Merge branch 'master' into patch-6

_data/engine-cli/docker_load.yaml

@@ -28,7 +28,7 @@ options:
   swarm: false
 examples: |-
   ```bash
-  $ docker docker image ls
+  $ docker image ls
 
   REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
 

_includes/install-script.md

@@ -38,7 +38,7 @@ Always examine scripts downloaded from the internet before
 {:.warning}
 
 ```bash
-$ curl -fsSL get.docker.com -o get-docker.sh
+$ curl -fsSL https://get.docker.com -o get-docker.sh
 $ sudo sh get-docker.sh
 
 <output truncated>

compose/compose-file/index.md

@@ -1140,7 +1140,7 @@ Run an init inside the container that forwards signals and reaps processes.
 Either set a boolean value to use the default `init`, or specify a path to
 a custom one.
 
-    version: '2.2'
+    version: '3.7'
     services:
       web:
         image: alpine:latest

compose/environment-variables.md

@@ -129,10 +129,11 @@ services:
 When you set the same environment variable in multiple files, here's the
 priority used by Compose to choose which value to use:
 
-1. Compose file,
+1. Compose file
-2. Environment file,
+2. Shell environment variables
-3. Dockerfile,
+3. Environment file
-4. Variable is not defined.
+4. Dockerfile
+5. Variable is not defined
 
 In the example below, we set the same environment variable on an Environment
 file, and the Compose file:

develop/develop-images/multistage-build.md

@@ -92,7 +92,7 @@ With multi-stage builds, you use multiple `FROM` statements in your Dockerfile.
 Each `FROM` instruction can use a different base, and each of them begins a new
 stage of the build. You can selectively copy artifacts from one stage to
 another, leaving behind everything you don't want in the final image. To show
-how this works, Let's adapt the Dockerfile from the previous section to use
+how this works, let's adapt the Dockerfile from the previous section to use
 multi-stage builds.
 
 **`Dockerfile`**:

docker-hub/repos.md

@@ -140,8 +140,10 @@ team.
 To work with a private repository on [Docker Hub](https://hub.docker.com), you
 need to add one using the [Add Repository](https://hub.docker.com/add/repository/) button. You get one private
 repository for free with your Docker Hub user account (not usable for
-organizations you're a member of). If you need more accounts you can upgrade
+organizations you're a member of). If you need more private repositories for your user account, upgrade
-your [Docker Hub](https://hub.docker.com/account/billing-plans/) plan.
+your Docker Hub plan from your [Billing Information](https://hub.docker.com/account/billing-plans/) page.
+
+User and organization accounts maintain separate billing profiles. For more information on managing billing for your account, you may refer to the [Where can I change my billing details?](https://success.docker.com/article/where-can-i-change-my-billing-details) kbase article.
 
 Once the private repository is created, you can `push` and `pull` images to and
 from it using Docker.

ee/dtr/release-notes.md

@@ -20,14 +20,6 @@ to upgrade your installation to the latest release.
 
 # Version 2.5
 
-## 2.5.4 (2018-07-26)
-
-### Bug Fixes
-
-* Fixed bug where repository tag list UI was not loading after a tag migration.
-* Fixed bug to enable poll mirroring with Windows images.
-* The RethinkDB image has been patched to remove unused components with known vulnerabilities including the rethinkcli. To get an equivalent interface run rethinkcli from a separate image using `docker run -it --rm --net dtr-ol -v dtr-ca-$REPLICA_ID:/ca dockerhubenterprise/rethinkcli $REPLICA_ID`.
-
 ## 2.5.3 (2018-6-21)
 
 ### New Features

ee/supported-platforms.md

@@ -50,6 +50,11 @@ scan your images for vulnerabilities.
 
 [Learn more about Docker EE Standard and Advanced](/ee/index.md).
 
+> Compatibility Matrix
+>
+> Refer to the [Compatibility Matrix](https://success.docker.com/article/compatibility-matrix) for the latest list of supported platforms.
+{: .important}
+
 ## Supported platforms
 
 The following table shows all of the platforms that are available for Docker EE.

ee/ucp/admin/configure/join-nodes/use-a-load-balancer.md

@@ -34,6 +34,11 @@ or port number.
     * Use the same load balancer with multiple virtual IPs.
 * Configure your load balancer to expose UCP or DTR on a port other than 443.
 
