educative.io

Educative

Configure a CA and Certificates - The Beginners Guide to Docker

Hi

It seems to me that the CA key and pem creation are missing in this section.

Am I missing something ?

Thanks for your kind help.

Fredol

2 Likes

Its seems to be true, I have read the article couple of times thinking i have missed out on something. Sad part is you have received an reply on this yet.

I did not understand from the lesson how to create the setup, is each node a container? Should we exec between containers in order to do the steps written in the chapter?

Hi @Frederic_Ollivier!
Before generating keys and certificates for the Docker daemon and client, it’s essential to establish the Certificate Authority(CA). You can create the CA key and certificate using the following commands:

openssl genrsa -aes256 -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem

Performing these steps on the CA node (node2) will ensure that the certificates for the Docker daemon and client are properly signed and trusted.
I hope it helps. Happy Learning :blush:

Hi @Rahul_Kataria!!
You’re correct in noticing that the section does not include the creation of the CA key and certificate. This is a critical step in setting up TLS for Docker networking. To rectify this, you can generate the CA key and certificate using the commands I’ve provided in response to the first query. Once the CA is established, you can proceed with generating keys and certificates for the Docker daemon and client nodes. Let me know if you need further clarification on any of the steps!
Happy Learning :blush:

Hi @tricostume !!
Each node in the setup refers to a separate machine or virtual machine where Docker will be running. These nodes are not containers themselves; they are the hosts on which Docker containers can be deployed. To create the setup, you would typically SSH into each node individually and perform the necessary configuration steps. This involves generating keys and certificates on the CA node (node2) and distributing them to the Docker daemon and client nodes. There’s no need to exec between containers; instead, you’ll be executing commands on the host machines directly. Let me know if you have any more questions or need further assistance!
Happy Learning :blush: