diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md index 1c3a2460f..f76d981cd 100644 --- a/docs/containers.conf.5.md +++ b/docs/containers.conf.5.md @@ -907,11 +907,24 @@ URI to access the Podman service - **rootless remote** - ssh://user@engineering.lab.company.com/run/user/1000/podman/podman.sock - **rootful local** - unix:///run/podman/podman.sock - **rootful remote** - ssh://root@10.10.1.136:22/run/podman/podman.sock +- **tcp/tls remote** - tcp://10.10.1.136:9443 **identity="~/.ssh/id_rsa** Path to file containing ssh identity key +**tls_cert_file="~/certs/podman/tls.crt"** + +Path to PEM file containing TLS client certificate + +**tls_key_file="~/certs/podman/tls.key"** + +Path to PEM file containing TLS client certificate private key + +**tls_ca_file="~/certs/podman/ca.crt"** + +Path to PEM file containing TLS certificate authority (CA) bundle + **[engine.volume_plugins]** A table of all the enabled volume plugins on the system. Volume plugins can be diff --git a/pkg/config/config.go b/pkg/config/config.go index 7a625efe0..8b9a39634 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -701,6 +701,13 @@ type Destination struct { // Identity file with ssh key, optional Identity string `json:",omitempty" toml:"identity,omitempty"` + // Path to TLS client certificate PEM file, optional + TLSCertFile string `json:",omitempty" toml:"tls_cert_file,omitempty"` + // Path to TLS client certificate private key PEM file, optional + TLSKeyFile string `json:",omitempty" toml:"tls_key_file,omitempty"` + // Path to TLS certificate authority PEM file, optional + TLSCAFile string `json:",omitempty" toml:"tls_ca_file,omitempty"` + // isMachine describes if the remote destination is a machine. IsMachine bool `json:",omitempty" toml:"is_machine,omitempty"` } diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf index 0d22bcf38..94cf8f9e0 100644 --- a/pkg/config/containers.conf +++ b/pkg/config/containers.conf @@ -766,10 +766,18 @@ default_sysctls = [ # rootful "unix:///run/podman/podman.sock (Default) # remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock # remote rootful ssh://root@10.10.1.136:22/run/podman/podman.sock +# tcp/tls remote tcp://10.10.1.136:9443 # # uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock" # Path to file containing ssh identity key # identity = "~/.ssh/id_rsa" +# Path to PEM file containing TLS client certificate +# tls_cert_file = "~/certs/podman/tls.crt" +# Path to PEM file containing TLS client certificate private key +# tls_key_file = "~/certs/podman/tls.key" +# Path to PEM file containing TLS certificate authority (CA) bundle +# tls_ca_file = "~/certs/podman/ca.crt" + # Directory for temporary files. Must be tmpfs (wiped after reboot) # diff --git a/pkg/config/containers.conf-freebsd b/pkg/config/containers.conf-freebsd index f5b51dd22..4dbdd956c 100644 --- a/pkg/config/containers.conf-freebsd +++ b/pkg/config/containers.conf-freebsd @@ -587,10 +587,17 @@ default_sysctls = [ # rootful "unix:///run/podman/podman.sock (Default) # remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock # remote rootful ssh://root@10.10.1.136:22/run/podman/podman.sock +# tcp/tls remote tcp://10.10.1.136:9443 # # uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock" # Path to file containing ssh identity key # identity = "~/.ssh/id_rsa" +# Path to PEM file containing TLS client certificate +# tls_cert_file = "~/certs/podman/tls.crt" +# Path to PEM file containing TLS client certificate private key +# tls_key_file = "~/certs/podman/tls.key" +# Path to PEM file containing TLS certificate authority (CA) bundle +# tls_ca_file = "~/certs/podman/ca.crt" # Directory for temporary files. Must be tmpfs (wiped after reboot) #