Getting the Docker image

IAM Docker images can be obtained from Docker Hub. Note that our Ergon Informatik AG image repository is private.

  • There are two ways to obtain Airlock IAM Docker images:
  • Via pull, directly from the Docker repository.
  • As downloaded version for air-gapped installations.

Step 1 - Pull from Docker Hub (hub.docker.com)

Note that our image repository is private and you need an access token to pull the images.

  1. To gain access the following steps must be taken:
  2. Create a support ticket for "access to Airlock IAM on Docker Hub" on https://techzone.ergon.ch.
  3. You will receive an access token for the Docker-ID airlockcustomer.

You can download the image from here, as soon as you have got access token: Airlock IAM on Docker hub – airlock-iam

Step 2- Configure Docker to verify digital signatures

All images of Airlock IAM are signed and it is strongly recommended to configure Docker to verify these digital signatures.  It is recommended to configure Docker to enforce digital signatures on all images.

This is achieved by setting the following environment variable:

Docker CLI

export DOCKER_CONTENT_TRUST=1

For more details on Docker content trust see Content trust in Docker.

You may inspect the signature using the docker trust  command:

Docker CLI

docker trust inspect --pretty docker.io/ergon/airlock-iam

Step 3 - Retrieve Docker image

Check the (Docker Hub) Airlock IAM Image repository page to see all available Tags.

To obtain the latest container image, for example, use the following command:

Docker CLI

docker login
docker pull docker.io/ergon/airlock-iam:latest

For production, specific tags should be used, e.g. "7.7.0" or "latest-7.7".

Alternatively: Download distribution of Docker image

This method allows for "air-gapped" installation, where the server doesn't connect to the Docker registry directly. A local/private Docker registry or other means of distributing the image as files to your machines is used instead.

The Docker image is published as an image file and has the file extension ".tar.gz".

The image file can be loaded and pushed to your local Docker registry:

Docker CLI

# load image
 docker load -i airlock-iam-docker-image-7.7.tar.gz
 
# Should list the loaded image
 docker images | grep airlock  

# Create alias matching the Docker Hub repository name for the 
# examples on this page to work 
 docker tag airlock-iam:7.7 ergon/airlock-iam:7.7 

# Show help to perform a quick check 
docker run --rm ergon/airlock-iam:7.7 --help  

# Replace "docker.example.com" with the URL to your local
#  Docker registry 
docker tag ergon/airlock-iam:7.7 docker.example.com/ergon/airlock-iam:7.7  

# Push the image to the local Docker registry 
  docker push docker.example.com/ergon/airlock-iam:7.7

If you don't have a local Docker registry you may skip the tagging and pushing steps.