docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Separate swarm and kube deployments

This commit is contained in:
Joao Fernandes 2018-01-23 11:46:56 -08:00 committed by Jim Galasyn
parent 42646d96ee
commit 3b4cc4ca20
11 changed files with 129 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
_data/toc.yaml
View File

@ -1681,86 +1681,82 @@ manuals:
title: Web-based access
- path: /ee/ucp/user-access/cli/
title: CLI-based access
- sectiontitle: User guides
- sectiontitle: Deploy apps with Swarm
section:
- sectiontitle: Deploy an application
- title: Deploy a single service
path: /ee/ucp/swarm/
- title: Deploy an app from the UI
path: /ee/ucp/swarm/deploy-from-ui/
- title: Deploy an app from the CLI
path: /ee/ucp/swarm/deploy-from-cli/
- title: Deploy application resources to a collection
path: /ee/ucp/swarm/deploy-to-collection/
- title: Use secrets in your services
path: /ee/ucp/swarm/use-secrets/
- sectiontitle: Route traffic to your apps
section:
- path: /ee/ucp/user/services/deploy-a-service/
title: Deploy a service
- path: /ee/ucp/user/services/
title: Deploy an app from the UI
- path: /ee/ucp/user/services/deploy-app-cli/
title: Deploy an app from the CLI
- path: /ee/ucp/user/services/deploy-stack-to-collection/
title: Deploy application resources to a collection
- path: /ee/ucp/user/services/deploy-kubernetes-workload/
title: Deploy a workload to a Kubernetes cluster
- path: /ee/ucp/user/services/deploy-compose-on-kubernetes/
title: Deploy a Compose-based app to a Kubernetes cluster
- sectiontitle: Secrets
section:
- path: /ee/ucp/user/secrets/
title: Manage secrets
- path: /ee/ucp/user/secrets/grant-revoke-access/
title: Grant access to secrets
- sectiontitle: Layer 7 routing
- title: Layer 7 routing overview
path: /ee/ucp/interlock/
- sectiontitle: Introduction
section:
- title: What is Layer 7 routing
path: /ee/ucp/interlock/intro/
- title: Architecture
path: /ee/ucp/interlock/intro/architecture/
- sectiontitle: Deployment
section:
- title: Get started
path: /ee/ucp/interlock/install/
- title: Manual deployment
path: /ee/ucp/interlock/install/manual-deployment/
- title: Production
path: /ee/ucp/interlock/install/production/
- title: Offline install
path: /ee/ucp/interlock/install/offline/
- sectiontitle: Configuration
section:
- title: Layer 7 routing
path: /ee/ucp/interlock/configuration/
- title: Service labels
path: /ee/ucp/interlock/configuration/service-labels/
- sectiontitle: Extensions
section:
- title: Nginx
path: /ee/ucp/interlock/extensions/nginx/
- title: HAProxy
path: /ee/ucp/interlock/extensions/haproxy/
- sectiontitle: Deploy apps with Layer 7 routing
section:
- title: Basic deployment
path: /ee/ucp/interlock/usage/
- title: Applications with SSL
path: /ee/ucp/interlock/usage/ssl/
- title: Application redirects
path: /ee/ucp/interlock/usage/redirects/
- title: Persistent (sticky) sessions
path: /ee/ucp/interlock/usage/sessions/
- title: Websockets
path: /ee/ucp/interlock/usage/websockets/
- title: Canary application instances
path: /ee/ucp/interlock/usage/canary/
- title: Service clusters
path: /ee/ucp/interlock/usage/service-clusters/
- title: Context/Path based routing
path: /ee/ucp/interlock/usage/context/
- title: Host mode networking
path: /ee/ucp/interlock/usage/host-mode-networking/
- sectiontitle: Operations
section:
- title: Updates
path: /ee/ucp/interlock/ops/
- title: Tuning
path: /ee/ucp/interlock/ops/tuning/
