mirror of https://github.com/docker/docs.git
c0912ad303
This change re-wires the way we have CFSSL hooked up so that it requires mutual TLS to access the service. Instead of using command line arguments, and thus relying on environment variables from linking, this change also switches to registering the CAs via KV store entries. The current CFSSL implementation does not support mutual TLS natively, so I've leveraged socat and a proxy container (much like we do for docker) in the interest of expediency. (so under the covers it's still a link between cfss and the proxy.) Once upstream supports mutual TLS (or if we decide to fork/patch it) we can drop the proxy and eliminate all the links. |
||
|---|---|---|
| certs.md | ||
| dashboard.png | ||
| install-beta.md | ||
| install_upgrade_spec.md | ||
| kv_store.md | ||
| login.png | ||
| networking.md | ||
| nodes.png | ||
| orca_components.png | ||
| orca_components.svg | ||
| profiling.md | ||
| quickstart.md | ||
| support.md | ||
| user_certs.md | ||
