Managing Docker Images

---

Getting Started

The Basics

By scmGalaxy.com

About Me

DevOps@RajeshKumar.XYZ

Overview

• Images and the Docker ecosystem
• Image management services
• Image best practices
• Docker Registry
• Securing images
• Docker Cloud

Lab Setup Information:

			    
	https://bootstrap-it.com/docker-images
				
			  

Docker Setup Script (Ubuntu/Debian):

			    
    #!/bin/bash
	apt update
	apt install -y apt-transport-https ca-certificates
	apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys
	58118E89F3A912897C070ADBF76221572C52609D
	echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" >
	/etc/apt/sources.list.d/docker.list
	apt update
	apt install -y linux-image-extra-$(uname -r) linux-image-extra-virtual
	apt update
	apt install -y docker-engine
				
			  

Docker Image Tools

---

Summary

• docker images
• docker build -t myimage
• cd /var/lib/docker
• hub.docker.com
• cloud.docker.com
• Amazon EC2 Container Registry (ECR)
• Amazon EC2 Container Service (ECS)
• Docker Trusted Registry, Docker Datacenter
• Docker Registry

Managing Images Using Docker Hub

---

The Predictability Value Proposition:

Building and Pushing Images

---

• Image search


• Image architecture


• Dockerfiles

“docker images” output:

			    
    $ docker images
	REPOSITORY     TAG         IMAGE ID            CREATED              SIZE
	ubuntu            latest    f49eec89601e      2 weeks ago        129 MB
	centos            latest    67591570dd29      7 weeks ago        192 MB
	$
				
			  

“docker search ubuntu/golang” output(partial)

			    
	NAME                                                              DESCRIPTION                     STARS       OFFICIAL    AUTOMATED
	neroinc/ubuntu-golang-crosscompile                                                            3           [OK]            
	akiraw95/ubuntu-golang-glide                       golang + glide buil...               1
	bouk/ubuntu-golang                                                                                        1
	nimmis/golang                                               Builds a Docker con…               1           [OK]      
	proudh/ubuntu-golang-glide                         golang+glide build...                 1
	f5lenny/ubuntu-wily-golang                         Ubuntu Wily with Go...               0           [OK]
	coolsvap/ubuntu-golang                               golang                                         0           [OK]
	netroby/ubuntu-golang                                                                                     0          [OK]
				
			  

“docker history ubuntu” output:

			    
IMAGE                  CREATED               CREATED BY                                                                 SIZE   
f49eec89601e      2 weeks ago          /bin/sh -c #(nop) CMD ["/bin/bash"]                          0 B
<missing>            2 weeks ago          /bin/sh -c mkdir -p /run/systemd && echo '...            7 B
<missing>            2 weeks ago          /bin/sh -c sed -i 's/^#\s*\(deb.*universe\...                1.9 kB
<missing>           2 weeks ago          /bin/sh -c rm -rf /var/lib/apt/lists/*                              0 B
<missing>            2 weeks ago          /bin/sh -c set -xe && echo '#!/bin/sh' >...                    745 B
<missing>            2 weeks ago          /bin/sh -c #(nop) ADD file:68f83d996c38a09...           129 MB
				
			  

Image Best Practices

---

“docker images” output:

			    
REPOSITORY        TAG          IMAGE ID                CREATED                       SIZE
oneline             latest        a090deb25fa7          24 seconds ago            349 MB
manylines         latest        f6c79d168010          6 minutes ago             651 MB
myimage           latest        004acd2526d0         13 minutes ago          129 MB
webserver         latest        983d3f27fb40          3 hours ago                 268 MB
ubuntu              16.04         f49eec89601e          2 weeks ago               129 MB
ubuntu              latest        f49eec89601e          2 weeks ago                129 MB
alpine                latest        88e169ea8f46          6 weeks ago                3.98 MB
centos               latest        67591570dd29         7 weeks ago               192 MB
Centos               6.6           d03626170061          5 months ago              203 MB
				
			  

Summary

• Speed and predictability
• docker search ubuntu/golang
• docker pull alpine
• docker history ubuntu
• nano dockerfile
• ADD . index.html /var/www/html/
• RUN mkdir -p /opt/jboss/wildfly && cd /tmp&& [...]

