Port UCP user topics to template (#391)

datacenter/ucp/2.2/guides/access-control/isolate-nodes-between-teams.md

@@ -149,7 +149,7 @@ All resources are deployed under the user's default collection,
 4.  Click the **NGINX** container, and in the details pane, confirm that its
     **Collection** is **/Prod/Webserver**.
 
-    ![](../../images/isolate-nodes-3.png){: .with-border}
+    ![](../images/isolate-nodes-3.png){: .with-border}
 
 5.  Click **Inspect Resource**, and in the dropdown, select **Nodes**.
 6.  Click the node, and in the details pane, confirm that its **Collection**

datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access.md

@@ -2,7 +2,16 @@
 title: CLI-based access
 description: Learn how to access Docker Universal Control Plane from the CLI.
 keywords: ucp, cli, administration
+ui_tabs:
+- version: ucp-3.0
+  orhigher: false
+- version: ucp-2.2
+  orlower: true
+next_steps:
+- path: ../services/
+  title: Deploy a service 
 ---
+{% if include.version=="ucp-3.0" %}
 
 With Universal Control Plane you can continue using the tools you know and
 love like the Docker CLI client and Kubectl. You just need to download and use
@@ -12,7 +21,6 @@ A client bundle contains a private and public key pair that authorizes your
 requests in UCP. It also contains utility scripts you can use to configure
 your Docker and Kubectl client tools to talk to your UCP deployment.
 
-
 ## Download client certificates
 
 To download a client certificate bundle, log in to the UCP web UI and
@@ -111,7 +119,7 @@ responses.
 To install these tools on a Ubuntu distribution, you can run:
 
 ```bash
-$ sudo apt-get update && sudo apt-get install curl jq
+sudo apt-get update && sudo apt-get install curl jq
 ```
 
 Then you get an authentication token from UCP, and use it to download the
@@ -119,12 +127,14 @@ client certificates.
 
 ```bash
 # Create an environment variable with the user security token
-$ AUTHTOKEN=$(curl -sk -d '{"username":"<username>","password":"<password>"}' https://<ucp-ip>/auth/login | jq -r .auth_token)
+AUTHTOKEN=$(curl -sk -d '{"username":"<username>","password":"<password>"}' https://<ucp-ip>/auth/login | jq -r .auth_token)
 
 # Download the client certificate bundle
-$ curl -k -H "Authorization: Bearer $AUTHTOKEN" https://<ucp-ip>/api/clientbundle -o bundle.zip
+curl -k -H "Authorization: Bearer $AUTHTOKEN" https://<ucp-ip>/api/clientbundle -o bundle.zip
 ```
 
-## Where to go next
+{% elsif include.version=="ucp-2.2" %}
 
-* [Access the UCP web UI](index.md)
+Learn about [CLI-based access](/datacenter/ucp/2.2/guides/user/access-ucp/cli-based-access.md).
+
+{% endif %}

datacenter/ucp/3.0/guides/user/access-ucp/index.md

@@ -2,7 +2,16 @@
 title: Web-based access
 description: Learn how to access Docker Universal Control Plane from the web browser.
 keywords: ucp, web, administration
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+next_steps:
+- path: ../../authorization/
+  title: Authorization
+- path: cli-based-access/
+  title: Access UCP from the CLI  
 ---
+{% if include.version=="ucp-3.0" %}
 
 Docker Universal Control Plane allows you to manage your cluster in a visual
 way, from your browser.
@@ -25,7 +34,4 @@ From the browser, administrators can:
 Non-admin users can only see and change the images, networks, volumes, and
 containers, and only when they're granted access by an administrator.
 
-# Where to go next
+{% endif %}
-
-* [Authorization](../../access-control/index.md)
-* [Access UCP from the CLI](cli-based-access.md)

datacenter/ucp/3.0/guides/user/secrets/grant-revoke-access.md

@@ -2,7 +2,11 @@
 title: Give access to secrets
 description: Learn how to use labels to give permissions to secrets in Docker UCP.
 keywords: UCP, secret, password, certificate, private key
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
 ---
+{% if include.version=="ucp-3.0" %}
 
 UCP gives you access control, so that you can specify which users can use a
 specific secret in their services and which users can delete the secret.
@@ -31,6 +35,4 @@ secret data.
 To revoke access to a secret you can edit the secret to change the access label,
 or update the permissions a team has for a label.
 
-## Where to go next
+{% endif %}
-
-* [Manage secrets](index.md)

datacenter/ucp/3.0/guides/user/secrets/index.md

@@ -2,7 +2,14 @@
 title: Manage secrets
 description: Learn how to manage your passwords, certificates, and other secrets in a secure way with Docker EE
 keywords: UCP, secret, password, certificate, private key
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+next_steps:
+- path: grant-revoke-access/
+  title: Grant access to secrets
 ---
+{% if include.version=="ucp-3.0" %}
 
 When deploying and orchestrating services, you often need to configure them
 with sensitive information like passwords, TLS certificates, or private keys.
@@ -188,6 +195,4 @@ WordPress application is running and using the new password.
 
 You can find additional documentation on managing secrets through the CLI at [How Docker manages secrets](/engine/swarm/secrets/#read-more-about-docker-secret-commands).
 
-## Where to go next
+{% endif %}
-
-[Grant access to secrets](grant-revoke-access.md)

datacenter/ucp/3.0/guides/user/services/deploy-a-service.md

@@ -2,7 +2,15 @@
 title: Deploy a service
 description: Learn how to deploy services to a cluster managed by Universal Control Plane.
 keywords: ucp, deploy, service
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+cli_tabs:
+- version: docker-cli-linux
 ---
+{% if include.ui %}
+
+{% if include.version=="ucp-3.0" %}
 
 You can deploy and monitor your services from the UCP web UI. In this example
 we'll deploy an [NGINX](https://www.nginx.com/) web server and make it
@@ -43,14 +51,22 @@ page, by going to `http://<node-ip>:8000`.
 
 ![](../../images/deploy-a-service-4.png){: .with-border}
 
-## Deploy from the CLI
+{% endif %}
+{% endif %}
+
+{% if include.cli %}
+
+{% if include.version=="docker-cli-linux" %}
 
 You can also deploy the same service from the CLI. Once you've set up your
 [UCP client bundle](../access-ucp/cli-based-access.md), run:
 
-```none
+```bash
 docker service create --name nginx \
   --publish 8000:80 \
   --label com.docker.ucp.access.owner=<your-username> \
   nginx
 ```
+
+{% endif %}
+{% endif %}

datacenter/ucp/3.0/guides/user/services/deploy-app-cli.md

@@ -2,7 +2,11 @@
 title: Deploy an app from the CLI
 description: Learn how to deploy containerized applications on a cluster, with Docker Universal Control Plane.
 keywords: ucp, deploy, application, stack, service, compose
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
 ---
+{% if include.version=="ucp-3.0" %}
 
 With Docker Universal Control Plane you can deploy your apps from the CLI,
 using `docker-compose.yml` files. In this example, we're going to deploy an
@@ -11,7 +15,7 @@ application that allows users to vote on whether they prefer cats or dogs.
 ## Get a client certificate bundle
 
 Docker UCP secures your Docker cluster with
-[role-based access control](../../access-control/index.md),
+[role-based access control](../../authorization/index.md),
 so that only authorized users can deploy applications. To be able to run Docker
 commands on a cluster managed by UCP, you need to configure your Docker CLI
 client to authenticate to UCP using client certificates. 
@@ -32,7 +36,7 @@ The application we're going to deploy is composed of several services:
 After setting up your Docker CLI client to authenticate using client certificates,
 create a file named `docker-compose.yml` with the following contents:
 
-```none
+```yaml
 version: "3"
 services:
 
@@ -135,7 +139,7 @@ docker stack deploy --compose-file docker-compose.yml VotingApp
 Test that the voting app is up and running using `docker stack services`:
 
 ```bash
-$ docker stack services VotingApp
+docker stack services VotingApp
 
 ID            NAME                  MODE        REPLICAS  IMAGE
 df7uqiqyqi1n  VotingApp_visualizer  replicated  1/1       manomarks/visualizer:latest
@@ -171,7 +175,7 @@ When you're all done, you can take down the entire stack by using `docker stack
 rm`:
 
 ```bash
-$ docker stack rm VotingApp
+docker stack rm VotingApp
 
 Removing service VotingApp_visualizer
 Removing service VotingApp_result
@@ -184,6 +188,4 @@ Removing network VotingApp_frontend
 Removing network VotingApp_default
 ```
 
-## Where to go next
+{% endif %}
-
-* [Deploy an app from the UI](index.md)

datacenter/ucp/3.0/guides/user/services/deploy-compose-on-kubernetes.md

@@ -2,7 +2,11 @@
 title: Deploy a Compose-based app to a Kubernetes cluster
 description: Use Docker Enterprise Edition to deploy a Kubernetes workload from a Docker compose. 
 keywords: UCP, Docker EE, Kubernetes, Compose
+ui_tabs:
+- version: ucp-3.0
+  orlower: false
 ---
+{% if include.version=="ucp-3.0" %}
 
 Docker Enterprise Edition enables deploying [Docker Compose](/compose/overview.md/)
 files to Kubernetes clusters. Starting in Compile file version 3.3, you use the
@@ -84,3 +88,5 @@ are running.
     ![](../../images/deploy-compose-kubernetes-3.png){: .with-border}
 
 7.  Refresh the page to see how the load is balanced across the pods.
+
+{% endif %}

datacenter/ucp/3.0/guides/user/services/deploy-kubernetes-workload.md

@@ -2,7 +2,15 @@
 title: Deploy a workload to a Kubernetes cluster
 description: Use Docker Enterprise Edition to deploy Kubernetes workloads from yaml files.
 keywords: UCP, Docker EE, orchestration, Kubernetes, cluster
+ui_tabs:
+- version: ucp-3.0
+  orlower: false
+cli_tabs:
+- version: kubectl
 ---
+{% if include.ui %}
+
+{% if include.version=="ucp-3.0" %}
 
 The Docker EE web UI enables deploying your Kubernetes YAML files. In most
 cases, no modifications are necessary to deploy on a cluster that's managed by
@@ -140,12 +148,17 @@ spec:
 4.  Find the **image: nginx:1.7.9** entry and change it to **image: nginx:1.8**.
 5.  Click **Edit** to update the deployment with the new YAML.
 
-## Deploy by using the CLI
+{% endif %}
+{% endif %}
+
+{% if include.cli %}
+
+{% if include.version=="kubectl" %}
 
 With Docker EE, you deploy your Kubernetes objects on the command line by using
 `kubectl`. [Install and set up kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
 
-Use a client bundle to configure your client tools, like Docker CLI and `kubctl`
+Use a client bundle to configure your client tools, like Docker CLI and `kubectl`
 to communicate with UCP instead of the local deployments you might have running.
 [Get your client bundle by using the Docker EE web UI or the command line](../access-ucp/cli-based-access.md).
 
@@ -250,8 +263,8 @@ You should see the currently running image:
 
 ## Kubernetes limitations
 
-There's a few limitations you should be aware when creating Kubernetes
+There are a few limitations that you should be aware of when creating
-workloads:
+Kubernetes workloads:
 
 * Docker EE has its own RBAC system, so it's not possible to create
   ClusterRole objects, ClusterRoleBinding objects, or any other object that is
@@ -263,5 +276,8 @@ privileged options. These are options like `PodSpec.hostIPC`, `PodSpec.hostNetwo
   `Volume.hostPath`.
 * You can't grant permissions to Kubernetes service accounts.
   The `default` service account has no permissions and cannot use the Kubernetes
-API. All other service accounts have full admin permissions and can only be used
+  API. All other service accounts have full admin permissions and can only be
-by Docker EE administrators.
+  used by Docker EE administrators.
+
+{% endif %}
+{% endif %}

datacenter/ucp/3.0/guides/user/services/deploy-stack-to-collection.md

@@ -2,13 +2,24 @@
 title: Deploy application resources to a collection
 description: Learn how to manage user access to application resources by using collections.
 keywords: UCP, authentication, user management, stack, collection, role, application, resources
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+next_steps:
+- path: ../../authorization/
+  title: Access control model
+- path: /engine/reference/commandline/service_create/#set-metadata-on-a-service--l-label/
+  title: Set metadata on a service (-l, –label)
+- path: /engine/userguide/labels-custom-metadata/
+  title: Docker object labels
 ---
+{% if include.version=="ucp-3.0" %}
 
 Docker Universal Control Plane enforces role-based access control when you
 deploy services. By default, you don't need to do anything, because UCP deploys
 your services to a default collection, unless you specify another one. You can
 customize the default collection in your UCP profile page.
-[Learn more about access control and collections](../../access-control/manage-access-with-collections.md).
+[Learn more about access control and collections](../../authorization/index.md).
 
 UCP defines a collection by its path. For example, a user's default collection
 has the path `/Shared/Private/<username>`. To deploy a service to a collection
@@ -17,9 +28,9 @@ service. The access label is named `com.docker.ucp.access.label`.
 
 When UCP deploys a service, it doesn't automatically create the collections
 that correspond with your access labels. An administrator must create these
-collections and [grant users access to them](grant-permissions.md). Deployment
+collections and [grant users access to them](../../authorization/grant-permissions.md).
-fails if UCP can't find a specified collection or if the user doesn't have
+Deployment fails if UCP can't find a specified collection or if the user
-access to it.
+doesn't have access to it.
 
 ## Deploy a service to a collection by using the CLI
 
@@ -27,7 +38,7 @@ Here's an example of a `docker service create` command that deploys a service
 to a `/Shared/database` collection:
 
 ```bash
-$ docker service create \
+docker service create \
   --name redis_2 \
   --label com.docker.ucp.access.label="/Shared/database"
   redis:3.0.6
@@ -48,7 +59,7 @@ time, you won't need to do this.
 Here's an example of a Compose file that specifies two services, WordPress and
 MySQL, and gives them the access label `/Shared/wordpress`:
 
-```none
+```yaml
 version: '3.1'
 
 services:
@@ -69,7 +80,6 @@ services:
     deploy:  
       labels:
         com.docker.ucp.access.label: /Shared/wordpress
-
 ```
 
 To deploy the application:
@@ -93,9 +103,4 @@ To confirm that the service deployed to the `/Shared/wordpress` collection:
 
 ![](../../images/deploy-stack-to-collection.png){: .with-border}
 
-
+{% endif %}
-## Where to go next
-
-- [Manage access to resources by using collections](../../access-control/manage-access-with-collections.md)
-- [Set metadata on a service (-l, –label)](/engine/reference/commandline/service_create/#set-metadata-on-a-service--l-label)
-- [Docker object labels](/engine/userguide/labels-custom-metadata.md)

datacenter/ucp/3.0/guides/user/services/index.md

@@ -2,7 +2,14 @@
 title: Deploy an app from the UI
 description: Learn how to deploy containerized applications on a cluster, with Docker Universal Control Plane.
 keywords: ucp, deploy, application, stack, service, compose
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+next_steps:
+- path: deploy-app-cli/
+  title: Deploy an app from the CLI
 ---
+{% if include.version=="ucp-3.0" %}
 
 With Docker Universal Control Plane you can deploy applications from the UI
 using `docker-compose.yml` files. In this example, we're going to deploy an
@@ -28,7 +35,7 @@ select **Services**.
 
 Paste the following YAML into the **COMPOSE.YML** editor:
 
-```none
+```yaml
 version: "3"
 services:
 
@@ -171,6 +178,4 @@ To overcome these limitations, you can
 Also, UCP doesn't store the compose file used to deploy the application. You can
 use your version control system to persist that file.
 
-## Where to go next
+{% endif %}
-
-* [Deploy an app from the CLI](deploy-app-cli.md)