docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-6

This commit is contained in:
Tammy Fox 2018-08-06 16:19:39 -04:00 committed by GitHub
parent 82de19ffa6 022b000280
commit a2e698a157
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
24 changed files with 168 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_data/engine-cli/docker_load.yaml
View File

@ -28,7 +28,7 @@ options:
swarm: false
examples: |-
```bash
$ docker docker image ls
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE

2
_includes/install-script.md
View File

@ -38,7 +38,7 @@ Always examine scripts downloaded from the internet before
{:.warning}
```bash
$ curl -fsSL get.docker.com -o get-docker.sh
$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
<output truncated>

2
compose/compose-file/index.md
View File

@ -1140,7 +1140,7 @@ Run an init inside the container that forwards signals and reaps processes.
Either set a boolean value to use the default `init`, or specify a path to
a custom one.
version: '2.2'
version: '3.7'
services:
web:
image: alpine:latest

9
compose/environment-variables.md
View File

@ -129,10 +129,11 @@ services:
When you set the same environment variable in multiple files, here's the
priority used by Compose to choose which value to use:
1. Compose file,
2. Environment file,
3. Dockerfile,
4. Variable is not defined.
1. Compose file
2. Shell environment variables
3. Environment file
4. Dockerfile
5. Variable is not defined
In the example below, we set the same environment variable on an Environment
file, and the Compose file:

2
develop/develop-images/multistage-build.md
View File

@ -92,7 +92,7 @@ With multi-stage builds, you use multiple `FROM` statements in your Dockerfile.
Each `FROM` instruction can use a different base, and each of them begins a new
stage of the build. You can selectively copy artifacts from one stage to
another, leaving behind everything you don't want in the final image. To show
how this works, Let's adapt the Dockerfile from the previous section to use
how this works, let's adapt the Dockerfile from the previous section to use
multi-stage builds.
**`Dockerfile`**:

6
docker-hub/repos.md
View File

@ -140,8 +140,10 @@ team.
To work with a private repository on [Docker Hub](https://hub.docker.com), you
need to add one using the [Add Repository](https://hub.docker.com/add/repository/) button. You get one private
repository for free with your Docker Hub user account (not usable for
organizations you're a member of). If you need more accounts you can upgrade
your [Docker Hub](https://hub.docker.com/account/billing-plans/) plan.
organizations you're a member of). If you need more private repositories for your user account, upgrade
your Docker Hub plan from your [Billing Information](https://hub.docker.com/account/billing-plans/) page.
User and organization accounts maintain separate billing profiles. For more information on managing billing for your account, you may refer to the [Where can I change my billing details?](https://success.docker.com/article/where-can-i-change-my-billing-details) kbase article.
Once the private repository is created, you can `push` and `pull` images to and
from it using Docker.

8
ee/dtr/release-notes.md
View File

@ -20,14 +20,6 @@ to upgrade your installation to the latest release.
# Version 2.5
## 2.5.4 (2018-07-26)
### Bug Fixes
* Fixed bug where repository tag list UI was not loading after a tag migration.
* Fixed bug to enable poll mirroring with Windows images.
* The RethinkDB image has been patched to remove unused components with known vulnerabilities including the rethinkcli. To get an equivalent interface run rethinkcli from a separate image using `docker run -it --rm --net dtr-ol -v dtr-ca-$REPLICA_ID:/ca dockerhubenterprise/rethinkcli $REPLICA_ID`.
## 2.5.3 (2018-6-21)
### New Features

5
ee/supported-platforms.md
View File

@ -50,6 +50,11 @@ scan your images for vulnerabilities.
[Learn more about Docker EE Standard and Advanced](/ee/index.md).
> Compatibility Matrix
>
> Refer to the [Compatibility Matrix](https://success.docker.com/article/compatibility-matrix) for the latest list of supported platforms.
{: .important}
## Supported platforms
The following table shows all of the platforms that are available for Docker EE.

