docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Store update (#5507)

This commit is contained in:
Bryan Lee 2017-12-28 10:02:56 -05:00 committed by Gwendolynne Barr
parent 8ad2680824
commit f8b69ee538
6 changed files with 775 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

371
docker-store/byol.md Normal file
View File

@ -0,0 +1,371 @@
---
description: Submit a product to be listed on Docker Store
keywords: Docker, docker, store, purchase images
title: Bring Your Own License (BYOL) products on Store
---
## What is Bring Your Own License (BYOL)?
Bring Your Own License (BYOL) allows customers with existing software licenses
to easily migrate to the containerized version of the software you make
available on Docker Store.
There are two types of BYOL plans available to Independent Software Vendors
(ISVs):
- **Ungated** customer access to content: customers can see and access an
ISV's BYOL product listing by subscribing to the product with their Docker ID.
- **Gated** customer access to content: customers can see an ISV's BYOL product
listing, but cannot access the content until the ISV creates an order for the
product with Docker Store APIs. A product key is generated by Docker Store and
given back to the ISV. The ISV then sends this product key to the customer
they wish to entitle. After fulfilling the order to a specific Docker ID, the
customer can access the previously gated BYOL content.
ISVs can use the Docker Store/Hub as an entitlement and distribution platform.
Using APIs provided by Docker, ISVs can entitle users and distribute their
Dockerized content to many different audiences:
- Existing customers that want their licensed software made available as Docker containers.
- New customers that are only interested in consuming their software as Docker containers.
- Trial or beta customers, where the ISV can distribute feature or time limited software.
Docker provides a fulfillment service so that ISVs can programmatically entitle
users, by creating subscriptions to their content in Docker Store.
## Ungated BYOL
### Prerequisites and setup
To use Docker as your fulfillment service, an ISV must:
- [Apply and be approved as a Docker Store Publisher](https://store.docker.com/publisher/signup)
- Apply and be approved to list an Ungated BYOL product
- Create one or more Ungated BYOL product plans, in the Docker Store Publisher center.
## Creating an ungated BYOL plan
In Plans & Pricing section of the Publisher Center, ensure the following:
- Price/Month should be set to $0
- There should be no free trial associated with the product
- Under the Pull Requirements dropdown, "Subscribed users only" should be selected.
## Gated BYOL
### Prerequisites and setup
To use Docker Store as your fulfillment service, an ISV must:
- Apply and be approved as a Docker Store Publisher.
- Apply and be approved to use the Gated BYOL feature.
- Create a BYOL, "bring your own license" plans, in the Docker Store Publisher center.
Docker will provide:
- One or more authorization tokens to the publisher for making API requests to the Docker fulfillment service.
- A partner identifier.
### Fulfillment and orders usage
Docker Store provides an API for ISVs to create product orders and generate access tokens (in the form or URLs) for customer subscriptions to their products. ISVs will also be able to access reports and usage information about their products on Docker Store.
The BYOL program at Docker Store helps ISVs control access to their products for multiple use cases, such as:
- New customers purchasing software from the ISV for the first time
- Existing customers who need access to the Dockerized form of the ISV's content
- Prospects who need access to a subset of the ISV's Dockerized content for a limited time.
These steps explain how an ISV grants entitlements to their Docker Store products:
1. The ISV creates a gated BYOL plan detailing user entitlements to their Docker Store products.
2. The ISV issues a "Create Order" API request to the Docker fulfillment service. The request includes the specific BYOL plan, any required quantities, and (optionally) any product keys that the ISV's software requires.
3. The Docker fulfillment service returns: (1) an order ID for the ISV's internal records, and (2) an access token (in URL form) that can be given to users.
4. The ISV distributes the access token/URL to users in whatever form works with their sales flow--at the end of a UI purchase flow, in a follow up email, etc.
5. The user navigates to the access token/URL and is prompted to sign in with a Docker ID (or create an account) on the procurement page of Docker Store.
6. The user is shown information on the order (a description of the product and quantities) and any terms and conditions specified by the ISV.
7. If the user agrees to the ISV's terms and accepts the order, a subscription is created to the appropriate plan for the duration specified in the order. The user can now access the Docker image as any other subscription on Docker store.
8. The user obtains the image at a terminal by running `docker login`, entering their subscription credentials, and following the accompanying setup instructions.
9. If needed by the ISV's software, the user can obtain the product key for their subscription from Docker Store, and enter it into the ISV's container, following instructions provided by the ISV.
A publisher can change or cancel an order before it is fulfilled with the
"Update Order" API request documented below. After the order has been fulfilled,
the ISV can change or cancel the corresponding subscription by making requests
to the Store billing service.
The subscription that a user receives at the end of this process appears with
their other subscriptions in Docker Store. However, the user will not be able to
directly change or cancel it, as it represents an entitlement under the control
of the ISV. The Store UI will direct the user to contact the ISV for any desired
changes.
### Product keys
If an ISV's software uses product keys, these may be supplied at the time of order creation. Once the order has been fulfilled, the product keys will be available to the user from the user's subscription detail page. The ISV's installation documentation should refer the user to look for the keys there.
### API usage
An approved ISV only needs to make a single API request to create an order and
obtain an access token for a user, the "Create Order" request documented below.
Other API requests are needed only if the ISV needs to alter/cancel the order,
or look up information about the order after it has been created. 
### Gated BYOL plan setup
Once a publisher has been onboarded to create an gated BYOL plan, the publisher
center will begin to allow them to set up a new, unpublished plan with the gated
BYOL option:
![byol plan](images/publish_byol.png)
In this stage of the publisher flow, note the **Pull Requirements** selection as
"Bring your own License", as well as the **Tier Description** which should
include an external reference to where a customer must go to acquire their
license from the publisher.
