docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Port UCP user topics to template (#391)

This commit is contained in:
Jim Galasyn 2018-01-04 10:56:58 -08:00
parent ab8767aadd
commit 0518ac55c2
11 changed files with 131 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
datacenter/ucp/2.2/guides/access-control/isolate-nodes-between-teams.md
View File

@ -149,7 +149,7 @@ All resources are deployed under the user's default collection,
4. Click the **NGINX** container, and in the details pane, confirm that its
**Collection** is **/Prod/Webserver**.
![](../../images/isolate-nodes-3.png){: .with-border}
![](../images/isolate-nodes-3.png){: .with-border}
5. Click **Inspect Resource**, and in the dropdown, select **Nodes**.
6. Click the node, and in the details pane, confirm that its **Collection**

22
datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access.md
View File

@ -2,7 +2,16 @@
title: CLI-based access
description: Learn how to access Docker Universal Control Plane from the CLI.
keywords: ucp, cli, administration
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../services/
title: Deploy a service
---
{% if include.version=="ucp-3.0" %}
With Universal Control Plane you can continue using the tools you know and
love like the Docker CLI client and Kubectl. You just need to download and use
@ -12,7 +21,6 @@ A client bundle contains a private and public key pair that authorizes your
requests in UCP. It also contains utility scripts you can use to configure
your Docker and Kubectl client tools to talk to your UCP deployment.
## Download client certificates
To download a client certificate bundle, log in to the UCP web UI and
@ -111,7 +119,7 @@ responses.
To install these tools on a Ubuntu distribution, you can run:
```bash
$ sudo apt-get update && sudo apt-get install curl jq
sudo apt-get update && sudo apt-get install curl jq
```
Then you get an authentication token from UCP, and use it to download the
@ -119,12 +127,14 @@ client certificates.
```bash
# Create an environment variable with the user security token
$ AUTHTOKEN=$(curl -sk -d '{"username":"<username>","password":"<password>"}' https://<ucp-ip>/auth/login | jq -r .auth_token)
AUTHTOKEN=$(curl -sk -d '{"username":"<username>","password":"<password>"}' https://<ucp-ip>/auth/login | jq -r .auth_token)
# Download the client certificate bundle
$ curl -k -H "Authorization: Bearer $AUTHTOKEN" https://<ucp-ip>/api/clientbundle -o bundle.zip
curl -k -H "Authorization: Bearer $AUTHTOKEN" https://<ucp-ip>/api/clientbundle -o bundle.zip
```
## Where to go next
{% elsif include.version=="ucp-2.2" %}
* [Access the UCP web UI](index.md)
Learn about [CLI-based access](/datacenter/ucp/2.2/guides/user/access-ucp/cli-based-access.md).
{% endif %}

14
datacenter/ucp/3.0/guides/user/access-ucp/index.md
View File

@ -2,7 +2,16 @@
title: Web-based access
description: Learn how to access Docker Universal Control Plane from the web browser.
keywords: ucp, web, administration
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: ../../authorization/
title: Authorization
- path: cli-based-access/
title: Access UCP from the CLI
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane allows you to manage your cluster in a visual
way, from your browser.
@ -25,7 +34,4 @@ From the browser, administrators can:
Non-admin users can only see and change the images, networks, volumes, and
containers, and only when they're granted access by an administrator.
# Where to go next
* [Authorization](../../access-control/index.md)
* [Access UCP from the CLI](cli-based-access.md)
{% endif %}

8
datacenter/ucp/3.0/guides/user/secrets/grant-revoke-access.md
View File

@ -2,7 +2,11 @@
title: Give access to secrets
description: Learn how to use labels to give permissions to secrets in Docker UCP.
keywords: UCP, secret, password, certificate, private key
ui_tabs:
- version: ucp-3.0
orlower: true
---
{% if include.version=="ucp-3.0" %}
UCP gives you access control, so that you can specify which users can use a
specific secret in their services and which users can delete the secret.
@ -31,6 +35,4 @@ secret data.
To revoke access to a secret you can edit the secret to change the access label,
or update the permissions a team has for a label.
## Where to go next
* [Manage secrets](index.md)
{% endif %}

11
datacenter/ucp/3.0/guides/user/secrets/index.md
View File

@ -2,7 +2,14 @@
title: Manage secrets
description: Learn how to manage your passwords, certificates, and other secrets in a secure way with Docker EE
keywords: UCP, secret, password, certificate, private key
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: grant-revoke-access/
title: Grant access to secrets
---
{% if include.version=="ucp-3.0" %}
When deploying and orchestrating services, you often need to configure them
with sensitive information like passwords, TLS certificates, or private keys.
@ -188,6 +195,4 @@ WordPress application is running and using the new password.
You can find additional documentation on managing secrets through the CLI at [How Docker manages secrets](/engine/swarm/secrets/#read-more-about-docker-secret-commands).
## Where to go next
[Grant access to secrets](grant-revoke-access.md)
{% endif %}

20
datacenter/ucp/3.0/guides/user/services/deploy-a-service.md
View File

@ -2,7 +2,15 @@
title: Deploy a service
description: Learn how to deploy services to a cluster managed by Universal Control Plane.
keywords: ucp, deploy, service
ui_tabs:
- version: ucp-3.0
orlower: true
cli_tabs:
- version: docker-cli-linux
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
You can deploy and monitor your services from the UCP web UI. In this example
we'll deploy an [NGINX](https://www.nginx.com/) web server and make it
@ -43,14 +51,22 @@ page, by going to `http://<node-ip>:8000`.
![](../../images/deploy-a-service-4.png){: .with-border}
## Deploy from the CLI
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
You can also deploy the same service from the CLI. Once you've set up your
[UCP client bundle](../access-ucp/cli-based-access.md), run:
```none
```bash
docker service create --name nginx \
--publish 8000:80 \
--label com.docker.ucp.access.owner=<your-username> \
nginx
```
{% endif %}
{% endif %}

16
datacenter/ucp/3.0/guides/user/services/deploy-app-cli.md
View File

@ -2,7 +2,11 @@
title: Deploy an app from the CLI
description: Learn how to deploy containerized applications on a cluster, with Docker Universal Control Plane.
keywords: ucp, deploy, application, stack, service, compose
ui_tabs:
- version: ucp-3.0
orlower: true
---
{% if include.version=="ucp-3.0" %}
With Docker Universal Control Plane you can deploy your apps from the CLI,
using `docker-compose.yml` files. In this example, we're going to deploy an
@ -11,7 +15,7 @@ application that allows users to vote on whether they prefer cats or dogs.
## Get a client certificate bundle
Docker UCP secures your Docker cluster with
[role-based access control](../../access-control/index.md),
[role-based access control](../../authorization/index.md),
so that only authorized users can deploy applications. To be able to run Docker
commands on a cluster managed by UCP, you need to configure your Docker CLI
client to authenticate to UCP using client certificates.
@ -32,7 +36,7 @@ The application we're going to deploy is composed of several services:
After setting up your Docker CLI client to authenticate using client certificates,
create a file named `docker-compose.yml` with the following contents:
```none
```yaml
version: "3"
services:
@ -135,7 +139,7 @@ docker stack deploy --compose-file docker-compose.yml VotingApp
Test that the voting app is up and running using `docker stack services`:
```bash
$ docker stack services VotingApp
docker stack services VotingApp
ID NAME MODE REPLICAS IMAGE
df7uqiqyqi1n VotingApp_visualizer replicated 1/1 manomarks/visualizer:latest
@ -171,7 +175,7 @@ When you're all done, you can take down the entire stack by using `docker stack
rm`:
```bash
$ docker stack rm VotingApp
docker stack rm VotingApp
Removing service VotingApp_visualizer
Removing service VotingApp_result
@ -184,6 +188,4 @@ Removing network VotingApp_frontend
Removing network VotingApp_default
```
## Where to go next
* [Deploy an app from the UI](index.md)
{% endif %}

8
datacenter/ucp/3.0/guides/user/services/deploy-compose-on-kubernetes.md
View File

@ -2,7 +2,11 @@
title: Deploy a Compose-based app to a Kubernetes cluster
description: Use Docker Enterprise Edition to deploy a Kubernetes workload from a Docker compose.
keywords: UCP, Docker EE, Kubernetes, Compose
ui_tabs:
- version: ucp-3.0
orlower: false
---
{% if include.version=="ucp-3.0" %}
Docker Enterprise Edition enables deploying [Docker Compose](/compose/overview.md/)
files to Kubernetes clusters. Starting in Compile file version 3.3, you use the
@ -83,4 +87,6 @@ are running.
![](../../images/deploy-compose-kubernetes-3.png){: .with-border}
7. Refresh the page to see how the load is balanced across the pods.
7. Refresh the page to see how the load is balanced across the pods.
{% endif %}

42
datacenter/ucp/3.0/guides/user/services/deploy-kubernetes-workload.md
View File

@ -2,7 +2,15 @@
title: Deploy a workload to a Kubernetes cluster
description: Use Docker Enterprise Edition to deploy Kubernetes workloads from yaml files.
keywords: UCP, Docker EE, orchestration, Kubernetes, cluster
ui_tabs:
- version: ucp-3.0
orlower: false
cli_tabs:
- version: kubectl
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
The Docker EE web UI enables deploying your Kubernetes YAML files. In most
cases, no modifications are necessary to deploy on a cluster that's managed by
@ -140,12 +148,17 @@ spec:
4. Find the **image: nginx:1.7.9** entry and change it to **image: nginx:1.8**.
5. Click **Edit** to update the deployment with the new YAML.
## Deploy by using the CLI
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="kubectl" %}
With Docker EE, you deploy your Kubernetes objects on the command line by using
`kubectl`. [Install and set up kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
Use a client bundle to configure your client tools, like Docker CLI and `kubctl`
Use a client bundle to configure your client tools, like Docker CLI and `kubectl`
to communicate with UCP instead of the local deployments you might have running.
[Get your client bundle by using the Docker EE web UI or the command line](../access-ucp/cli-based-access.md).
@ -250,18 +263,21 @@ You should see the currently running image:
## Kubernetes limitations
There's a few limitations you should be aware when creating Kubernetes
workloads:
There are a few limitations that you should be aware of when creating
Kubernetes workloads:
* Docker EE has its own RBAC system, so it's not possible to create
ClusterRole objects, ClusterRoleBinding objects, or any other object that is
created using the `/apis/rbac.authorization.k8s.io` endpoints.
ClusterRole objects, ClusterRoleBinding objects, or any other object that is
created using the `/apis/rbac.authorization.k8s.io` endpoints.
* To make sure your cluster is secure, only admin users can deploy Pods with
privileged options. These are options like `PodSpec.hostIPC`, `PodSpec.hostNetwork`,
`PodSpec.hostPID`, `SecurityContext.allowPrivilegeEscalation`,
`SecurityContext.capabilities`, `SecurityContext.privileged`, and
`Volume.hostPath`.
privileged options. These are options like `PodSpec.hostIPC`, `PodSpec.hostNetwork`,
`PodSpec.hostPID`, `SecurityContext.allowPrivilegeEscalation`,
`SecurityContext.capabilities`, `SecurityContext.privileged`, and
`Volume.hostPath`.
* You can't grant permissions to Kubernetes service accounts.
The `default` service account has no permissions and cannot use the Kubernetes
API. All other service accounts have full admin permissions and can only be used
by Docker EE administrators.
The `default` service account has no permissions and cannot use the Kubernetes
API. All other service accounts have full admin permissions and can only be
used by Docker EE administrators.
{% endif %}
{% endif %}