5
ee/ucp/admin/configure/join-nodes/use-a-load-balancer.md
View File

@ -34,6 +34,11 @@ or port number.
* Use the same load balancer with multiple virtual IPs.
* Configure your load balancer to expose UCP or DTR on a port other than 443.
> Additional requirements
>
> In addition to configuring your load balancer to distinguish between UCP and DTR, configuring a load balancer for DTR has [additional requirements](https://docs.docker.com/ee/dtr/admin/configure/use-a-load-balancer/#load-balance-dtr).
{: .important}
## Configuration examples
Use the following examples to configure your load balancer for UCP.

9
ee/ucp/admin/configure/use-nfs-volumes.md
View File

@ -202,11 +202,16 @@ kubectl create secret generic mysql-pass --from-literal=password=<mysql-password
You have two persistent volumes that are available for claims. The MySQL
deployment uses one volume, and WordPress uses the other.
Copy the following yaml to a file named wordpress-deployment.yaml.
Copy the following yaml to a file named `wordpress-deployment.yaml`.
The claims in this file make no reference to a particular storage class, so
they bind to any available volumes that can satisfy the storage request.
In this example, both claims request `20Gi` of storage.
> Use specific persistent volume
>
>If you are attempting to use a specific persistent volume and not let Kubernetes choose at random, ensure that the `storageClassName` key is populated in the persistent claim itself.
{: important}
```yaml
apiVersion: v1
kind: Service
@ -435,4 +440,4 @@ Click the **permalink** to view the site.
## Where to go next
- [Example of NFS based persistent volume](https://github.com/kubernetes/examples/tree/master/staging/volumes/nfs#nfs-server-part)
- [Example: Deploying WordPress and MySQL with Persistent Volumes](https://v1-8.docs.kubernetes.io/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/)
- [Example: Deploying WordPress and MySQL with Persistent Volumes](https://v1-8.docs.kubernetes.io/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/)

BIN
ee/ucp/images/kubernetes-version.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

7
ee/ucp/interlock/usage/context.md
View File

@ -29,6 +29,13 @@ $> docker service create \
ehazlett/docker-demo
```
> Only one path per host
>
> Interlock supports only one path per host per service cluster. Once a
> particular `com.docker.lb.hosts` label has been applied, it cannot be applied
> again in the same service cluster.
{: .important}
Interlock will detect once the service is available and publish it. Once the tasks are running
and the proxy service has been updated the application should be available via `http://demo.local`:

2
ee/ucp/release-notes.md
View File

@ -274,7 +274,7 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
* Fixed an issue that causes some security headers to not be added to all API responses.
* Core
* Optimized Swarm service read API calls through UCP.
* Optimized swarm service read API calls through UCP.
* Upgraded `RethinkDB` image to address potential security vulnerabilities.
* Fixee an issue where removing a worker node from the cluster would cause an etcd member to be removed on a manager node.
* Upgraded `etcd` version to 2.3.8.

4
ee/ucp/ucp-architecture.md
View File

@ -68,8 +68,8 @@ on a node depend on whether the node is a manager or a worker.
Internally, UCP uses the following components:
* Calico 3.0.8
* Kubernetes 1.8.9
* Calico 3.0.1
* Kubernetes 1.8.11
### UCP components in manager nodes

