Client Installation (json)

On docker daemon, you can connect to the leash-server using a simple json, but this imply that your planned rules don’t rely on clients hostname nor images/containers names. If that’s not the case, then refer to the Collar Installation (client).

Deploy the json file

The connection to the leash-server rely on a simple json file placed in usually in the /etc/docker/plugins/ directory.

/etc/docker/plugins/leash.json
 {
   "Name": "leash",
   "Addr": "https://docker-leash.kumy.org",
   "TLSConfig": {
     "InsecureSkipVerify": false,
     "CAFile": "/etc/docker/plugins/cacert-root.pem"
   }
 }

Fill the Addr field with your leash-server url. Point the CAFile field to the path of the CA used to sign leash-server webservice.

Even if it’s not recommended, you can disable SSL certificate verification by setting the InsecureSkipverify field to true.

Activate the plugin

Edit the docker daemon configuration and add authorization-plugins field to enable the plugin.

/etc/docker/daemon.json
{
        "authorization-plugins": ["leash"]
}

Now restart dockerd.

restart the docker daemon
$ systemctl restart docker

Next, read Users authentication.