## API reference for ISVs
### Endpoint, authorization, content
All API requests should be made to: <https://store.docker.com/api/fulfillment/v1/...>
For example, the full path for the "Create Order" API will POST to: https://store.docker.com/api/fulfillment/v1/orders
All API requests to the fulfillment service must have an "Authorization: Bearer"
header with an authorization string that will be provided by Docker. An example
header is:
```
Authorization: Bearer 9043ea5c-172a-4d4b-b255-a1dab96fb631
```
ISVs should closely protect their authorization token as if it were a password,
and alert Docker if it has been compromised or needs replacement.
All request and response bodies must/will be encoded with JSON using UTF-8.
### Data structures
### OrderCreateRequest (object)
#### Properties
* partner\_id (PartnerID, required) - Business entity creating this order.
* customer (Customer, optional) - Order customer information.
* items (array[OrderItemCreateRequest], required) - One or more items associated with the order.
* token (string, optional) - If supplied, the customer access token for this order.
* metadata (OrderMetadata, optional) - Key/value strings to be stored with order.
### Order (object)
#### Properties
* order\_id: `ord-93b2dba2-79e3-11e6-8b77-86f30ca893d3` (string, required) - The order id.
* token: `DOCKER-TOKEN-234` (string, required) - The access token created for this order by the fulfillment service.
* docker\_id: `a76808b87b6c11e68b7786f30ca893d3` (string, optional) - The docker id of the user that fulfilled the order. Note that this is not set unless the order is in a fulfilled state.
* state: created (enum, required) - The order state.
* created
* fulfilled
* cancelled
* partner\_id (PartnerID, required) - Business entity that created this order.
* customer (Customer, optional) - Order customer information.
* items (array[OrderItem], required) - One or more items associated with the order.
* metadata (OrderMetadata, optional) - Any key/value strings given in the order creation request.
* created: `2016-06-02T05:10:54Z` (string, required) - An ISO-8601 order creation timestamp.
* updated: `2016-06-02T05:10:54Z` (string, required) - An ISO-8601 order updated timestamp.
### OrderItem (object)
#### Properties
* id: `390745e6-faba-11e6-bc64-92361f002671` (string, required) - The order item id.
* product\_id: `bf8f7c15-0c3b-4dc5-b5b3-1595ba9b589e` (string, required) - The Store product id associated with the order item.
* rate\_plan\_id: `85717ec8-6fcf-4fd9-9dbf-051af0ce1eb3` (string, required) - The Store rate plan id associated with the order item.
* subscription\_start\_date: `2016-06-02T05:10:54Z` (string, optional) - An ISO-8601 timestamp representing the subscription start date. If not specified, the subscription will start at order fulfillment time.
* subscription\_end\_date: `2019-06-02T05:10:54Z` (string, optional) - An ISO-8601 timestamp representing the subscription end date. If not specified, the subscription will end based on the plan duration period.
* pricing\_components (array[PricingComponent], required) - One or more pricing components associated with the order item.
* metadata (OrderItemMetadata, optional) - Any key/value strings given for this item in the order creation request.
* product\_keys (array[ProductKey], optional) - Product keys associated with the order item.
### OrderItemCreateRequest (object)
#### Properties
* sku: ZZ456A (string, optional) - The order item SKU.
* product\_id: `bf8f7c15-0c3b-4dc5-b5b3-1595ba9b589e` (string, optional) - The Store product id associated with the order item.
* rate\_plan\_id: `85717ec8-6fcf-4fd9-9dbf-051af0ce1eb3` (string, optional) - The Store rate plan id associated with the order item.
* subscription\_start\_date: `2016-06-02T05:10:54Z` (string, optional) - An ISO-8601 timestamp representing the subscription start date. If not specified, the subscription will start at order fulfillment time.
* subscription\_end\_date: `2019-06-02T05:10:54Z` (string, optional) - An ISO-8601 timestamp representing the subscription end date. If not specified, the subscription will end based on the plan duration period.
* pricing\_components (array[PricingComponent], required) - One or more pricing components associated with the order item.
* metadata (OrderItemMetadata, optional) - Mapping of key/value strings for this order item.
* product\_keys (array[ProductKeyCreateRequest], optional) - Product keys associated with the order item.
### PricingComponent (object)
#### Properties
* name: `Nodes` (string, required) - The pricing component slug. For example Nodes or Engines.
* value: 25 (number, required) - The quantity for the given pricing component. For example 1 support, 15 docker engines, or 5 private repos.
### ProductKeyCreateRequest (object)
#### Properties
* label: `Production` (string, required) - The human-readable label for the given product key that will be displayed to the customer.
* media\_type: `text/plain` (enum, required) - An accepted IANA Media Type for this product key. This suggests to the user interface how to display the product key for the customer to use.
* text/plain
* application/json
* file\_name: `production-key.txt` (string, optional) - The file name for the downloaded file if the product key is a blob that requires or allows download by the customer.
* value: `AbKe13894Aksel` (string, required) - The contents of the product key as a string. If the value is blob that cannot be represented as a string, the contents will be encoded as a Base64 string.
### ProductKey (object)
#### Properties
* id: `390745e6-faba-11e6-bc64-92361f002671` (string, required) - The product key id.
* order\_item\_id: `85717ec8-6fcf-4fd9-9dbf-051af0ce1eb3` (string, required) - The id of the order item that this product key is associated with.
* label: `Production` (string, required) - The human-readable label for the given product key that will be displayed to the customer.
* media\_type: `text/plain` (enum, required) - An accepted IANA Media Type for this product key. This suggests to the user interface how to display the product key for the customer to use.
* text/plain
* application/json
* file\_name: `production-key.txt` (string, optional) - The file name for the downloaded file if the product key is a blob that requires or allows download by the customer.
* value: `AbKe13894Aksel` (string, required) - The contents of the product key as a string. If the value is blob that cannot be represented as a string, the contents will be encoded as a Base64 string.
* created: `2016-06-02T05:10:54Z` (string, required) - An ISO-8601 product key creation timestamp.
* updated: `2016-06-02T05:10:54Z` (string, required) - An ISO-8601 product key updated timestamp.
### OrderFulfillmentRequest (object)
#### Properties
* state: `fulfilled` (string, required) - The desired order state. Only a fulfilled state may be specified.
* docker\_id: `a76808b87b6c11e68b7786f30ca893d3` (string, required) - The docker id (user or org id) to fulfill the order for.
* eusa\_accepted: true (boolean, required) - Whether or not the EUSA associated with the order has been accepted
### OrderCancellationRequest (object)
#### Properties
* state: `cancelled` (string, required) - The desired order state. Only a cancelled state may be specified.
#### Requests
#### Create order [POST]
Create an order.
* Request (application/json)
* Attributes (OrderCreateRequest)
#### List orders by token [GET /orders{?token}]
Retrieve an order with the given token. An empty array will be returned if no orders for the given token are found.
* Parameters
* token: `DOCKER-TOKEN-2324234` (string, required) - The order token.
* Request (application/json)
#### List orders by partner [GET /orders{?partner\_id}]
List orders associated with the the given partner. An empty array will be returned if there are no orders associated with the partner.
* Parameters
* partner\_id: partner-2342423 (string, required) - The partner identifier.
* Response 200 (application/json)
* Attributes (array[Order])
### Order [/orders/{order\_id}]
* Parameters
* order\_id: `ord-93b2dba2-79e3-11e6-8b77-86f30ca893d3` (string, required) - The order id.
#### Get order [GET]
Retrieve an order by id.
* Request (application/json)
* Response 200 (application/json)
* Attributes (Order)
#### Update order [PATCH]
A number of operations can be performed by `PATCH`ing an order:
**Fulfill** an order. Fulfilling an order will put it in a fulfilled state, and will kick off a process to create subscriptions for each order item associated with the order.
* Request (application/json)
* Attributes (OrderFulfillmentRequest)
* Response 200
* Attributes (Order)
**Cancel** an order. Canceling an order will put it in a cancelled state. The order is frozen once cancelled (that is, no further changes may be made to it).
* Request (application/json)
* Attributes (OrderCancellationRequest)
* Response 200
* Attributes (Order)
### Order item product keys [/order-items/{order\_item\_id}/product-keys]
* Parameters
* order\_item\_id: `ord-93b2dba2-79e3-11e6-8b77-86f30ca893d3` (string, required) - The order item id.
#### List product keys for order item [GET]
Retrieve all product keys for an order item by id. An empty array will be returned if the order item does not have any product keys.
* Request (application/json)
* Response 200 (application/json)
* Attributes (array[ProductKey])
#### Create product key for order item [POST]
Create a product key for an existing order item. Note that adding new product keys will not affect existing product keys.
* Request (application/json)
* Attributes (ProductKeyCreateRequest)
* Response 201 (application/json)
* Attributes (ProductKey)
## Group product keys
A product key is a resource attached to an order item that a publisher manages on behalf of their customer. When an order is fulfilled and subscriptions are created for a customer, the product keys associated with that order item can be accessed by the customer.
### Product key [/product-keys/{product\_key\_id}]
* Parameters
* product\_key\_id: `23443-93b2dba2-79e3-11e6-8b77-86f30ca893d3` (string, required) - The product key id.
#### Get product key [GET]
Retrieve a product key by id.
* Request (application/json)
* Response 200 (application/json)
* Attributes (ProductKey)
#### Update product key [PUT]
Update a product key by id. All fields shown are required.
* Request (application/json)
* Attributes (ProductKeyCreateRequest)
* Response 200 (application/json)
* Attributes (ProductKey)
#### Delete product key [DELETE]
Delete a product key by id.
* Request (application/json)
* Response 204 (application/json)
## What's next?
More information about the publishing flow can be found [here](publish.md).

36
docker-store/faq.md → docker-store/customer_faq.md
View File

@ -1,17 +1,43 @@
---
description: Docker Store frequently asked questions
keywords: Docker, docker, store, purchase images
title: Consumer FAQs
title: Docker Store Customer FAQs
---
## Customer FAQs
### How do I log in to the Docker Store?
Log in to the Docker Store using your free Docker ID. Don't have a Docker ID yet? Go to [Docker Cloud](https://cloud.docker.com/) to sign up.
Log in to the Docker Store using your free Docker ID. Dont have a Docker ID
yet? Go to [Docker Cloud](https://cloud.docker.com) to sign up.
## Certification program
### What is the certification program for images and plugins, and what are some benefits?
The Docker Certification program for Infrastructure, Images, and Plugins is
designed for both technology partners and enterprise customers to recognize
high-quality Containers and Plugins, provide collaborative support, and ensure
compatibility with Docker EE. Docker Certification is aligned to the available
Docker EE infrastructure and gives enterprises a trusted way to run more
technology in containers with support from both Docker and the publisher.
## End user experience
### Why do I see the pull command for a few products and no pull command in other products?
If a publisher publishes multiple images as part of their plan - we do not
display the pull command. The pull command visual is exclusively for submissions
that have a single image.
As a future feature we would like to start bringing in the concept of
compositions because it is more connected to real world usage of containers. Our
intent is to start surfacing a better UX by Q1 '18.
### Where can I see all of my purchases?
To view your purchases, go to the account menu at the upper right corner, and
click **Subscriptions**. The page that appears lists all of your active
click **My Content**. The page that appears lists all of your active
subscriptions, and any lapsed or canceled subscriptions.
### Can I buy subscriptions for my organization?
@ -21,7 +47,7 @@ for use in their Organization. Once purchased, images are available for any
organization member to pull.
Organization owners can view the organization's subscriptions by changing the
selected account on the **Subscriptions** page.
selected account on the **My Content** page.
### How can I become a Docker Store publisher?
@ -76,5 +102,5 @@ contact our [Billing Support team](mailto:billing@docker.com).
You can view and download your all active licenses for an organization from the
Subscriptions page.
Click the user icon menu at the top right, choose **Subscriptions** and then
Click the user icon menu at the top right, choose **My Content** and then
select the organization from the **Accounts** drop down menu.