- sectiontitle: Deploy apps with Kubernetes
section:
- title: Layer 7 routing overview
path: /ee/ucp/interlock/
- sectiontitle: Introduction
section:
- title: What is Layer 7 routing
path: /ee/ucp/interlock/intro/
- title: Architecture
path: /ee/ucp/interlock/intro/architecture/
- sectiontitle: Deployment
section:
- title: Get started
path: /ee/ucp/interlock/install/
- title: Manual deployment
path: /ee/ucp/interlock/install/manual-deployment/
- title: Production
path: /ee/ucp/interlock/install/production/
- title: Offline install
path: /ee/ucp/interlock/install/offline/
- sectiontitle: Configuration
section:
- title: Layer 7 routing
path: /ee/ucp/interlock/configuration/
- title: Service labels
path: /ee/ucp/interlock/configuration/service-labels/
- sectiontitle: Extensions
section:
- title: Nginx
path: /ee/ucp/interlock/extensions/nginx/
- title: HAProxy
path: /ee/ucp/interlock/extensions/haproxy/
- sectiontitle: Deploy apps with Layer 7 routing
section:
- title: Basic deployment
path: /ee/ucp/interlock/usage/
- title: Applications with SSL
path: /ee/ucp/interlock/usage/ssl/
- title: Application redirects
path: /ee/ucp/interlock/usage/redirects/
- title: Persistent (sticky) sessions
path: /ee/ucp/interlock/usage/sessions/
- title: Websockets
path: /ee/ucp/interlock/usage/websockets/
- title: Canary application instances
path: /ee/ucp/interlock/usage/canary/
- title: Service clusters
path: /ee/ucp/interlock/usage/service-clusters/
- title: Context/Path based routing
path: /ee/ucp/interlock/usage/context/
- title: Host mode networking
path: /ee/ucp/interlock/usage/host-mode-networking/
- sectiontitle: Operations
section:
- title: Updates
path: /ee/ucp/interlock/ops/
- title: Tuning
path: /ee/ucp/interlock/ops/tuning/
- title: Deploy a workload
path: /ee/ucp/kubernetes/
- title: Deploy a Compose-based app
path: /ee/ucp/kubernetes/deploy-with-compose/
- title: API reference
path: /reference/ucp/3.0/api/
nosync: true

18
ee/ucp/user/services/deploy-compose-on-kubernetes.md → ee/ucp/kubernetes/deploy-with-compose.md
View File

@ -1,7 +1,9 @@
---
title: Deploy a Compose-based app to a Kubernetes cluster
description: Use Docker Enterprise Edition to deploy a Kubernetes workload from a Docker compose.
description: Use Docker Enterprise Edition to deploy a Kubernetes workload from a Docker compose.
keywords: UCP, Docker EE, Kubernetes, Compose
redirect_from:
- /ee/ucp/user/services/deploy-compose-on-kubernetes/
ui_tabs:
- version: ucp-3.0
orlower: false
@ -18,8 +20,8 @@ true Kubernetes app.
To deploy a stack to Kubernetes, you need a namespace for the app's resources.
Contact your Docker EE administrator to get access to a namespace. In this
example, the namespace has the name `lab-words`.
[Learn to grant access to a Kubernetes namespace](../../authorization/grant-permissions/#kubernetes-grants).
example, the namespace has the name `lab-words`.
[Learn to grant access to a Kubernetes namespace](../authorization/grant-permissions/#kubernetes-grants).
## Create a Kubernetes app from a Compose file
@ -53,7 +55,7 @@ services:
db:
build: db
image: dockerdemos/lab-db
```
```
1. Open the UCP web UI, and in the left pane, click **Shared resources**.
2. Click **Stacks**, and in the **Stacks** page, click **Create stack**.
@ -66,7 +68,7 @@ services:
## Inspect the deployment
After a few minutes have passed, all of the pods in the `lab-words` deployment
are running.
are running.
