Security (15%) Flashcards
Security (15%)
What is DCT?
Through DCT, image publishers can sign their images and image consumers can ensure that the images they use are signed.
What is DCT stand for?
Docker Content Trust
What is the command to generate delegation keys?
docker trust generate key
How to load if you have any existing keys?
docker trust key load
How to sign a particular tag and push it up to the registry?
docker trust sign dtr.example.com/admin/demo:1
How to enable docker content trust so that you can sign images automatically when you use docker push?
export DOKCER_CONTENT_TRUST=1
How to inspect remote trusted data for a tag?
docker trust inspect
How to remove remote trusted data for a tag?
docker trust revoke
What is a grant?
A grant defines who has how much access to set of resources
What is the subject?
A subject can be user, team, organization and is granted a role for set of resources
What is the role?
A role is a set of permitted API operations that you can assign to a specific subject and collection by using a grant
What is a Client Bundle?
A client bundle is a group of certificates downloadable directly from the Docker Universal Control Plane (UCP) user interface within the admin section for “My Profile”. This allows you to authorize a remote Docker engine to a specific user account managed in Docker EE, absorbing all associated RBAC controls in the process. You can now execute docker swarm commands from your remote machine that take effect on the remote cluster.
What is the easiest way to access or control the UCP?
Client Bundle
What is the kernel feature that isolates the processes running in different containers?
Namespaces
Which kernel feature limits the resources used by docker containers?
Control Groups