119
docker-store/index.md
View File

@ -4,69 +4,96 @@ keywords: Docker, docker, store, publishers, publish images
title: Docker Store overview
---
To learn more about publishing on Docker Store, browse the topics below along
with the [publishers guide](publish.md), and
[apply to be a publisher](https://store.docker.com/publisher/signup).
For developers and operators, Docker Store is the best way to discover
high-quality Docker content.
-----------------
Independent Software Vendors (ISVs) can utilize Docker Store to distribute and
sell their Dockerized content. Publish your software through Docker Store to
experience the following benefits:
## What is Docker Store?
* **Access to Dockers large and growing customer-base.** Docker has experienced
rapid adoption, and is popular in dev-ops environments. Docker users have
pulled images over twelve billion times and they are increasingly turning to
Docker Store as the canonical source for high-quality, curated content.
For publishers, Docker Store is the best way for you to distribute and sell your
Dockerized content. Publish your software through the Docker Store to experience
the benefits below:
* **Customers can try or buy your software**, right from your product listing.
Your content is accessible for installation, trial, and purchase from the
Docker Store and the Docker CLI.
* Access to Dockers large and growing customer-base. Docker has
experienced rapid adoption, and is wildly popular in dev-ops
environments. Docker users have pulled images over four billion times,
and they are increasingly turning to the Docker Store as the canonical
source for high-quality, curated content.
* **Use of Docker licensing support.** Control who has access to your software:
a) logged-in users, b) users who have purchased a license, or c) all Docker
users. Well help you manage and control your distribution.
* Customers can try or buy your software, right from your product listing. Your
content is accessible for installation, trial, and purchase from the Docker
Store and the Docker CLI.
* **We'll handle checkout.** You dont have to set up your own digital
e-commerce site when you sell your content through the Docker Store. Choose
how much you want to charge for your products and we'll handle the billing.
* Use our licensing support. We can limit access to your software to
a) logged-in users, b) users who have purchased a license, or
c) all Docker users. Well help you manage and control your distribution.
* **Seamless updates and upgrades for your customers.** We tell your customers
when your content has upgrades or updates available.
* We'll handle checkout. You dont have to set up your own digital e-commerce
site when you sell your content through the Docker Store. We'll even help you
set pricing—and you can forget about the rest.
* **Become Docker Certified.** Publisher container images and plugins that meet
the quality, security, and support criteria of the program will display a
“Docker Certified” badge within the Docker Store (which can be used in
external marketing).
* Seamless updates and upgrades. We tell customers when your content
has upgrades or updates available, right inside their Docker host product.
## How is Docker Store different from Docker Hub? What about Official Images?
* Its a win-win for our platform and publishers: great content improves our
ecosystem, and our flexible platform helps you bring your content to market.
Docker Hub contains community content - these are images that have been created
by entities that are not vetted or curated. You can think of the community
content you consume as the "Wild West"--anyone can push new images to the
community and there are no guarantees around the quality or compatibility of
this content.
* Achieve the Docker Certified quality mark. Publisher container images and
plugins that meet the quality, security, and support criteria of the program
will display a “Docker Certified” badge within the Docker Store and external
marketing.
Docker Store contains content that has been submitted for approval by qualified
Store Vendor Partners. These products are published and maintained directly by a
commercial entity. In addition, the Docker Certified logo distinguishes content
by providing quality, provenance, and support assurances.
### Distribution Models
Official Images are an exception when it comes to community content; these
images are maintained as open source community projects. All official images
adhere to strict guidelines but are not necessarily backed by a commercial
entity.
> **Note**: Docker Hub and Docker Store leverage the same backend, the Docker
> Public Registry. In general, all publicly available community content should
> be visible via both Docker Hub and Docker Store, and this includes official
> images. Any content that has explicitly been added by a commercial entity and
> has gone through a vetting process with respect to content submission and best
> practices, is only available on Docker Store.
## Distribution models
The Docker Store welcomes free and open-source content, as well as software sold
directly by publishers. We support the following commercial models:
directly by publishers. We support the following commercial models:
#### Paid-via-Docker Content
### Paid via Docker
This is content for which customers transact via Docker, as described in the
publisher agreement. Paid-via-Docker content includes both software than can be
deployed on a host, as well as software that runs in the cloud and can be
accessed by the customer via an ambassador container (containerized cloud
services, for example).
This commercial model allows customers to pay for ISV content via Docker, as
described in the Store Vendor Partner agreement. Paid-via-Docker content
includes both software that can be deployed on a host, as well as software that
runs in the cloud and can be accessed by the customer via an agent
(containerized cloud services, for example).
#### Free Content
### Licensed content via Docker Store BYOL program
Free content is provided free-of-charge, and customers may pull it from the
Docker Hub either at their discretion or upon license acceptance, at the
publishers discretion. You agree that you will not charge customers for any
Free Content by making it available for purchase outside of the Docker Store.
ISVs can use Docker Store as an entitlement and distribution platform. Using
APIs provided by Docker, ISVs can entitle users and distribute their Dockerized
content to many different audiences:
* Existing customers that want their licensed software made available as Docker containers.
* New customers that are only interested in consuming their software as Docker containers.
* Trial or beta customers, where the ISV can distribute feature or time limited software.
Docker provides a fulfillment service so that ISVs can programmatically entitle
users, by creating subscriptions to their content in Docker Store. For more
information, see [Bring Your Own License (BYOL) products on Store](byol.md).
### Plugins and agents
ISVs have the ability to create and distribute [plugin images](https://store.docker.com/search?certification_status=certified&q=&type=plugin) for their customers to integrate with the ISV's proprietary hardware or cloud infrastructure and Docker Enterprise Edition deployments.
You can [apply to be a publisher](https://store.docker.com/publisher/signup) and learn more about our [Technology Partner Program](https://www.docker.com/partners/partner-program#/technology_partner).
## What's next?
* To learn about submitting products and content to Docker Store, see the [publishers guide](publish.md).
* To learn about using Docker Store to download content, see the [consumer FAQs](faq.md).
* Learn about submitting products and content to Docker Store, see the [publishers guide](publish.md) and the [publisher FAQs](publisher_faq.md).