1. In the left pane, click **Pods**. Confirm that there are seven pods and
that their status is **Running**. If any have a status of **Pending**,
@ -75,7 +77,7 @@ are running.
details pane, scroll down to the **Pod IP** to view the pod's internal IP
address.
![](../../images/deploy-compose-kubernetes-2.png){: .with-border}
![](../images/deploy-compose-kubernetes-2.png){: .with-border}
3. In the left pane, click **Load balancers** and find the **web** service.
4. Click the **web** service, and in the details pane, scroll down to the
@ -85,8 +87,8 @@ are running.
of the pod you inspected previously may be listed. If it's not, refresh the
page until you see it.
![](../../images/deploy-compose-kubernetes-3.png){: .with-border}
![](../images/deploy-compose-kubernetes-3.png){: .with-border}
7. Refresh the page to see how the load is balanced across the pods.
{% endif %}
{% endif %}

8
ee/ucp/user/services/deploy-kubernetes-workload.md → ee/ucp/kubernetes/index.md
View File

@ -2,6 +2,8 @@
title: Deploy a workload to a Kubernetes cluster
description: Use Docker Enterprise Edition to deploy Kubernetes workloads from yaml files.
keywords: UCP, Docker EE, orchestration, Kubernetes, cluster
redirect_from:
- /ee/ucp/user/services/deploy-kubernetes-workload/
ui_tabs:
- version: ucp-3.0
orlower: false
@ -52,7 +54,7 @@ later section.
4. In the **Object YAML** editor, paste the previous YAML.
5. Click **Create**.
![](../../images/deploy-kubernetes-workload-1.png){: .with-border}
![](../images/deploy-kubernetes-workload-1.png){: .with-border}
## Inspect the deployment
@ -69,7 +71,7 @@ links in the **Kubernetes** section of the left pane.
the **Status** section to see that pod's phase, IP address, and other
properties.
![](../../images/deploy-kubernetes-workload-2.png){: .with-border}
![](../images/deploy-kubernetes-workload-2.png){: .with-border}
## Expose the server
@ -103,7 +105,7 @@ The service connects the cluster's internal port 80 to the external port
section.
3. Click the link that's labeled **URL** to
![](../../images/deploy-kubernetes-workload-3.png){: .with-border}
![](../images/deploy-kubernetes-workload-3.png){: .with-border}
The YAML definition connects the service to the NGINX server by using the
app label `nginx` and a corresponding label selector.

6
ee/ucp/user/services/deploy-app-cli.md → ee/ucp/swarm/deploy-from-cli.md
View File

@ -2,6 +2,8 @@
title: Deploy an app from the CLI
description: Learn how to deploy containerized applications on a cluster, with Docker Universal Control Plane.
keywords: ucp, deploy, application, stack, service, compose
redirect_from:
- /ee/ucp/user/services/deploy-app-cli/
ui_tabs:
- version: ucp-3.0
orlower: true
@ -15,7 +17,7 @@ application that allows users to vote on whether they prefer cats or dogs.
## Get a client certificate bundle
Docker UCP secures your Docker cluster with
[role-based access control](../../authorization/index.md),
[role-based access control](../authorization/index.md),
so that only authorized users can deploy applications. To be able to run Docker
commands on a cluster managed by UCP, you need to configure your Docker CLI
client to authenticate to UCP using client certificates.
@ -155,7 +157,7 @@ published to port 8080. Visiting that port accesses the running instance of
the visualizer service in your browser, which shows a map of how this application
was deployed:
![Screenshot of visualizer](../../images/deployed_visualizer_detail.png){: .with-border}
![Screenshot of visualizer](../images/deployed_visualizer_detail.png){: .with-border}
Here you can see some of the characteristics of the deployment specification
from the Compose file in play. For example, the manager node is running the

20
ee/ucp/user/services/index.md → ee/ucp/swarm/deploy-from-ui.md
View File

@ -2,11 +2,13 @@
title: Deploy an app from the UI
description: Learn how to deploy containerized applications on a cluster, with Docker Universal Control Plane.
keywords: ucp, deploy, application, stack, service, compose
redirect_from:
- /ee/ucp/user/services/
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: deploy-app-cli/
- path: deploy-from-cli/
title: Deploy an app from the CLI
---
{% if include.version=="ucp-3.0" %}
@ -31,7 +33,7 @@ In your browser, log in to the UCP web UI, and navigate to the
**Stacks** page. Click **Create Stack** to deploy a new application.
Give the application a name, like "VotingApp", and in the **Mode** field,
select **Services**.
select **Services**.
Paste the following YAML into the **COMPOSE.YML** editor:
@ -121,7 +123,7 @@ volumes:
db-data:
```
![](../../images/deploy-app-ui-1.png){: .with-border}
![](../images/deploy-app-ui-1.png){: .with-border}
> When "Services" is selected, you can define services in this YAML file that
have a `deploy:` key, which schedules the containers on certain nodes, defines
@ -137,17 +139,17 @@ you deployed across your nodes. Click the `VotingApp_vote` service and find
the **Published Endpoint** field in the details pane. Click the link to visit
the voting page, which is published on port `5000`.
![Screenshot of deployed service](../../images/deployed_visualizer.png){: .with-border}
![Screenshot of deployed service](../images/deployed_visualizer.png){: .with-border}
Click **Cats** and **Dogs** a few times to register some votes, and notice
Click **Cats** and **Dogs** a few times to register some votes, and notice
that each click is processed by a different container.
Go back to the **Services** page in the UCP web UI. Click the
Go back to the **Services** page in the UCP web UI. Click the
`VotingApp_result` service and find the **Published Endpoint** field in
the details pane. It has the same URL as the other `VotingApp` services,
but it's published on port `5001`. Click the link to view the vote tally.
Back in the **Services** page, click the
Back in the **Services** page, click the
`VotingApp_visualizer` service and find the **Published Endpoint** field in
the details pane. You'll see a link to your UCP instance's URL that includes
the published port of the visualizer service, which is 8080 in this case.
@ -155,7 +157,7 @@ the published port of the visualizer service, which is 8080 in this case.
Visiting this URL accesses the running instance of the `VotingApp_visualizer`
service in your browser, which shows a map of how this application was deployed:
![Screenshot of visualizer](../../images/deployed_visualizer_detail.png){: .with-border}
![Screenshot of visualizer](../images/deployed_visualizer_detail.png){: .with-border}
You can see some of the characteristics of the deployment specification
from the Compose file in play. For example, the manager node is running the
@ -173,7 +175,7 @@ Compose keywords are not supported:
* env_file
To overcome these limitations, you can
[deploy your apps from the CLI](deploy-app-cli.md).
[deploy your apps from the CLI](deploy-from-cli.md).
Also, UCP doesn't store the compose file used to deploy the application. You can
use your version control system to persist that file.

10
ee/ucp/user/services/deploy-stack-to-collection.md → ee/ucp/swarm/deploy-to-collection.md
View File

@ -2,11 +2,13 @@
title: Deploy application resources to a collection
description: Learn how to manage user access to application resources by using collections.
keywords: UCP, authentication, user management, stack, collection, role, application, resources
redirect_from:
- /ee/ucp/user/services/deploy-stack-to-collection/
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: deploy-compose-on-kubernetes/
- path: ../kubernetes/deploy-with-compose/
title: Deploy a Compose-based app to a Kubernetes cluster
- path: /engine/reference/commandline/service_create/#set-metadata-on-a-service--l-label/
title: Set metadata on a service (-l, label)
@ -19,7 +21,7 @@ Docker Universal Control Plane enforces role-based access control when you
deploy services. By default, you don't need to do anything, because UCP deploys
your services to a default collection, unless you specify another one. You can
customize the default collection in your UCP profile page.
[Learn more about access control and collections](../../authorization/index.md).
[Learn more about access control and collections](../authorization/index.md).
