- Hands-On Kubernetes on Windows
- Piotr Tylenda
- 316字
- 2021-06-24 16:54:06
Signing an image
As an example, we will sign one of the Docker images we have built and pushed to Docker Hub in this chapter, that is, packtpubkubernetesonwindows/iis-demo-index. To follow along, you will need to perform the operations on your own image repository, <dockerId>/iis-demo-index. Signing can be performed with the following steps:
- Generate a delegation key pair. Locally, this can be done using the following command:
docker trust key generate <pairName>
- You will be asked for a passphrase for the private key. Choose a safe password and continue. The private delegation key will be stored in ~/.docker/trust/private by default (also on Windows) and the public delegation key will be saved in the current working directory.
- Add the delegation public key to the Notary server (for Docker Hub, it is notary.docker.io). Loading the key is performed for a particular image repository, which in Notary is identified by a Globally Unique Name (GUN). For Docker Hub, they have the form of docker.io/<dockerId>/<repository>. Execute the following command:
docker trust signer add --key <pairName>.pub <signerName> docker.io/<dockerId>/<repository>
# For example
docker trust signer add --key packtpubkubernetesonwindows-key.pub packtpubkubernetesonwindows docker.io/packtpubkubernetesonwindows/iis-demo-index
- If you are performing the delegation for your repository for the first time, you will be automatically asked for initiation using the local Notary canonical root key.
- Tag the image so that it has a specific tag that can be signed, like so:
docker tag packtpubkubernetesonwindows/iis-demo:latest packtpubkubernetesonwindows/iis-demo:1.0.1
- Use the private delegation key to sign the new tag and push it to Docker Hub, like so:
docker trust sign packtpubkubernetesonwindows/iis-demo:1.0.1
- Alternatively, this can be performed by docker push, providing that you have set the DOCKER_CONTENT_TRUST environment variable in PowerShell before pushing:
$env:DOCKER_CONTENT_TRUST=1
docker tag packtpubkubernetesonwindows/iis-demo:latest packtpubkubernetesonwindows/iis-demo:1.0.2
docker push packtpubkubernetesonwindows/iis-demo:1.0.2
- Now, you can inspect the remote trust data for the repository:
docker trust inspect --pretty docker.io/packtpubkubernetesonwindows/iis-demo:1.0.1
Next, let's try running a container with DCT enabled on the client side.
推薦閱讀
- The Complete Rust Programming Reference Guide
- Visual FoxPro程序設(shè)計教程
- Vue.js 3.x從入門到精通(視頻教學(xué)版)
- Visual C++實例精通
- 從0到1:HTML+CSS快速上手
- Redis Essentials
- Go并發(fā)編程實戰(zhàn)
- 執(zhí)劍而舞:用代碼創(chuàng)作藝術(shù)
- 蘋果的產(chǎn)品設(shè)計之道:創(chuàng)建優(yōu)秀產(chǎn)品、服務(wù)和用戶體驗的七個原則
- 創(chuàng)意UI:Photoshop玩轉(zhuǎn)APP設(shè)計
- Python函數(shù)式編程(第2版)
- Practical Maya Programming with Python
- 分布式數(shù)據(jù)庫HBase案例教程
- Java EE項目應(yīng)用開發(fā)
- Java程序設(shè)計入門(第2版)