swarmd/cmd/external-ca-example/README.md
# External CA Example
To get started, build and install the go program in this directory:
```
$ go install github.com/moby/swarmkit/v2/cmd/external-ca-example@latest
```
Now, run `external-ca-example`:
```
$ external-ca-example
INFO[0000] Now run: swarmd -d . --listen-control-api ./swarmd.sock --external-ca protocol=cfssl,url=https://localhost:58631/sign
```
This command initializes a new root CA along with the node certificate for the
first manager in a new cluster and saves it to a `certificates` directory in
the current directory. It then runs an HTTPS server on a random available port
which handles signing certificate requests from your manager nodes.
The server will continue to run after it prints out an example command to start
a new `swarmd` manager. Run this command in the current directory. You'll now
have a new swarm cluster which is configured to use this external CA.
Try joining new nodes to your cluster. Change into a new, empty directory and
run `swarmd` again with an argument to join the previous manager node:
```
$ swarmd -d . --listen-control-api ./swarmd.sock --listen-remote-api 0.0.0.0:4343 --join-addr localhost:4242 --join-token ...
Warning: Specifying a valid address with --listen-remote-api may be necessary for other managers to reach this one.
```
If this new node does not block indefinitely waiting for a TLS certificate to
be issued then everything is working correctly. Congratulations!