Docker orchestration is only a component of the larger software supply chain. We basically start with Source Code as the raw material. Our source code is compiled and linked with Library and Dependent packages. We use Build Service to continuously integrate our Source Code and its Dependencies together and finally assemble them as a Product. We then ship the Product on the Internet, to store it somewhere else. We usually call this warehouse an Application Repository or simply a repository. Finally, we send the product to the customer's environment, for example a cloud or a physical data center.

Docker is perfect for this workflow. Developers use Docker locally to compile and test applications, system administrators deploy these applications on the Build Servers using Docker, and Docker may also play an important role in the process of continuous integration.

Security kicks in here. We need a secure way to sign our products before pushing it to the Application Repository. In our Docker-centric world, we store ready products in a warehouse called Docker Registry. Then a signed product will be verified, each time, before it is deployed to the production system where we're running our Docker Swarm mode cluster.

In the remainder of the chapter, we will talk about the following two aspects of security: