Overview of Docker Agent and TLS SSL.


Article ID: 101573


Updated On:


APP PERF MANAGEMENT CA Application Performance Management Agent (APM / Wily / Introscope) CUSTOMER EXPERIENCE MANAGER INTROSCOPE


How does Docker Agent work with TLS/SSL?


APM 10.5/10.7


This is how Docker Monitor works  
1. It connects to the docker daemon process through HTTP/S ( in 10.5.2 ) and through Unix Socket in 10.7 and collect performance metric & metadata about containers  
2. Connects to the enterprise manager to send the collected information  

In both cases, the DM agent is a client program .In the first case, the docker daemon is a server and on the second case EM is the server. Both of them can be configured so that it only accepts connections from clients providing a certificate trusted by your CA.  

This is the way you can configure docker daemon process to accept only authorized client  


Look for HTTPS tunnelling and SSL section in the docops to find out how EM is configured . 


Now, the docker monitor agent section :  
a) to connect to EM : follow https://docops.ca.com/ca-apm/10-5/en/implementing-agents/java-agent/configure-java-monitoring/configure-java-agent#ConfigureJavaAgent-ConnecttotheEnterpriseManageroverSSL  

2) to connect to Docker Daemon : Follow section 3 of https://docops.ca.com/ca-apm/10-5/en/implementing-agents/ca-apm-agentless-docker-monitor-and-container-flow-map/configure-the-agentless-docker-monitor  

With APM 10.7 - the Docker Monitor configuration is simple. It is done via Unix Socket. So, even if you configure yourdaemon process with TLS - we should be able to communicate without any configuration via the Unix socket.