Looking to effectively and securely build and administrate Docker images? This course will introduce you to the tools, with a particular focus on learning to host your own private image repository using the open source Docker Registry.
At the core of successfully running Docker container deployments is a thorough knowledge of the creation and administration of Docker images. In this course, Managing Docker Images, you'll explore image creation and administration best practices. First, you'll explore all the main image management options currently available. Next, you'll discover how to build, store, and share images through Docker Hub and Docker Cloud. Finally, you'll learn how to host a private image repository using Docker Registry. When you’re finished with this course, you'll have a foundational knowledge of installing, running, and securing Docker images that will help you as you move forward towards managing entire Docker container clusters.
David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.
Course Overview The speed, flexibility, and power of container technologies have in only a few short years made them among the most popular deployment platforms around, and Docker containers have been leading the way. Getting yourself a good seat on this flight will require you to master a few key design concepts, and then familiarize yourself with the rather wide range of available administration and hosting tools that are currently out there. I created this Managing Docker Images course to introduce you to the design and function of the image and how it works within the larger Docker ecosystem. You'll learn how images are created, stored, shared, and deployed as containers. You'll also see some image architecture best practices and how you can secure and validate images as they're moved across in secure networks. To give you a better sense of the choices you've got, I'll take you on a tour of some image administration tools provided by Docker Inc itself, like Docker Cloud, and then you'll dive a bit deeper as you learn how to host and manage your own private image repository using the open source Docker Registry. Docker is a really great tool, or better, a really great set of tools to quickly building highly-reliable development and production environments, and the Docker image is, in many ways, the cornerstone on which it all hangs. Why not join me as I pull together all the pieces?
Securing Your Images in Transit Our Docker Registry is indeed running and patiently waiting for our clients to start pulling and pushing images, but there is a bit of a problem. Unless you happen to be on the same host machine on which the registry is installed, you won't have access. That's because Docker Registry only accepts activity coming over encrypted connections. No encrypted connection, no pulling and pushing for you. Let me show you how it works, or actually how it doesn't work. I'll use curl to list the images as we did earlier, but from a remote machine with Docker installed. Then I'll try to pull an image down to the machine. It's a no go. The registry was expecting an HTTPS request. Why is Docker Registry built this way? It's all about elementary security. Even if you're only planning on sharing the registry among local clients, all unencrypted traffic between any two hosts will be plainly visible to man-in-the-middle attackers. If you've got anything sensitive built into your images, and most of the time you probably will, then that data will very likely soon be part of the public record. Okay, so to make our registry at all useful, we'll have to find a way to enable proper encryption. In this module, I'm going to explain how to use the certificates issued by a recognized certificate authority to encrypt registry traffic moving back and forth between your clients. In fact, I'll show you three different ways to apply certificates, each with its own advantages and disadvantages. To make it easier for you to try out encryption within test environments, I'll also demonstrate using self-signed certificates. Deploying self-signed certificates will take a bit of extra work, but it's not nearly as hard as you might, at first, imagine. Finally, we'll talk about a second important aspect of image security, configuring login authentication for your Docker Registry. Let's get started.