How does Docker Agent work with TLS/SSL?
This is how Docker Monitor works
1. It connects to the docker daemon process through HTTP/S ( in 10.5.2 ) and through Unix Socket in 10.7 and collect performance metric & metadata about containers
2. Connects to the enterprise manager to send the collected information
In both cases, the DM agent is a client program .In the first case, the docker daemon is a server and on the second case EM is the server. Both of them can be configured so that it only accepts connections from clients providing a certificate trusted by your CA.
This is the way you can configure docker daemon process to accept only authorized client
Look for HTTPS tunnelling and SSL section in the docops to find out how EM is configured .
Now, the docker monitor agent section :
a) to connect to EM : follow https://docops.ca.com/ca-apm/10-5/en/implementing-agents/java-agent/configure-java-monitoring/configure-java-agent#ConfigureJavaAgent-ConnecttotheEnterpriseManageroverSSL
2) to connect to Docker Daemon : Follow section 3 of https://docops.ca.com/ca-apm/10-5/en/implementing-agents/ca-apm-agentless-docker-monitor-and-container-flow-map/configure-the-agentless-docker-monitor
With APM 10.7 - the Docker Monitor configuration is simple. It is done via Unix Socket. So, even if you configure yourdaemon process with TLS - we should be able to communicate without any configuration via the Unix socket.