github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/swarmkit/cmd/external-ca-example/README.md (about) 1 # External CA Example 2 3 To get started, build and install the go program in this directory: 4 5 ``` 6 $ go install github.com/docker/swarmkit/cmd/external-ca-example 7 ``` 8 9 Now, run `external-ca-example`: 10 11 ``` 12 $ external-ca-example 13 INFO[0000] Now run: swarmd -d . --listen-control-api ./swarmd.sock --external-ca protocol=cfssl,url=https://localhost:58631/sign 14 ``` 15 16 This command initializes a new root CA along with the node certificate for the 17 first manager in a new cluster and saves it to a `certificates` directory in 18 the current directory. It then runs an HTTPS server on a random available port 19 which handles signing certificate requests from your manager nodes. 20 21 The server will continue to run after it prints out an example command to start 22 a new `swarmd` manager. Run this command in the current directory. You'll now 23 have a new swarm cluster which is configured to use this external CA. 24 25 Try joining new nodes to your cluster. Change into a new, empty directory and 26 run `swarmd` again with an argument to join the previous manager node: 27 28 ``` 29 $ swarmd -d . --listen-control-api ./swarmd.sock --listen-remote-api 0.0.0.0:4343 --join-addr localhost:4242 --join-token ... 30 Warning: Specifying a valid address with --listen-remote-api may be necessary for other managers to reach this one. 31 ``` 32 33 If this new node does not block indefinitely waiting for a TLS certificate to 34 be issued then everything is working correctly. Congratulations!