Trust and Image Provenance by Derek McGowan

•

5 likes•4,007 views

The document discusses trust and image provenance in Docker. It proposes a future where trust is established through a distributed trust graph using public key cryptography. Key servers would register keys and manage grants to provide access control. Image provenance would use digital signatures to verify the origin and contents of images in a content addressable layered format. The community is invited to provide feedback on proposals to implement a next generation registry and trust model in Docker.

DockerCon Europe
Introductions
Derek McGowan
Trust & Distribution Engineering Team @ Docker
dmcg on #docker-dev
dmcgowan on github
December 5, 2014

DockerCon Europe
Trust today
●
Transport level reliability
– TLS connection between client and daemon
– TLS connection between daemon and registry
●
Namespace enforced by registry
●
Basic authentication
December 5, 2014

Future of trust
● Globally federated namespace
● Distributed trust graph
● Public key cryptography
● Public key identity and fingerprint
● Chain of trust

Trust Graph
Key A3D8 Key 34F2
dmcgowan vbatts
My client's key Vincent's client's key
Key delegation
Signed by x509
Key delegation
Signed by x509
Grant vbatts “build” my images
Signed by key A3D8

Trust tool
● Trust as a tool separate from Docker
● Registers keys
● Creating and listing grants
● Key server specification
● Uses libtrust primitives

Demo
Key A3D8 Key 9B83
dmcgowan
My client's key Daemon's key
Key delegation
Signed by x509
Grant dmcgowan “run” access to
daemon
Signed by key 9B83

Image Provenance
Image provenance provides a verifiable record of
the origin and contents of an image.
● Self describing signed images
● Content addressable layers
● Digital signature
● Next generation registry
● Docker trust model
● Separation of name and transport

Get involved
● Attend trust and distribution bird of a feather
● Look at the proposals
● Look at next-generation registry design
● Provide feedback

Reference
● Trust system proposal (docker#9036)
● Authorization server proposal (docker#9081)
● Libtrust TLS (docker#8265)
● Trust tool prototype (libtrust#42)
● Next generation Registry (in the making)

Containing the Gear: Deep Dive on SELinux, Multi-tenancy, Containers & Security with Dan Walsh Presenter: Dan Walsh In this talk, Dan will do a deep dive into the Origin PaaS use of SELinux and containerization. He will discuss how SELinux being utilized to ensure that Origin is the the most secure PAAS available today. He will address some of his ideas for the future of Origin and SELinux. From 2013-04-14 OpenShift Origin Community Day in Portland, Oregon

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

Michael Man

Drone Continuous Integration

Daniel Cerecedo

Ahmadabad mule soft_meetup_05june2021_mule4_automate mulesoft on prem servers...

Shekh Muenuddeen

What's hot docker con eu 2015 & what's new on docker 1.9

jgsqware

2015 was a good year for the new Docker. Between Docker Engine evolution (network, volumes,...), the new Enterprise oriented products (Trusted Registry, Universal Control plane), Docker Swarm 1.0... Docker is now a corner stone in the IT world and is part of the DevOps vision. After a presentation of the DockerCon EU 2015 which happened last November in Barcelona, we will present the news from the Docker eco-system, and the improvement achieved to make easier for the adoption of Docker in production.

Introduction of deno 1

Vishal Sharma

Debugging Your Debugging Tools: What to do When Your Service Mesh Goes Down

Aspen Mesh

In this CNCF Member Webinar, Neeraj Poddar (Aspen Mesh) and John Howard (Google) shared information on debugging your debugging tools when your service mesh goes down in production. Service meshes are widely used as a means to enforce policies and at the same time gain visibility into your application behavior and performance. As more organizations adopt service mesh in their architectures, they are relying more heavily on the metrics, tracing and other traffic management and security capabilities provided by the service mesh. But what happens when a critical piece of your infrastructure like Istio has issues while in production? In this webinar we will cover the debugging in production aspects of Istio, in particular the following topics will be covered: * How to debug and diagnose issues with your sidecar proxy Envoy * How to monitor and debug the Istio control plane * How to use operational tools like “istioctl” to understand issues with your configuration * Using profiling to identify bottlenecks * Recommendations for a production ready secure Istio deployment

