@@ -536,7 +536,7 @@ please check the [run](run.md) reference.

 `--cluster-advertise` specifies the 'host:port' combination that this particular

 daemon instance should use when advertising itself to the cluster. The daemon

-should be reachable by remote hosts on this 'host:port' combination.

+is reached by remote hosts on this 'host:port' combination.

 The daemon uses [libkv](https://github.com/docker/libkv/) to advertise

 the node within the cluster.  Some Key/Value backends support mutual

@@ -545,6 +545,7 @@ using the `--cluster-store-opt` flag, specifying the paths to PEM encoded

 files. For example:

 ```bash

+docker daemon \

     --cluster-advertise 192.168.1.2:2376 \

     --cluster-store etcd://192.168.1.2:2379 \

     --cluster-store-opt kv.cacertfile=/path/to/ca.pem \

@@ -552,6 +553,25 @@ files. For example:

     --cluster-store-opt kv.keyfile=/path/to/key.pem

 ```

+The currently supported cluster store options are:

+

+*  `kv.cacertfile`

+

+    Specifies the path to a local file with PEM encoded CA certificates to trust

+

+*  `kv.certfile`

+

+    Specifies the path to a local file with a PEM encoded certificate.  This

+    certificate is used as the client cert for communication with the

+    Key/Value store.

+

+*  `kv.keyfile`

+

+    Specifies the path to a local file with a PEM encoded private key.  This

+    private key is used as the client key for communication with the

+    Key/Value store.

+

+

 ## Miscellaneous options

 IP masquerading uses address translation to allow containers without a public

@@ -9,6 +9,9 @@ docker-daemon - Enable daemon mode

 [**--api-cors-header**=[=*API-CORS-HEADER*]]

 [**-b**|**--bridge**[=*BRIDGE*]]

 [**--bip**[=*BIP*]]

+[**--cluster-store**[=*[]*]]

+[**--cluster-advertise**[=*[]*]]

+[**--cluster-store-opt**[=*map[]*]]

 [**-D**|**--debug**[=*false*]]

 [**--default-gateway**[=*DEFAULT-GATEWAY*]]

 [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]]

@@ -74,6 +77,16 @@ format.

 **--bip**=""

   Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b

+**--cluster-store**=""

+  URL of the distributed storage backend

+

+**--cluster-advertise**=""

+  Specifies the 'host:port' combination that this particular daemon instance should use when advertising

+  itself to the cluster. The daemon is reached by remote hosts on this 'host:port' combination.

+

+**--cluster-store-opt**=""

+  Specifies options for the Key/Value store.

+

 **-D**, **--debug**=*true*|*false*

   Enable debug mode. Default is false.

@@ -422,6 +435,31 @@ this topic, see

 Otherwise, set this flag for migrating existing Docker daemons to a

 daemon with a supported environment.

+# CLUSTER STORE OPTIONS

+

+The daemon uses libkv to advertise

+the node within the cluster.  Some Key/Value backends support mutual

+TLS, and the client TLS settings used by the daemon can be configured

+using the **--cluster-store-opt** flag, specifying the paths to PEM encoded

+files.

+

+#### kv.cacertfile

+

+Specifies the path to a local file with PEM encoded CA certificates to trust

+

+#### kv.certfile

+

+Specifies the path to a local file with a PEM encoded certificate.  This

+certificate is used as the client cert for communication with the

+Key/Value store.

+

+#### kv.keyfile

+

+Specifies the path to a local file with a PEM encoded private key.  This

+private key is used as the client key for communication with the

+Key/Value store.

+

+

 # HISTORY

 Sept 2015, Originally compiled by Shishir Mahajan <shishir.mahajan@redhat.com>

 based on docker.com source material and internal work.