First draft of DTR-to-Kube topic (#283)

* First draft of DTR to Kube topic

* Incorporate feedback

_data/toc.yaml

@@ -325,6 +325,13 @@ guides:
         title: DTR architecture
       - path: /deploy/architecture/ucp-architecture/
         title: UCP architecture
+    - sectiontitle: Deploy workloads
+      section:
+      - path: /deploy/deploy-workloads/deploy-kubernetes-workload/
+        title: Deploy a workload to a Kubernetes cluster
+      - path: /deploy/deploy-workloads/manage-and-deploy-private-images/
+        title: Manage and deploy private images
+
 
 - sectiontitle: Run your app in production
   section:

deploy/deploy-workloads/deploy-kubernetes-workload.md

@@ -58,7 +58,7 @@ later section.
 4. In the **Object YAML** editor, paste the previous YAML.
 5. Click **Create**.
 
-![](images/deploy-kubernetes-workload-1.png){: .with-border}
+![](../images/deploy-kubernetes-workload-1.png){: .with-border}
 
 ## Inspect the deployment
 
@@ -75,7 +75,7 @@ links in the **Kubernetes** section of the left pane.
     the **Status** section to see that pod's phase, IP address, and other 
     properties.
 
-![](images/deploy-kubernetes-workload-2.png){: .with-border}
+![](../images/deploy-kubernetes-workload-2.png){: .with-border}
 
 ## Expose the server
 
@@ -109,7 +109,7 @@ The service connects the cluster's internal port 80 to the external port
     section.
 3.  Click the link that's labeled **URL** to 
 
-![](images/deploy-kubernetes-workload-3.png){: .with-border}
+![](../images/deploy-kubernetes-workload-3.png){: .with-border}
 
 The YAML definition connects the service to the NGINX server by using the
 app label `nginx` and a corresponding label selector.
@@ -160,18 +160,12 @@ spec:
 With Docker EE, you deploy your Kubernetes objects on the command line by using
 `kubectl`. [Install and set up kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
 
-Docker EE ensures that communication with the cluster is secure. When you run
+Use a client bundle to configure your client tools, like Docker CLI and `kubctl`
-`kubectl` commands on a Docker EE node, you need to authenticate your request
+to communicate with UCP instead of the local deployments you might have running.
-with a client certificate bundle. [Get your client bundle by using the Docker EE web UI or the command line](/datacenter/ucp/2.2/guides/user/access-ucp/cli-based-access.md).
+[Get your client bundle by using the Docker EE web UI or the command line](/datacenter/ucp/2.2/guides/user/access-ucp/cli-based-access.md).
-If you don't have the client bundle set up, you'll see an error when you run
-`kubectl` commands:
 
-```none
+When you have the client bundle set up, you can deploy a Kubernetes object
-The connection to the server localhost:8080 was refused - did you specify the right host or port?
+from YAML.
-```
-
-When you have `kubectl` and the client bundle installed, you can deploy a
-Kubernetes object from YAML.
 
 ```yaml
 apiVersion: apps/v1beta2
@@ -243,42 +237,32 @@ command to deploy the NGINX server:
 kubectl apply -f update.yaml
 ```
 
-Check that the deployment was scaled out by listing the pods in the cluster:
+Check that the deployment was scaled out by listing the deployments in the
+cluster:
 
 ```bash
- kubectl get pods
+ kubectl get deployments
 ```
 
-You should see four pods listed:
+You should see four pods in the deployment:
 
 ```bash
-NAME                               READY     STATUS    RESTARTS   AGE
+NAME                   DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
-nginx-deployment-f95b7b6b8-74dfp   1/1       Running   0          21m
+nginx-deployment       4         4         4            4           2d
-nginx-deployment-f95b7b6b8-hd2bt   1/1       Running   0          21m
-nginx-deployment-f95b7b6b8-mz925   1/1       Running   0          21m
-nginx-deployment-f95b7b6b8-qgrzm   1/1       Running   0          21m
 ```
 
 Check that the pods are running the updated image:
 
 ```bash
-kubectl describe po/nginx-deployment-f95b7b6b8-74dfp | grep -i image
+kubectl describe deployment nginx-deployment | grep -i image
 ```
 
-> kubectl tip
+You should see the currently running image:
->
-> Remember to prepend `po/` to the pod's name.
-
-You should see the running image and messages about pulling the updated image:
 
 ```bash
-    Image:          nginx:1.8
+    Image:        nginx:1.8
-    Image ID:       docker-pullable://nginx@sha256:c97ee70c4048fe79765f7c2ec0931957c2898f47400128f4f3640d0ae5d60d10
-  Normal  Pulling                26m   kubelet, vs9gg6dhn5pklhqfk9fgzawuu  pulling image "nginx:1.8"
-  Normal  Pulled                 26m   kubelet, vs9gg6dhn5pklhqfk9fgzawuu  Successfully pulled image "nginx:1.8"
 ```
 
