dockercon eu 2015: official repos and project nautilus
TRANSCRIPT
![Page 1: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/1.jpg)
Docker ContentOfficial Repos, Project Nautilus, and the content ecosystem
Krish Garimella& Mario Ponticello
![Page 2: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/2.jpg)
Docker adoption is driven bygreat content!
![Page 3: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/3.jpg)
1+ billion pulls
![Page 4: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/4.jpg)
1+ billion pulls
Librar
y
boun
tylabs
kube
rnetes
schibs
tedpa
ymen
t
gilderl
abs
barch
art deis
progri
ummes
os
![Page 5: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/5.jpg)
1+ billion pulls
Librar
y
boun
tylabs
kube
rnetes
schibs
tedpa
ymen
t
gilderl
abs
barch
art deis
progri
ummes
os
Docker Official Repos
![Page 6: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/6.jpg)
Why are Official Repos so successful?
![Page 7: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/7.jpg)
…and security!
Made with love and care…
![Page 8: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/8.jpg)
…by our partners
![Page 9: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/9.jpg)
![Page 11: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/11.jpg)
Why yet another Jenkins image?
![Page 12: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/12.jpg)
• We wanted to make Jenkins a first-class Docker citizen
• We wanted to get the Docker community involved
• We wanted to learn!
• We planned to use Docker for our own product
Because…
![Page 13: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/13.jpg)
• How to set users, permissions, volumes, entrypoint…
• We disagreed with some of them…
• Argued…
• Read the docs…
• Had to adapt to get the image approved…
• And now, we admit that the best practices are good!
Embracing best practices
![Page 14: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/14.jpg)
• We learned a great deal:
• Usages
• Best practices
• User misunderstanding
• Extensibility
• Docker itself!
• Possible improvements to Jenkins to make it more Docker-friendly
Getting feedback/contributions
![Page 15: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/15.jpg)
For example…
![Page 16: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/16.jpg)
• Human-based review
• https://github.com/docker-library/official-images/pulls
• Fairly fast for minor changes
• They want to limit the number of tags
• Not my initial use-case
• As a support engineer, I wanted all versions on Hub
Limitations
![Page 17: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/17.jpg)
• Release early and often
• PR review is faster (~24h) if you don’t introduce big-bang changes
• Mix official with classic
• Jenkins weekly releases are published as jenkinsci/jenkins based on the exact same Dockerfile (sed)
Workarounds
![Page 18: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/18.jpg)
Jenkins job
Jenkins job
Dockerfile jenkinsPR to « official » library
jenkinsci/jenkins
cloudbees/jenkins-
enterprise
sed s/LTS/weekly Dockerfile
Dockerfilesed s/OSS/cloudbees
Publication workflow
![Page 20: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/20.jpg)
What are users saying?
![Page 21: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/21.jpg)
We want more great content!
The President of Docker Users
![Page 22: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/22.jpg)
…and secure images!
![Page 23: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/23.jpg)
…and optimized images!
![Page 24: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/24.jpg)
Amazing apps
CommunityImages
Curated Images
Content curation today
![Page 25: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/25.jpg)
Amazing apps
CommunityImages
Curated Images
What we need
![Page 26: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/26.jpg)
1. Scale up the security posture assessment
2. Notify users of new vulnerabilities in existing code proactively
3. Provide visibility to end-users on the security posture of images
Project Nautilus goals
![Page 27: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/27.jpg)
• Project Nautilus is an image-scanning service that makes it easier to build and consume high-integrity content
• Steps through a sequence of tests, including:
• Image security
• Component inventory/license management
• Image optimization
• Basic functional testing
• Functions as a source of truth for certification metadata
• Has an extensible backend; may support 3rd-party plugins
Project Nautilus details
![Page 28: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/28.jpg)
Docker scans derived images
Docker works with partners to fix OS images
Publisher resubmits
image
Publisher calibrates
dependencies
Docker and publisher
release clean image
Project Nautilus process
![Page 29: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/29.jpg)
APIDockerImage
Scanning
CVE ScanningSecurity
Scan
SW Inventory and License
Image Optimization
Plugins
ValidationMicroservices
HUB
End Users
Publishers
Notifications
…
Registry
…
Project Nautilus architecture
![Page 30: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/30.jpg)
![Page 31: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/31.jpg)
![Page 32: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/32.jpg)
![Page 33: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/33.jpg)
![Page 34: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/34.jpg)
![Page 35: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/35.jpg)
![Page 36: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/36.jpg)
![Page 37: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/37.jpg)
![Page 38: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/38.jpg)
![Page 39: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/39.jpg)
![Page 40: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/40.jpg)
![Page 41: DockerCon EU 2015: Official Repos and Project Nautilus](https://reader031.vdocuments.us/reader031/viewer/2022022414/58737c481a28ab3c1a8b799f/html5/thumbnails/41.jpg)
• To submit an Official Repo, visit https://docs.docker.com/docker-hub/official_repos/
• To learn more about Nautilus, email us at [email protected]
Get involved