* Learn about using Docker Store to download content, see the [customer FAQs](customer_faq.md).

175
docker-store/publish.md
View File

@ -4,62 +4,62 @@ keywords: Docker, docker, store, purchase images
title: Publish content on Docker Store
---
## Permitted Content and Support Options
## Permitted content and support options
* Content that runs on a Docker Enterprise Edition (i.e. Docker Certified
Infrastructure) may be published in the Store. This content may also qualify to
become a Docker Certified Container or Plugin image and be backed by
collaborative Docker/Publisher support
Infrastructure) may be published in the Store. This content may also qualify
to become a Docker Certified Container or Plugin image and be backed by
collaborative Docker/Publisher support
* Content that runs on the Docker Community Edition may be published in the
Store, but will not be supported by Docker nor is it eligible for certification.
* Content that runs on the Docker Community Edition may be published in the
Store, but will not be supported by Docker nor is it eligible for certification.
* Content that requires a non Certified Infrastructure environment may not be
published in the Store.
published in the Store.
| If your content: | Can publish on Store | Can be certified and supported by Docker | Supported by publisher |
|:-----|:--------|:------|:-----|
| Works on Docker Enterprise Edition | YES | YES | Required |
| Works on Docker Community Edition | YES | NO | Optional |
| Works on Docker Enterprise Edition | YES | YES | Required |
| Works on Docker Community Edition | YES | NO | Optional |
| Does not work on Docker Certified Infrastructure | NO | N/A | N/A |
## Onboarding
The publishing process for the Docker Store is straightforward, and can be
initiated from the landing page. You can sign in with your Docker ID, and
specify a product name and image source from a private repository. We require
initiated from the landing page. You can sign in with your Docker ID, and
specify a product name and image source from a private repository. We require
that your product images are stored in private repositories via Docker Cloud
and/or Hub, as they serve as an internal staging area from which you can revise
and submit content for review.
Once you specify a private-repository source for your product, you can provide
the content-manifest items to populate your products details page. These items
the content-manifest items to populate your products details page. These items
include logos, descriptions, and licensing and support links so that customers
can make informed decisions about your image. These items are submitted
can make informed decisions about your image. These items are submitted
alongside the image itself for moderation.
The Docker Store team then conducts a comprehensive review of your image and
metadata. We use Docker Security Scanning to evaluate your product images
security, and share results with you as the publisher. During the
metadata. We use Docker Security Scanning to evaluate your product images
security, and share results with you as the publisher. During the
image-moderation phase, we iterate back and forth with publishers to address
outstanding vulnerabilities and content-manifest issues until the image is ready
for publication.
Commercial content and other supported images may qualify for the Docker
Certified Container or Plugins quality mark. The testing for this program goes
Certified Container or Plugins quality mark. The testing for this program goes
beyond the vulnerability scan and also evaluates container images for Docker
best practices developed over years of experience. Collaborative support
capability between Docker and the publisher is also established. Please refer
best practices developed over years of experience. Collaborative support
capability between Docker and the publisher is also established. Please refer
to the diagram below for a high-level summary:
![publishing workflow](images/publish-diagram.png)
## Create Great Content
## Create great content
Create your content, and follow our best practices to Dockerize it. Keep your
images small, your layers few, and your components secure. Please refer to the
Create your content, and follow our best practices to Dockerize it. Keep your
images small, your layers few, and your components secure. Please refer to the
links and guidelines listed below to build and deliver great content:
* [Best practices for writing Dockerfiles](/engine/userguide/eng-image/dockerfile_best-practices/)
@ -93,11 +93,15 @@ images for all container applications.
### Remove unused components
Often, vulnerabilities exist in components that aren't actually used in the
containerized application. To avoid this, you can:
containerized application. To avoid this, you can:
* Follow best practices when using the `apt-get` command.
* Make sure to run `apt-get-remove` to destroy any components required to build but not actually run your application. Usually, this involves creating multi-line Dockerfile directives, as seen below. The following example shows how to remove `curl` and `python-pip` after they are used to install the Python `requests` package, all in a single Dockerfile directive:
* Make sure to run `apt-get-remove` to destroy any components required to build
but not actually run your application. Usually, this involves creating
multi-line Dockerfile directives, as seen below. The following example shows
how to remove `curl` and `python-pip` after they are used to install the
Python `requests` package, all in a single Dockerfile directive:
```shell
RUN apt-get update && \
@ -107,22 +111,21 @@ RUN apt-get update && \
rm -rf /var/lib/apt/lists/
```
> **Note**: Keep in mind, any file introduced in one directive of
your Dockerfile can only be removed in the same directive (and not
in subsequent directives in your Dockerfile).
> **Note**: Files introduced in one directive of your Dockerfile can only be
> removed in the same directive (and not in subsequent directives in your Dockerfile).
### Keep required components up-to-date
Your images are comprised of open-source libraries and packages that amass
vulnerabilities over time and are consequently patched. To optimize your
vulnerabilities over time and are consequently patched. To optimize your
products integrity, you must keep your images up-to-date:
* Periodically update your base image's version, especially if youre using a
version deemed to be vulnerable.
version deemed to be vulnerable.
* Re-build your image periodically. Directives including commands such as
`apt-get install ...` pull the latest versions of dependencies, which may
include security fixes.
* Re-build your image periodically. Directives including commands such as
`apt-get install ...` pull the latest versions of dependencies, which may
include security fixes.
### Scan your own private repositories
@ -134,9 +137,8 @@ Program.
## Create and maintain your publisher profile in the Store
Let the Docker community
know who you are. Add your details, your company story, and what you do. At
the very minimum, we require:
Let the Docker community know who you are. Add your details, your company
story, and what you do. At the very minimum, we require:
* Legal entity name
* Company website
@ -168,41 +170,42 @@ discoverable:
11. Installation instructions
12. Link to license agreements
#### How the manifest information is displayed in the UI
### How the manifest information is displayed in the UI
(Please note that this is an approximate representation. We frequently make enhancements to the look and some elements might shift around.)
(Please note that this is an approximate representation. We frequently make
enhancements to the look and some elements might shift around.)
![manifest information displayed on store UI](images/subscribed.png)
## Support your users
Docker users who download your content from the Store might need your help
later, so be prepared for questions! The information you provide with your
later, so be prepared for questions! The information you provide with your
submission will save support time in the future.
### Support information
If you provide support along with your content, include that information. Is
there a support website? What email address can users contact for help? Are
If you provide support along with your content, include that information. Is
there a support website? What email address can users contact for help? Are
there self-help or troubleshooting resources available?
### Support SLA
Include a Service Level Agreement (SLA) for each image you're offering for the
Store. An SLA is your commitment to your users about the nature and level of
Store. An SLA is your commitment to your users about the nature and level of
support you provide to them. Make sure your SLA includes support hours and
response-time expectations, where applicable.
## Security and Audit Policies
## Security and audit policies
### Docker Security Scanning
We use Docker Security Scanning to automatically and continuously assess your
products integrity. The tool deconstructs images, conducts a binary scan of
products integrity. The tool deconstructs images, conducts a binary scan of
the bits to identify the open-source components present in each image layer, and
associates those components with known vulnerabilities and exposures. We then
associates those components with known vulnerabilities and exposures. We then
share the scan results with you as the publisher, so that you can modify your
images content accordingly. Your scan results are private, and are never
images content accordingly. Your scan results are private, and are never
shared with end customers or other publishers.
To interpret the results, refer to the
@ -210,52 +213,54 @@ To interpret the results, refer to the
#### Classification of issues
* All Scan results will include the CVE numbers and a CVSS (Common Vulnerability Scoring System) Score.
* All Scan results will include the CVE numbers and a CVSS (Common Vulnerability
Scoring System) Score.
* CVE Identifiers (also referred to by the community as "CVE names," "CVE
* CVE Identifiers (also referred to by the community as "CVE names," "CVE
numbers," "CVE entries," "CVE-IDs," and "CVEs") are unique identifiers for
publicly-known, cyber-security vulnerabilities.
* The Common Vulnerability Scoring System (CVSS) provides an open
framework for communicating the characteristics and impacts of
IT vulnerabilities. Its quantitative model ensures repeatable,
accurate measurement while enabling users to see the underlying
vulnerability characteristics that were used to generate the scores.
As a result, CVSS is well-suited as a standard measurement system
for industries, organizations, and governments that need accurate
and consistent vulnerability-impact scores. CVSS is commonly used
to prioritize vulnerability-remediation activities, and calculate
the severity of vulnerabilities discovered on systems. The
National Vulnerability Database (NVD) provides CVSS scores for
almost all known vulnerabilities.
* The Common Vulnerability Scoring System (CVSS) provides an open
framework for communicating the characteristics and impacts of
IT vulnerabilities. Its quantitative model ensures repeatable,
accurate measurement while enabling users to see the underlying
vulnerability characteristics that were used to generate the scores.
As a result, CVSS is well-suited as a standard measurement system
for industries, organizations, and governments that need accurate
and consistent vulnerability-impact scores. CVSS is commonly used
to prioritize vulnerability-remediation activities, and calculate
the severity of vulnerabilities discovered on systems. The
National Vulnerability Database (NVD) provides CVSS scores for
almost all known vulnerabilities.
* Docker classifies the severity of issues per CVSS range, Docker classification, and service level agreement (SLA) as follows.
* Docker classifies the severity of issues per CVSS range, Docker classification,
and service level agreement (SLA) as follows.
| CVSS range | Docker classification | SLA for fixing issues |
|:-----|:--------|:------|
| 7.0 to 10.0 | Critical | Within 72 hours of notification |
| 4.0 to 6.9 | Major | Within 7 days of notification |
| 0.1 to 3.9 | Minor | No SLA. Best-effort to fix or address in documentation. |
| CVSS range | Docker classification | SLA for fixing issues |
|:-----|:--------|:------|
| 7.0 to 10.0 | Critical | Within 72 hours of notification |
| 4.0 to 6.9 | Major | Within 7 days of notification |
| 0.1 to 3.9 | Minor | No SLA. Best-effort to fix or address in documentation. |
* In addition to CVSS, the Docker Security team can identify or classify
vulnerabilities that need to be fixed, and categorize them in the
minor-to-critical range.
vulnerabilities that need to be fixed, and categorize them in the
minor-to-critical range.
* The publisher is presented with initial scan results, including all components
with their CVEs and their CVSS scores.
with their CVEs and their CVSS scores.
* If you use Dockers Scanning Service, you can subscribe to a notification
service for new vulnerabilities.
service for new vulnerabilities.
* Failure to meet above SLAs may cause the listing is put on “hold”.
* Failure to meet above SLAs may cause the listing is put on “hold”.
* A warning label shows up on the marketplace listing. An email is sent to the
users who have downloaded and subscribed for notifications.
users who have downloaded and subscribed for notifications.
* A Repos listing can stay in the "hold" state for a maximum of 1 month, after
which the listing will be revoked.
which the listing will be revoked.
### Usage Audit and Reporting
### Usage audit and reporting
Unless otherwise negotiated, an audit of activity on publisher content will be
retained for no less than 180 days.
@ -297,7 +302,7 @@ the partner.
Docker Certified Container images and plugins are meant to differentiate high
quality content on Docker Store. Customers can consume Certified Containers with
confidence knowing that both Docker and the publisher will stand behind the
solution. Further details can be found in the [Docker Partner Program Guide](https://www.docker.com/partnerprogramguide){: target="_blank" class="_"}.
solution. Further details can be found in the [Docker Partner Program Guide](https://www.docker.com/partnerprogramguide){: target="_blank" class="_"}.
#### What are the benefits of Docker Certified?
@ -305,7 +310,7 @@ Docker Store will promote Docker Certified Containers and Plugins running on
Docker Certified Infrastructure trusted and high quality content. With over 8B
image pulls and access to Dockers large customer base, a publisher can
differentiate their content by certifying their images and plugins. With a
revenue share agreement, Docker can be a channel for your content. The Docker
revenue share agreement, Docker can be a channel for your content. The Docker
Certified badge can also be listed alongside external references to your
product.
@ -330,10 +335,10 @@ on Docker Store.
All Docker Certified Container images and plugins running on Docker Certified
Infrastructure come with SLA based support provided by the publisher and Docker.
Normally, a customer contacts the publisher for container and application level
issues. Likewise, a customer will contact Docker for Docker Edition support.
issues. Likewise, a customer will contact Docker for Docker Edition support.
In the case where a customer calls Docker (or vice versa) about an issue on the
application, Docker will advise the customer about the publisher support process
and will perform a handover directly to the publisher if required. TSAnet is
and will perform a handover directly to the publisher if required. TSAnet is
required for exchange of support tickets between the publisher and Docker.
#### How does a publisher apply to the Docker Certified program?
@ -344,20 +349,20 @@ Partner](https://goto.docker.com/partners){: target="_blank" class="_"}
* Requires acceptance of partnership agreement for completion
* Identify commercial content that can be listed on Store and includes a support
offering
offering
* Test your image against the Docker CS Engine 1.12+ or on a Docker Certified
Infrastructure version 17.03 and above (Plugins must run on 17.03 and above)
Infrastructure version 17.03 and above (Plugins must run on 17.03 and above)
* Submit your image for Certification through the publisher portal. Docker will
scan the image and work with you to address vulnerabilities. Docker will also
conduct a best practices review of the image.
scan the image and work with you to address vulnerabilities. Docker will also
conduct a best practices review of the image.
* Be a [TSAnet](https://www.tsanet.org/){: target="_blank" class="_"} member or
join the Docker Limited Group.
join the Docker Limited Group.
* Upon completion of Certification criteria, and acceptance by
Docker, Publishers product page will be updated to reflect Certified status.
Docker, Publishers product page will be updated to reflect Certified status.
#### Is there a fee to join the program?
@ -368,13 +373,13 @@ the initial period.
Many Official images will transition to the Docker Certified program and will be
maintained and updated by the original owner of the software. Docker will
continue to maintain of some base OS images and language frameworks.
continue to maintain some of the base OS images and language frameworks.
#### How will certification of plugins be handled?
Docker Certification program recognizes the need to apply special scrutiny and
testing to containers that access system level interfaces like storage volumes
and networking. Docker identifies these special containers as “Plugins” which
require additional testing by the publisher or Docker. These plugins employ the
and networking. Docker identifies these special containers as “Plugins” which
require additional testing by the publisher or Docker. These plugins employ the
V2 Plugin Architecture that was first made available in 1.12 (experimental) and
now available in Docker Enterprise Edition 17.03

208
docker-store/publisher_faq.md Normal file
View File

@ -0,0 +1,208 @@
---
description: Docker Store frequently asked questions
keywords: Docker, docker, store, purchase images
title: Docker Store Publisher FAQs
---
## Certification program
### What is the certification program for images and plugins, and what are some benefits?
The Docker Certification program for Infrastructure, Images, and Plugins is
designed for both technology partners and enterprise customers to recognize
high-quality Containers and Plugins, provide collaborative support, and ensure
compatibility with Docker EE. Docker Certification is aligned to the available
Docker EE infrastructure and gives enterprises a trusted way to run more
technology in containers with support from both Docker and the publisher. The
[Docker Technology Partner guide](https://www.docker.com/partners/partner-program#/technology_partner)
explains the Technology Partner program and the Docker Certification Program for
Infrastructure, Images, and Plugins in more detail.
## Publisher signup and approval
### How do I get started with the publisher signup and approval process?
Start by applying to be a Docker Technology Partner at https://goto.docker.com/partner and click on "Publisher".
* Requires acceptance of partnership agreement for completion
* Identify content that can be listed on Store and includes a support offering
* Test your image against Docker Certified Infrastructure version 17.03 and
above (Plugins must run on 17.03 and above).
* Submit your image for Certification through the publisher portal. Docker will
scan the image and work with you to address vulnerabilities. Docker will also
conduct a best practices review of the image.
* Be a TSAnet member or join the Docker Limited Group.
* Upon completion of Certification criteria, and acceptance by Docker,
Publishers product page will be updated to reflect Certified status.
### What is the Docker Store Publisher Program application timeline?
1-2 weeks.
### Can we have a group of people work on the same product and publish to Store? (This replicates our internal workflow where more than one person is working on Dockerizing our product.)
Yes. You can submit your content as a team.
## Product submission
### How long does it typically take to have an image approved?
2 Weeks.
### Once a product is published, what is the process for pushing a new build (1.2, 1.3)? Will we simply edit the same product, adding the newly tagged repos?
Edit the same product and update with the newly tagged repos.
### On the Information page, organization details are required. Do we need to fill those in again for every product we publish, or will they be carried over? And if we change them for a later image publish, will they be updated for all images published by our organization?
Organization details need to be filled in only once. Updating organization info
once will update this for all images published by your organization.
### On the page for another vendors product on Docker store, I see the following chunks of data: How do these fields map to the following that are required in the publish process?
#### Fields I see
* Description
* License
* Feedback
* Contributing Guidelines
* Documentation
#### Fields in the publish process
* Product description
* Support link
* Documentation link
* Screenshots
* Tier description
* Installation instructions
*Description* maps to *Product description* in the publish process.
*License* maps to *Support Link* in the publish process.
*Documentation* maps to *Documentation Link* in the publish process.
*Feedback* is provided via customer reviews. https://store.docker.com/images/node?tab=reviews is an example.
*Tier Description* is what you see once users get entitled to a plan. For instance, in https://store.docker.com/images/openmaptiles-openstreetmap-maps/plans/f1fc533a-76f0-493a-80a1-4e0a2b38a563?tab=instructions `A detailed street map of any place on a planet. Evaluation and non-production use. Production use license available separately` is what this publisher entered in the Tier description
*Installation instructions* is documentation on installing your software. In this case the documentation is just `Just launch the container and the map is going to be available on port 80 - ready-to-use - with instructions and list of available styles.` (We recommend more details for any content thats a certification candidate).