33
datacenter/ucp/3.0/guides/user/services/deploy-stack-to-collection.md
View File

@ -2,13 +2,24 @@
title: Deploy application resources to a collection
description: Learn how to manage user access to application resources by using collections.
keywords: UCP, authentication, user management, stack, collection, role, application, resources
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: ../../authorization/
title: Access control model
- path: /engine/reference/commandline/service_create/#set-metadata-on-a-service--l-label/
title: Set metadata on a service (-l, label)
- path: /engine/userguide/labels-custom-metadata/
title: Docker object labels
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane enforces role-based access control when you
deploy services. By default, you don't need to do anything, because UCP deploys
your services to a default collection, unless you specify another one. You can
customize the default collection in your UCP profile page.
[Learn more about access control and collections](../../access-control/manage-access-with-collections.md).
[Learn more about access control and collections](../../authorization/index.md).
UCP defines a collection by its path. For example, a user's default collection
has the path `/Shared/Private/<username>`. To deploy a service to a collection
@ -17,9 +28,9 @@ service. The access label is named `com.docker.ucp.access.label`.
When UCP deploys a service, it doesn't automatically create the collections
that correspond with your access labels. An administrator must create these
collections and [grant users access to them](grant-permissions.md). Deployment
fails if UCP can't find a specified collection or if the user doesn't have
access to it.
collections and [grant users access to them](../../authorization/grant-permissions.md).
Deployment fails if UCP can't find a specified collection or if the user
doesn't have access to it.
## Deploy a service to a collection by using the CLI
@ -27,11 +38,11 @@ Here's an example of a `docker service create` command that deploys a service
to a `/Shared/database` collection:
```bash
$ docker service create \
docker service create \
--name redis_2 \
--label com.docker.ucp.access.label="/Shared/database"
redis:3.0.6
```
```
## Deploy services to a collection by using a Compose file
@ -48,7 +59,7 @@ time, you won't need to do this.
Here's an example of a Compose file that specifies two services, WordPress and
MySQL, and gives them the access label `/Shared/wordpress`:
```none
```yaml
version: '3.1'
services:
@ -69,7 +80,6 @@ services:
deploy:
labels:
com.docker.ucp.access.label: /Shared/wordpress
```
To deploy the application:
@ -93,9 +103,4 @@ To confirm that the service deployed to the `/Shared/wordpress` collection:
![](../../images/deploy-stack-to-collection.png){: .with-border}
## Where to go next
- [Manage access to resources by using collections](../../access-control/manage-access-with-collections.md)
- [Set metadata on a service (-l, label)](/engine/reference/commandline/service_create/#set-metadata-on-a-service--l-label)
- [Docker object labels](/engine/userguide/labels-custom-metadata.md)
{% endif %}

13
datacenter/ucp/3.0/guides/user/services/index.md
View File

@ -2,7 +2,14 @@
title: Deploy an app from the UI
description: Learn how to deploy containerized applications on a cluster, with Docker Universal Control Plane.
keywords: ucp, deploy, application, stack, service, compose
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: deploy-app-cli/
title: Deploy an app from the CLI
---
{% if include.version=="ucp-3.0" %}
With Docker Universal Control Plane you can deploy applications from the UI
using `docker-compose.yml` files. In this example, we're going to deploy an
@ -28,7 +35,7 @@ select **Services**.
Paste the following YAML into the **COMPOSE.YML** editor:
```none
```yaml
version: "3"
services:
@ -171,6 +178,4 @@ To overcome these limitations, you can
Also, UCP doesn't store the compose file used to deploy the application. You can
use your version control system to persist that file.
## Where to go next
* [Deploy an app from the CLI](deploy-app-cli.md)
{% endif %}