128
ee/ucp/user-access/kubectl.md
View File

@ -4,94 +4,98 @@ description: Learn how to install kubectl, the Kubernetes command-line tool, on
keywords: ucp, cli, administration, kubectl, Kubernetes
---
Docker EE installs Kubernetes automatically when you install UCP, and the
web UI enables deploying Kubernetes workloads and monitoring pods. You can
also interact with the Kubernetes deployment by using the Kubernetes
command-line tool, which is named kubectl.
Docker EE 2.0 and higher deploys Kubernetes as part of a UCP installation.
Deploy, manage, and monitor Kubernetes workloads from the UCP dashboard. Users can
also interact with the Kubernetes deployment through the Kubernetes
command-line tool named kubectl.
To use kubectl, install the binary on a UCP manager or worker node. To access
the UCP cluster with kubectl, install the UCP client bundle.
To access the UCP cluster with kubectl, install the [UCP client bundle](cli.md).
> Kubernetes on Docker for Mac
> Kubernetes on Docker for Mac and Docker for Windows
>
> Docker for Mac 17.12 CE Edge provides a standalone Kubernetes server that
> runs on your Mac, with kubectl installed by default. This installation is
> Docker for Mac and Docker for Windows provide a standalone Kubernetes server that
> runs on your development machine, with kubectl installed by default. This installation is
> separate from the Kubernetes deployment on a UCP cluster.
> Learn how to [deploy to Kubernetes on Docker for Mac](/docker-for-mac/kubernetes.md).
{: .important}
## Install the kubectl binary
Install the latest version of kubectl for Linux on the node where you want
to control Kubernetes. You can install kubectl on both manager and worker
nodes. Learn how to [install and set up kubectl](https://v1-8.docs.kubernetes.io/docs/tasks/tools/install-kubectl/).
To use kubectl, install the binary on a workstation which has access to your UCP endpoint.
On any node in your UCP cluster, run the following commands.
> Must install compatible version
>
> Kubernetes only guarantees compatibility with kubectl versions that are +/-1 minor versions away from the Kubernetes version.
{: .important}
First, find which version of Kubernetes is running in your cluster. This can be found
within the Universal Control Plane dashboard or at the UCP API endpoint [version](/reference/ucp/3.0/api/).
From the UCP dashboard, click on **About Docker EE** within the **Admin** menu in the top left corner
of the dashboard. Then navigate to **Kubernetes**.
![Find Kubernetes version](../images/kubernetes-version.png){: .with-border}
Once you have the Kubernetes version, install the kubectl client for the relevant
operating system.
<ul class="nav nav-tabs">
<li class="active"><a data-toggle="tab" data-target="#mac">Mac OS</a></li>
<li><a data-toggle="tab" data-target="#linux">Linux</a></li>
<li><a data-toggle="tab" data-target="#win">Windows</a></li>
</ul>
<div class="tab-content">
<div id="mac" class="tab-pane fade in active" markdown="1">
```
# Set the Kubernetes version as found in the UCP Dashboard or API
k8sversion=v1.8.11
```bash
# Get the kubectl binary.
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$k8sversion/bin/darwin/amd64/kubectl
# Make the kubectl binary executable.
chmod +x ./kubectl
# Move the kubectl executable to /usr/local/bin.
sudo mv ./kubectl /usr/local/bin/kubectl
```
Repeat these commands on every node that you want to control Kubernetes from.
## Install the UCP client bundle
To access the Kubernetes API server that UCP exposes, you need the private and
public key pair that authorizes your requests to UCP. Follow the instructions
in [CLI-based access](cli.md#download-client-certificates-by-using-the-rest-api)
to install the client bundle.
> UCP client bundle is required
>
> If you run a kubectl command without the client bundle, you'll get an
> error like this:
> ```
> The connection to the server localhost:8080 was refused - did you specify the right host or port?
> ```
{: .warning}
## Confirm the connection to UCP
To confirm that kubectl is communicating with UCP, run:
```bash
kubectl config current-context
<hr>
</div>
<div id="linux" class="tab-pane fade" markdown="1">
```
# Set the Kubernetes version as found in the UCP Dashboard or API
k8sversion=v1.8.11
If the UCP client bundle is installed correctly, you'll see something like
this:
# Get the kubectl binary.
curl -LO https://storage.googleapis.com/kubernetes-release/release/$k8sversion/bin/linux/amd64/kubectl
# Make the kubectl binary executable.
chmod +x ./kubectl
# Move the kubectl executable to /usr/local/bin.
sudo mv ./kubectl /usr/local/bin/kubectl
```
ucp_54.70.245.225:6443_admin
<hr>
</div>
<div id="win" class="tab-pane fade" markdown="1">
You can download the binary from this [link](https://storage.googleapis.com/kubernetes-release/release/v.1.8.11/bin/windows/amd64/kubectl.exe)
If you have curl installed on your system, you use these commands in Powershell.
```cmd
$env:k8sversion = "v1.8.11"
curl https://storage.googleapis.com/kubernetes-release/release/$env:k8sversion/bin/windows/amd64/kubectl.exe
```
<hr>
</div>
</div>
## Inspect Kubernetes resources
## Using kubectl with a Docker EE cluster
When the kubectl executable is in place and the UCP client bundle is
installed, you can run kubectl commands against the UCP cluster, like you
would on any Kubernetes deployment.
For example, to see all resources in the default namespace, run:
```bash
kubectl get all
```
If you haven't deployed any Kubernetes workloads or created any Kubernetes
objects, you'll see something like this:
```
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d
```
Docker Enterprise Edition provides users unique certificates and keys to authenticate against
the Docker and Kubernetes APIs. Instructions on how to download these certificates and how to
configure kubectl to use them can be found in [CLI-based access.](cli.md#download-client-certificates)
## Where to go next

4
engine/security/antivirus.md
View File

@ -8,9 +8,9 @@ When antivirus software scans files used by Docker, these files may be locked
in a way that causes Docker commands to hang.
One way to reduce these problems is to add the Docker data directory
(`/var/lib/docker` on Linux or `$Env:ProgramData` on Windows Server) to the
(`/var/lib/docker` on Linux, `$Env:ProgramData` on Windows Server, or `$HOME/Library/Containers/com.docker.docker/` on Mac) to the
antivirus's exclusion list. However, this comes with the trade-off that viruses
or malware in Docker images, writable layers of containers, or volumes are not
detected. If you do choose to exclude Docker's data directory from background
virus scanning, you may want to schedule a recurring task that stops Docker,
scans the data directory, and restarts Docker.
scans the data directory, and restarts Docker.

2
engine/security/userns-remap.md
View File

@ -225,7 +225,7 @@ $ dockerd --userns-remap="testuser:testuser"
```
Your directory listing may have some differences, especially if you
user a different container storage driver than `aufs`.
use a different container storage driver than `aufs`.
The directories which are owned by the remapped user are used instead
of the same directories directly beneath `/var/lib/docker/` and the

BIN
images/important-admonition-example.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
images/note-admonition-example.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
images/warning-admonition-example.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

13
install/index.md
View File

@ -56,10 +56,15 @@ channel also receives patch releases when they become available.
### Nightly builds
Nightly builds are created once per day from the master branch. The version
number for nightly builds take the format `0.YYYYmmdd.HHMMSS`,
for example `0.20181231.093045`. These builds allow for testing from the
latest code on the master branch. No qualifications or guarantees are made
for the nightly builds.
number for nightly builds take the format:
0.0.0-YYYYmmddHHMMSS-abcdefabcdef
where the time is the commit time in UTC and the final suffix is the prefix
of the commit hash, for example `0.0.0-20180720214833-f61e0f7`.
These builds allow for testing from the latest code on the master branch. No
qualifications or guarantees are made for the nightly builds.
The release channel for these builds is called `nightly`.

2
network/bridge.md
View File

@ -43,7 +43,7 @@ network.**
Imagine an application with a web front-end and a database back-end. The
outside world needs access to the web front-end (perhaps on port 80), but only
the front-end itself needs access to the database host and port. Using a
the back-end itself needs access to the database host and port. Using a
user-defined bridge, only the web port needs to be opened, and the database
application doesn't need any ports open, since the web front-end can reach it
over the user-defined bridge.

2
storage/tmpfs.md
View File

@ -111,7 +111,7 @@ Remove the container:
```bash
$ docker container stop tmptest
$ Docker container rm tmptest
$ docker container rm tmptest
```
### Specify tmpfs options

86
test.md
View File

@ -10,7 +10,7 @@ Welcome to the Docker documentation test page!
This is a demo of components, tags, styles, tools, and strategies we use for the
docs. We explain the code behind the published page and demo the effects. So, if
you want to see, for example, how admonitions and notes are coded in markdown,
read the section on [Admonitions (notes)](/test/#admonitions-notes) on the web
read the section on [Admonitions (notes)](/test.md#admonitions-notes) on the web
published page and study the pre-processed `test.md` to see how they are
implemented. The Docker documentation team uses this page as "note to self"
reminders. Since we invite docs suggestions and contributions from the
@ -586,66 +586,76 @@ Current styles for admonitions in
[`_scss/_notes.scss`](https://github.com/docker/docker.github.io/blob/master/_scss/_notes.scss)
support these broad categories of admonitions:
- Notes in the old style (no Liquid tag required)
- Notes with a prefixed icon (no Liquid tag required)
- Important and Warning admonitions, which take `{: .important}` and `{: .warning}` tags, respectively
- Notes (no Liquid tag required) (deprecated)
- Important, which use the `{: .important}` tag
- Warning , which use the `{: .warning}` tag
The new styles include prepended icons, color sidebars, and bold color titles
for multi-paragraph notes, but no auto-prepended text. These are defined in a
way that does not impact admonitions formatted with the original styles, so
notes in your published documents are not adversely affected.
Examples of both styles are shown below.
Examples are shown in the following sections.
### Examples (original styles, prefix words)
### Note (Deprecated)
Admonitions with prefixed icons use the following class tags, as shown in the examples.
Notes are deprecated and should not longer be used. Use important or warning instead.
* **Note:** No class tag is needed for standard notes.
* **Important:** Use the `important` class.
* **Warning:** Use the `warning` class.
A standard note is formatted like this:
```
> Handling transient errors
>
> Note the way the `get_hit_count` function is written. This basic retry
> loop lets us attempt our request multiple times if the redis service is
> not available. This is useful at startup while the application comes
> online, but also makes our application more resilient if the Redis
> service needs to be restarted anytime during the app's lifetime. In a
> cluster, this also helps handling momentary connection drops between
> nodes.
```
> **Note**: This is a note using the old note style
It renders like this with a colored sidebar and icon:
![note admonition example](/images/note-admonition-example.png)
Notes were previously formatted like this:
```
> **Note**: This is a note using the old note style.
```
These will still render as a note with a colored sidebar to the left but no icon will be added.
### Important
Add the `important` class to your blockquotes if you want to tell users to be careful about something:
```
> Pssst, wanna know something?
>
> You include a small description here telling users to be on the lookout
> It's not safe out there, take this Moby with you
>
> Add the `important` class to your blockquotes if you want to tell users
to be careful about something.
{: .important}
```
It renders like this with a colored sidebar and icon:
![important admonition example](/images/important-admonition-example.png)
### Warning
Use the `warning` class to let people know this is dangerous or they should pay close attention to this part of the road before moving on:
> Ouch, don't do that!
>
> Use the `warning` class to let people know this is dangerous or they
should pay close attention to this part of the road.
> Sticking your finger in an electrical outlet can result in an electric shock.
>
> You can also add more paragraphs here if your explanation is
super complex.
> You can also add more paragraphs here if your explanation is super complex.
{: .warning}
>**This is a crazy note**
>
> This note has tons of content in it:
>
> - List item 1
> - List item 2
>
> |Table column 1 | Table column 2 |
> |----------------|----------------|
> | Row 1 column 1 | Row 2 column 2 |
> | Row 2 column 1 | Row 2 column 2 |
>
> And another sentence to top it all off.
It will render like this with a colored sidebar and icon:
> **Important**: Single paragraph important note with the prefix word "important" manually typed in as bold at the beginning.
{: .important}
> **Warning**: Single paragraph warning with the prefix word "warning" manually typed in as bold at the beginning.
{: .warning}
![warning admonition example](/images/warning-admonition-example.png)
## Code blocks