diff --git a/architecture.md b/architecture.md index 3b93d920b9..e84f5da686 100644 --- a/architecture.md +++ b/architecture.md @@ -22,13 +22,16 @@ Universal Control Plane cluster. When you install DTR on a node, the following containers are started: -| Name | Description | -|:---------------------------------|:----------------------------------------------------------------------------------------------------------------------------------| -| dtr-nginx-<replica_id> | Receives http and https requests and proxies them to other DTR components. By default it listens to ports 80 and 443 of the host. | -| dtr-api-<replica_id> | Executes the DTR business logic. It serves the DTR web application, and API. | -| dtr-registry-<replica_id> | Implements the functionality for pulling and pushing Docker images. It also handles how images are stored. | -| dtr-etcd-<replica_id> | A key-value store for persisting DTR configuration settings. Don't use it in your applications, since it's for internal use only. | -| dtr-rethinkdb-<replica_id> | A database for persisting repository metadata. Don't use it in your applications, since it's for internal use only. | +| Name | Description | +|:------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------| +| dtr-nginx-<replica_id> | Receives http and https requests and proxies them to other DTR components. By default it listens to ports 80 and 443 of the host. | +| dtr-api-<replica_id> | Executes the DTR business logic. It serves the DTR web application, and API. | +| dtr-registry-<replica_id> | Implements the functionality for pulling and pushing Docker images. It also handles how images are stored. | +| dtr-etcd-<replica_id> | A key-value store for persisting DTR configuration settings. Don't use it in your applications, since it's for internal use only. | +| dtr-jobrunner-<replica_id> | Runs cleanup jobs in the background. It is not exposed to DTR, and is for internal use only. | +| dtr-rethinkdb-<replica_id> | A database for persisting repository metadata. Don't use it in your applications, since it's for internal use only. | +| dtr-notary-server-<replica_id> | Receives, validates, and serves content trust metadata, and is consulted when pushing or pulling to DTR with content trust enabled. | +| dtr-notary-signer-<replica_id> | Performs server-side timestamp and snapshot signing for content trust metadata. Is not exposed to DTR, and is for internal use only. | ## Networks @@ -56,6 +59,7 @@ DTR uses these named volumes for persisting data: | dtr-etcd-<replica_id> | dtr-etcd/_data | The volume used by etcd to persist DTR configurations. | | dtr-registry-<replica_id> | dtr-registry/_data | The volume where images are stored, if DTR is configured to store images on the local filesystem. | | dtr-rethink-<replica_id> | dtr-rethink/_data | The volume used by RethinkDB to persist DTR data, like users and repositories. | +| dtr-notary-<replica_id> | dtr-notary/_data | The volume where the Notary private TLS keys and certificates are stored so that the Notary containers can use TLS to communicate. | If you don’t create these volumes, when installing DTR they are created with the default volume driver and flags. diff --git a/configure/config-general.md b/configure/config-general.md index ed7fdd20b1..4295830cac 100644 --- a/configure/config-general.md +++ b/configure/config-general.md @@ -1,7 +1,7 @@ +++ title = "Configure general settings" description = "Configure general settings for Docker Trusted Registry" -keywords = ["docker, documentation, about, technology, understanding, enterprise, hub, general, domain name, HTTP, HTTPS ports, Notary, registry"] +keywords = ["docker, documentation, about, technology, understanding, enterprise, hub, general, domain name, HTTP, HTTPS ports, registry"] [menu.main] parent="workw_dtr_configure" identifier="dtr_configure_general" @@ -10,7 +10,7 @@ weight=3 # Configure general settings -This document describes the general settings you need to configure including using Trusted Content through setting up your Notary server. +This document describes the general settings you need to configure. ## Configure your domain name and port settings @@ -33,14 +33,14 @@ for the new domain. This also works with IP addresses. ## Docker Content Trust -The Trusted Registry's includes integration with of Docker Notary to provide +The Trusted Registry integrates with Docker Notary by default to provide Content Trust functionality, allowing your organization to push and pull trusted images. After pushing images in the Trusted Registry, you can see which image tags were signed by viewing the appropriate repositories through Trusted Registry's web interface. To configure your Docker client to be able to push signed images to Docker -Trusted Registry refer to the CLI Reference's [Environment Variables +Trusted Registry, refer to the CLI Reference's [Environment Variables Section](/engine/reference/commandline/cli.md#environment-variables) and [Notary Section](/engine/reference/commandline/cli.md#notary). diff --git a/configure/configuration.md b/configure/configuration.md index c4de3854c5..56619993ad 100644 --- a/configure/configuration.md +++ b/configure/configuration.md @@ -16,7 +16,7 @@ this overview to see what you can configure. To start, navigate to the Trusted Registry user interface (UI) > Settings, to view configuration options. Configuring is grouped by the following: -* [General settings](config-general.md) (ports, proxies, and Notary) +* [General settings](config-general.md) (ports, proxies) * [Security settings](config-security.md) * [Storage settings](config-storage.md) * [License](../install/license.md) diff --git a/images/architecture-1.png b/images/architecture-1.png index 7b6615d1ef..5d20fc7970 100644 Binary files a/images/architecture-1.png and b/images/architecture-1.png differ