Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update note about custom certs with system certs #417

Merged
merged 1 commit into from
Nov 4, 2016
Merged

Update note about custom certs with system certs #417

merged 1 commit into from
Nov 4, 2016

Conversation

dmcgowan
Copy link
Contributor

@dmcgowan dmcgowan commented Nov 1, 2016

Describe the proposed changes

Docker 1.13 will now merge custom certificates with the system certificate pool. This change updates the note about when the system certificate pool is used. Also fixed incorrect statement about example layout. The example was only showing custom certificates, and not multiple certificates.

Project version

Docker Engine 1.13

Related issue or PR in another project

moby/moby#27918

Please take a look

@thaJeztah

@thaJeztah thaJeztah reopened this Nov 2, 2016
@thaJeztah
Copy link
Member

This was closed due to some unrelated fixes #xyz mentions in an old commit 😂

thaJeztah
thaJeztah reviewed Nov 2, 2016
View reviewed changes
engine/security/certificates.md
> will use the system default (i.e., host's root CA set).
> As of docker 1.13, on Linux any root certificates authorities will be merged
> in with the system defaults (i.e., host's root CA set). Prior to 1.13 and on
> Windows, the system default certificates will only be used when there are no
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

asked @dmcgowan and unfortunately, the Go update required for this feature wasn't implemented for Windows

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thaJeztah this is only tangentially related to this change, but I'm wondering if you need to restart the Docker daemon for Docker to load these certificates?
My understanding is that if you were adding certs to the host trusted CA store, you would need to restart the daemon. If you do need to restart, maybe we need to mention it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

golang/go#16736, looks like will be fixed in 1.8

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joaofnfernandes restart is not needed, these certificates are always read at the start of a push or pull operation and not kept around after

thaJeztah
thaJeztah approved these changes Nov 2, 2016
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@thaJeztah
Copy link
Member

oh, hold on, this should be in the vnext-engine branch, let me try if I can switch it on GitHub 🌟

@thaJeztah thaJeztah changed the base branch from master to vnext-engine November 2, 2016 20:10
@dmcgowan
Update note about custom certs with system certs
f18c670 
Fixed incorrect statement about example layout

Related to moby/moby#27918

Signed-off-by: Derek McGowan <[email protected]> (github: dmcgowan)
@thaJeztah
Copy link
Member

It's on the right branch now, and moby/moby#27918 was merged, so this should probably be ready to go.

@joaofnfernandes for review/merge 😄

@joaofnfernandes
Copy link
Contributor

@dmcgowan thanks for helping with docs.
LGTM, firing away!

@joaofnfernandes joaofnfernandes merged commit 56b204a into docker:vnext-engine Nov 4, 2016
@johndmulhausen johndmulhausen added this to the engine/1.13.0 milestone Nov 11, 2016
joaofnfernandes pushed a commit to joaofnfernandes/docker.github.io that referenced this pull request Nov 11, 2016
Updates for 0.7.0 Release
5037bf3 
- Close docker#194 and fix
- Fix and close docker#425
- Fix and close docker#417
- Fix and close docker#420
- Fix and close docker#422
- Adding in documentation build scripts
- Fix and close docker#431
- Fix and close docker#438, and Fix and close docker#429
- Work on 441
- Adding in commands reference
- Updating all the options to tables
- Updating per Vivek docker#498
- Adding vivek's last suggestions

Signed-off-by: Mary Anthony <[email protected]>
joaofnfernandes pushed a commit to joaofnfernandes/docker.github.io that referenced this pull request Apr 16, 2018
Tweak k8s URLs to point to v1.8 topics (docker#417)
e5b9b83
JimGalasyn pushed a commit that referenced this pull request Apr 16, 2018
Tweak k8s URLs to point to v1.8 topics (#417)
125b1d6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joaofnfernandes joaofnfernandes joaofnfernandes left review comments

@thaJeztah thaJeztah thaJeztah approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
engine/1.13.0
Development

Successfully merging this pull request may close these issues.
4 participants
@dmcgowan @thaJeztah @joaofnfernandes @johndmulhausen