Aaron Lehmann acf0bc4b9a Replace secrets with join tokens

Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121

Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.

Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>

2017-06-02 00:10:02 +00:00

989 B

Raw Blame History

swarm update

Usage:  docker swarm update [OPTIONS]

Update the swarm

Options:
      --cert-expiry duration            Validity period for node certificates (default 2160h0m0s)
      --dispatcher-heartbeat duration   Dispatcher heartbeat period (default 5s)
      --external-ca value               Specifications of one or more certificate signing endpoints
      --help                            Print usage
      --task-history-limit int          Task history retention limit (default 10)

Updates a swarm cluster with new parameter values. This command must target a manager node.

$ docker swarm update --cert-expirty 4000h0m0s

989 B Raw Blame History

swarm update

Related information

989 B

Raw Blame History