亚洲国产日韩欧美一区二区三区,精品亚洲国产成人av在线,国产99视频精品免视看7,99国产精品久久久久久久成人热,欧美日韩亚洲国产综合乱

directory search
Compose About versions and upgrading (Compose) ASP.NET Core + SQL Server on Linux (Compose) CLI environment variables (Compose) Command-line completion (Compose) Compose(組成) Compose command-line reference(組合命令行參考) Control startup order (Compose) Django and PostgreSQL (Compose) Docker stacks and distributed application bundles (Compose) docker-compose build(docker-compose構(gòu)建) docker-compose bundle docker-compose config docker-compose create docker-compose down docker-compose events docker-compose exec docker-compose help docker-compose images docker-compose kill docker-compose logs docker-compose pause docker-compose port docker-compose ps docker-compose pull docker-compose push docker-compose restart docker-compose rm docker-compose run docker-compose scale docker-compose start docker-compose stop docker-compose top docker-compose unpause docker-compose up Environment file (Compose) Environment variables in Compose Extend services in Compose Frequently asked questions (Compose) Getting started (Compose) Install Compose Link environment variables (deprecated) (Compose) Networking in Compose Overview of Docker Compose Overview of docker-compose CLI Quickstart: Compose and WordPress Rails and PostgreSQL (Compose) Sample apps with Compose Using Compose in production Using Compose with Swarm Engine .NET Core application (Engine) About images, containers, and storage drivers (Engine) Add nodes to the swarm (Engine) Apply custom metadata (Engine) Apply rolling updates (Engine) apt-cacher-ng Best practices for writing Dockerfiles (Engine) Binaries (Engine) Bind container ports to the host (Engine) Breaking changes (Engine) Build your own bridge (Engine) Configure container DNS (Engine) Configure container DNS in user-defined networks (Engine) CouchDB (Engine) Create a base image (Engine) Create a swarm (Engine) Customize the docker0 bridge (Engine) Debian (Engine) Default bridge network Delete the service (Engine) Deploy a service (Engine) Deploy services to a swarm (Engine) Deprecated Engine features Docker container networking (Engine) Docker overview (Engine) Docker run reference (Engine) Dockerfile reference (Engine) Dockerize an application Drain a node (Engine) Engine FAQ (Engine) Fedora (Engine) Get started (Engine) Get started with macvlan network driver (Engine) Get started with multi-host networking (Engine) How nodes work (Engine) How services work (Engine) Image management (Engine) Inspect the service (Engine) Install Docker (Engine) IPv6 with Docker (Engine) Join nodes to a swarm (Engine) Legacy container links (Engine) Lock your swarm (Engine) Manage nodes in a swarm (Engine) Manage sensitive data with Docker secrets (Engine) Manage swarm security with PKI (Engine) Manage swarm service networks (Engine) Migrate to Engine 1.10 Optional Linux post-installation steps (Engine) Overview (Engine) PostgreSQL (Engine) Raft consensus in swarm mode (Engine) Riak (Engine) Run Docker Engine in swarm mode Scale the service (Engine) SDKs (Engine) Select a storage driver (Engine) Set up for the tutorial (Engine) SSHd (Engine) Storage driver overview (Engine) Store service configuration data (Engine) Swarm administration guide (Engine) Swarm mode key concepts (Engine) Swarm mode overlay network security model (Engine) Swarm mode overview (Engine) Understand container communication (Engine) Use multi-stage builds (Engine) Use swarm mode routing mesh (Engine) Use the AUFS storage driver (Engine) Use the Btrfs storage driver (Engine) Use the Device mapper storage driver (Engine) Use the OverlayFS storage driver (Engine) Use the VFS storage driver (Engine) Use the ZFS storage driver (Engine) Engine: Admin Guide Amazon CloudWatch logs logging driver (Engine) Bind mounts (Engine) Collect Docker metrics with Prometheus (Engine) Configuring and running Docker (Engine) Configuring logging drivers (Engine) Control and configure Docker with systemd (Engine) ETW logging driver (Engine) Fluentd logging driver (Engine) Format command and log output (Engine) Google Cloud logging driver (Engine) Graylog Extended Format (GELF) logging driver (Engine) Journald logging driver (Engine) JSON File logging driver (Engine) Keep containers alive during daemon downtime (Engine) Limit a container's resources (Engine) Link via an ambassador container (Engine) Log tags for logging driver (Engine) Logentries logging driver (Engine) PowerShell DSC usage (Engine) Prune unused Docker objects (Engine) Run multiple services in a container (Engine) Runtime metrics (Engine) Splunk logging driver (Engine) Start containers automatically (Engine) Storage overview (Engine) Syslog logging driver (Engine) tmpfs mounts Troubleshoot volume problems (Engine) Use a logging driver plugin (Engine) Using Ansible (Engine) Using Chef (Engine) Using Puppet (Engine) View a container's logs (Engine) Volumes (Engine) Engine: CLI Daemon CLI reference (dockerd) (Engine) docker docker attach docker build docker checkpoint docker checkpoint create docker checkpoint ls docker checkpoint rm docker commit docker config docker config create docker