-
 {% endif %}
 
 

deploy/deploy-workloads/manage-and-deploy-private-images.md

@@ -0,0 +1,139 @@
+---
+title: Manage and deploy private images
+description: |
+  Learn how to push an image to Docker Trusted Registry and deploy it to a Kubernetes cluster managed by Docker Enterprise Edition.
+keywords: Docker EE, DTR, UCP, image, Kubernetes, orchestration, cluster
+next_steps:
+- path: /deploy/allow-creation-on-push
+  title: Allow users to create repositories when pushing
+---
+
+Docker Enterprise Edition (EE) has its own image registry (DTR) so that
+you can store and manage the images that you deploy to your cluster.
+In this topic, you push an image to DTR and later deploy it to your cluster,
+using the Kubernetes orchestrator.
+
+## Open the DTR web UI 
+
+1.  In the Docker EE web UI, click **Admin Settings**.
+2.  In the left pane, click **Docker Trusted Registry**.
+3.  In the **Installed DTRs** section, note the URL of your cluster's DTR
+    instance.
+
+    ![](../images/manage-and-deploy-private-images-1.png){: .with-border}
+
+4.  In a new browser tab, enter the URL to open the DTR web UI.
+
+## Create an image repository
+
+1.  In the DTR web UI, click **Repositories**.
+2.  Click **New Repository**, and in the **Repository Name** field, enter
+    "wordpress".
+3.  Click **Save** to create the repository. 
+
+    ![](../images/manage-and-deploy-private-images-2.png){: .with-border}
+
+## Push an image to DTR
+
+Instead of building an image from scratch, we'll pull the official Wordpress
+image from Docker Hub, tag it, and push it to DTR. Once that wordpress version
+is in DTR, only authorized users can change it.
+
+To push images to DTR, you need CLI access to a licensed installation of
+Docker EE.
+
+- [License your installation](/datacenter/ucp/2.2/guides/admin/configure/license-your-installation.md).
+- [Set up your Docker CLI](/datacenter/ucp/2.2/guides//user/access-ucp/cli-based-access.md).
+
+When you're set up for CLI-based access to a licensed Docker EE instance,
+you can push images to DTR.
+
+1.  Pull the public WordPress image from Docker Hub:
+
+    ```bash
+    docker pull wordpress
+    ```
+
+2.  Tag the image, using the IP address or DNS name of your DTR instance:
+
+    ```bash
+    docker tag wordpress:latest 54.218.110.183:444/admin/wordpress:latest
+    ```
+3.  Log in to a Docker EE manager node.
+4.  Push the tagged image to DTR:
+
+    ```bash
+    docker image push <dtr-url>:<port>/admin/wordpress:latest
+    ```
+
+## Confirm the image push
+
+In the DTR web UI, confirm that the `wordpress:latest` image is store in your
+DTR instance.
+
+1.  In the DTR web UI, click **Repositories**.
+2.  Click **wordpress** to open the repo.
+3.  Click **Images** to view the stored images.
+4.  Confirm that the `latest` tag is present.
+
+    ![](../images/manage-and-deploy-private-images-3.png){: .with-border}
+
+You're ready to deploy the `wordpress:latest` image into production.
+
+## Deploy the private image to UCP
+
+With the WordPress image stored in DTR, Docker EE can deploy the image to a
+Kubernetes cluster with a simple Deployment object:
+
+```yaml
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: wordpress-deployment
+spec:
+  selector:
+    matchLabels:
+      app: wordpress
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: wordpress
+    spec:
+      containers:
+      - name: wordpress
+        image: <dtr-url>:<port>/admin/wordpress:latest
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wordpress-service
+  labels:
+    app: wordpress
+spec:
+  type: NodePort
+  ports:
+    - port: 80
+      nodePort: 30081
+  selector:
+    app: wordpress
+```
+
+The Deployment object's YAML specifies your DTR image in the pod template spec:
+`image: <dtr-url>:<port>/admin/wordpress:latest`. Also, the YAML file defines
+a `NodePort` service that exposes the WordPress application, so it's accessible
+from outside the cluster.
+
+1.  Open the Docker EE web UI, and in the left pane, click **Kubernetes**.
+2.  Click **Create** to open the **Create Kubernetes Object** page.
+3.  In the **Namespace** dropdown, select **default**.
+4.  In the **Object YAML** editor, paste the Deployment object's YAML.
+5.  Click **Create**. When the Kubernetes objects are created,
+    the **Load Balancers** page opens.
+6.  Click **wordpress-service**, and in the details pane, find the **Ports**
+    section. 
+7.  Click the URL to open the default WordPress home page.  
+
+    ![](../images/manage-and-deploy-private-images-4.png){: .with-border}