This is how Docker Monitor works
1. It connects to the docker daemon process through HTTP/S ( in 10.5.2 ) and through Unix Socket in 10.7 and collect performance metric & metadata about containers
2. Connects to the enterprise manager to send the collected information
In both cases, the DM agent is a client program .In the first case, the docker daemon is a server and on the second case EM is the server. Both of them can be configured so that it only accepts connections from clients providing a certificate trusted by your CA.
This is the way you can configure docker daemon process to accept only authorized client https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl
Look for HTTPS tunnelling and SSL section in the docops to find out how EM is configured . https://docops.ca.com/ca-apm/10-5/en/administrating/configure-the-workstation/http-tunneling-and-ssl
Now, the docker monitor agent section :
a) to connect to EM : follow https://docops.ca.com/ca-apm/10-5/en/implementing-agents/java-agent/configure-java-monitoring/configure-java-agent#ConfigureJavaAgent-ConnecttotheEnterpriseManageroverSSL
2) to connect to Docker Daemon : Follow section 3 of https://docops.ca.com/ca-apm/10-5/en/implementing-agents/ca-apm-agentless-docker-monitor-and-container-flow-map/configure-the-agentless-docker-monitor
With APM 10.7 - the Docker Monitor configuration is simple. It is done via Unix Socket. So, even if you configure yourdaemon process with TLS - we should be able to communicate without any configuration via the Unix socket.