config inspect docker config ls docker config rm docker container docker container attach docker container commit docker container cp docker container create docker container diff docker container exec docker container export docker container inspect docker container kill docker container logs docker container ls docker container pause docker container port docker container prune docker container rename docker container restart docker container rm docker container run docker container start docker container stats docker container stop docker container top docker container unpause docker container update docker container wait docker cp docker create docker deploy docker diff docker events docker exec docker export docker history docker image docker image build docker image history docker image import docker image inspect docker image load docker image ls docker image prune docker image pull docker image push docker image rm docker image save docker image tag docker images docker import docker info docker inspect docker kill docker load docker login docker logout docker logs docker network docker network connect docker network create docker network disconnect docker network inspect docker network ls docker network prune docker network rm docker node docker node demote docker node inspect docker node ls docker node promote docker node ps docker node rm docker node update docker pause docker plugin docker plugin create docker plugin disable docker plugin enable docker plugin inspect docker plugin install docker plugin ls docker plugin push docker plugin rm docker plugin set docker plugin upgrade docker port docker ps docker pull docker push docker rename docker restart docker rm docker rmi docker run docker save docker search docker secret docker secret create docker secret inspect docker secret ls docker secret rm docker service docker service create docker service inspect docker service logs docker service ls docker service ps docker service rm docker service scale docker service update docker stack docker stack deploy docker stack ls docker stack ps docker stack rm docker stack services docker start docker stats docker stop docker swarm docker swarm ca docker swarm init docker swarm join docker swarm join-token docker swarm leave docker swarm unlock docker swarm unlock-key docker swarm update docker system docker system df docker system events docker system info docker system prune docker tag docker top docker unpause docker update docker version docker volume docker volume create docker volume inspect docker volume ls docker volume prune docker volume rm docker wait Use the Docker command line (Engine) Engine: Extend Access authorization plugin (Engine) Docker log driver plugins Docker network driver plugins (Engine) Extending Engine with plugins Managed plugin system (Engine) Plugin configuration (Engine) Plugins API (Engine) Volume plugins (Engine) Engine: Security AppArmor security profiles for Docker (Engine) Automation with content trust (Engine) Content trust in Docker (Engine) Delegations for content trust (Engine) Deploying Notary (Engine) Docker security (Engine) Docker security non-events (Engine) Isolate containers with a user namespace (Engine) Manage keys for content trust (Engine) Play in a content trust sandbox (Engine) Protect the Docker daemon socket (Engine) Seccomp security profiles for Docker (Engine) Secure Engine Use trusted images Using certificates for repository client verification (Engine) Engine: Tutorials Engine tutorials Network containers (Engine) Get Started Part 1: Orientation Part 2: Containers Part 3: Services Part 4: Swarms Part 5: Stacks Part 6: Deploy your app Machine Amazon Web Services (Machine) Digital Ocean (Machine) docker-machine active docker-machine config docker-machine create docker-machine env docker-machine help docker-machine inspect docker-machine ip docker-machine kill docker-machine ls docker-machine provision docker-machine regenerate-certs docker-machine restart docker-machine rm docker-machine scp docker-machine ssh docker-machine start docker-machine status docker-machine stop docker-machine upgrade docker-machine url Driver options and operating system defaults (Machine) Drivers overview (Machine) Exoscale (Machine) Generic (Machine) Get started with a local VM (Machine) Google Compute Engine (Machine) IBM Softlayer (Machine) Install Machine Machine Machine CLI overview Machine command-line completion Machine concepts and help Machine overview Microsoft Azure (Machine) Microsoft Hyper-V (Machine) Migrate from Boot2Docker to Machine OpenStack (Machine) Oracle VirtualBox (Machine) Provision AWS EC2 instances (Machine) Provision Digital Ocean Droplets (Machine) Provision hosts in the cloud (Machine) Rackspace (Machine) VMware Fusion (Machine) VMware vCloud Air (Machine) VMware vSphere (Machine) Notary Client configuration (Notary) Common Server and signer configurations (Notary) Getting started with Notary Notary changelog Notary configuration files Running a Notary service Server configuration (Notary) Signer configuration (Notary) Understand the service architecture (Notary) Use the Notary client
characters