UCP defines a collection by its path. For example, a user's default collection
has the path `/Shared/Private/<username>`. To deploy a service to a collection
@ -28,7 +30,7 @@ service. The access label is named `com.docker.ucp.access.label`.
When UCP deploys a service, it doesn't automatically create the collections
that correspond with your access labels. An administrator must create these
collections and [grant users access to them](../../authorization/grant-permissions.md).
collections and [grant users access to them](../authorization/grant-permissions.md).
Deployment fails if UCP can't find a specified collection or if the user
doesn't have access to it.
@ -101,6 +103,6 @@ To confirm that the service deployed to the `/Shared/wordpress` collection:
3. On the **Services** page, click **wordpress_mysql**. In the details pane,
make sure that the **Collection** is `/Shared/wordpress`.
![](../../images/deploy-stack-to-collection.png){: .with-border}
![](../images/deploy-stack-to-collection.png){: .with-border}
{% endif %}

8
ee/ucp/user/services/deploy-a-service.md → ee/ucp/swarm/index.md
View File

@ -2,6 +2,8 @@
title: Deploy a service
description: Learn how to deploy services to a cluster managed by Universal Control Plane.
keywords: ucp, deploy, service
redirect_from:
- /ee/ucp/user/services/deploy-a-service/
ui_tabs:
- version: ucp-3.0
orlower: true
@ -27,7 +29,7 @@ Fill in the following fields:
| Service name | nginx |
| Image name | nginx:latest |
![](../../images/deploy-a-service-1.png){: .with-border}
![](../images/deploy-a-service-1.png){: .with-border}
In the left pane, click **Network**. In the **Ports** section,
click **Publish Port** and fill in the following fields:
@ -39,7 +41,7 @@ click **Publish Port** and fill in the following fields:
| Publish mode | Ingress |
| Public port | 8000 |
![](../../images/deploy-a-service-2.png){: .with-border}
![](../images/deploy-a-service-2.png){: .with-border}
Click **Confirm** to map the ports for the NGINX service.
@ -49,7 +51,7 @@ deploy the service into the UCP cluster.
Once the service is up and running, you'll be able to see the default NGINX
page, by going to `http://<node-ip>:8000`.
![](../../images/deploy-a-service-4.png){: .with-border}
![](../images/deploy-a-service-4.png){: .with-border}
{% endif %}
{% endif %}

25
ee/ucp/user/secrets/index.md → ee/ucp/swarm/use-secrets.md
View File

@ -2,12 +2,11 @@
title: Manage secrets
description: Learn how to manage your passwords, certificates, and other secrets in a secure way with Docker EE
keywords: UCP, secret, password, certificate, private key
redirect_from:
- /ee/ucp/user/secrets/
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: grant-revoke-access/
title: Grant access to secrets
---
{% if include.version=="ucp-3.0" %}
@ -45,12 +44,12 @@ In the UCP web UI, navigate to **Secrets** page and click **Create Secret**
to create a new secret. Once you create the secret you won't be able to edit
it or see the secret data again.
![](../../images/manage-secrets-1.png){: .with-border}
![](../images/manage-secrets-1.png){: .with-border}
Click **Create Secret** to create a new secret. Once you create the secret
you won't be able to edit it or see the secret data again.
![](../../images/manage-secrets-2.png){: .with-border}
![](../images/manage-secrets-2.png){: .with-border}
Assign a unique name to the secret and set its value. You can optionally define
a permission label so that other users have permission to use this secret. Also
@ -69,7 +68,7 @@ that they're going to use to communicate with one another.
Navigate to the **Networks** page, and create the `wordpress-network` with the
default configurations.
![](../../images/manage-secrets-3.png){: .with-border}
![](../images/manage-secrets-3.png){: .with-border}
Now create the MySQL service:
@ -101,7 +100,7 @@ We also set the `MYSQL_ROOT_PASSWORD_FILE` environment variable to configure
MySQL to use the content of the `/run/secrets/wordpress-password-v1` file as
the root password.
