Trust Center 25.03.0 Image Inventory¶
This document describes each container image in use in the Trust Center version 25.03.0 deployment.
You can download this content as a PDF by clicking here.
Contents¶
Component List¶
| Container Image | Component |
|---|---|
| trust-center/trust-center-ctl | Trust Center Init Job |
| library/busybox | Busybox |
| ms_activity_log | Activity Log Service |
| ms_authorization | Authorization Service |
| trust-center/asset-mgmt | Asset Management Service |
| trust-center/command | Command Service |
| trust-center/endpoint-connector | Endpoint Connector Service |
| trust-center/endpoint-registry | Endpoint Registry Service |
| trust-center/endpoint-updater | Endpoint Updater Service |
| trust-center/health | Health Service |
| trust-center/ostree-sync | OSTree Sync Service |
| trust-center/pki-adapter | PKI Adapter Service |
| job_rotate_signing_key | Rotate Signing Key Job |
| ms_secret_mgmt | Secret Management Service |
| trust-center/trust-enforcement | Trust Enforcement Service |
| trust-center/vault-unseal | Vault Unseal Job |
| trust-center/docs-external-v1 | External API Docs |
| hashicorp/vault | Vault |
| library/redis | Redis |
| oliver006/redis_exporter | Redis Prometheus Exporter |
| confluentinc/cp-kafka | Kafka |
| danielqsj/kafka-exporter | Kafka Prometheus Exporter |
| library/mariadb | MariaDB |
| library/mongo | MongoDB |
| bitnami/mongodb-exporter | MongoDB Prometheus Exporter |
| ingress-nginx/controller | NGINX Ingress Controller |
| fluent/fluent-bit | Fluent Bit |
| fluent/fluentd | Fluentd |
| jetstack/cert-manager-cainjector | cert-manager CA Injector |
| jetstack/cert-manager-controller | cert-manager Controller |
| jetstack/cert-manager-webhook | cert-manager Webhooks |
| ## Verifying Container Images | |
First, copy the container registry password from global.images.password in your Trust Center's config.yaml. |
Then, log into the container registry:
$ docker login docker.cloudsmith.io
Username: teradici/trust-center
Password: <Password>
(note: If using a beta release, use teradici/trust-center-beta instead)
Next, check the details for a specific container image in the remote registry:
$ docker buildx imagetools inspect <Image tag>
Name: <Image tag>
MediaType: application/vnd.docker.distribution.manifest.v2+json
Digest: sha256:002f688e9756d464d2064b526d4446306210198e8c8b234b36c9a8d5399b80d7
<Image tag> should be the full URI to the image, e.g.: docker.cloudsmith.io/teradici/trust-center/fluent/fluentd:v1.16-2
Now, pull the image to download it locally:
$ docker pull <Image tag>
[...]
$ docker inspect --format='{{index .RepoDigests 0}}' <Image tag>
<Image tag>@sha256:002f688e9756d464d2064b526d4446306210198e8c8b234b36c9a8d5399b80d7
The image sha256 hash should match between the remote container registry and the local copy. Additionally, the hash calculated here should match the image hash listed for each container image in these READMEs.
Component Details¶
Trust Center Init Job¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/trust-center-ctl |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:b2efc1157a4ea0feb8c18537b922bf21f946e0cb53ad1971a70d6a462d69d0aa |
Description¶
Container which runs on initial installation and upgrade of the Trust Center. Initializes and upgrades Trust Center service configuration.
Busybox¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/library/busybox |
| Product | Trust Center |
| Supplier | Open Source |
| Version | 1.36.1 |
| Image Hash | sha256:023917ec6a886d0e8e15f28fb543515a5fcd8d938edb091e8147db4efed388ee |
Description¶
Used for various init containers preventing services from starting up before dependencies are ready.
We use the official Docker image for Busybox: https://hub.docker.com/_/busybox
Activity Log Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/ms_activity_log |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 0.0.768_84f4c1f |
| Image Hash | sha256:67dea90c8be993dfc79ec697d89647d13474fcf3a0abed979638782ad598f7c9 |
Description¶
The Activity Log service handles events generated by Trust Center services, and exposes an API to query activity logs.
Authorization Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/ms_authorization |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 0.0.5559_fde52ff |
| Image Hash | sha256:1f667811704697c58b9f98785b6f039a0dfbcd2bae35733abdc91a3f6611e093 |
Description¶
The Authorization service handles authentication and authorization for Trust Center API service accounts.
Asset Management Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/asset-mgmt |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:0b1d80810c435b5e3ab4bf2e602bedc9b491fdee446f37632a6db82f9d539019 |
Description¶
The Asset Management service enables storing and retrieving assets (such as support bundles, branding assets) within the Trust Center.
Command Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/command |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:45743bbbd2e471515be901112cbbc9736bdee937b6bb57ade21cccb7f09fb5b9 |
Description¶
The Command service enables sending commands to endpoints connected to the Trust Center and processing command status updates.
Endpoint Connector Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/endpoint-connector |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:d81a2da2016fff638685e2e24d737c6ef010b76c2603164c831a3bda36a0ebc3 |
Description¶
The Endpoint Connector service provides APIs which Trusted Zero Clients and other endpoints use to communicate with the Trust Center.
