diff --git a/datacenter/ucp/2.2/guides/access-control/isolate-nodes-between-teams.md b/datacenter/ucp/2.2/guides/access-control/isolate-nodes-between-teams.md index 9685eb1715..1bd0ad8e5f 100644 --- a/datacenter/ucp/2.2/guides/access-control/isolate-nodes-between-teams.md +++ b/datacenter/ucp/2.2/guides/access-control/isolate-nodes-between-teams.md @@ -149,7 +149,7 @@ All resources are deployed under the user's default collection, 4. Click the **NGINX** container, and in the details pane, confirm that its **Collection** is **/Prod/Webserver**. - ![](../../images/isolate-nodes-3.png){: .with-border} + ![](../images/isolate-nodes-3.png){: .with-border} 5. Click **Inspect Resource**, and in the dropdown, select **Nodes**. 6. Click the node, and in the details pane, confirm that its **Collection** diff --git a/datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access.md b/datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access.md index 4cb09cf570..ccf760a4b6 100644 --- a/datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access.md +++ b/datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access.md @@ -2,7 +2,16 @@ title: CLI-based access description: Learn how to access Docker Universal Control Plane from the CLI. keywords: ucp, cli, administration +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: ../services/ + title: Deploy a service --- +{% if include.version=="ucp-3.0" %} With Universal Control Plane you can continue using the tools you know and love like the Docker CLI client and Kubectl. You just need to download and use @@ -12,7 +21,6 @@ A client bundle contains a private and public key pair that authorizes your requests in UCP. It also contains utility scripts you can use to configure your Docker and Kubectl client tools to talk to your UCP deployment. - ## Download client certificates To download a client certificate bundle, log in to the UCP web UI and @@ -111,7 +119,7 @@ responses. To install these tools on a Ubuntu distribution, you can run: ```bash -$ sudo apt-get update && sudo apt-get install curl jq +sudo apt-get update && sudo apt-get install curl jq ``` Then you get an authentication token from UCP, and use it to download the @@ -119,12 +127,14 @@ client certificates. ```bash # Create an environment variable with the user security token -$ AUTHTOKEN=$(curl -sk -d '{"username":"","password":""}' https:///auth/login | jq -r .auth_token) +AUTHTOKEN=$(curl -sk -d '{"username":"","password":""}' https:///auth/login | jq -r .auth_token) # Download the client certificate bundle -$ curl -k -H "Authorization: Bearer $AUTHTOKEN" https:///api/clientbundle -o bundle.zip +curl -k -H "Authorization: Bearer $AUTHTOKEN" https:///api/clientbundle -o bundle.zip ``` -## Where to go next +{% elsif include.version=="ucp-2.2" %} -* [Access the UCP web UI](index.md) +Learn about [CLI-based access](/datacenter/ucp/2.2/guides/user/access-ucp/cli-based-access.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/user/access-ucp/index.md b/datacenter/ucp/3.0/guides/user/access-ucp/index.md index 4e5b3961a3..be68dfd9d1 100644 --- a/datacenter/ucp/3.0/guides/user/access-ucp/index.md +++ b/datacenter/ucp/3.0/guides/user/access-ucp/index.md @@ -2,7 +2,16 @@ title: Web-based access description: Learn how to access Docker Universal Control Plane from the web browser. keywords: ucp, web, administration +ui_tabs: +- version: ucp-3.0 + orlower: true +next_steps: +- path: ../../authorization/ + title: Authorization +- path: cli-based-access/ + title: Access UCP from the CLI --- +{% if include.version=="ucp-3.0" %} Docker Universal Control Plane allows you to manage your cluster in a visual way, from your browser. @@ -25,7 +34,4 @@ From the browser, administrators can: Non-admin users can only see and change the images, networks, volumes, and containers, and only when they're granted access by an administrator. -# Where to go next - -* [Authorization](../../access-control/index.md) -* [Access UCP from the CLI](cli-based-access.md) +{% endif %} diff --git a/datacenter/ucp/3.0/guides/user/secrets/grant-revoke-access.md b/datacenter/ucp/3.0/guides/user/secrets/grant-revoke-access.md index 3904c30761..863d8ccf35 100644 --- a/datacenter/ucp/3.0/guides/user/secrets/grant-revoke-access.md +++ b/datacenter/ucp/3.0/guides/user/secrets/grant-revoke-access.md @@ -2,7 +2,11 @@ title: Give access to secrets description: Learn how to use labels to give permissions to secrets in Docker UCP. keywords: UCP, secret, password, certificate, private key +ui_tabs: +- version: ucp-3.0 + orlower: true --- +{% if include.version=="ucp-3.0" %} UCP gives you access control, so that you can specify which users can use a specific secret in their services and which users can delete the secret. @@ -31,6 +35,4 @@ secret data. To revoke access to a secret you can edit the secret to change the access label, or update the permissions a team has for a label. -## Where to go next - -* [Manage secrets](index.md) +{% endif %} diff --git a/datacenter/ucp/3.0/guides/user/secrets/index.md b/datacenter/ucp/3.0/guides/user/secrets/index.md index 514a7d48f1..4bd7f91525 100644 --- a/datacenter/ucp/3.0/guides/user/secrets/index.md +++ b/datacenter/ucp/3.0/guides/user/secrets/index.md @@ -2,7 +2,14 @@ title: Manage secrets description: Learn how to manage your passwords, certificates, and other secrets in a secure way with Docker EE keywords: UCP, secret, password, certificate, private key +ui_tabs: +- version: ucp-3.0 + orlower: true +next_steps: +- path: grant-revoke-access/ + title: Grant access to secrets --- +{% if include.version=="ucp-3.0" %} When deploying and orchestrating services, you often need to configure them with sensitive information like passwords, TLS certificates, or private keys. @@ -188,6 +195,4 @@ WordPress application is running and using the new password. You can find additional documentation on managing secrets through the CLI at [How Docker manages secrets](/engine/swarm/secrets/#read-more-about-docker-secret-commands). -## Where to go next - -[Grant access to secrets](grant-revoke-access.md) +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/user/services/deploy-a-service.md b/datacenter/ucp/3.0/guides/user/services/deploy-a-service.md index 49d0521c67..d4803a1f4a 100644 --- a/datacenter/ucp/3.0/guides/user/services/deploy-a-service.md +++ b/datacenter/ucp/3.0/guides/user/services/deploy-a-service.md @@ -2,7 +2,15 @@ title: Deploy a service description: Learn how to deploy services to a cluster managed by Universal Control Plane. keywords: ucp, deploy, service +ui_tabs: +- version: ucp-3.0 + orlower: true +cli_tabs: +- version: docker-cli-linux --- +{% if include.ui %} + +{% if include.version=="ucp-3.0" %} You can deploy and monitor your services from the UCP web UI. In this example we'll deploy an [NGINX](https://www.nginx.com/) web server and make it @@ -43,14 +51,22 @@ page, by going to `http://:8000`. ![](../../images/deploy-a-service-4.png){: .with-border} -## Deploy from the CLI +{% endif %} +{% endif %} + +{% if include.cli %} + +{% if include.version=="docker-cli-linux" %} You can also deploy the same service from the CLI. Once you've set up your [UCP client bundle](../access-ucp/cli-based-access.md), run: -```none +```bash docker service create --name nginx \ --publish 8000:80 \ --label com.docker.ucp.access.owner= \ nginx ``` + +{% endif %} +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/user/services/deploy-app-cli.md b/datacenter/ucp/3.0/guides/user/services/deploy-app-cli.md index 9cda5a12a6..b6164f4255 100644 --- a/datacenter/ucp/3.0/guides/user/services/deploy-app-cli.md +++ b/datacenter/ucp/3.0/guides/user/services/deploy-app-cli.md @@ -2,7 +2,11 @@ title: Deploy an app from the CLI description: Learn how to deploy containerized applications on a cluster, with Docker Universal Control Plane. keywords: ucp, deploy, application, stack, service, compose +ui_tabs: +- version: ucp-3.0 + orlower: true --- +{% if include.version=="ucp-3.0" %} With Docker Universal Control Plane you can deploy your apps from the CLI, using `docker-compose.yml` files. In this example, we're going to deploy an @@ -11,7 +15,7 @@ application that allows users to vote on whether they prefer cats or dogs. ## Get a client certificate bundle Docker UCP secures your Docker cluster with -[role-based access control](../../access-control/index.md), +[role-based access control](../../authorization/index.md), so that only authorized users can deploy applications. To be able to run Docker commands on a cluster managed by UCP, you need to configure your Docker CLI client to authenticate to UCP using client certificates. @@ -32,7 +36,7 @@ The application we're going to deploy is composed of several services: After setting up your Docker CLI client to authenticate using client certificates, create a file named `docker-compose.yml` with the following contents: -```none +```yaml version: "3" services: @@ -135,7 +139,7 @@ docker stack deploy --compose-file docker-compose.yml VotingApp Test that the voting app is up and running using `docker stack services`: ```bash -$ docker stack services VotingApp +docker stack services VotingApp ID NAME MODE REPLICAS IMAGE df7uqiqyqi1n VotingApp_visualizer replicated 1/1 manomarks/visualizer:latest @@ -171,7 +175,7 @@ When you're all done, you can take down the entire stack by using `docker stack rm`: ```bash -$ docker stack rm VotingApp +docker stack rm VotingApp Removing service VotingApp_visualizer Removing service VotingApp_result @@ -184,6 +188,4 @@ Removing network VotingApp_frontend Removing network VotingApp_default ``` -## Where to go next - -* [Deploy an app from the UI](index.md) +{% endif %} diff --git a/datacenter/ucp/3.0/guides/user/services/deploy-compose-on-kubernetes.md b/datacenter/ucp/3.0/guides/user/services/deploy-compose-on-kubernetes.md index 43a1a37e0e..5dbf89c8df 100644 --- a/datacenter/ucp/3.0/guides/user/services/deploy-compose-on-kubernetes.md +++ b/datacenter/ucp/3.0/guides/user/services/deploy-compose-on-kubernetes.md @@ -2,7 +2,11 @@ title: Deploy a Compose-based app to a Kubernetes cluster description: Use Docker Enterprise Edition to deploy a Kubernetes workload from a Docker compose. keywords: UCP, Docker EE, Kubernetes, Compose +ui_tabs: +- version: ucp-3.0 + orlower: false --- +{% if include.version=="ucp-3.0" %} Docker Enterprise Edition enables deploying [Docker Compose](/compose/overview.md/) files to Kubernetes clusters. Starting in Compile file version 3.3, you use the @@ -83,4 +87,6 @@ are running. ![](../../images/deploy-compose-kubernetes-3.png){: .with-border} -7. Refresh the page to see how the load is balanced across the pods. \ No newline at end of file +7. Refresh the page to see how the load is balanced across the pods. + +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/user/services/deploy-kubernetes-workload.md b/datacenter/ucp/3.0/guides/user/services/deploy-kubernetes-workload.md index f167dc0be0..b6677c12e9 100644 --- a/datacenter/ucp/3.0/guides/user/services/deploy-kubernetes-workload.md +++ b/datacenter/ucp/3.0/guides/user/services/deploy-kubernetes-workload.md @@ -2,7 +2,15 @@ title: Deploy a workload to a Kubernetes cluster description: Use Docker Enterprise Edition to deploy Kubernetes workloads from yaml files. keywords: UCP, Docker EE, orchestration, Kubernetes, cluster +ui_tabs: +- version: ucp-3.0 + orlower: false +cli_tabs: +- version: kubectl --- +{% if include.ui %} + +{% if include.version=="ucp-3.0" %} The Docker EE web UI enables deploying your Kubernetes YAML files. In most cases, no modifications are necessary to deploy on a cluster that's managed by @@ -140,12 +148,17 @@ spec: 4. Find the **image: nginx:1.7.9** entry and change it to **image: nginx:1.8**. 5. Click **Edit** to update the deployment with the new YAML. -## Deploy by using the CLI +{% endif %} +{% endif %} + +{% if include.cli %} + +{% if include.version=="kubectl" %} With Docker EE, you deploy your Kubernetes objects on the command line by using `kubectl`. [Install and set up kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/). -Use a client bundle to configure your client tools, like Docker CLI and `kubctl` +Use a client bundle to configure your client tools, like Docker CLI and `kubectl` to communicate with UCP instead of the local deployments you might have running. [Get your client bundle by using the Docker EE web UI or the command line](../access-ucp/cli-based-access.md). @@ -250,18 +263,21 @@ You should see the currently running image: ## Kubernetes limitations -There's a few limitations you should be aware when creating Kubernetes -workloads: +There are a few limitations that you should be aware of when creating +Kubernetes workloads: * Docker EE has its own RBAC system, so it's not possible to create -ClusterRole objects, ClusterRoleBinding objects, or any other object that is -created using the `/apis/rbac.authorization.k8s.io` endpoints. + ClusterRole objects, ClusterRoleBinding objects, or any other object that is + created using the `/apis/rbac.authorization.k8s.io` endpoints. * To make sure your cluster is secure, only admin users can deploy Pods with -privileged options. These are options like `PodSpec.hostIPC`, `PodSpec.hostNetwork`, -`PodSpec.hostPID`, `SecurityContext.allowPrivilegeEscalation`, -`SecurityContext.capabilities`, `SecurityContext.privileged`, and -`Volume.hostPath`. + privileged options. These are options like `PodSpec.hostIPC`, `PodSpec.hostNetwork`, + `PodSpec.hostPID`, `SecurityContext.allowPrivilegeEscalation`, + `SecurityContext.capabilities`, `SecurityContext.privileged`, and + `Volume.hostPath`. * You can't grant permissions to Kubernetes service accounts. -The `default` service account has no permissions and cannot use the Kubernetes -API. All other service accounts have full admin permissions and can only be used -by Docker EE administrators. + The `default` service account has no permissions and cannot use the Kubernetes + API. All other service accounts have full admin permissions and can only be + used by Docker EE administrators. + +{% endif %} +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/user/services/deploy-stack-to-collection.md b/datacenter/ucp/3.0/guides/user/services/deploy-stack-to-collection.md index 4dd592853b..081e71203f 100644 --- a/datacenter/ucp/3.0/guides/user/services/deploy-stack-to-collection.md +++ b/datacenter/ucp/3.0/guides/user/services/deploy-stack-to-collection.md @@ -2,13 +2,24 @@ title: Deploy application resources to a collection description: Learn how to manage user access to application resources by using collections. keywords: UCP, authentication, user management, stack, collection, role, application, resources +ui_tabs: +- version: ucp-3.0 + orlower: true +next_steps: +- path: ../../authorization/ + title: Access control model +- path: /engine/reference/commandline/service_create/#set-metadata-on-a-service--l-label/ + title: Set metadata on a service (-l, –label) +- path: /engine/userguide/labels-custom-metadata/ + title: Docker object labels --- +{% if include.version=="ucp-3.0" %} Docker Universal Control Plane enforces role-based access control when you deploy services. By default, you don't need to do anything, because UCP deploys your services to a default collection, unless you specify another one. You can customize the default collection in your UCP profile page. -[Learn more about access control and collections](../../access-control/manage-access-with-collections.md). +[Learn more about access control and collections](../../authorization/index.md). UCP defines a collection by its path. For example, a user's default collection has the path `/Shared/Private/`. To deploy a service to a collection @@ -17,9 +28,9 @@ service. The access label is named `com.docker.ucp.access.label`. When UCP deploys a service, it doesn't automatically create the collections that correspond with your access labels. An administrator must create these -collections and [grant users access to them](grant-permissions.md). Deployment -fails if UCP can't find a specified collection or if the user doesn't have -access to it. +collections and [grant users access to them](../../authorization/grant-permissions.md). +Deployment fails if UCP can't find a specified collection or if the user +doesn't have access to it. ## Deploy a service to a collection by using the CLI @@ -27,11 +38,11 @@ Here's an example of a `docker service create` command that deploys a service to a `/Shared/database` collection: ```bash -$ docker service create \ +docker service create \ --name redis_2 \ --label com.docker.ucp.access.label="/Shared/database" redis:3.0.6 - ``` +``` ## Deploy services to a collection by using a Compose file @@ -48,7 +59,7 @@ time, you won't need to do this. Here's an example of a Compose file that specifies two services, WordPress and MySQL, and gives them the access label `/Shared/wordpress`: -```none +```yaml version: '3.1' services: @@ -69,7 +80,6 @@ services: deploy: labels: com.docker.ucp.access.label: /Shared/wordpress - ``` To deploy the application: @@ -93,9 +103,4 @@ To confirm that the service deployed to the `/Shared/wordpress` collection: ![](../../images/deploy-stack-to-collection.png){: .with-border} - -## Where to go next - -- [Manage access to resources by using collections](../../access-control/manage-access-with-collections.md) -- [Set metadata on a service (-l, –label)](/engine/reference/commandline/service_create/#set-metadata-on-a-service--l-label) -- [Docker object labels](/engine/userguide/labels-custom-metadata.md) +{% endif %} diff --git a/datacenter/ucp/3.0/guides/user/services/index.md b/datacenter/ucp/3.0/guides/user/services/index.md index bc0820695c..f6d4358578 100644 --- a/datacenter/ucp/3.0/guides/user/services/index.md +++ b/datacenter/ucp/3.0/guides/user/services/index.md @@ -2,7 +2,14 @@ title: Deploy an app from the UI description: Learn how to deploy containerized applications on a cluster, with Docker Universal Control Plane. keywords: ucp, deploy, application, stack, service, compose +ui_tabs: +- version: ucp-3.0 + orlower: true +next_steps: +- path: deploy-app-cli/ + title: Deploy an app from the CLI --- +{% if include.version=="ucp-3.0" %} With Docker Universal Control Plane you can deploy applications from the UI using `docker-compose.yml` files. In this example, we're going to deploy an @@ -28,7 +35,7 @@ select **Services**. Paste the following YAML into the **COMPOSE.YML** editor: -```none +```yaml version: "3" services: @@ -171,6 +178,4 @@ To overcome these limitations, you can Also, UCP doesn't store the compose file used to deploy the application. You can use your version control system to persist that file. -## Where to go next - -* [Deploy an app from the CLI](deploy-app-cli.md) +{% endif %}