Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DockerCon EU 2015: What's New with Docker Trusted Registry

Presentation by Jon Chu, Product Manager - Enterprise, Docker and Rajat Goel, Director of Engineering - Enterprise, Docker

Docker Trusted Registry allows you to easily run and manage a private registry on-premise or in your VPC. In this session, learn more about the new capabilities to improve how to manage your images and your Dockerized apps.

  • Login to see the comments

DockerCon EU 2015: What's New with Docker Trusted Registry

  1. 1. What’s New with Docker Trusted Registry (v1.4.0)? Jon Chu & Rajat Goel PM, Enterprise Director of Engineering, Enterprise
  2. 2. Docker Trusted Registry Recap 2 Registry for building, storing and managing images securely, within your firewall Maintain control over Docker images to meet your security or regulatory compliance requirements.
  3. 3. Content is King…to Build-Ship-Run Run Trusted Registry Base Image Tested Production Development Test Staging Production Scale Out Build Ship
  4. 4. DTR Primary Usage Scenarios CI/CD with Docker • Centrally located base images • Store individual build images • Pull tested images to production Containers as a Service • Deploy Jenkins executors or Hadoop nodes • Instant-on developer environment • Selected curated apps from a catalog • Dynamic composition of micro-services (“PAAS”)
  5. 5. Pre DTR 1.4 General Features • Admin & Health UI • Registry Storage Status • LDAP/AD Integration • RBAC API (Admin, R/W, R/O) • User actions/API audit logs • Registry v2 API & v2 Image Support • One click install/upgrade Platform Features • Storage drivers for filesystem, s3, and azure • Support Tooling • Support for Ubuntu, RHEL, CentOS • Tested at 300 concurrent pulls/instance
  6. 6. DTR 1.4 Release General Features • Orgs, Teams & Repo permissions UI • Search index, API & UI • Interactive API documentation • Image deletion from index • Image garbage collection Experimental • Docker Content Trust: View Docker Notary signatures in DTR
  7. 7. Architecture Datastore Storage Drivers Admin UIAudit and Event logs Directory Services Load Balancer Registry ServersAdmin Server Auth Server Log Aggregator Docker Engines PostgreSQL LDAPS 636Local Syslog Docker Client > docker HTTPS 443
  8. 8. Demo Time 8
  9. 9. 9 Deep Dive: Delete
  10. 10. 10 Deep Dive: Delete
  11. 11. 11 Deep Dive: Garbage Collection
  12. 12. 12 Overview: Docker Content Trust ● Built on TUF ● Designed to make good security easy! ● Validates the publisher, not the safety of their content!
  13. 13. 13 Overview: Docker Content Trust ● Built on TUF ● Designed to make good security easy! ● Validates the publisher, not the safety of their content!
  14. 14. 14 Overview: Docker Content Trust Image Forgery
  15. 15. 15 Overview: Docker Content Trust Why not GPG? Replay Attacks
  16. 16. TOFUs 13
  17. 17. 17 Docker Content Trust Integration Docker Universal Control Plane Integration Future Plans and Features
  18. 18. Docker Universal Control Plane Integration ● End-to-end authn integration with LDAP/AD ● Cross product RBAC across orgs ● Complete CI/CD visibility Description
  19. 19. DCT: Image Promotion & Policy Enforcement ● Cryptographically signed layers ● Promote images through signatures ● dev signed -> QA signed -> prod signed ● Policy enforcement through integrations Description Sysadmin Dev Prod Ops
  20. 20. International Availability Docker Subscription available for Europe Hourly and annual subscriptions available from AWS Marketplace Subscription licenses available L1 and L2 support for US and Europe Bring your own license to deploy Docker VHD in Azure Marketplace to European zones 30 day free trial
  21. 21. Thank you! Jon & Rajat @chu_jon, @rajat_g,