Docker引擎支持將targets/releases委派用作可信圖像標記的標準來源。

使用此委托可讓您與其他發(fā)布者協(xié)作,而不共享您的存儲庫密鑰,這是您的目標和快照密鑰的組合。有關更多信息,請參閱管理內(nèi)容信任的密鑰)。合作者可以保留自己的授權(quán)密鑰。

targets/releases委托當前是一項可選功能 - 為了設置委派,您必須使用公證CLI:

  1. 下載客戶端并確保它在您的路徑上可用

  1. ~/.notary/config.json使用以下內(nèi)容創(chuàng)建配置文件:

{    "trust_dir" : "~/.docker/trust",    "remote_server": {      "url": "https://notary.docker.io"    }  }

這告訴公證Docker內(nèi)容信任數(shù)據(jù)的存儲位置,以及在Docker Hub中使用用于圖像的公證服務器。

有關如何在默認Docker Content Trust用例外使用公證的更多詳細信息,請參閱公證CLI文檔。

請注意,使用公證客戶端發(fā)布和列出委托更改時,您的Docker Hub憑據(jù)是必需的。

生成授權(quán)密鑰

您的協(xié)作者需要生成私鑰(RSA或ECDSA)并為您提供公鑰,以便將其添加到targets/releases委派中。

他們生成這些密鑰的最簡單方法是使用OpenSSL。以下是如何生成2048位RSA部分密鑰的示例(所有RSA密鑰必須至少為2048位):

$ openssl genrsa -out delegation.key 2048Generating RSA private key, 2048 bit long modulus....................................................+++............+++e is 65537 (0x10001)

他們應該保持delegation.key私密 - 這是他們將用于簽署標簽的內(nèi)容。

然后他們需要生成一個包含公鑰的x509證書,這是他們會給你的。這是生成CSR(證書簽名請求)的命令:

$ openssl req -new -sha256 -key delegation.key -out delegation.csr

然后他們可以將它發(fā)送給您信任的任何CA來簽署證書,或者他們可以自行簽署證書(在本示例中,創(chuàng)建有效期為1年的證書):

$ openssl x509 -req -sha256 -days 365 -in delegation.csr -signkey delegation.key -out delegation.crt

然后他們需要給你delegation.crt,無論是自簽名還是由CA簽署。

將授權(quán)密鑰添加到現(xiàn)有存儲庫

如果您的存儲庫是使用1.11之前的Docker Engine版本創(chuàng)建的,那么在添加任何代理之前,應該將快照密鑰輪換到服務器,以便協(xié)作者不需要您的快照密鑰來簽署和發(fā)布代碼:

$ notary key rotate docker.io/<username>/<imagename> snapshot -r

這會告訴公證員為您的特定圖像存儲庫輪換一個密鑰 - 請注意,您必須包含docker.io/前綴。snapshot -r指定要特別旋轉(zhuǎn)快照鍵,并且希望服務器對其進行管理(-r代表“遠程”)。

在添加委派時,您必須使用您希望委派給協(xié)作者的公鑰來獲取PEM編碼的x509證書。

假設您有證書delegation.crt,您可以為該用戶添加一個委派,然后發(fā)布委派更改:

$ notary delegation add docker.io/<username>/<imagename> targets/releases delegation.crt --all-paths
$ notary publish docker.io/<username>/<imagename>

