I have docker running with docker-machine on my Mac.
In my docker VM I have loaded my company's internal root certificate in /etc/ssl/cacert.pem.
Install the plugin with docker plugin enable splunk-logging-plugin
docker plugin enable splunk-logging-plugin
In /etc/docker/daemon.json I set splunk-capath to that file.
When I start a docker image I get error creating splunk logger: open /etc/ssl/cacert.pem: no such file or directory"
error creating splunk logger: open /etc/ssl/cacert.pem: no such file or directory"
When I change splunk-capath to a random cert on the image I'm running it appears to load and try to use it for TLS verification.
Does this mean I need to add the corporate certs to every docker image I am going to run for the docker splunk forwarder to work?
Answering my question, the splunk logger runs in it's own docker container. https://github.com/splunk/docker-logging-plugin/blob/develop/Dockerfile
So splunk-capath is in this container. I guess you need to make your own image FROM that one with your certs if you want to add certs to it.