[root@master TLS]# scp ca.pem root@20.0.0.112:/etc/docker
The authenticity of host '20.0.0.112 (20.0.0.112)' can't be established.
ECDSA key fingerprint is SHA256:Vxy4zHvwk81l+PWPJmRA7hPBx9ygvOOkGCaslE9sAHk.
ECDSA key fingerprint is MD5:46:25:e5:0b:d7:14:7d:4d:2e:28:99:0a:fd:4e:07:31.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '20.0.0.112' (ECDSA) to the list of known hosts.
root@20.0.0.112's password:
ca.pem 100% 1765 953.6KB/s 00:00
[root@master TLS]# scp client* root@20.0.0.112:/etc/docker/
root@20.0.0.112's password:
client-cert.pem 100% 1696 732.8KB/s 00:00
client-key.pem 100% 3243 3.9MB/s 00:00
本地验证
[root@master TLS]# docker --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H tcp://master:2376 images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest 3dd970e6b110 5 weeks ago 138MB
client节点指定加密文件远程调用测试
[root@client ~]# cd /etc/docker/[root@client docker]# ls
ca.pem client-cert.pem client-key.pem daemon.json key.json
[root@client docker]# docker --tlsverify --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem -H tcp://master:2376 images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest 3dd970e6b110 5 weeks ago 138MB