### How can I remove a submission? I dont want to currently have this image published as it is missing several information.
If you would like your submission removed, let us know by contacting us at
publisher-support@docker.com. We are redesigning our publisher portal, and will
present this capability to you soon. ETA for ability to delete submissions that
are not yet live is Q4 2017.
### Can publishers publish multi-container apps?
Yes. Publishers can provide multiple images and add a compose file in the
install instructions to describe how the multi-container app can be used. For
now, we recommend asking publishers to look at this example from Microsoft
https://store.docker.com/images/mssql-server-linux where they have Supported
Tags listed in the Install instructions (you don't necessarily have to list it
in the readme).
### Regarding source repo tags: it says not to use “latest”. However, if we want users to be able to download the images without specifying a tag, then presumably an image tagged “latest” is required. So how do we go about that?
You can not submit "latest" tags via the certification/store publish workflow.
The reason we do this is so that users are aware of the exact version they
download. To make the user experience easy we have a copy widget that users can
use to copy the pull command and paste in their command line. Here is a
[screenshot](https://user-images.githubusercontent.com/2453622/32354702-1bec633a-bfe8-11e7-9f80-a02c26b1b10c.png)
to provide additional clarity.
### I added a new repository via the publish flow, but Store displays older repositories. What gives?
Go to `Plans and Pricing` section and update the repository in the `Plans and Pricing` page to the correct repository and resubmit. Here is a
[screenshot](https://user-images.githubusercontent.com/2453622/32343986-85386882-bfc2-11e7-8afe-918056608f98.png)
to add clarity. This is a UX issue on our side, and we plan on addressing it in
Q4 '17.
### Can I submit more than 2 plans on Store?
Not yet. ETA to present more than 2 plans is Q1 2018.
## Licensing, terms and conditions, and pricing
> **Note**: Check out BYOL Document first! (@kickingthetv TBD)
### What options are presented to users to pull an image?
We provide users the following options to access your software
* logged-in users.
* users who have accepted ToS
* all users (including users without Docker Identity)
Here is a [screenshot](https://user-images.githubusercontent.com/2453622/32067299-00cf1210-ba83-11e7-89f8-15deed6fef62.png) to describe how publishers can update the options provided to customers.
### If something is published as a free tier, for subscribed users only, does a user have to explicitly click Accept on the license terms for which we provide the link before they can download the image?
Yes
### Do you have a license enforcement system for docker images sold on store? How are they protected, once they have been downloaded? What happens if a customer stop paying for the image I am selling after, let's say, 2 months?
We provide the following licensing option to customers:
* Bring your own License or BYOL.
The expectation is that the publisher would take care of License Keys within the
container. The License Key itself can be presented to the customer via Docker
Store. We expect the Publisher to build short circuits into the container, so
the container stops running once the License Key expires. Once a customer
cancels, or if the customer subscription expires - the customer will not be able
to download updates from the Store.
If a user cancels their subscription, they will not be able to download updates
from the Store. The container may continue running. If you have a licensing
scheme built into the container, the licensing scheme can be a forcing function
and stop the container. (_We do not build anything into the container, it is up to the publisher_).
### How does a customer transition from a Trial to a Paid subscription? Question assumes these are two separate pulls from Store, or can they just drop in a license via Store?
Publisher can provide two different tokens or let customers use the same token
and internally map the customer to a paid plan vs a free trial.
### What are Docker Store pricing plans like? Can I have metered pricing?
As a publisher you can charge a subscription fee every month in USD. The amount
is determined by you. We are working on other pricing options. If you have
feedback about pricing, send us an email at publisher-support@docker.com
### As a publisher, I have not setup any payment account. How does money get to me if my commercial content gets purchased by customers?
We (Docker) will cut you a check post a revenue share. Your Docker Store Vendor
Agreement should cover specifics.
### How does Docker handle Export control? Can individual countries be specified if differing from Docker's list of embargoed countries?
We provide export control via blacklisting several countries, IPs and users
based on the national export compliance database. Any export control we do is
across all products, we do not selectively blacklist versions and products for
specific groups. Send us an email at publisher-support if you have questions
## Analytics
### Where can I view customer insights?
Analytics reports are only available to Publishers with Certified or Commercial
Content. Go to https://store.docker.com/publisher/center and click on "Actions"
for the product you'd like to view analytics for. Here is a
[screenshot](https://user-images.githubusercontent.com/2453622/32352202-6e87ce6e-bfdd-11e7-8fb0-08fe5a3e8930.png).
### How will metrics differentiate between Free and Paid subscribers?
The Analytics reports will contain information about the Subscriber and the
relevant product plan. You will be able to identify subscribers for each plan
for each product.
### Can I preview my submission before publishing?
Yes. You can preview your submission including the image you've submitted, the look and feel of the detail page and any markdown descriptions you might have.
Here are a few screenshots that illustrate the preview experience for markdown content.
Product Description preview [screenshot](https://user-images.githubusercontent.com/2453622/32344591-9cd6b456-bfc4-11e7-9505-1f7e8235f812.png).
Install instructions description preview [screenshot](https://user-images.githubusercontent.com/2453622/32344592-9cf2e234-bfc4-11e7-9e60-d773b62eae07.png).
## Other FAQs
### Can a publisher respond to a review of their product?
Yes
### Can I have a publish by date for my content?
Not yet. Potential ETA Q2 2018.

4
docker-store/trustchain.md
View File

@ -1,6 +1,6 @@
---
title: Docker Store trust chain
keywords: trust, chain, store
keywords: trust, chain, store, security
---
## For consumers
@ -28,7 +28,7 @@ verify completion of the process when pulling an image from Docker Store:
DOCKER_CONTENT_TRUST=1 docker run <image>
```
## For producers
## For publishers
The Docker Store has a thorough and well-defined certification process to ensure
top-quality content from producers is delivered to consumers in a trusted