concept Docker Hub in category system administration

appears as: Docker Hub

Securing DevOps

Securing DevOps

This is an excerpt from Manning's book Securing DevOps.

  • A container repository —The container world is evolving rapidly, but Docker is the standard choice at the time of writing. We’ll use the repository provided by Docker Hub at hub.docker.com.
    • to see more go to 2 Building a barebones DevOps pipeline
    Listing 2.1 config.yml configures CircleCI for the application
    version: 2
jobs:
 build:
  working_directory: 
➥/go/src/github.com/Securing-DevOps/invoicer-chapter2    #1  
  docker:
 - image: circleci/golang:1.8    #2  
  steps:
   - checkout
   - setup_remote_docker

   - run:
      name: Setup environment
      command: |
       gb="/src/github.com/${CIRCLE_PROJECT_USERNAME}";
       if [ ${CIRCLE_PROJECT_USERNAME} == 'Securing-DevOps' ]; then
         dr="securingdevops"
       else
         dr=$DOCKER_USER
       fi
       cat >> $BASH_ENV << EOF
 export GOPATH_HEAD="$(echo ${GOPATH}|cut -d ':' -f 1)"    #3  
 export GOPATH_BASE="$(echo ${GOPATH}|cut -d ':' -f 1)${gb}"    #3  
 export DOCKER_REPO="$dr"    #3  
       EOF

   - run: mkdir -p "${GOPATH_BASE}"
   - run: mkdir -p "${GOPATH_HEAD}/bin"
       
   - run:
 name: Testing application    #4  
      command: |
          go test \
          github.com/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}

   - deploy:
 command: |    #5  
       if [ "${CIRCLE_BRANCH}" == "master" ]; then
 docker login -u ${DOCKER_USER} -p ${DOCKER_PASS};    #6  
 go install --ldflags '-extldflags "-static"' \    #7  
        github.com/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME};
        mkdir bin;
        cp "$GOPATH_HEAD/bin/${CIRCLE_PROJECT_REPONAME}" bin/invoicer;
 docker build -t ${DOCKER_REPO}/${CIRCLE_PROJECT_REPONAME} .;    #8  
        docker images --no-trunc | awk '/^app/ {print $3}' | \
          sudo tee $CIRCLE_ARTIFACTS/docker-image-shasum256.txt;
 docker push ${DOCKER_REPO}/${CIRCLE_PROJECT_REPONAME};    #9  
       fi

#1   Configures a working directory to build the Docker container of the application
#2   Declares the environment the job will run on
#3   Environment variables needed to build the application
#4   Runs the unit tests of the application
#5   If changes are applied to the master branch, builds the Docker container of the application
#6   Logs into the Docker Hub service
#7   Builds the application binary
#8   Builds a container of the application using a Dockerfile
#9   Pushes the container to Docker Hub
    copy
    to see more go to 2 Building a barebones DevOps pipeline
  • Containers storage in Docker Hub
    • to see more go to 6 Security layer 4: securing the delivery pipeline

    As shown in figure 6.7, Docker Hub sends a webhook request to the deployer application in AWS when it receives a container from CircleCI. We’re primarily concerned with securing the publication of containers, so controlling access to Docker Hub requires managing users and permissions in a newly formed organization.

    Figure 6.7 The security of the container storage depends primarily on permissions granted to CircleCI to publish application containers.

    c06_07.png

    We’ll discuss two areas in this section that are similar to securing GitHub. The first area is permission security in Docker Hub itself. The second is using Docker Content Trust (DCT) to sign the container built by CircleCI.

    to see more go to 6 Security layer 4: securing the delivery pipeline
    sitemap

    Unable to load book!

    The book could not be loaded.

    (try again in a couple of minutes)

    manning.com homepage
    test yourself with a liveTest