

Presented by Alois Reitbauer, Chief Technical Evangelist, ruxit This talk provides detailed insights into how to manage large-scale production Docker environments. We will cover how to tune your containerised micro services for ideal performance, validate automated deployments with Marathon and Mesos and tune and manage the deployment complexity of hundreds of nodes. Last but not least we will demonstrate how easy it is to get up and running monitoring Docker using Ruxit.

DockerCon EU 2015: Monitoring and Managing Dynamic Docker Environments

DockerCon EU 2015: Monitoring and Managing Dynamic Docker Environments

DockerCon EU 2015: Monitoring and Managing Dynamic Docker Environments

DockerCon EU 2015: Sparebank; a journey towards Docker

DockerCon EU 2015: Sparebank; a journey towards Docker

DockerCon EU 2015: Sparebank; a journey towards Docker

New Relic went all-in with Docker very early, and has continued to stay on the forefront of the container ecosystem, both as a user of the technology and as a monitoring and analytics vendor. Today, a variety of teams utilize Docker in a variety of ways using a mix of home-grown and external OSS frameworks. The Container Fabric team is working on our next generation container platform utilizing Mesos/Marathon and a variety of other OSS tools, like Heka. We will briefly review our setup, and then discuss how we gather data that we care about from the ecosystem and inject it into the various tools we rely on for visibility and analytics. We love the functionality of what we’ve built, and we believe that you will find it useful too.

Monitoring Containers at New Relic by Sean Kane

Monitoring Containers at New Relic by Sean Kane

Monitoring Containers at New Relic by Sean Kane

Docker at DevTable

Docker at DevTable

Docker at DevTable

Presentation by Dr. Marius Millea, Cosmologist and Postdoctoral Fellow at the Institut Lagrange de Paris Cosmology@Home is a project which uses volunteer computing to analyze cosmological data and answer questions about our universe such as "how much dark matter is there?" and "under what conditions did the Big Bang occur?" We recently began using Docker by taking each job which we would normally send to our volunteer computers, and packaging it up inside a Docker container. The volunteer computers themselves come from interested users all over the world who download and run the software allowing them to become volunteers (called BOINC). The system is working exceedingly well and using Docker has made it massively easier for us to develop and run it. I will explain some of the technical details of the implementation, which involves a customized boot2docker ISO, as well give a brief summary of the scientific questions we are trying to answer and how these results made possible by Docker are helping analyze data from, e.g. the European Space Agency's Planck satellite.

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

In this talk, we will provide a 10,000-ft. overview of the key concepts, architectures, and common deployment scenarios for stateful services. We will cover the Docker volumes and available storage options in the community including ClusterHQ’s Flocker volume manager. After getting the lay of the land, we'll see these concepts in action. Starting by deploying a database container on a single node with UCP, Flocker and VolumeHub. Then, using the features of Docker Swarm and Flocker, we will then allow Swarm to automatically reschedule the stateful service along with Flocker moving its volume when the node fails giving us a HA containerized database.

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ

DockerCon SF 2015: Docker After Launching 1 Billion Containers

DockerCon SF 2015: Docker After Launching 1 Billion Containers

DockerCon SF 2015: Docker After Launching 1 Billion Containers

A community is one of the key components of an open source software project. The success of an open source project like Docker is highly dependent on a large and active community. The speakers will share their experience of how to successfully build a local community by the example of how they raised a Docker community at their University (Univ. of Bamberg, Germany). They summon their best practices as a result of the mistakes they made, illustrated by story telling. This is a talk from me as a student, which is an underrepresented group at DockerCon.

How to Successfully Build a Local Docker Community by Mathias Renner

How to Successfully Build a Local Docker Community by Mathias Renner

How to Successfully Build a Local Docker Community by Mathias Renner

How GE Appliances Brought Docker Into the Enterprise - Talk Description: In a traditional enterprise IT shop, it’s common to find a plethora of aging technologies. From COBOL running on mainframes, to huge Java applications spread across both physical and virtual hardware, the enterprise can sometimes resemble a living museum of IT. For application owners, bureaucracy, lack of business priority, and complex infrastructure can slow innovation, and make it difficult to stay current. At GE, we leveraged Docker/Mesos to create an internal application platform that brings speed, simplicity, and cutting edge deployment processes to our enterprise, empowering developers to go from concept to production in minutes, rather than months.

DockerCon SF 2015: From Months to Minutes

DockerCon SF 2015: From Months to Minutes

DockerCon SF 2015: From Months to Minutes

Docker at Spotify

Docker at Spotify

Docker at Spotify

DockerCon SF 2015: Maintaining the official node.js docker image

DockerCon SF 2015: Maintaining the official node.js docker image

DockerCon SF 2015: Maintaining the official node.js docker image

Dockerfile Basics Workshop #1

Dockerfile Basics Workshop #1

Dockerfile Basics Workshop #1

Building a Smarter Application Stack

Building a Smarter Application Stack

Building a Smarter Application Stack

Presented by Evan Krall, Site Reliability Engineer, Yelp Docker is an amazing technology. In particular, its build-once-run-anywhere model unlocks the world of cluster schedulers like Mesos and Kubernetes. These solve many of the problems of running high-scale websites, but introduce new challenges that need addressing. In this talk, Evan will describe PaaSTA, a PaaS built on top of open source tools including Docker, Mesos, Marathon, and Chronos. PaaSTA provides tooling for developers to quickly turn their microservice into a monitored, highly available application spanning multiple datacenters and cloud regions. Evan will give an overview of the open-source technologies that power PaaSTA, discuss how Yelp has glued these together to give developers control without burdening them with the complexities of the infrastructure, and show the workflow used by developers to update and maintain their services on PaaSTA.

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS

Viewers also liked (20)

DockerCon14 Contributing to Docker by Tianon

DockerCon14 Contributing to Docker by Tianon

DockerCon14 Contributing to Docker by Tianon

Distributed, Real-time Web Apps

Distributed, Real-time Web Apps

Distributed, Real-time Web Apps

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

DockerCon14 Keynote

DockerCon14 Keynote

DockerCon14 Keynote

DockerCon EU 2015: Nesting Containers: Real Life Observations

DockerCon EU 2015: Nesting Containers: Real Life Observations

DockerCon EU 2015: Nesting Containers: Real Life Observations

DockerCon EU 2015: Monitoring and Managing Dynamic Docker Environments

DockerCon EU 2015: Monitoring and Managing Dynamic Docker Environments

DockerCon EU 2015: Monitoring and Managing Dynamic Docker Environments

DockerCon EU 2015: Sparebank; a journey towards Docker

DockerCon EU 2015: Sparebank; a journey towards Docker

DockerCon EU 2015: Sparebank; a journey towards Docker

Monitoring Containers at New Relic by Sean Kane

Monitoring Containers at New Relic by Sean Kane

Monitoring Containers at New Relic by Sean Kane

Docker at DevTable

Docker at DevTable

Docker at DevTable

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ

DockerCon SF 2015: Docker After Launching 1 Billion Containers

DockerCon SF 2015: Docker After Launching 1 Billion Containers

DockerCon SF 2015: Docker After Launching 1 Billion Containers

How to Successfully Build a Local Docker Community by Mathias Renner

How to Successfully Build a Local Docker Community by Mathias Renner

How to Successfully Build a Local Docker Community by Mathias Renner

DockerCon SF 2015: From Months to Minutes

DockerCon SF 2015: From Months to Minutes

DockerCon SF 2015: From Months to Minutes

Docker at Spotify

Docker at Spotify

Docker at Spotify

DockerCon SF 2015: Maintaining the official node.js docker image

DockerCon SF 2015: Maintaining the official node.js docker image

DockerCon SF 2015: Maintaining the official node.js docker image

Dockerfile Basics Workshop #1

Dockerfile Basics Workshop #1

Dockerfile Basics Workshop #1

Building a Smarter Application Stack

Building a Smarter Application Stack

Building a Smarter Application Stack

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS

Similar to Trust and Image Provenance by Derek McGowan

Introduction to docker_notary_v1.0.0

Introduction to docker_notary_v1.0.0

Introduction to docker_notary_v1.0.0

Docker Federal Summit 2017 General Session

Docker Federal Summit 2017 General Session

Docker Federal Summit 2017 General Session

Chris Homer - Moving the entire stack to k8s within a year – lessons learned

Chris Homer - Moving the entire stack to k8s within a year – lessons learned

Chris Homer - Moving the entire stack to k8s within a year – lessons learned

Built-in security is one of the most important features in Docker. But to build a secure app, you have to understand how to take advantage of these features. Security begins with the platform, but also requires conscious secure design at all stages of app development. In this session, we'll cover the latest features in Docker security, and how you can leverage them. You'll learn how to add them to your existing development pipeline, as well as how you can and streamline your workflow while making it more secure.

Building a Secure App with Docker - Ying Li and David Lawrence, Docker

Building a Secure App with Docker - Ying Li and David Lawrence, Docker

Building a Secure App with Docker - Ying Li and David Lawrence, Docker

Categorizing Docker Hub Public Images

Categorizing Docker Hub Public Images

Categorizing Docker Hub Public Images

Roberto Hashioka

Dockers & kubernetes detailed - Beginners to Geek

Dockers & kubernetes detailed - Beginners to Geek

Dockers & kubernetes detailed - Beginners to Geek

Deploying Microservice on Docker

Deploying Microservice on Docker

Deploying Microservice on Docker

Docker Security Deep Dive by Ying Li and David Lawrence

Docker Security Deep Dive by Ying Li and David Lawrence

Docker Security Deep Dive by Ying Li and David Lawrence

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

SSL/TLS for Mortals (Voxxed Days Luxembourg)

SSL/TLS for Mortals (Voxxed Days Luxembourg)

SSL/TLS for Mortals (Voxxed Days Luxembourg)

Maarten Mulders

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...

Nicolas Bortolotti

In this talk I will show how to save secret keys in Docker containers and K8s in production and best practices for saving and securing distribution of secrets. With Docker and k8s secrets we can manage information related to keys that are needed at runtime but cannot be exposed in the Docker image or source code repository. These could be the main talking points: 1.Challenges of security and secret keys in containers 2.Best practices for saving and securing distribution of secrets in Docker Containers 3.Managing secrets in Kubernetes using volumes and sealed-secrets 4.Other tools for distributing secrets in containers like Hashicorp Vault and KeyWhiz

Sharing secret keys in Docker containers and K8s

Sharing secret keys in Docker containers and K8s

Sharing secret keys in Docker containers and K8s

Jose Manuel Ortega Candel

Integration kubernetes with docker private registry

Integration kubernetes with docker private registry

Integration kubernetes with docker private registry

#Morecrypto (with tis) - version 2.2

#Morecrypto (with tis) - version 2.2

#Morecrypto (with tis) - version 2.2

Olle E Johansson

Stups.io - an Open Source Cloud Framework for AWS

Stups.io - an Open Source Cloud Framework for AWS

Stups.io - an Open Source Cloud Framework for AWS

Introduction to Docker

Introduction to Docker

Introduction to Docker

Pubudu Jayawardana

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022

DockerCon EU 2015: What's New with Docker Trusted Registry

DockerCon EU 2015: What's New with Docker Trusted Registry

DockerCon EU 2015: What's New with Docker Trusted Registry

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)

bridgetkromhout

Webinar : Docker in Production

Webinar : Docker in Production

Webinar : Docker in Production

Newt Global Consulting LLC

Similar to Trust and Image Provenance by Derek McGowan (20)

Introduction to docker_notary_v1.0.0

Introduction to docker_notary_v1.0.0

Introduction to docker_notary_v1.0.0

Docker Federal Summit 2017 General Session

Docker Federal Summit 2017 General Session

Docker Federal Summit 2017 General Session

Chris Homer - Moving the entire stack to k8s within a year – lessons learned

Chris Homer - Moving the entire stack to k8s within a year – lessons learned

Chris Homer - Moving the entire stack to k8s within a year – lessons learned

Building a Secure App with Docker - Ying Li and David Lawrence, Docker

Building a Secure App with Docker - Ying Li and David Lawrence, Docker

Building a Secure App with Docker - Ying Li and David Lawrence, Docker

Categorizing Docker Hub Public Images

Categorizing Docker Hub Public Images

Categorizing Docker Hub Public Images

Dockers & kubernetes detailed - Beginners to Geek

Dockers & kubernetes detailed - Beginners to Geek

Dockers & kubernetes detailed - Beginners to Geek

Deploying Microservice on Docker

Deploying Microservice on Docker

Deploying Microservice on Docker

Docker Security Deep Dive by Ying Li and David Lawrence

Docker Security Deep Dive by Ying Li and David Lawrence

Docker Security Deep Dive by Ying Li and David Lawrence

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

SSL/TLS for Mortals (Voxxed Days Luxembourg)

SSL/TLS for Mortals (Voxxed Days Luxembourg)

SSL/TLS for Mortals (Voxxed Days Luxembourg)

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...

Sharing secret keys in Docker containers and K8s

Sharing secret keys in Docker containers and K8s

Sharing secret keys in Docker containers and K8s

Integration kubernetes with docker private registry

Integration kubernetes with docker private registry

Integration kubernetes with docker private registry

#Morecrypto (with tis) - version 2.2

#Morecrypto (with tis) - version 2.2

#Morecrypto (with tis) - version 2.2

Stups.io - an Open Source Cloud Framework for AWS

Stups.io - an Open Source Cloud Framework for AWS

Stups.io - an Open Source Cloud Framework for AWS

Introduction to Docker

Introduction to Docker

Introduction to Docker

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022

DockerCon EU 2015: What's New with Docker Trusted Registry

DockerCon EU 2015: What's New with Docker Trusted Registry

DockerCon EU 2015: What's New with Docker Trusted Registry

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)

Webinar : Docker in Production

Webinar : Docker in Production

Webinar : Docker in Production

More from Docker, Inc.

Raymond Arifianto, AccelByte and Mark Mandel, Google - We have been deploying containerized micro-services for our Game Backend Services for a while. Now we are tackling the challenge to scale up fleets of game dedicated servers in multiple regions, multiple data centers and multiple providers - some in bare metal, some in Cloud. So we leverage docker containerization to deploy Game Servers to achieve Portability, Fast Deployment and Predictability, enabling us to scale up to thousands of servers, on demand, without a sweat.

Containerize Your Game Server for the Best Multiplayer Experience

Containerize Your Game Server for the Best Multiplayer Experience

Containerize Your Game Server for the Best Multiplayer Experience

Nicholas Dille, Haufe-Lexware + Docker Captain - Docker continues to be the standard tool for building container images. For more than a year Docker ships with BuildKit as an alternative image builder, providing advanced features for secret and cache management. These features help to make image builds faster and more secure. In this session, Docker Captain Nicholas Dille will teach you how to use Buildkit features to your advantage.

How to Improve Your Image Builds Using Advance Docker Build

How to Improve Your Image Builds Using Advance Docker Build

How to Improve Your Image Builds Using Advance Docker Build

Lukonde Mwila, Entelect - As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Build & Deploy Multi-Container Applications to AWS

Build & Deploy Multi-Container Applications to AWS

Build & Deploy Multi-Container Applications to AWS

Kevin Jones, NGNIX - NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.

Securing Your Containerized Applications with NGINX

Securing Your Containerized Applications with NGINX

Securing Your Containerized Applications with NGINX

Kathleen Juell, Digital Ocean - Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself. This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.

How To Build and Run Node Apps with Docker and Compose

How To Build and Run Node Apps with Docker and Compose

How To Build and Run Node Apps with Docker and Compose

Hands-on Helm

Jeff Hajewski, Salesforce - There is a wealth of information on building deep learning models with PyTorch or TensorFlow. Anyone interested in building a deep learning model is only a quick search away from a number of clear and well written tutorials that will take them from zero knowledge to having a working image classifier. But what happens when you need to deploy these models in a production setting? At Salesforce, we use TensorFlow models to help us provide customers with insights into their data, and we do this as close to real-time as possible. Designing these systems in a scalable manner requires overcoming a number of design challenges, but the core component is Docker. Docker enables us to design highly scalable systems by allowing us to focus on service interactions, rather than how our services will interact with the hardware. Docker is also at the core of our test infrastructure, allowing developers and data scientists to build and test the system in an end to end manner on their local machines. While some of this may sound complex, the core message is simplicity - Docker allows us to focus on the aspects of the system that matter, greatly simplifying our lives.

Distributed Deep Learning with Docker at Salesforce

Distributed Deep Learning with Docker at Salesforce

Distributed Deep Learning with Docker at Salesforce

James Fuller, webcomposite s.r.o. - Curl is the venerable (yet very modern) 'swiss army knife' command line tool and library for transferring data with URLs. Recently we (the Curl team) decided to build a release for Docker Hub. This talk will outline our current development workflow with respect to the docker image and provide insights on what it takes to build a docker image for mass public consumption. We are also keen to learn from users and other developers how we might improve and enhance the official curl docker image.

The First 10M Pulls: Building The Official Curl Image for Docker Hub

The First 10M Pulls: Building The Official Curl Image for Docker Hub

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Fabian Stäber, Instana - In recent years, we saw a great paradigm shift in software engineering away from static monolithic applications towards dynamic distributed horizontally scalable architectures. Docker is one of the key technologies enabling this development. This shift poses a lot of new challenges for application monitoring, ranging from practical issues (need for automation) to technical challenges (Docker networking) to organizational topics (blurring line between software engineers and operations) to fundamental questions (define what is an application). In this talk we show how Docker changed the way we do monitoring, how modern application monitoring systems work, and what future developments we expect.

Monitoring in a Microservices World

Monitoring in a Microservices World

Monitoring in a Microservices World

Clemente Biondo, Engineering Ingegneria Informatica - When the COVID 19 pandemic started, Engineering Ingegneria Informatica Group (1.25 billion euros of revenues, 65 offices around the world, 12.000 employees) was forced to put their digital transformation to the test in order to maintain operational continuity. In this session, Clemente Biondo, the Tech Lead of the Information Systems Department, will share how his company is reacting to this unforeseeable scenario and how Docker-driven digital transformation had paved the path for work to continue remotely. Clemente will discuss learnings moving from colocated teams, manual approaches, email based-business processes, and a monolithic application to a mature DevOps culture characterized by a distributed autonomous workforce and a continuous deployment process that deploys backward-compatible Docker containerized microservices into hybrid multi cloud datacenters an average of twice a day with zero-downtime. He will detail how they use Docker to unify dev, test and production environments, and as an efficient and automated mechanism for deploying applications. Lastly, Clemente shares how, in our darkest hour, he and others are working to shine their brightest light.

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Chris Lauer, NOAA Space Weather Prediction Center - This is the story of how adopting a containerized workflow changed the way our small software team works at NOAA’s Space Weather Prediction Center. Our old architecture, a big ball of mud shared-database integration, just wasn’t cutting it - it was killing our agility. Over the past two years, our small team has adopted a microservice style architecture, using Docker with docker-compose and environment files as our deployment strategy for all new development. We’ve discovered the joys of using containers for identical dev, staging, and production environments. We work closely with scientists: much of the code we’re running has complicated and conflicting library dependencies. Docker captures these beautifully - we’ve even had some success teaching our scientists to use it! I’ll share what we’ve learned, some of the persistent challenges we face, and one place we really got it wrong. This talk builds off of a popular hallway track from DockerCon 2019.

Predicting Space Weather with Docker

Predicting Space Weather with Docker

Predicting Space Weather with Docker

Brian Christner, 56k + Docker Captain - In this session, we will unlock the full potential of using Microsoft Visual Studio Code (VS Code) and Docker Desktop to turn you into a Docker Power User. When we expand and utilize the VS Code Docker plugin, we can take our projects and Docker skills to the next level. In addition to using VS Code, we streamline our Docker Desktop development workflow with less context switching and built-in shortcuts. You will learn how to bootstrap new projects, quickly write Dockerfiles utilizing templates, build, run, and interact with containers all from VS Code.

Become a Docker Power User With Microsoft Visual Studio Code

Become a Docker Power User With Microsoft Visual Studio Code

Become a Docker Power User With Microsoft Visual Studio Code

How to Use Mirroring and Caching to Optimize your Container Registry

How to Use Mirroring and Caching to Optimize your Container Registry

How to Use Mirroring and Caching to Optimize your Container Registry

Ashish Sharma, SS&C Eze - SS&C Eze provides various products in the stock market domain. We spent the last couple of years building Eclipse which is an investment suite born in cloud. The journey so far has been very interesting. The very first version of the product were a bunch of monolithic windows services and deployed using Octopus tool. We successfully managed to bring all the monolithic problem to the cloud and created a nightmare for ourselves. We then started applying microservices architecture principles and started breaking the monolithic into small services. Very soon we realized that we need a better packaging/deployment tool. Docker looked like a magical solution to our problem. Since its adoption, It has not only solved the deployment problem for us but has made a deep impact on different aspects of SDLC. It allowed us to use heterogeneous technology stacks, simplified development environment setup, simplified our testing strategy, improved our speed of delivery, and made our developers more productive. In this talk I would like to share our experience of using Docker and its positive impact on our SDLC.

Monolithic to Microservices + Docker = SDLC on Steroids!

Monolithic to Microservices + Docker = SDLC on Steroids!

Monolithic to Microservices + Docker = SDLC on Steroids!

Ara Pulido, Datadog - Container technologies, although not new, have increased their popularity in the past few years, with container orchestrators allowing companies around the world to adopt these technologies to help them ship and scale microservices with precision and velocity. Kubernetes is currently the most popular container orchestration platform, and while many organizations are migrating their workloads to it, Kubernetes is still relatively immature. New corner cases, errors, and quirks are regularly discovered as users push the boundaries of size and scale. When Datadog adopted Kubernetes we discovered some of these boundaries the hard way, and we continuously challenge and modify our infrastructure decisions in order to fit our use case. Join me in this talk for our story on what we learned while we scaled our Kubernetes clusters, the contributions to Kubernetes we made along the way, and how you can apply those learnings when growing your Kubernetes clusters from a handful to hundreds or thousands of nodes.

Kubernetes at Datadog Scale

Kubernetes at Datadog Scale

Kubernetes at Datadog Scale

Andy Clemenko, StackRox - One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.

Labels, Labels, Labels

Labels, Labels, Labels

Labels, Labels, Labels

Patrick Deloulay, Micro Focus - Micro Focus started their digital transformation 3 years ago, moving the entire portfolio into hundreds of container images. Leveraging Docker Hub as our primary registry service, we will cover how we ended up building a simple but secure push/pull model to publish and deliver our premium assets to our customers and partners to both meet the high agility of our DevOps teams while greatly simplifying the deployment of our applications.

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Lukonde Mwila, Entelect As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Build & Deploy Multi-Container Applications to AWS

Build & Deploy Multi-Container Applications to AWS

Build & Deploy Multi-Container Applications to AWS

Elton Stoneman, Docker Captain + Container Consultant and Trainer How do you provide a SaaS offering when your product is a 10-year old Fortran app, currently built to run on Windows 10? With Docker and Kubernetes of course - and you can do it in a week (... to prototype level at least). In this session I'll walk through the processes and practicalities of taking an older Windows app, making it run in containers with Kubernetes, and then building a simple API wrapper to host the whole stack as a cloud-based SaaS product. There's a lot of technology here from a real world case study, and I'll focus on: - running Windows apps in Docker containers - building a .NET Core API which can run in Linux or Windows containers - running the stack in Kubernetes with Docker Desktop locally and AKS in the cloud - configuring AKS workloads in Azure to burst out to Azure Container Instances And there's a core theme to this session: Docker and Kubernetes are complex technologies, but they're the key to modern development. If you invest time learning them, they make projects like this simple, portable, fast and fun.

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

This virtual meetup introduces the concepts and best practices of using Docker containers for software development for the Arm architecture across a variety of hardware systems. Using Docker Desktop on Windows or Mac, Amazon Web Services (AWS) A1 instances, and embedded Linux, we will demonstrate the latest Docker features to build, share, and run multi-architecture images with transparent support for Arm.

