- Hands-On Kubernetes on Windows
- Piotr Tylenda
- 316字
- 2021-06-24 16:54:06
Signing an image
As an example, we will sign one of the Docker images we have built and pushed to Docker Hub in this chapter, that is, packtpubkubernetesonwindows/iis-demo-index. To follow along, you will need to perform the operations on your own image repository, <dockerId>/iis-demo-index. Signing can be performed with the following steps:
- Generate a delegation key pair. Locally, this can be done using the following command:
docker trust key generate <pairName>
- You will be asked for a passphrase for the private key. Choose a safe password and continue. The private delegation key will be stored in ~/.docker/trust/private by default (also on Windows) and the public delegation key will be saved in the current working directory.
- Add the delegation public key to the Notary server (for Docker Hub, it is notary.docker.io). Loading the key is performed for a particular image repository, which in Notary is identified by a Globally Unique Name (GUN). For Docker Hub, they have the form of docker.io/<dockerId>/<repository>. Execute the following command:
docker trust signer add --key <pairName>.pub <signerName> docker.io/<dockerId>/<repository>
# For example
docker trust signer add --key packtpubkubernetesonwindows-key.pub packtpubkubernetesonwindows docker.io/packtpubkubernetesonwindows/iis-demo-index
- If you are performing the delegation for your repository for the first time, you will be automatically asked for initiation using the local Notary canonical root key.
- Tag the image so that it has a specific tag that can be signed, like so:
docker tag packtpubkubernetesonwindows/iis-demo:latest packtpubkubernetesonwindows/iis-demo:1.0.1
- Use the private delegation key to sign the new tag and push it to Docker Hub, like so:
docker trust sign packtpubkubernetesonwindows/iis-demo:1.0.1
- Alternatively, this can be performed by docker push, providing that you have set the DOCKER_CONTENT_TRUST environment variable in PowerShell before pushing:
$env:DOCKER_CONTENT_TRUST=1
docker tag packtpubkubernetesonwindows/iis-demo:latest packtpubkubernetesonwindows/iis-demo:1.0.2
docker push packtpubkubernetesonwindows/iis-demo:1.0.2
- Now, you can inspect the remote trust data for the repository:
docker trust inspect --pretty docker.io/packtpubkubernetesonwindows/iis-demo:1.0.1
Next, let's try running a container with DCT enabled on the client side.
推薦閱讀
- Java范例大全
- Linux核心技術從小白到大牛
- Mastering OpenCV 4
- Full-Stack React Projects
- ASP.NET 3.5程序設計與項目實踐
- Linux操作系統基礎案例教程
- 深入分布式緩存:從原理到實踐
- 第一行代碼 C語言(視頻講解版)
- C語言程序設計
- Quantum Computing and Blockchain in Business
- Red Hat Enterprise Linux Troubleshooting Guide
- 算法設計與分析:基于C++編程語言的描述
- Python+Office:輕松實現Python辦公自動化
- INSTANT Apache Hive Essentials How-to
- Android編程權威指南(第4版)