worp.one - Continue Reading Docker – Add trusted root ca to local docker-machine swarm

Docker – Add trusted root ca to local docker-machine swarm – Worp.one

Worp.one Spined HTML

Docker – Add trusted root ca to local docker-machine swarm – Worp.one Skip to content Main Menu Worp.oneAbout me Search for: Docker – Add trusted root ca to local docker-machine swarm You are here: Home ➜ DevOps ➜ Docker – Add trusted root ca to local docker-machine swarm worp on October 16, 2018October 17, 2018 As one might want when using a custom Docker registry with a cert signed by a custom root ca. As finding the wordplay to this question has proven somewhat complicated, I’ll note my tideway here for future reference (excerpt): Basically, reprinting pem (Base64 encoded) versions of your CA trust uniting into /var/lib/boot2docker/certs/. You can’t use ca bundles. The boot2docker marching script will automatically pick up pem files there and add them to the ssl config. Also, this is a special directory and will be preserved wideness restarts. Shell $ docker-machine ssh default 'sudo mkdir /var/lib/boot2docker/certs' $ docker-machine scp corp-ca.pem default: $ docker-machine ssh default 'sudo mv corp-ca.pem /var/lib/boot2docker/certs/' $ docker-machine restart default 1234 $ docker-machine ssh default 'sudo mkdir /var/lib/boot2docker/certs'$ docker-machine scp corp-ca.pem default:$ docker-machine ssh default 'sudo mv corp-ca.pem /var/lib/boot2docker/certs/'$ docker-machine restart default   Sidenote: Replace “default” in the whilom Shell-Command example with the machine name you are using Docker on. In a local swarm setting (as I have it here) you need to do that for every single machine if you want the root ca to be trusted on each one. This should be easier but I have not found an easier solution yet. I will update this if I do. At least copying the root-ca cert into the boot2docker location persists for future restarts plane tough the rest of boot2docker is immutable. Sidenote 2: If you don’t want to reprinting the ca to all machines, simply reprinting it to your swarm manager(s) only. Then deploy your swarm stack with –with-registry-auth from the swarm manager! It will use the registry login and the trust of the swam manager you’re interacting with! i.E.: Shell $ docker stack deploy --compose-file=my-stack.docker-compose.yml --with-registry-auth my-stack-name 1 $ docker stack deploy --compose-file=my-stack.docker-compose.yml --with-registry-auth my-stack-name   Source: docker-machine: Recommended way to install CA document on local VM docker machine #1799 – Comment by rpomeroy on 13 Jan 2017 Related Categories: DevOps, Security Tags: docker, docker-machine, local, swarmShare this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on Google+ (Opens in new window) Post navigation Keep any Docker container runningRepost: Networking with Docker: Don’t settle for the defaults Sidebar Search for: Recent Posts Upgrading Gitlab Docker: TaskNuke remove those worrying orphaned tasks from a network Docker: Symlink your log files to stdout and stderr! Getting original vendee IP from a request in Docker Swarm – Or the issue with issue #25526 Repost: Networking with Docker: Don’t settle for the defaults Recent CommentsArchives November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 April 2017 March 2017 February 2017 January 2017 December 2016 Categories Best-Practices DevOps Frameworks My Setups Remember Security shell commands Snippets Thoughts Tools Uncategorized Updates Footer Content Privacy & Cookies: This site uses cookies. To find out more, as well as how to remove or woodcut these, see here: Our Cookie Policy Copyright 2016 by worp.one Proudly powered by WordPress | Theme: Aaron by Carolina