What is the swarm mode public key infrastructure

0 votes
Can somebody explain what is swarm mode public key infrastructure in docker?
Aug 23, 2019 in Docker by Karan
• 19,610 points
861 views

1 answer to this question.

0 votes

Built-in Public Key Infrastructure System helps to secure the deployment of container orchestration systems. Transport Layer Security (TLS) is used in Public Key Infrastructure to communicate with other nodes in a swarm.

When a swarm is initialized with “docker swarm init” command in a docker host, root Certificate Authority (CA) with a key pair is created. This is for securing nodes that join the particular swarm.

“--external-ca”  flag is used with docker swarm init command to use external root CA.

Manager node generates worker token and manager token. Each token has the digest of the root CA certificate and a randomly generated secret. When a new node joins the docker swarm with the worker token the node uses the digesting part to verify the root CA from the manager node. 

While the leader node uses the secret to approve the new joining node. Manager node issues a certificate to the joining node with a randomly generated node ID

By default, swarm performs the renewal of the certificate every three months but it can be modified with the command

docker swarm update --cert-expiry <TIME PERIOD> 

In case if the leader-manager node is down we can rotate the root CA within the swarm so that no nodes trust the certificate signed by old root CA. This can be done by the command 

docker swarm ca --rotate

This command thus creates a cross signed certificate telling the nodes that still trusted  old CA to start verification against new root CA.

answered Aug 23, 2019 by Sirajul
• 59,230 points

Related Questions In Docker

0 votes
1 answer

What is the difference between “expose” and “publish” in Docker?

Basically, you have three options: Neither specify EXPOSE nor -p -> ...READ MORE

answered Jul 18, 2018 in Docker by Nilesh
• 7,060 points
3,270 views
0 votes
3 answers

What is the difference between a Docker image and a container?

Images are read-only templates that contain a ...READ MORE

answered Aug 10, 2020 in Docker by Vishal
• 260 points
6,661 views
0 votes
1 answer
+2 votes
1 answer
+5 votes
7 answers

Docker swarm vs kubernetes

Swarm is easy handling while kn8 is ...READ MORE

answered Aug 27, 2018 in Docker by Mahesh Ajmeria
3,908 views
0 votes
1 answer

what is routing mesh under docker swarm mode?

Routing Mesh is a feature which make ...READ MORE

answered Jul 8, 2019 in Docker by Sirajul
• 59,230 points
8,364 views
+1 vote
1 answer

what is the difference between docker swarm and kubernetes

Both Kubernetes and Docker Swarm are important ...READ MORE

answered Sep 24, 2019 in Docker by Sirajul
• 59,230 points
2,357 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP