This adds TLS support into the KV store for swarm. The manage, join,
and list commands all have a new CLI argument, matching the docker engine
discovery backend. This required adding the tlsconfig utility
package from docker engine.
Here's an example showing re-use of the cluster certs for the KV store:
swarm manage --tlsverify \
--tlscacert /etc/docker/ssl/ca.pem
--tlscert /etc/docker/ssl/cert.pem
--tlskey /etc/docker/ssl/key.pem
--discovery-opt kv.cacertfile=/etc/docker/ssl/ca.pem
--discovery-opt kv.certfile=/etc/docker/ssl/cert.pem
--discovery-opt kv.keyfile=/etc/docker/ssl/key.pem
--advertise 192.168.122.47:3376
etcd://192.168.122.47:2379
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
- Watch() issues updates by channel rather than by callback
- Fetch() is gone
- Watch() can be stopped at any time by closing the stop channel
- Watch() is now resilient to errors and will try over and over
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Daniel Hiltgen
Andrea Luzzardi
Alexandre Beslic