mirror of https://github.com/docker/cli.git
Document updates for cluster-store-opt
This updates the docs for the daemon based on the new cluster-store-opt for TLS support. Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
This commit is contained in:
parent
dd91c424fa
commit
f10d93f394
|
@ -536,7 +536,7 @@ please check the [run](run.md) reference.
|
||||||
|
|
||||||
`--cluster-advertise` specifies the 'host:port' combination that this particular
|
`--cluster-advertise` specifies the 'host:port' combination that this particular
|
||||||
daemon instance should use when advertising itself to the cluster. The daemon
|
daemon instance should use when advertising itself to the cluster. The daemon
|
||||||
should be reachable by remote hosts on this 'host:port' combination.
|
is reached by remote hosts on this 'host:port' combination.
|
||||||
|
|
||||||
The daemon uses [libkv](https://github.com/docker/libkv/) to advertise
|
The daemon uses [libkv](https://github.com/docker/libkv/) to advertise
|
||||||
the node within the cluster. Some Key/Value backends support mutual
|
the node within the cluster. Some Key/Value backends support mutual
|
||||||
|
@ -545,6 +545,7 @@ using the `--cluster-store-opt` flag, specifying the paths to PEM encoded
|
||||||
files. For example:
|
files. For example:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
docker daemon \
|
||||||
--cluster-advertise 192.168.1.2:2376 \
|
--cluster-advertise 192.168.1.2:2376 \
|
||||||
--cluster-store etcd://192.168.1.2:2379 \
|
--cluster-store etcd://192.168.1.2:2379 \
|
||||||
--cluster-store-opt kv.cacertfile=/path/to/ca.pem \
|
--cluster-store-opt kv.cacertfile=/path/to/ca.pem \
|
||||||
|
@ -552,6 +553,25 @@ files. For example:
|
||||||
--cluster-store-opt kv.keyfile=/path/to/key.pem
|
--cluster-store-opt kv.keyfile=/path/to/key.pem
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The currently supported cluster store options are:
|
||||||
|
|
||||||
|
* `kv.cacertfile`
|
||||||
|
|
||||||
|
Specifies the path to a local file with PEM encoded CA certificates to trust
|
||||||
|
|
||||||
|
* `kv.certfile`
|
||||||
|
|
||||||
|
Specifies the path to a local file with a PEM encoded certificate. This
|
||||||
|
certificate is used as the client cert for communication with the
|
||||||
|
Key/Value store.
|
||||||
|
|
||||||
|
* `kv.keyfile`
|
||||||
|
|
||||||
|
Specifies the path to a local file with a PEM encoded private key. This
|
||||||
|
private key is used as the client key for communication with the
|
||||||
|
Key/Value store.
|
||||||
|
|
||||||
|
|
||||||
## Miscellaneous options
|
## Miscellaneous options
|
||||||
|
|
||||||
IP masquerading uses address translation to allow containers without a public
|
IP masquerading uses address translation to allow containers without a public
|
||||||
|
|
|
@ -9,6 +9,9 @@ docker-daemon - Enable daemon mode
|
||||||
[**--api-cors-header**=[=*API-CORS-HEADER*]]
|
[**--api-cors-header**=[=*API-CORS-HEADER*]]
|
||||||
[**-b**|**--bridge**[=*BRIDGE*]]
|
[**-b**|**--bridge**[=*BRIDGE*]]
|
||||||
[**--bip**[=*BIP*]]
|
[**--bip**[=*BIP*]]
|
||||||
|
[**--cluster-store**[=*[]*]]
|
||||||
|
[**--cluster-advertise**[=*[]*]]
|
||||||
|
[**--cluster-store-opt**[=*map[]*]]
|
||||||
[**-D**|**--debug**[=*false*]]
|
[**-D**|**--debug**[=*false*]]
|
||||||
[**--default-gateway**[=*DEFAULT-GATEWAY*]]
|
[**--default-gateway**[=*DEFAULT-GATEWAY*]]
|
||||||
[**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]]
|
[**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]]
|
||||||
|
@ -74,6 +77,16 @@ format.
|
||||||
**--bip**=""
|
**--bip**=""
|
||||||
Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b
|
Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b
|
||||||
|
|
||||||
|
**--cluster-store**=""
|
||||||
|
URL of the distributed storage backend
|
||||||
|
|
||||||
|
**--cluster-advertise**=""
|
||||||
|
Specifies the 'host:port' combination that this particular daemon instance should use when advertising
|
||||||
|
itself to the cluster. The daemon is reached by remote hosts on this 'host:port' combination.
|
||||||
|
|
||||||
|
**--cluster-store-opt**=""
|
||||||
|
Specifies options for the Key/Value store.
|
||||||
|
|
||||||
**-D**, **--debug**=*true*|*false*
|
**-D**, **--debug**=*true*|*false*
|
||||||
Enable debug mode. Default is false.
|
Enable debug mode. Default is false.
|
||||||
|
|
||||||
|
@ -422,6 +435,31 @@ this topic, see
|
||||||
Otherwise, set this flag for migrating existing Docker daemons to a
|
Otherwise, set this flag for migrating existing Docker daemons to a
|
||||||
daemon with a supported environment.
|
daemon with a supported environment.
|
||||||
|
|
||||||
|
# CLUSTER STORE OPTIONS
|
||||||
|
|
||||||
|
The daemon uses libkv to advertise
|
||||||
|
the node within the cluster. Some Key/Value backends support mutual
|
||||||
|
TLS, and the client TLS settings used by the daemon can be configured
|
||||||
|
using the **--cluster-store-opt** flag, specifying the paths to PEM encoded
|
||||||
|
files.
|
||||||
|
|
||||||
|
#### kv.cacertfile
|
||||||
|
|
||||||
|
Specifies the path to a local file with PEM encoded CA certificates to trust
|
||||||
|
|
||||||
|
#### kv.certfile
|
||||||
|
|
||||||
|
Specifies the path to a local file with a PEM encoded certificate. This
|
||||||
|
certificate is used as the client cert for communication with the
|
||||||
|
Key/Value store.
|
||||||
|
|
||||||
|
#### kv.keyfile
|
||||||
|
|
||||||
|
Specifies the path to a local file with a PEM encoded private key. This
|
||||||
|
private key is used as the client key for communication with the
|
||||||
|
Key/Value store.
|
||||||
|
|
||||||
|
|
||||||
# HISTORY
|
# HISTORY
|
||||||
Sept 2015, Originally compiled by Shishir Mahajan <shishir.mahajan@redhat.com>
|
Sept 2015, Originally compiled by Shishir Mahajan <shishir.mahajan@redhat.com>
|
||||||
based on docker.com source material and internal work.
|
based on docker.com source material and internal work.
|
||||||
|
|
Loading…
Reference in New Issue