Building Your Own Private Docker Registry

---

Opening RHEL/CentOS Firewalls

			    
	firewall-cmd --zone=public --add-port=5000/tcp
	firewall-cmd --zone=public --add-port=5000/tcp --permanent
				
			  

Docker Registry Installation

Installing Docker Registry From a Software Repository

---

• Install Docker Registry from repos


• Confirm DR installed properly


• Push an image to DR

Docker Image Storage

---

Docker Registry Storage Directory (Container):

			    
	/var/lib/docker/volumes/
	c5df9d1ab5cd745d8b3e8eed31d79c5d950fcd7f814616449c7a9ab7a490
	b84c/_data/docker/registry/v2/repositories/hello-world/
				
			  

Summary

• apt install docker-registry


• docker run -p 5000:5000 registry:latest


• docker tag hello-world localhost:5000/hello-world:latest


• /var/lib/docker-registry/


• /var/lib/docker/volumes/<volume_name>/_data/docker/registry/v2/
  repositories/hello-world/

Securing Your Docker Registry

---

• Using CA certificates


• Using self-signed certificates


• Configure login authentication

Applying a CA-provided Certificate

---

Adding Certs at Run-time:

			    
 docker run -d -p 5000:5000 --restart=always --name registry \
	-v `pwd`/certs:/certs \
	-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/stuff.crt \
	-e REGISTRY_HTTP_TLS_KEY=/certs/stuff.key \
	registry
				
			  

Adding Certs to a Dockerfile:

			    
	FROM registry
	
	ADD /certs/ /home/
	
	ENV REGISTRY_HTTP_TLS_CERTIFICATE=/certs/stuff.crt
	REGISTRY_HTTP_TLS_KEY=/certs/stuff.key
	
	EXPOSE 5000
				
			  

Add config.yml file to container:

			    
	docker run -d -p 5000:5000 --restart=always --name registry \
				-v `pwd`/config.yml:/etc/docker/registry/config.yml \
				registry
				
			  

Applying a Self-signed Certificate

---

• Create local domain


• Generate self-signed cert


• Copy cert file to the Docker client

User Authentication

---

• Create a user account


• Enforce password login for Docker Registry

Other Image Managing Tools

---

• Validate images: Docker Content Trust


• Administrate resources: Docker Cloud

Docker Content Trust: Key Management

Default Root Key File Directory:

			    
	~/.docker/trust/private/root_keys/
				
			  

Working with Docker Cloud

---

• Tour Docker Cloud


• Install Docker Cloud CLI


• Understand stacks, services, and containers

Sample “Stack” .yml File:

			    
    lb:
	  image: dockercloud/haproxy
	  links:
		- web
	  ports:
		- "80:80"
	  roles:
		- global
    web:
	  image: dockercloud/quickstart-python
	  links:
		- redis
	  target_num_containers: 4
    redis:
	  image: redis
				
			  

Summary

• Docker Content Trust | Notary
• export echo DOCKER_CONTENT_TRUST=1
• Error: remote trust data does not exist...
• notary --help
• Cloud Registry
• pip install docker-cloud
• docker-cloud repository inspectdbclinton/myrepo
• Stacks, Services, Containers

Course Review

---

The Docker Image

The Predictability Value Proposition:

“docker search ubuntu/golang” output(partial)

			    
	NAME                                                              DESCRIPTION                     STARS       OFFICIAL    AUTOMATED
	neroinc/ubuntu-golang-crosscompile                                                         3           [OK]            
	akiraw95/ubuntu-golang-glide                       golang + glide buil...            1
	bouk/ubuntu-golang                                                                                     1
	nimmis/golang                                               Builds a Docker con…            1           [OK]      
	proudh/ubuntu-golang-glide                         golang+glide build...              1
	f5lenny/ubuntu-wily-golang                         Ubuntu Wily with Go...            0           [OK]
	coolsvap/ubuntu-golang                               golang                                      0           [OK]
	netroby/ubuntu-golang                                                                                  0          [OK]
				
			  

“docker images” output:

			    
REPOSITORY        TAG          IMAGE ID                CREATED                       SIZE
oneline             latest        a090deb25fa7          24 seconds ago            349 MB
manylines         latest        f6c79d168010          6 minutes ago             651 MB
myimage           latest        004acd2526d0         13 minutes ago          129 MB
webserver         latest        983d3f27fb40          3 hours ago                 268 MB
ubuntu              16.04         f49eec89601e          2 weeks ago               129 MB
ubuntu              latest        f49eec89601e          2 weeks ago                129 MB
alpine                latest        88e169ea8f46          6 weeks ago                3.98 MB
centos               latest        67591570dd29         7 weeks ago               192 MB
Centos               6.6           d03626170061          5 months ago              203 MB
				
			  

Docker Registry Installation

Docker Registry Storage Directory (Container):

			    
	/var/lib/docker/volumes/
	c5df9d1ab5cd745d8b3e8eed31d79c5d950fcd7f814616449c7a9ab7a490
	b84c/_data/docker/registry/v2/repositories/hello-world/
				
			  

Adding Certs at Run-time:

			    
	docker run -d -p 5000:5000 --restart=always --name registry \
		-v `pwd`/certs:/certs \
		-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/stuff.crt \
		-e REGISTRY_HTTP_TLS_KEY=/certs/stuff.key \
		registry
				
			  

Docker Content Trust: Key Management

Lab Setup Information:

			    
	https://bootstrap-it.com/docker-images
				
			  

Questions?

Thank you

---