Endpoint Registry Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/endpoint-registry |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:d416949a06e0ff8984ba1cebedb3e9dc65758a78d1f69716af1378c486d09b4a |
Description¶
The Endpoint Registry service maintains endpoint digital twins and provides APIs for management of endpoint configuration.
Endpoint Updater Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/endpoint-updater |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:03632a2b29b9c6aaa030f0c59dca3b10ac94d5021b7f2bb73cb6daadfb2586db |
Description¶
The Endpoint Updater service is responsible for triggering OTA updates for connected endpoints when requested in endpoint configuration.
Health Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/health |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:42dc2ba1d4d6aa7e9c5b0a1e11f48549359186d663e1a07c42b2158d95560dfa |
Description¶
The Health service provides API endpoints for Trust Center deployment health-checks.
OSTree Sync Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/ostree-sync |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:3d1f135e6bfdc26784ac36d10952f0f484b8565b1e271b6557b82f592295efe5 |
Description¶
The OSTree Sync service is responsible for storing Trusted Zero Client OTA update images and serving them to endpoints when requested.
PKI Adapter Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/pki-adapter |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:6590ca883905e7fd593223c5ac5d5908e9956ec4216a43b5d5b2ce9970bd59bc |
Description¶
The PKI Adapter Service is responsible for for providing an interface for Trust Center services to request certificates and tokens generated by internal and external issuers.
Rotate Signing Key Job¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/job_rotate_signing_key |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 0.0.306_1fd114b |
| Image Hash | sha256:2dd340a6ae9d7f6b9cb880aa3f3196cbbaf2c037b54480df0879dc234200e982 |
Description¶
The Rotate Signing Key job is used as a perodic CronJob in the Trust Center to rotate internal token signing keys.
Secret Management Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/ms_secret_mgmt |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 0.0.690_b709211 |
| Image Hash | sha256:ed8044a52a74886470b84ea3ddfba3762eef537fed16d6ef3e8568f99ae4370f |
Description¶
The Secret Management service provides an interface for Trust Center services to access key/value secrets from internal (Vault) and external secret storage providers.
Trust Enforcement Service¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/trust-enforcement |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:21ba3bc68aebd76e4a0ef85fd6cafde54c14ff325663ad639933f38d2223af46 |
Description¶
The Trust Enforcement Service is responsible for facilitating policy evaluation and enforcement on endpoints connected to the Trust Center.
Vault Unseal Job¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/vault-unseal |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:8797c865fa259dab02f5b79d30fc43b7e806510c3f64113d3a11e78b41be12ca |
Description¶
The Vault Unseal job is a CronJob used by the Trust Center to ensure the internal Vault instance (for on-prem deployments) is unsealed.
External API Docs¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/trust-center/docs-external-v1 |
| Product | Trust Center |
| Supplier | HP Inc. |
| Version | 25.03.0 |
| Image Hash | sha256:0b43981ec016021277aeaf82fbfc1d21002c70d83833464d6e86621dd6160d7c |
Description¶
This container serves a copy of the External API documentation corresponding to this version of the Trust Center.
Vault¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/hashicorp/vault |
| Product | Hashicorp Vault |
| Supplier | Hashicorp |
| Version | 1.18.2 |
| Image Hash | sha256:0d40cc366fd251520002c170f3f3c9a89e935d303313ed2f36cbc58fd3a530ef |
Description¶
Hashicorp Vault is a third party component deployed with the Trust Center in on-premises deplyoments to securely store deployment secrets.
We use the official Docker image for Hashicorp Vault: https://hub.docker.com/r/hashicorp/vault
Redis¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/library/redis |
| Product | Redis |
| Supplier | Redis Ltd. |
| Version | 7.4.1-alpine |
| Image Hash | sha256:7438ca8459132b9fe507a95fe6838fecd7c55f8611ed835742a014d7a92618e4 |
Description¶
Redis is a third-party component deployed with the Trust Center to function as an in-memory cache.
We use the official Docker image for Redis: https://hub.docker.com/_/redis
Redis Prometheus Exporter¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/oliver006/redis_exporter |
| Product | Redis |
| Supplier | Open Source - Oliver006 |
| Version | v1.66.0-alpine |
| Image Hash | sha256:617b1e5b51498d0e98d0b2e55abfe45a017dd0d08c37ca88e3c973c0d77fa47b |
Description¶
Small third-party component used to export Prometheus metrics from Redis.
Uses mirrored Docker Hub image: https://hub.docker.com/r/oliver006/redis_exporter
Kafka¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/confluentinc/cp-kafka |
| Product | Kafka |
| Supplier | Confluent Inc. |
| Version | 7.7.1 |
| Image Hash | sha256:a21737d09496a8b9bb38b995ab021e94e952259a5a2756ee22cef1cc84f5d9fe |
Description¶
Kafka is deployed as part of the Trust Center to handle message queueing.