前面的示例說明了將委派添加targets/releases到圖像存儲庫的請求(如果它不存在)。請務必使用targets/releases- 公證員支持多個委派角色,因此如果您錯誤地輸入委派名稱,公證人CLI將不會出錯。但是,Docker引擎僅支持從中讀取targets/releases。

它還將協(xié)作者的公鑰添加到委托中,targets/releases只要他們擁有與此公鑰對應的私鑰,就可以對委派進行簽名。該--all-paths標志告訴公證員不要限制可以登錄的標簽名稱targets/releases,這是我們強烈建議的targets/releases。

發(fā)布更改會告訴服務器關于targets/releases委派的更改。

發(fā)布后,查看委派信息以確保您正確地將密鑰添加到targets/releases

$ notary delegation list docker.io/<username>/<imagename>

      ROLE               PATHS                                   KEY IDS                                THRESHOLD
      ---------------------------------------------------------------------------------------------------------------
      targets/releases   "" <all paths>  729c7094a8210fd1e780e7b17b7bb55c9a28a48b871b07f65d97baf93898523a   1

你可以看到targets/releases它的路徑和剛剛添加的密鑰ID。

公證人目前不會將協(xié)作者名稱映射到密鑰,因此我們建議您一次添加并列出一個委托密鑰,并在需要刪除協(xié)作者時自己將密鑰ID映射到協(xié)作者。

從現(xiàn)有存儲庫中刪除委派密鑰

要撤消協(xié)作者為圖片存儲庫簽署標簽的功能,您需要從targets/releases代表團中刪除其密鑰。要做到這一點,你需要他們的鑰匙的ID。

$ notary delegation remove docker.io/<username>/<imagename> targets/releases 729c7094a8210fd1e780e7b17b7bb55c9a28a48b871b07f65d97baf93898523a

Removal of delegation role targets/releases with keys [729c7094a8210fd1e780e7b17b7bb55c9a28a48b871b07f65d97baf93898523a], to repository "docker.io/<username>/<imagename>" staged for next publish.

撤銷將在您發(fā)布后立即生效:

$ notary publish docker.io/<username>/<imagename>

請注意,通過刪除targets/releases委派中的所有關鍵字,委派(以及任何登錄到它的標記)都將被刪除。這意味著這些標簽將全部被刪除,并且您最終可能會使用由目標鍵直接簽名的較舊的舊版標簽。

完全從存儲庫中刪除委派targets/releases

如果您確定代表團不適合您,您可以targets/releases完全刪除代表團。targets/releases但是,這也會刪除當前所有的標簽,并且最終可能會使用由目標鍵直接簽名的較舊的舊標簽。

要刪除targets/releases委派:

$ notary delegation remove docker.io/<username>/<imagename> targets/releases

Are you sure you want to remove all data for this delegation? (yes/no)yes

Forced removal (including all keys and paths) of delegation role targets/releases to repository "docker.io/<username>/<imagename>" staged for next publish.$ notary publish docker.io/<username>/<imagename>

推動可信數(shù)據(jù)成為合作者

作為已添加到存儲庫targets/releases委派中的私鑰的協(xié)作者,您需要將您生成的私鑰導入到Content Trust中。

為此,您可以運行:

$ notary key import delegation.key --role user

delegation.key包含您的PEM編碼私鑰的文件在哪里?

完成之后docker push,在targets/releases代理中運行的包含密鑰的任何存儲庫都將使用此導入的密鑰自動對標簽進行簽名。

docker push 行為

docker push使用Docker Content Trust 運行時,如果Docker Engine存在,它將嘗試簽署并推送該代碼targets/releases。如果沒有,則如果密鑰可用,則使用目標密鑰來簽署標簽。

docker pulldocker build行為

在運行Docker Content Trust docker pulldocker buildDocker Content Trust時,Docker Engine將只提取由targets/releases代理角色簽名的標簽或直接用targets密鑰簽名的舊版代碼。

相關信息

  • Docker中的內(nèi)容信任

  • 管理內(nèi)容信任的密鑰

  • 內(nèi)容信任的自動化

  • 在內(nèi)容信任沙箱中播放

Previous article: Next article: