Update UCP screenshots and workflows (#601)

* Update UCP screenshots and workflows

* More UCP screenshot updates

ee/get-support.md

@@ -23,7 +23,7 @@ support dump:
 
 1. Log into the UCP web UI with an administrator account.
 2. In the top-left menu, click your username and choose
-   **Download Logs**.
+   **Support Dump**. It may take a few minutes for the download to complete.
 
 ![](images/get-support-1.png){: .with-border}
 

ee/ucp/admin/configure/add-labels-to-cluster-nodes.md

@@ -1,6 +1,6 @@
 ---
-title: Add labels to swarm nodes
-description: Learn how to add metadata to swarm nodes that can be used to specify constraints when deploying services.
+title: Add labels to cluster nodes
+description: Learn how to add metadata to cluster nodes that can be used to specify constraints when deploying services.
 keywords: cluster, node, label, swarm, metadata
 ---
 
@@ -52,12 +52,13 @@ scheduled only on a node that has a label that fulfills all of the constraints
 you specify.
 
 In this example, when users deploy a service, they can add a constraint for the
-service to be scheduled only on nodes that have SSD storage.
+service to be scheduled only on nodes that have SSD storage:
+`node.labels.disk == ssd`.
 
 Navigate to the **Stacks** page. Name the new stack "wordpress", and in the
-**Mode** dropdown, check **Services**.
+**Mode** dropdown, check **Swarm Services**.
 
-In the **Compose.yml** editor, paste the following stack file.
+In the **docker-compose.yml** editor, paste the following stack file.
 
 ```
 version: "3.1"
@@ -120,7 +121,7 @@ WordPress containers scheduled on the node. Dismiss the filter.
 
 ## Add a constraint to a service by using the UCP web UI
 
-You can declare the deployment constraints in your docker-stack.yml file or
+You can declare the deployment constraints in your docker-compose.yml file or
 when you're creating a stack. Also, you can apply them when you're creating
 a service.
 
@@ -128,8 +129,9 @@ To check if a service has deployment constraints, navigate to the
 **Services** page and choose the service that you want to check.
 In the details pane, click **Constraints** to list the constraint labels.
 
-To edit the labels on the service, click **Configure** and select
-**Environment**. 
+To edit the constraints on the service, click **Configure** and select
+**Details** to open the **Update Service** page. Click **Scheduling** to
+view the constraints. 
 
 ![](../../images/add-constraint-to-service.png)
 

ee/ucp/admin/configure/add-sans-to-cluster.md

@@ -24,15 +24,16 @@ also add them after installation.
 
 1.  In the UCP web UI, log in with administrator credentials and navigate to
     the **Nodes** page.
-2.  Click on a manager node, and in the details pane, click **Configure**. 
+2.  Click on a manager node, and in the details pane, click **Configure** and 
+    select **Details**. 
 3.  In the **SANs** section, click **Add SAN**, and enter one or more SANs
     for the cluster.
     ![](../../images/add-sans-to-cluster-1.png){: .with-border}
 4.  Once you're done, click **Save**.
 
-You will have to do this on every manager node in the cluster, but once you
-have done so, the SANs are applied automatically to any new manager nodes
-that join the cluster.
+You will have to do this on every existsing manager node in the cluster,
+but once you have done so, the SANs are applied automatically to any new
+manager nodes that join the cluster.
 
 You can also do this from the CLI by first running:
 

ee/ucp/admin/configure/external-auth/index.md

@@ -156,7 +156,7 @@ Click **Confirm** to add your LDAP domain.
 | Full name attribute                      | The LDAP attribute to use as the user's full name for display purposes. If left empty, UCP will not create new users with a full name value.                                                                                                                                                                                                                                                                                                                                                                                                                                                  |                                        |
 | Filter                                   | The LDAP search filter used to find users. If you leave this field empty, all directory entries in the search scope with valid username attributes are created as users.                                                                                                                                                                                                                                                                                                                                                                                                                      |                                        |
 | Search subtree instead of just one level | Whether to perform the LDAP search on a single level of the LDAP tree, or search through the full LDAP tree starting at the Base DN.                                                                                                                                                                                                                                                                                                                                                                                                                                                          |                                        |
-| Select Group Members                     | Whether to further filter users by selecting those who are also members of a specific group on the directory server. This feature is helpful if the LDAP server does not support `memberOf` search filters.                                                                                                                                                                                                                                                                                                                                                                                   |                                        |
+| Match Group Members                     | Whether to further filter users by selecting those who are also members of a specific group on the directory server. This feature is helpful if the LDAP server does not support `memberOf` search filters.                                                                                                                                                                                                                                                                                                                                                                                   |                                        |
 | Iterate through group members            | If `Select Group Members` is selected, this option searches for users by first iterating over the target group's membership, making a separate LDAP query for each member. as opposed to first querying for all users which match the above search query and intersecting those with the set of group members. This option can be more efficient in situations where the number of members of the target group is significantly smaller than the number of users which would match the above search filter, or if your directory server does not support simple pagination of search results. |                                        |
 | Group DN                                 | If `Select Group Members` is selected, this specifies the distinguished name of the group from which to select users.                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |                                        |
 | Group Member Attribute                   | If `Select Group Members` is selected, the value of this group attribute corresponds to the distinguished names of the members of the group.                                                                                                                                                                                                                                                                                                                                                                                                                                                  |                                        |

ee/ucp/admin/configure/run-only-the-images-you-trust.md

@@ -42,14 +42,8 @@ applications if they use images you trust.
 With this setting, UCP allows deploying any image as long as the image has
 been signed. It doesn't matter who signed the image.
 
-To enforce that the image needs to be signed by specific teams, click the
-dropdown and select those teams from the list.
-
-> Team must be in docker-datacenter
->
-> You need to select a team that's part of the `docker-datacenter` organization
-> in order to use this feature.
-{: .important}
+To enforce that the image needs to be signed by specific teams, click **Add Team**
+and select those teams from the list.
 
 ![UCP settings](../../images/run-only-the-images-you-trust-3.png){: .with-border}
 

ee/ucp/admin/configure/set-orchestrator-type.md

@@ -29,7 +29,8 @@ Change a node's orchestrator type on the **Edit node** page:
 1.  Log in to the Docker EE web UI with an administrator account.
 2.  Navigate to the **Nodes** page, and click the node that you want to assign
     to a different orchestrator.
-3.  In the details pane, click **Configure** to open the **Edit node** page.
+3.  In the details pane, click **Configure** and select **Details** to open
+    the **Edit node** page.
 4.  In the **Orchestrator properties** section, click the orchestrator type
     for the node.
 5.  Click **Save** to assign the node to the selected orchestrator.

ee/ucp/admin/configure/set-session-timeout.md

@@ -16,6 +16,6 @@ To configure UCP login sessions, go to the UCP web UI, navigate to the
 
 |          Field          |                                                                                                                                                                                                                                             Description                                                                                                                                                                                                                                             |
 | :---------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Lifetime Hours          | The initial lifetime of a login session, from the time UCP generates it. When this time expires, UCP invalidates the session, and the user must authenticate again to establish a new session. The default is 72 hours.                                                                                                                                                                                                                                                                             |
-| Renewal Threshold Hours | The time before session expiration when UCP extends an active session. UCP extends the session by the number of hours specified in **Lifetime Hours**. The threshold value can't be greater than **Lifetime Hours**. The default is 24 hours. To specify that sessions are extended with every use, set the threshold equal to the lifetime. To specify that sessions are never extended, set the threshold to zero. This may cause users to be logged out unexpectedly while using the UCP web UI. |
+| Lifetime Minutes          | The initial lifetime of a login session, from the time UCP generates it. When this time expires, UCP invalidates the session, and the user must authenticate again to establish a new session. The default is 4320 minutes, which is 72 hours.                                                                                                                                                                                                                                                                             |
+| Renewal Threshold Minutes | The time before session expiration when UCP extends an active session. UCP extends the session by the number of hours specified in **Lifetime Hours**. The threshold value can't be greater than **Lifetime Hours**. The default is 1440 minutes, which is 24 hours. To specify that sessions are extended with every use, set the threshold equal to the lifetime. To specify that sessions are never extended, set the threshold to zero. This may cause users to be logged out unexpectedly while using the UCP web UI. |
 | Per User Limit          | The maximum number of simultaneous logins for a user. If creating a new session exceeds this limit, UCP deletes the least recently used session. To disable the limit, set the value to zero.                                                                                                                                                                                                                                                                                                       |

ee/ucp/admin/configure/store-logs-in-an-external-system.md

@@ -10,7 +10,7 @@ You can configure UCP for sending logs to a remote logging service:
 1. Log in to UCP with an administrator account.
 2. Navigate to the **Admin Settings** page.
 3. Set the information about your logging server, and click
-   **Enable Remote Logging**.
+   **Save**.
 
 ![](../../images/configure-logs-1.png){: .with-border}
 

ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-with-logs.md

@@ -13,8 +13,8 @@ see information about UCP system containers.
 
 To see the logs of the UCP system containers, navigate to the **Containers**
 page of UCP. By default, the UCP system containers are hidden. Click
-**Settings** and check **Show system containers** for the UCP system containers
-to be listed as well.
+the Settings icon and check **Show system resources** for the UCP system
+containers to be listed as well.
 
 ![](../../images/troubleshoot-with-logs-1.png){: .with-border}
 

ee/ucp/authorization/create-users-and-teams-manually.md

@@ -77,7 +77,8 @@ To manually create users in UCP:
 2. Click **Create User**.
 3. Input username, password, and full name.
 4. Click **Create**.
-5. [optional] Check "Is a Docker EE Admin".
+5. Optionally, check "Is a Docker EE Admin" to give the user administrator 
+   privileges.
 
 > A `Docker EE Admin` can grant users permission to change the cluster
 > configuration and manage grants, roles, and resource sets.

ee/ucp/authorization/migrate-kubernetes-roles.md

@@ -98,7 +98,7 @@ UCP web UI.
 3.  In the **Type** section, click **Namespaces** and ensure that **default** is selected.
 4.  In the left pane, click **Roles**, and in the **Role** dropdown, select **pod-reader**.
 5.  In the left pane, click **Subjects**, and click **All Users**.
-6.  In the **Users** dropdown, select **jane**.
+6.  In the **User** dropdown, select **jane**.
 7.  Click **Create**. 
 
 ![](../images/migrate-kubernetes-roles-2.png){: .with-border}

ee/ucp/authorization/reset-user-password.md

@@ -9,8 +9,8 @@ Docker EE administrators can reset user passwords managed in UCP:
 1. Log in to UCP with administrator credentials.
 2. Click **Users** under **User Management**.
 3. Select the user whose password you want to change.
-4. Select **Configure > Security**.
-5. Enter the new password, confirm, and **Save**.
+4. Select **Configure** and select **Security**.
+5. Enter the new password, confirm, and click **Update Password**.
 
 Users passwords managed with an LDAP service must be changed on the LDAP server.
 

ee/ucp/kubernetes/create-service-account.md

@@ -36,13 +36,16 @@ account.
 
     ![](../images/create-service-account-1.png){: .with-border}
 
+5.  Click the **Set context for all namespaces** toggle and click **Confirm**.
+
 ## Create a service account
 
 Create a service account named `nginx-service-account` in the `nginx`
 namespace.
 
 1.  Navigate to the **Service Accounts** page and click **Create**.
-2.  In the **Object YAML** editor, paste the following text.
+2.  In the **Namespace** dropdown, select **nginx**.
+3.  In the **Object YAML** editor, paste the following text.
     ```yaml
     apiVersion: v1
     kind: ServiceAccount

ee/ucp/swarm/deploy-to-collection.md

@@ -77,11 +77,13 @@ To deploy the application:
 
 1. In the UCP web UI, navigate to the **Stacks** page and click **Create Stack**.
 2. Name the app "wordpress".
-3. From the **Mode** dropdown, select **Services**.
-4. Copy and paste the previous compose file into the **Compose.yml** editor.
+3. From the **Mode** dropdown, select **Swarm Services**.
+4. Copy and paste the previous compose file into the **docker-compose.yml** editor.
 5. Click **Create** to deploy the application, and click **Done** when the
    deployment completes.
 
+   ![](../images/deploy-stack-to-collection-1.png){: .with-border}
+
 If the `/Shared/wordpress` collection doesn't exist, or if you don't have
 a grant for accessing it, UCP reports an error.
 
@@ -92,7 +94,7 @@ To confirm that the service deployed to the `/Shared/wordpress` collection:
 3. On the **Services** page, click **wordpress_mysql**. In the details pane,
    make sure that the **Collection** is `/Shared/wordpress`.
 
-![](../images/deploy-stack-to-collection.png){: .with-border}
+![](../images/deploy-stack-to-collection-2.png){: .with-border}
 
 ## Where to go next
 

ee/ucp/swarm/index.md

@@ -26,12 +26,12 @@ Fill in the following fields:
 In the left pane, click **Network**. In the **Ports** section,
 click **Publish Port** and fill in the following fields:
 
-| Field         | Value   |
-|:--------------|:--------|
-| Internal port | 80      |
-| Protocol      | tcp     |
-| Publish mode  | Ingress |
-| Public port   | 8000    |
+| Field          | Value   |
+|:---------------|:--------|
+| Target port    | 80      |
+| Protocol       | tcp     |
+| Publish mode   | Ingress |
+| Published port | 8000    |
 
 ![](../images/deploy-a-service-2.png){: .with-border}
 
@@ -40,11 +40,19 @@ Click **Confirm** to map the ports for the NGINX service.
 Once you've specified the service image and ports, click **Create** to
 deploy the service into the UCP cluster.
 
+![](../images/deploy-a-service-3.png){: .with-border}
+
 Once the service is up and running, you'll be able to see the default NGINX
-page, by going to `http://<node-ip>:8000`.
+page, by going to `http://<node-ip>:8000`. In the **Services** list, click the
+**nginx** service, and in the details pane, click the link under
+**Published Endpoints**. 
 
 ![](../images/deploy-a-service-4.png){: .with-border}
 
+Clicking the link opens a new tab that shows the default NGINX home page. 
+
+![](../images/deploy-a-service-5.png){: .with-border}
+
 ## Use the CLI to deploy the service
 
 You can also deploy the same service from the CLI. Once you've set up your

ee/ucp/swarm/use-secrets.md

@@ -36,9 +36,7 @@ persist data. When the service stops, the data is lost.
 
 ## Create a secret
 
-In the UCP web UI, navigate to **Secrets** page and click **Create Secret**
-to create a new secret. Once you create the secret you won't be able to edit
-it or see the secret data again.
+In the UCP web UI, open the **Swarm** section and click **Secrets**.
 
 ![](../images/manage-secrets-1.png){: .with-border}
 
@@ -49,10 +47,10 @@ you won't be able to edit it or see the secret data again.
 
 Assign a unique name to the secret and set its value. You can optionally define
 a permission label so that other users have permission to use this secret. Also
-note that a service and secret must have the same permission label (or both
-must have no permission label at all) in order to be used together.
+note that a service and secret must have the same permission label, or both
+must have no permission label at all, in order to be used together.
 
-In this example our secret is named `wordpress-password-v1`, to make it easier
+In this example, the secret is named `wordpress-password-v1`, to make it easier
 to track which version of the password our services are using.
 
 
@@ -62,7 +60,7 @@ Before creating the MySQL and WordPress services, we need to create the network
 that they're going to use to communicate with one another.
 
 Navigate to the **Networks** page, and create the `wordpress-network` with the
-default configurations.
+default settings.
 
 ![](../images/manage-secrets-3.png){: .with-border}
 
@@ -78,7 +76,7 @@ Now create the MySQL service:
 4. In the **Secrets** section, click **Use Secret**, and in the **Secret Name**
    dropdown, select **wordpress-password-v1**. Click **Confirm** to associate
    the secret with the service.
-5. In the **Environment Variable**, click **Add Environment Variable** and enter
+5. In the **Environment Variable** section, click **Add Environment Variable** and enter
    the string "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/wordpress-password-v1" to
    create an environment variable that holds the path to the password file in
    the container.
@@ -121,6 +119,8 @@ uses MySQL as a storage backend:
    label, then this service also can't have a permission label.
 8. Click **Create** to deploy the WordPress service.
 
+![](../images/manage-secrets-4a.png){: .with-border}
+
 This creates the WordPress service attached to the same network as the MySQL
 service so that they can communicate, and maps the port 80 of the service to
 port 8000 of the cluster routing mesh.