Docker-based deployments have become common to make software and platform management easier. Most Docker engines and clusters are considered to be running in a trusted environment. However, when secured Docker engine endpoints are needed, TLS can be enabled for authentication. While this process is documented, deployment of Docker Swarm with TLS enabled for security is still a complex process. We have developed a set of Ansible playbooks that create a working Swarm, from certificate generation to client node deployment, to make secure deployments easier.
The key steps needed for Swarm deployment include:
- Configuration of CA, manager, and nodes
- Generation of certificates for TLS, along with CA key
- Deployment of Docker engine with TLS
- Deploy consul discovery container and Swarm managers
- Configure and connect Swarm nodes
After setting the playbook variables and host groups (1 CA server, 2 Managers, 1+ Nodes), this playbook will launch a highly-available Docker Swarm.