Collar Installation (client)¶
On docker daemon side, deploy the docker collar plugin. The collar-client will enrich requests from the docker daemon with clients hostname. It will also try to translate images or containers ids to human readable names. Such conversion are necessary if your planned rules rely on images/containers names. If that’s not the case, then refer to the Client Installation (json).
Build the plugin yourself¶
The plugin construction is managed using a makefile.
$ make rootfs
$ make create
Installing from registry¶
We provide prebuilt docker plugin image directly available on the docker hub.
$ docker plugin install dockerleash/leash-client
Configure the plugin¶
The collar need to be configured according to your local environment.
Note
Plugin need to be disabled to be configured.
Variables:
- LEASH_URL mandatory
- LEASH_CA_CERT /certs/ca.pem
- LEASH_CONNECT_TIMEOUT 10
- DOCKER_CA_CERT /certs/ca.pem
- DOCKER_CERT_FILE /certs/cert.pem
- DOCKER_KEY_FILE /certs/key.pem
- DOCKER_URL https://127.0.0.1:2376
- DOCKER_CONNECT_TIMEOUT 10
- DEBUG default false
- ALLOW_PING default true
- ALLOW_READONLY default false
- SENTRY_DSN default None
Mounts:
- certs /certs/ /etc/docker/plugins/collar.d/
docker plugin dockerleash/collar:0.1 LEASH_URL=https://your-leash-server
Load the plugin on docker daemon start¶
The docker daemon need to start the plugin on boot.
docker plugin enable dockerleash/collar:0.1
Activate the collar¶
Edit the docker daemon configuration.
{
"authorization-plugins": ["dockerleash/collar:0.1"]
}
Next, read Users authentication.