Presented by Alois Reitbauer, Chief Technical Evangelist, ruxit This talk provides detailed insights into how to manage large-scale production Docker environments. We will cover how to tune your containerised micro services for ideal performance, validate automated deployments with Marathon and Mesos and tune and manage the deployment complexity of hundreds of nodes. Last but not least we will demonstrate how easy it is to get up and running monitoring Docker using Ruxit.

DockerCon EU 2015: Sparebank; a journey towards Docker

Docker, Inc.

Monitoring Containers at New Relic by Sean Kane

Docker, Inc.

New Relic went all-in with Docker very early, and has continued to stay on the forefront of the container ecosystem, both as a user of the technology and as a monitoring and analytics vendor. Today, a variety of teams utilize Docker in a variety of ways using a mix of home-grown and external OSS frameworks. The Container Fabric team is working on our next generation container platform utilizing Mesos/Marathon and a variety of other OSS tools, like Heka. We will briefly review our setup, and then discuss how we gather data that we care about from the ecosystem and inject it into the various tools we rely on for visibility and analytics. We love the functionality of what we’ve built, and we believe that you will find it useful too.

Docker at DevTableDocker, Inc.

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

Docker, Inc.

Presentation by Dr. Marius Millea, Cosmologist and Postdoctoral Fellow at the Institut Lagrange de Paris Cosmology@Home is a project which uses volunteer computing to analyze cosmological data and answer questions about our universe such as "how much dark matter is there?" and "under what conditions did the Big Bang occur?" We recently began using Docker by taking each job which we would normally send to our volunteer computers, and packaging it up inside a Docker container. The volunteer computers themselves come from interested users all over the world who download and run the software allowing them to become volunteers (called BOINC). The system is working exceedingly well and using Docker has made it massively easier for us to develop and run it. I will explain some of the technical details of the implementation, which involves a customized boot2docker ISO, as well give a brief summary of the scientific questions we are trying to answer and how these results made possible by Docker are helping analyze data from, e.g. the European Space Agency's Planck satellite.

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ

Docker, Inc.

In this talk, we will provide a 10,000-ft. overview of the key concepts, architectures, and common deployment scenarios for stateful services. We will cover the Docker volumes and available storage options in the community including ClusterHQ’s Flocker volume manager. After getting the lay of the land, we'll see these concepts in action. Starting by deploying a database container on a single node with UCP, Flocker and VolumeHub. Then, using the features of Docker Swarm and Flocker, we will then allow Swarm to automatically reschedule the stateful service along with Flocker moving its volume when the node fails giving us a HA containerized database.

DockerCon SF 2015: Docker After Launching 1 Billion Containers

Docker, Inc.

How to Successfully Build a Local Docker Community by Mathias Renner

Docker, Inc.

A community is one of the key components of an open source software project. The success of an open source project like Docker is highly dependent on a large and active community. The speakers will share their experience of how to successfully build a local community by the example of how they raised a Docker community at their University (Univ. of Bamberg, Germany). They summon their best practices as a result of the mistakes they made, illustrated by story telling. This is a talk from me as a student, which is an underrepresented group at DockerCon.

DockerCon SF 2015: From Months to Minutes

Docker, Inc.

How GE Appliances Brought Docker Into the Enterprise - Talk Description: In a traditional enterprise IT shop, it’s common to find a plethora of aging technologies. From COBOL running on mainframes, to huge Java applications spread across both physical and virtual hardware, the enterprise can sometimes resemble a living museum of IT. For application owners, bureaucracy, lack of business priority, and complex infrastructure can slow innovation, and make it difficult to stay current. At GE, we leveraged Docker/Mesos to create an internal application platform that brings speed, simplicity, and cutting edge deployment processes to our enterprise, empowering developers to go from concept to production in minutes, rather than months.

Docker at SpotifyDocker, Inc.

DockerCon SF 2015: Maintaining the official node.js docker imageDocker, Inc.

Dockerfile Basics Workshop #1Docker, Inc.

Building a Smarter Application StackDocker, Inc.

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS

Docker, Inc.

Presented by Evan Krall, Site Reliability Engineer, Yelp Docker is an amazing technology. In particular, its build-once-run-anywhere model unlocks the world of cluster schedulers like Mesos and Kubernetes. These solve many of the problems of running high-scale websites, but introduce new challenges that need addressing. In this talk, Evan will describe PaaSTA, a PaaS built on top of open source tools including Docker, Mesos, Marathon, and Chronos. PaaSTA provides tooling for developers to quickly turn their microservice into a monitored, highly available application spanning multiple datacenters and cloud regions. Evan will give an overview of the open-source technologies that power PaaSTA, discuss how Yelp has glued these together to give developers control without burdening them with the complexities of the infrastructure, and show the workflow used by developers to update and maintain their services on PaaSTA.

Introduction to docker_notary_v1.0.0

Anshul Patel

Docker Federal Summit 2017 General Session

Docker, Inc.

Viewers also liked

DockerCon14 Contributing to Docker by TianonDocker, Inc.

Distributed, Real-time Web AppsDocker, Inc.

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

Docker, Inc.

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

Docker, Inc.

DockerCon14 KeynoteDocker, Inc.

DockerCon EU 2015: Nesting Containers: Real Life Observations

Docker, Inc.

DockerCon EU 2015: Monitoring and Managing Dynamic Docker Environments

Docker, Inc.

DockerCon EU 2015: Sparebank; a journey towards Docker

Docker, Inc.

Monitoring Containers at New Relic by Sean Kane

Docker, Inc.

Docker at DevTableDocker, Inc.

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

Docker, Inc.

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ

Docker, Inc.

DockerCon SF 2015: Docker After Launching 1 Billion Containers

Docker, Inc.

How to Successfully Build a Local Docker Community by Mathias Renner

Docker, Inc.

DockerCon SF 2015: From Months to Minutes

Docker, Inc.

Docker at SpotifyDocker, Inc.

DockerCon SF 2015: Maintaining the official node.js docker imageDocker, Inc.

Dockerfile Basics Workshop #1Docker, Inc.

Building a Smarter Application StackDocker, Inc.

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS

Docker, Inc.

Viewers also liked (20)

DockerCon14 Contributing to Docker by Tianon

Distributed, Real-time Web Apps

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

DockerCon14 Keynote

DockerCon EU 2015: Nesting Containers: Real Life Observations

DockerCon EU 2015: Monitoring and Managing Dynamic Docker Environments

DockerCon EU 2015: Sparebank; a journey towards Docker

Monitoring Containers at New Relic by Sean Kane

Docker at DevTable

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ

DockerCon SF 2015: Docker After Launching 1 Billion Containers

How to Successfully Build a Local Docker Community by Mathias Renner

DockerCon SF 2015: From Months to Minutes

Docker at Spotify

DockerCon SF 2015: Maintaining the official node.js docker image

Dockerfile Basics Workshop #1

Building a Smarter Application Stack

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS

Similar to Trust and Image Provenance by Derek McGowan

Introduction to docker_notary_v1.0.0

Anshul Patel

Docker Federal Summit 2017 General Session

Docker, Inc.

Chris Homer - Moving the entire stack to k8s within a year – lessons learned

Dariia Seimova

Building a Secure App with Docker - Ying Li and David Lawrence, Docker

Docker, Inc.

Built-in security is one of the most important features in Docker. But to build a secure app, you have to understand how to take advantage of these features. Security begins with the platform, but also requires conscious secure design at all stages of app development. In this session, we'll cover the latest features in Docker security, and how you can leverage them. You'll learn how to add them to your existing development pipeline, as well as how you can and streamline your workflow while making it more secure.

Categorizing Docker Hub Public Images

Roberto Hashioka

Dockers & kubernetes detailed - Beginners to Geek

wiTTyMinds1

Deploying Microservice on Docker

Knoldus Inc.

Docker Security Deep Dive by Ying Li and David Lawrence

Docker, Inc.

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

Docker, Inc.

SSL/TLS for Mortals (Voxxed Days Luxembourg)

Maarten Mulders

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...

Nicolas Bortolotti

Sharing secret keys in Docker containers and K8s

Jose Manuel Ortega Candel

In this talk I will show how to save secret keys in Docker containers and K8s in production and best practices for saving and securing distribution of secrets. With Docker and k8s secrets we can manage information related to keys that are needed at runtime but cannot be exposed in the Docker image or source code repository. These could be the main talking points: 1.Challenges of security and secret keys in containers 2.Best practices for saving and securing distribution of secrets in Docker Containers 3.Managing secrets in Kubernetes using volumes and sealed-secrets 4.Other tools for distributing secrets in containers like Hashicorp Vault and KeyWhiz

Integration kubernetes with docker private registry

HungWei Chiu

#Morecrypto (with tis) - version 2.2

Olle E Johansson

Stups.io - an Open Source Cloud Framework for AWS

Jan Löffler

Introduction to Docker

Pubudu Jayawardana

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022

InfluxData

DockerCon EU 2015: What's New with Docker Trusted Registry

Docker, Inc.

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)

bridgetkromhout

Webinar : Docker in Production

Newt Global Consulting LLC

Similar to Trust and Image Provenance by Derek McGowan (20)

Introduction to docker_notary_v1.0.0

Docker Federal Summit 2017 General Session

Chris Homer - Moving the entire stack to k8s within a year – lessons learned

Building a Secure App with Docker - Ying Li and David Lawrence, Docker

Categorizing Docker Hub Public Images

Dockers & kubernetes detailed - Beginners to Geek

Deploying Microservice on Docker

Docker Security Deep Dive by Ying Li and David Lawrence

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...

SSL/TLS for Mortals (Voxxed Days Luxembourg)

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...

Sharing secret keys in Docker containers and K8s

Integration kubernetes with docker private registry

#Morecrypto (with tis) - version 2.2

Stups.io - an Open Source Cloud Framework for AWS

Introduction to Docker

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022

DockerCon EU 2015: What's New with Docker Trusted Registry

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)

Webinar : Docker in Production

More from Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience

Docker, Inc.

Raymond Arifianto, AccelByte and Mark Mandel, Google - We have been deploying containerized micro-services for our Game Backend Services for a while. Now we are tackling the challenge to scale up fleets of game dedicated servers in multiple regions, multiple data centers and multiple providers - some in bare metal, some in Cloud. So we leverage docker containerization to deploy Game Servers to achieve Portability, Fast Deployment and Predictability, enabling us to scale up to thousands of servers, on demand, without a sweat.

How to Improve Your Image Builds Using Advance Docker Build

Docker, Inc.

Nicholas Dille, Haufe-Lexware + Docker Captain - Docker continues to be the standard tool for building container images. For more than a year Docker ships with BuildKit as an alternative image builder, providing advanced features for secret and cache management. These features help to make image builds faster and more secure. In this session, Docker Captain Nicholas Dille will teach you how to use Buildkit features to your advantage.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

Lukonde Mwila, Entelect - As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Securing Your Containerized Applications with NGINX

Docker, Inc.

Kevin Jones, NGNIX - NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.

How To Build and Run Node Apps with Docker and Compose

Docker, Inc.

Kathleen Juell, Digital Ocean - Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself. This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.

Hands-on Helm

Docker, Inc.