We use the Kafka Docker image (Community Version) maintained by Confluent Inc.: https://hub.docker.com/r/confluentinc/cp-kafka/
Kafka Prometheus Exporter¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/danielqsj/kafka-exporter |
| Product | Kafka |
| Supplier | Open Source - Daniel Qian |
| Version | v1.8.0 |
| Image Hash | sha256:16bbe1d1647128a7060da21c36ae27b6f052bf5b8dedba0a5cb3460dee2f7b51 |
Description¶
Small third-party component used to export Prometheus metrics from Kafka.
Uses mirrored Docker Hub image: https://hub.docker.com/r/danielqsj/kafka-exporter
MariaDB¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/library/mariadb |
| Product | MariaDB |
| Supplier | MariaDB Foundation |
| Version | 10.4.29 |
| Image Hash | sha256:f9f3c4b8fd9dc7717a903c79d847af9c783771b9e0ff3cc4fc983a40e9e5972d |
Description¶
MariaDB is included in this release to facilitate data migration on upgrade from older Trust Center versions which required it. It will be removed in a subsequent release.
We use the official Docker image for MariaDB: https://hub.docker.com/_/mariadb
MongoDB¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/library/mongo |
| Product | MongoDB |
| Supplier | MongoDB Inc. |
| Version | 5.0.30 |
| Image Hash | sha256:b3857ebaf1cf7d0c75090776ef76fb01cc142fe1ca0939be51da61fd5936a911 |
Description¶
MongoDB is included in on-premises deployments of the Trust Center to handle data persistence.
We use the official Docker image for MongoDB: https://hub.docker.com/_/mongo
MongoDB Prometheus Exporter¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/bitnami/mongodb-exporter |
| Product | MongoDB |
| Supplier | Bitnami |
| Version | 0.42.1 |
| Image Hash | sha256:3aeaedd3faf7f9e16e919fdefc954153c5a0179eb733cce509d961fb2ed9885a |
Description¶
Small third-party component used to export Prometheus metrics from MongoDB.
Uses mirrored Docker Hub image: https://hub.docker.com/r/bitnami/mongodb-exporter/
NGINX Ingress Controller¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/ingress-nginx/controller |
| Product | NGINX |
| Supplier | NGINX Inc. |
| Version | v1.11.3 |
| Image Hash | sha256:38b51d8833e79d97d4adf825e0bf893e322d19be54ff65a88d9320139a68adfb |
Description¶
The Trust Center uses the NGINX Ingress controller to handle ingress to Trust Center APIs (including TLS, WAF, etc.)
We use the official Docker image for nginx-ingress: https://hub.docker.com/r/nginx/nginx-ingress
Fluent Bit¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/fluent/fluent-bit |
| Product | Fluentd |
| Supplier | Fluent |
| Version | 3.2.1 |
| Image Hash | sha256:905e3e329840de5b843c9277911ab3d82205a57851ad22b79d671b47012860c5 |
Description¶
Fluent Bit is a third party log processor deployed with the Trust Center to facilitate log aggregation.
We use the official Docker image for Fluent Bit: https://hub.docker.com/r/fluent/fluent-bit
Fluentd¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/fluent/fluentd |
| Product | Fluentd |
| Supplier | Fluent |
| Version | v1.17-1 |
| Image Hash | sha256:c795c1bf9918c77a5415e2fda5825f9341f2dd0645d9adfb91f8cae3a3e6b240 |
Description¶
Fluentd is a third party log data collector deployed with the Trust Center to facilitate log aggregation.
We use the official Docker image for Fluentd: https://hub.docker.com/r/fluent/fluentd
cert-manager CA Injector¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/jetstack/cert-manager-cainjector |
| Product | cert-manager |
| Supplier | cert-manager Project |
| Version | v1.16.2 |
| Image Hash | sha256:0a1f62ea3390a73239c0b4214e0ada1fb89c52d30677aebcdc3ca54508996511 |
Description¶
We include cert-manager in the Trust Center deployment to automatically manage API ingress certificates.
We use the Docker image for the cert-manager CA injector managed by Jetstack: https://quay.io/repository/jetstack/cert-manager-cainjector
cert-manager Controller¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/jetstack/cert-manager-controller |
| Product | cert-manager |
| Supplier | cert-manager Project |
| Version | v1.16.2 |
| Image Hash | sha256:de97c3767802e33d3096ad9b276598ceee3ed92a0c67907221581b36c8ad055f |
Description¶
We include cert-manager in the Trust Center deployment to automatically manage API ingress certificates.
We use the Docker image for the cert-manager controller managed by Jetstack: https://quay.io/repository/jetstack/cert-manager-controller
cert-manager Webhooks¶
Metadata¶
| Field | Value |
|---|---|
| Container Image | docker.cloudsmith.io/teradici/trust-center/jetstack/cert-manager-webhook |
| Product | cert-manager |
| Supplier | cert-manager Project |
| Version | v1.16.2 |
| Image Hash | sha256:25d87dff68f00587a3e76a1e5d530d40b6f0f7872e6d634db01a593047849109 |
Description¶
We include cert-manager in the Trust Center deployment to automatically manage API ingress certificates.
We use the Docker image for the cert-manager webhooks managed by Jetstack: https://quay.io/repository/jetstack/cert-manager-webhook