Docker Content Trust and Notary

For my current project I’m looking into Docker Notary and Content Trust. I’m reading through docs and it makes sense so far, but I feel like I’m finding a more in-depth explanation than I initially need, so I wanted to post to see if anyone can provide some clear direction.

With this project we have Docker Data Center with Universal Control Plane setup and I’m trying to see how Notary/Content Trust works with DTR specifically. I know that UCP has Content Trust integrated and you can configure services to only run with singed images via group/team settings. I’m not sure if DTR itself provides Notary services for publishers to release signed image push and end-user pull.

The end goal is for end-users to be able to push and pull Notary/Content Trust confirmed images from DTR.