![](../../images/manage-secrets-4.png){: .with-border}
![](../images/manage-secrets-4.png){: .with-border}
Now that the MySQL service is running, we can deploy a WordPress service that
uses MySQL as a storage backend:
@ -130,12 +129,12 @@ This creates the WordPress service attached to the same network as the MySQL
service so that they can communicate, and maps the port 80 of the service to
port 8000 of the cluster routing mesh.
![](../../images/manage-secrets-5.png){: .with-border}
![](../images/manage-secrets-5.png){: .with-border}
Once you deploy this service, you'll be able to access it using the
IP address of any node in your UCP cluster, on port 8000.
![](../../images/manage-secrets-6.png){: .with-border}
![](../images/manage-secrets-6.png){: .with-border}
## Update a secret
@ -155,7 +154,7 @@ this:
Let's rotate the secret we've created. Navigate to the **Secrets** page
and create a new secret named `wordpress-password-v2`.
![](../../images/manage-secrets-7.png){: .with-border}
![](../images/manage-secrets-7.png){: .with-border}
This example is simple, and we know which services we need to update,
but in the real world, this might not always be the case.
@ -163,7 +162,7 @@ but in the real world, this might not always be the case.
Click the **wordpress-password-v1** secret. In the details pane,
click **Inspect Resource**, and in the dropdown, select **Services**.
![](../../images/manage-secrets-8.png){: .with-border}
![](../images/manage-secrets-8.png){: .with-border}
Start by updating the `wordpress-db` service to stop using the secret
`wordpress-password-v1` and use the new version instead.
@ -186,7 +185,7 @@ the file with the content of `wordpress-password-v2` be mounted in
Delete the `wordpress-password-v1` secret, and click **Update**.
![](../../images/manage-secrets-9.png){: .with-border}
![](../images/manage-secrets-9.png){: .with-border}
Then do the same thing for the WordPress service. After this is done, the
WordPress application is running and using the new password.
@ -195,4 +194,4 @@ WordPress application is running and using the new password.
You can find additional documentation on managing secrets through the CLI at [How Docker manages secrets](/engine/swarm/secrets/#read-more-about-docker-secret-commands).
{% endif %}
{% endif %}

2
ee/ucp/user-access/cli.md
View File

@ -8,7 +8,7 @@ ui_tabs:
- version: ucp-2.2
orlower: true
next_steps:
- path: ../services/
- path: ../swarm/
title: Deploy a service
redirect_from:
- /datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access/

4
ee/ucp/user-access/index.md
View File

@ -6,9 +6,9 @@ ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: ../../authorization/
- path: ../authorization/
title: Authorization
- path: cli-based-access/
- path: cli/
title: Access UCP from the CLI
redirect_from:
- /ee/ucp/user/access-ucp/

38
ee/ucp/user/secrets/grant-revoke-access.md
View File

@ -1,38 +0,0 @@
---
title: Give access to secrets
description: Learn how to use labels to give permissions to secrets in Docker UCP.
keywords: UCP, secret, password, certificate, private key
ui_tabs:
- version: ucp-3.0
orlower: true
---
{% if include.version=="ucp-3.0" %}
UCP gives you access control, so that you can specify which users can use a
specific secret in their services and which users can delete the secret.
## Grant access to a secret
As with other resources managed by UCP, the way to give permission to a set
of users to use a secret is by applying the `com.docker.ucp.access.label` to
the secret.
![](../../images/grant-access-secrets-1.png){: .with-border}
Users that are part of a team with access to that label will be able to see
and use the secret.
In this example, if Jenny is part of a team that has `Restricted Control` over
the `com.docker.ucp.access.label=blog` label, she will be able to use the
secret in her services, as long as the service also has the same label.
This ensures that users can use a secret in their services without having
permissions to attach to the container running the service and inspect the
secret data.
![](../../images/grant-access-secrets-2.svg)
To revoke access to a secret you can edit the secret to change the access label,
or update the permissions a team has for a label.
{% endif %}