IAM images can be pulled from a quay.io or Docker Hub private image repository, respectively.
- To pull an IAM image from a private repository, you need to perform the following steps:
- Gaining access to the private repository.
- Verifying the signature of the image in the repository.
- Retrieving the image from the repository.
The step details for quay.io differ from those for Docker Hub. Both options are described below.
Pulling from quay.io
Follow the instructions shown in the table below:
Gaining access to quay.io | - Proceed as follows:
- Register an account on https://quay.io (only necessary if you do not yet have a Red Hat account).
- Create a support case on Techzone - Airlock support process and ask access to the https://quay.io/airlock/iam repository. Add your Red Hat account to your support ticket.
- You will receive a notification via your ticket as soon as Airlock Support has approved your authorization.
- You can now access the quay.io private repository. To log in, run the following command in your Docker CLI:
|
Verifying the image signature | All images of Airlock IAM are signed. We strongly recommend verifying these digital signatures. - Proceed as follows:
- Run the following command to directly verify the digital signature of the IAM image in the quay.io repository. Note that the command uses the
cosign tool. Be sure to set the correct IAM release version. - On successful verification, the output should look like this:
|
| When the verification of the image signature was successful, it is okay to pull the image from the repository. - Proceed as follows:
- Run the following command in your Docker CLI. Be sure to set the correct IAM release version.
|
Pulling from Docker Hub
Follow the instructions shown in the table below:
Gaining access to Docker Hub | |
Verifying the image signature | All images of Airlock IAM are signed. We strongly recommend configuring Docker to enforce digital signatures on all images, and verifying these digital signatures. - Proceed as follows:
- In your Docker CLI, set the
DOCKER_CONTENT_TRUST environment variable to value 1 with the export command: - To inspect the image signature, run the
docker trust command in your Docker CLI:
|
| When the verification of the image signature was successful, it is okay to pull the IAM image from the IAM repository page on Docker Hub. - Proceed as follows:
- Check the (Docker Hub) Airlock IAM Image repository page for all available images.
- Run the command below in your Docker CLI . Be sure to set the correct IAM release version. For production, use the long release version (e.g.,
8.x.0 or 8.x.1 , etc.)
|