Distributed Deep Learning with Docker at Salesforce

Docker, Inc.

Jeff Hajewski, Salesforce - There is a wealth of information on building deep learning models with PyTorch or TensorFlow. Anyone interested in building a deep learning model is only a quick search away from a number of clear and well written tutorials that will take them from zero knowledge to having a working image classifier. But what happens when you need to deploy these models in a production setting? At Salesforce, we use TensorFlow models to help us provide customers with insights into their data, and we do this as close to real-time as possible. Designing these systems in a scalable manner requires overcoming a number of design challenges, but the core component is Docker. Docker enables us to design highly scalable systems by allowing us to focus on service interactions, rather than how our services will interact with the hardware. Docker is also at the core of our test infrastructure, allowing developers and data scientists to build and test the system in an end to end manner on their local machines. While some of this may sound complex, the core message is simplicity - Docker allows us to focus on the aspects of the system that matter, greatly simplifying our lives.

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Docker, Inc.

James Fuller, webcomposite s.r.o. - Curl is the venerable (yet very modern) 'swiss army knife' command line tool and library for transferring data with URLs. Recently we (the Curl team) decided to build a release for Docker Hub. This talk will outline our current development workflow with respect to the docker image and provide insights on what it takes to build a docker image for mass public consumption. We are also keen to learn from users and other developers how we might improve and enhance the official curl docker image.

Monitoring in a Microservices World

Docker, Inc.

Fabian Stäber, Instana - In recent years, we saw a great paradigm shift in software engineering away from static monolithic applications towards dynamic distributed horizontally scalable architectures. Docker is one of the key technologies enabling this development. This shift poses a lot of new challenges for application monitoring, ranging from practical issues (need for automation) to technical challenges (Docker networking) to organizational topics (blurring line between software engineers and operations) to fundamental questions (define what is an application). In this talk we show how Docker changed the way we do monitoring, how modern application monitoring systems work, and what future developments we expect.

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Docker, Inc.

Clemente Biondo, Engineering Ingegneria Informatica - When the COVID 19 pandemic started, Engineering Ingegneria Informatica Group (1.25 billion euros of revenues, 65 offices around the world, 12.000 employees) was forced to put their digital transformation to the test in order to maintain operational continuity. In this session, Clemente Biondo, the Tech Lead of the Information Systems Department, will share how his company is reacting to this unforeseeable scenario and how Docker-driven digital transformation had paved the path for work to continue remotely. Clemente will discuss learnings moving from colocated teams, manual approaches, email based-business processes, and a monolithic application to a mature DevOps culture characterized by a distributed autonomous workforce and a continuous deployment process that deploys backward-compatible Docker containerized microservices into hybrid multi cloud datacenters an average of twice a day with zero-downtime. He will detail how they use Docker to unify dev, test and production environments, and as an efficient and automated mechanism for deploying applications. Lastly, Clemente shares how, in our darkest hour, he and others are working to shine their brightest light.

Predicting Space Weather with Docker

Docker, Inc.

Chris Lauer, NOAA Space Weather Prediction Center - This is the story of how adopting a containerized workflow changed the way our small software team works at NOAA’s Space Weather Prediction Center. Our old architecture, a big ball of mud shared-database integration, just wasn’t cutting it - it was killing our agility. Over the past two years, our small team has adopted a microservice style architecture, using Docker with docker-compose and environment files as our deployment strategy for all new development. We’ve discovered the joys of using containers for identical dev, staging, and production environments. We work closely with scientists: much of the code we’re running has complicated and conflicting library dependencies. Docker captures these beautifully - we’ve even had some success teaching our scientists to use it! I’ll share what we’ve learned, some of the persistent challenges we face, and one place we really got it wrong. This talk builds off of a popular hallway track from DockerCon 2019.

Become a Docker Power User With Microsoft Visual Studio Code

Docker, Inc.

Brian Christner, 56k + Docker Captain - In this session, we will unlock the full potential of using Microsoft Visual Studio Code (VS Code) and Docker Desktop to turn you into a Docker Power User. When we expand and utilize the VS Code Docker plugin, we can take our projects and Docker skills to the next level. In addition to using VS Code, we streamline our Docker Desktop development workflow with less context switching and built-in shortcuts. You will learn how to bootstrap new projects, quickly write Dockerfiles utilizing templates, build, run, and interact with containers all from VS Code.

How to Use Mirroring and Caching to Optimize your Container Registry

Docker, Inc.

Monolithic to Microservices + Docker = SDLC on Steroids!

Docker, Inc.

Ashish Sharma, SS&C Eze - SS&C Eze provides various products in the stock market domain. We spent the last couple of years building Eclipse which is an investment suite born in cloud. The journey so far has been very interesting. The very first version of the product were a bunch of monolithic windows services and deployed using Octopus tool. We successfully managed to bring all the monolithic problem to the cloud and created a nightmare for ourselves. We then started applying microservices architecture principles and started breaking the monolithic into small services. Very soon we realized that we need a better packaging/deployment tool. Docker looked like a magical solution to our problem. Since its adoption, It has not only solved the deployment problem for us but has made a deep impact on different aspects of SDLC. It allowed us to use heterogeneous technology stacks, simplified development environment setup, simplified our testing strategy, improved our speed of delivery, and made our developers more productive. In this talk I would like to share our experience of using Docker and its positive impact on our SDLC.

Kubernetes at Datadog Scale

Docker, Inc.

Ara Pulido, Datadog - Container technologies, although not new, have increased their popularity in the past few years, with container orchestrators allowing companies around the world to adopt these technologies to help them ship and scale microservices with precision and velocity. Kubernetes is currently the most popular container orchestration platform, and while many organizations are migrating their workloads to it, Kubernetes is still relatively immature. New corner cases, errors, and quirks are regularly discovered as users push the boundaries of size and scale. When Datadog adopted Kubernetes we discovered some of these boundaries the hard way, and we continuously challenge and modify our infrastructure decisions in order to fit our use case. Join me in this talk for our story on what we learned while we scaled our Kubernetes clusters, the contributions to Kubernetes we made along the way, and how you can apply those learnings when growing your Kubernetes clusters from a handful to hundreds or thousands of nodes.

Labels, Labels, Labels

Docker, Inc.

Andy Clemenko, StackRox - One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Docker, Inc.

Patrick Deloulay, Micro Focus - Micro Focus started their digital transformation 3 years ago, moving the entire portfolio into hundreds of container images. Leveraging Docker Hub as our primary registry service, we will cover how we ended up building a simple but secure push/pull model to publish and deliver our premium assets to our customers and partners to both meet the high agility of our DevOps teams while greatly simplifying the deployment of our applications.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

Lukonde Mwila, Entelect As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Docker, Inc.

Elton Stoneman, Docker Captain + Container Consultant and Trainer How do you provide a SaaS offering when your product is a 10-year old Fortran app, currently built to run on Windows 10? With Docker and Kubernetes of course - and you can do it in a week (... to prototype level at least). In this session I'll walk through the processes and practicalities of taking an older Windows app, making it run in containers with Kubernetes, and then building a simple API wrapper to host the whole stack as a cloud-based SaaS product. There's a lot of technology here from a real world case study, and I'll focus on: - running Windows apps in Docker containers - building a .NET Core API which can run in Linux or Windows containers - running the stack in Kubernetes with Docker Desktop locally and AKS in the cloud - configuring AKS workloads in Azure to burst out to Azure Container Instances And there's a core theme to this session: Docker and Kubernetes are complex technologies, but they're the key to modern development. If you invest time learning them, they make projects like this simple, portable, fast and fun.

Developing with Docker for the Arm Architecture

Docker, Inc.

