Docker Community Forums

Share and learn in the Docker community.

Using Config.json for TLS Authentication?


(Kemet) #1

Hi,

I was wondering if there is the possibility to use /home/user/.docker/config.json file to configure the tls authentication to a remote docker engine ( running in swarm mode).

Right now if we type docker help, we get this list of option ( on MacOS )

    --config string      Location of client config files (default "/Users/yourname/.docker") 

-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to (default [])
-l, --log-level string Set the logging level (“debug”, “info”, “warn”, “error”, “fatal”) (default “info”)
–tls Use TLS; implied by --tlsverify
–tlscacert string Trust certs signed only by this CA (default “/Users/yourname/.docker/ca.pem”)
–tlscert string Path to TLS certificate file (default “/Users/yourname/.docker/cert.pem”)
–tlskey string Path to TLS key file (default “/Users/yourname/.docker/key.pem”)
–tlsverify

The idea is to have those tls option ( --tls, --tlscacert, --tlscert, --tlskey, --tlsverify ) being configured inside the config.json file for convenience. i am well ware of other option like using passing tlsverify on every call :
#docker --tlsverify …etc
or using environment variable on every shell

export DOCKER_TLS_VERIFY=1

export DOCKER_CERT_PATH=~/.docker/zone1/

But i would like to know if the third option of using config.json to specify all TLS information would be possible now or in the future. i find it very elegant and convenient to have such info in a config file, just like the kubernetes community has with the kubeconfig file which is yaml file containing all the authentication info to a “kubernetes deployments” which is roughly equivalent to a swarm stack ( deployment) based on a docker-compose.yml (Version 3 format) of my micro service application.

it would look like this :

{
“HttpHeaders”: {
“MyHeader”: “MyValue”
},

     "stacksContext": {
           "myStack1": {
                  "User": "UserProd",
                  "tlsverify": "true",
                  "tlscacert": "/Users/yourname/.docker/ca.pem",
                  "tlscert": "/Users/yourname/.docker/cert.pem",
                  "tlskey": "/Users/yourname/.docker/key.pem"
           },
           "myStack2": {
                 "User": "UserStaging",
                  "tlsverify": "true",
                  "tlscacert": "/Users/yourname/.docker/ca.pem",
                  "tlscert": "/Users/yourname/.docker/cert.pem",
                  "tlskey": "/Users/yourname/.docker/key.pem"
            }
      },

      "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}",

      "auths": {
	          "https://index.docker.io/v1/": {
		               "auth": "khsfdfhsjdskhlfhdlfjfjdj="
	          },
	          "https://registry-1.docker.io/v2/": {
		               "auth": "qlfldhflqshmfdhsdnferi="
	          }
       }

}

thanks

cheers


(Archimedes Trajano) #2

I am actually facing the same issue myself. Rather than using docker-for-windows, I opted to create the docker machines set up as a swarm using Vagrant so I can replicate the same process in another system. However as of today I don’t see it in