- Hands-On Kubernetes on Windows
- Piotr Tylenda
- 316字
- 2021-06-24 16:54:06
Signing an image
As an example, we will sign one of the Docker images we have built and pushed to Docker Hub in this chapter, that is, packtpubkubernetesonwindows/iis-demo-index. To follow along, you will need to perform the operations on your own image repository, <dockerId>/iis-demo-index. Signing can be performed with the following steps:
- Generate a delegation key pair. Locally, this can be done using the following command:
docker trust key generate <pairName>
- You will be asked for a passphrase for the private key. Choose a safe password and continue. The private delegation key will be stored in ~/.docker/trust/private by default (also on Windows) and the public delegation key will be saved in the current working directory.
- Add the delegation public key to the Notary server (for Docker Hub, it is notary.docker.io). Loading the key is performed for a particular image repository, which in Notary is identified by a Globally Unique Name (GUN). For Docker Hub, they have the form of docker.io/<dockerId>/<repository>. Execute the following command:
docker trust signer add --key <pairName>.pub <signerName> docker.io/<dockerId>/<repository>
# For example
docker trust signer add --key packtpubkubernetesonwindows-key.pub packtpubkubernetesonwindows docker.io/packtpubkubernetesonwindows/iis-demo-index
- If you are performing the delegation for your repository for the first time, you will be automatically asked for initiation using the local Notary canonical root key.
- Tag the image so that it has a specific tag that can be signed, like so:
docker tag packtpubkubernetesonwindows/iis-demo:latest packtpubkubernetesonwindows/iis-demo:1.0.1
- Use the private delegation key to sign the new tag and push it to Docker Hub, like so:
docker trust sign packtpubkubernetesonwindows/iis-demo:1.0.1
- Alternatively, this can be performed by docker push, providing that you have set the DOCKER_CONTENT_TRUST environment variable in PowerShell before pushing:
$env:DOCKER_CONTENT_TRUST=1
docker tag packtpubkubernetesonwindows/iis-demo:latest packtpubkubernetesonwindows/iis-demo:1.0.2
docker push packtpubkubernetesonwindows/iis-demo:1.0.2
- Now, you can inspect the remote trust data for the repository:
docker trust inspect --pretty docker.io/packtpubkubernetesonwindows/iis-demo:1.0.1
Next, let's try running a container with DCT enabled on the client side.
推薦閱讀
- Instant Apache Stanbol
- Bootstrap Essentials
- 微信公眾平臺開發:從零基礎到ThinkPHP5高性能框架實踐
- Julia Cookbook
- Learn React with TypeScript 3
- 從Excel到Python:用Python輕松處理Excel數據(第2版)
- RabbitMQ Cookbook
- Java EE 8 Application Development
- Getting Started with Hazelcast(Second Edition)
- Access 2010數據庫應用技術(第2版)
- Vue.js 2 Web Development Projects
- 輕松上手2D游戲開發:Unity入門
- Mastering Python Design Patterns
- 零基礎看圖學ScratchJr:少兒趣味編程(全彩大字版)
- Kotlin進階實戰