This virtual meetup introduces the concepts and best practices of using Docker containers for software development for the Arm architecture across a variety of hardware systems. Using Docker Desktop on Windows or Mac, Amazon Web Services (AWS) A1 instances, and embedded Linux, we will demonstrate the latest Docker features to build, share, and run multi-architecture images with transparent support for Arm.

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience

How to Improve Your Image Builds Using Advance Docker Build

Build & Deploy Multi-Container Applications to AWS

Securing Your Containerized Applications with NGINX

How To Build and Run Node Apps with Docker and Compose

Hands-on Helm

Distributed Deep Learning with Docker at Salesforce

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Monitoring in a Microservices World

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Predicting Space Weather with Docker

Become a Docker Power User With Microsoft Visual Studio Code

How to Use Mirroring and Caching to Optimize your Container Registry

Monolithic to Microservices + Docker = SDLC on Steroids!

Kubernetes at Datadog Scale

Labels, Labels, Labels

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Build & Deploy Multi-Container Applications to AWS

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Developing with Docker for the Arm Architecture

Recently uploaded

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

The Future of Platform Engineering

Jemma Hussein Allen

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Knowledge engineering: from people to machines and back

Elena Simperl

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Recently uploaded (20)

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

UiPath Test Automation using UiPath Test Suite series, part 3

The Future of Platform Engineering

Monitoring Java Application Security with JDK Tools and JFR Events

PCI PIN Basics Webinar from the Controlcase Team

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Elevating Tactical DDD Patterns Through Object Calisthenics

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

How world-class product teams are winning in the AI era by CEO and Founder, P...

The Art of the Pitch: WordPress Relationships and Sales

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Knowledge engineering: from people to machines and back

When stars align: studies in data quality, knowledge graphs, and machine lear...

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Securing your Kubernetes cluster_ a step-by-step guide to success !

Trust and Image Provenance by Derek McGowan

1. Trust and Image Provenance

2. DockerCon Europe Introductions Derek McGowan Trust & Distribution Engineering Team @ Docker dmcg on #docker-dev dmcgowan on github December 5, 2014

3. Trust

4. DockerCon Europe Trust today ● Transport level reliability – TLS connection between client and daemon – TLS connection between daemon and registry ● Namespace enforced by registry ● Basic authentication December 5, 2014

5. Future of trust ● Globally federated namespace ● Distributed trust graph ● Public key cryptography ● Public key identity and fingerprint ● Chain of trust

6. Trust Graph Key A3D8 Key 34F2 dmcgowan vbatts My client's key Vincent's client's key Key delegation Signed by x509 Key delegation Signed by x509 Grant vbatts “build” my images Signed by key A3D8

7. Trust tool ● Trust as a tool separate from Docker ● Registers keys ● Creating and listing grants ● Key server specification ● Uses libtrust primitives

8. Demo Key A3D8 Key 9B83 dmcgowan My client's key Daemon's key Key delegation Signed by x509 Grant dmcgowan “run” access to daemon Signed by key 9B83

9. Image Provenance Image provenance provides a verifiable record of the origin and contents of an image. ● Self describing signed images ● Content addressable layers ● Digital signature ● Next generation registry ● Docker trust model ● Separation of name and transport

10. Get involved ● Attend trust and distribution bird of a feather ● Look at the proposals ● Look at next-generation registry design ● Provide feedback

11. Reference ● Trust system proposal (docker#9036) ● Authorization server proposal (docker#9081) ● Libtrust TLS (docker#8265) ● Trust tool prototype (libtrust#42) ● Next generation Registry (in the making)

12. Questions?

13. Thank You

Trust and Image Provenance by Derek McGowan

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to Trust and Image Provenance by Derek McGowan

Similar to Trust and Image Provenance by Derek McGowan (20)

More from Docker, Inc.

More from Docker, Inc. (20)

Recently uploaded

Recently uploaded (20)

Trust and Image Provenance by Derek McGowan