Developing with Docker for the Arm Architecture

Developing with Docker for the Arm Architecture

Developing with Docker for the Arm Architecture

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience

Containerize Your Game Server for the Best Multiplayer Experience

Containerize Your Game Server for the Best Multiplayer Experience

How to Improve Your Image Builds Using Advance Docker Build

How to Improve Your Image Builds Using Advance Docker Build

How to Improve Your Image Builds Using Advance Docker Build

Build & Deploy Multi-Container Applications to AWS

Build & Deploy Multi-Container Applications to AWS

Build & Deploy Multi-Container Applications to AWS

Securing Your Containerized Applications with NGINX

Securing Your Containerized Applications with NGINX

Securing Your Containerized Applications with NGINX

How To Build and Run Node Apps with Docker and Compose

How To Build and Run Node Apps with Docker and Compose

How To Build and Run Node Apps with Docker and Compose

Hands-on Helm

Distributed Deep Learning with Docker at Salesforce

Distributed Deep Learning with Docker at Salesforce

Distributed Deep Learning with Docker at Salesforce

The First 10M Pulls: Building The Official Curl Image for Docker Hub

The First 10M Pulls: Building The Official Curl Image for Docker Hub

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Monitoring in a Microservices World

Monitoring in a Microservices World

Monitoring in a Microservices World

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Predicting Space Weather with Docker

Predicting Space Weather with Docker

Predicting Space Weather with Docker

Become a Docker Power User With Microsoft Visual Studio Code

Become a Docker Power User With Microsoft Visual Studio Code

Become a Docker Power User With Microsoft Visual Studio Code

How to Use Mirroring and Caching to Optimize your Container Registry

How to Use Mirroring and Caching to Optimize your Container Registry

How to Use Mirroring and Caching to Optimize your Container Registry

Monolithic to Microservices + Docker = SDLC on Steroids!

Monolithic to Microservices + Docker = SDLC on Steroids!

Monolithic to Microservices + Docker = SDLC on Steroids!

Kubernetes at Datadog Scale

Kubernetes at Datadog Scale

Kubernetes at Datadog Scale

Labels, Labels, Labels

Labels, Labels, Labels

Labels, Labels, Labels

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Build & Deploy Multi-Container Applications to AWS

Build & Deploy Multi-Container Applications to AWS

Build & Deploy Multi-Container Applications to AWS

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Developing with Docker for the Arm Architecture

Developing with Docker for the Arm Architecture

Developing with Docker for the Arm Architecture

Recently uploaded

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Rustici Software

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Recently uploaded (20)

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Trust and Image Provenance by Derek McGowan

1. Trust and Image Provenance

2. DockerCon Europe Introductions Derek McGowan Trust & Distribution Engineering Team @ Docker dmcg on #docker-dev dmcgowan on github December 5, 2014

4. DockerCon Europe Trust today ● Transport level reliability – TLS connection between client and daemon – TLS connection between daemon and registry ● Namespace enforced by registry ● Basic authentication December 5, 2014

5. Future of trust ● Globally federated namespace ● Distributed trust graph ● Public key cryptography ● Public key identity and fingerprint ● Chain of trust

6. Trust Graph Key A3D8 Key 34F2 dmcgowan vbatts My client's key Vincent's client's key Key delegation Signed by x509 Key delegation Signed by x509 Grant vbatts “build” my images Signed by key A3D8

7. Trust tool ● Trust as a tool separate from Docker ● Registers keys ● Creating and listing grants ● Key server specification ● Uses libtrust primitives

8. Demo Key A3D8 Key 9B83 dmcgowan My client's key Daemon's key Key delegation Signed by x509 Grant dmcgowan “run” access to daemon Signed by key 9B83

9. Image Provenance Image provenance provides a verifiable record of the origin and contents of an image. ● Self describing signed images ● Content addressable layers ● Digital signature ● Next generation registry ● Docker trust model ● Separation of name and transport

10. Get involved ● Attend trust and distribution bird of a feather ● Look at the proposals ● Look at next-generation registry design ● Provide feedback

11. Reference ● Trust system proposal (docker#9036) ● Authorization server proposal (docker#9081) ● Libtrust TLS (docker#8265) ● Trust tool prototype (libtrust#42) ● Next generation Registry (in the making)