+> Additional requirements
+>
+> In addition to configuring your load balancer to distinguish between UCP and DTR, configuring a load balancer for DTR has [additional requirements](https://docs.docker.com/ee/dtr/admin/configure/use-a-load-balancer/#load-balance-dtr).
+{: .important}
+
 ## Configuration examples
 
 Use the following examples to configure your load balancer for UCP.

ee/ucp/admin/configure/use-nfs-volumes.md

@@ -202,11 +202,16 @@ kubectl create secret generic mysql-pass --from-literal=password=<mysql-password
 You have two persistent volumes that are available for claims. The MySQL 
 deployment uses one volume, and WordPress uses the other.
 
-Copy the following yaml to a file named wordpress-deployment.yaml. 
+Copy the following yaml to a file named `wordpress-deployment.yaml`. 
 The claims in this file make no reference to a particular storage class, so
 they bind to any available volumes that can satisfy the storage request.
 In this example, both claims request `20Gi` of storage.
 
+> Use specific persistent volume
+>
+>If you are attempting to use a specific persistent volume and not let Kubernetes choose at random, ensure that the `storageClassName` key is populated in the persistent claim itself.
+{: important}
+
 ```yaml
 apiVersion: v1
 kind: Service

ee/ucp/interlock/usage/context.md

@@ -29,6 +29,13 @@ $> docker service create \
     ehazlett/docker-demo
 ```
 
+> Only one path per host
+>
+> Interlock supports only one path per host per service cluster. Once a
+> particular `com.docker.lb.hosts` label has been applied, it cannot be applied
+> again in the same service cluster.
+{: .important}
+
 Interlock will detect once the service is available and publish it.  Once the tasks are running
 and the proxy service has been updated the application should be available via `http://demo.local`:
 

ee/ucp/release-notes.md

@@ -274,7 +274,7 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
   * Fixed an issue that causes some security headers to not be added to all API responses.
 
 * Core
-  * Optimized Swarm service read API calls through UCP.
+  * Optimized swarm service read API calls through UCP.
   * Upgraded `RethinkDB` image to address potential security vulnerabilities.
   * Fixee an issue where removing a worker node from the cluster would cause an etcd member to be removed on a manager node.
   * Upgraded `etcd` version to 2.3.8.

ee/ucp/ucp-architecture.md

@@ -68,8 +68,8 @@ on a node depend on whether the node is a manager or a worker.
 
 Internally, UCP uses the following components:
 
-* Calico 3.0.8
+* Calico 3.0.1
-* Kubernetes 1.8.9
+* Kubernetes 1.8.11
 
 ### UCP components in manager nodes
 

ee/ucp/user-access/kubectl.md

@@ -4,94 +4,98 @@ description: Learn how to install kubectl, the Kubernetes command-line tool, on
 keywords: ucp, cli, administration, kubectl, Kubernetes
 ---
 
-Docker EE installs Kubernetes automatically when you install UCP, and the
+Docker EE 2.0 and higher deploys Kubernetes as part of a UCP installation.
-web UI enables deploying Kubernetes workloads and monitoring pods. You can
+Deploy, manage, and monitor Kubernetes workloads from the UCP dashboard. Users can
-also interact with the Kubernetes deployment by using the Kubernetes
+also interact with the Kubernetes deployment through the Kubernetes 
-command-line tool, which is named kubectl.
+command-line tool named kubectl.
 
-To use kubectl, install the binary on a UCP manager or worker node. To access
+To access the UCP cluster with kubectl, install the [UCP client bundle](cli.md).
-the UCP cluster with kubectl, install the UCP client bundle.
 
-> Kubernetes on Docker for Mac 
+> Kubernetes on Docker for Mac and Docker for Windows
 >
-> Docker for Mac 17.12 CE Edge provides a standalone Kubernetes server that
+> Docker for Mac and Docker for Windows provide a standalone Kubernetes server that
-> runs on your Mac, with kubectl installed by default. This installation is
+> runs on your development machine, with kubectl installed by default. This installation is
 > separate from the Kubernetes deployment on a UCP cluster.
 > Learn how to [deploy to Kubernetes on Docker for Mac](/docker-for-mac/kubernetes.md).
 {: .important}
 
 ## Install the kubectl binary
 
-Install the latest version of kubectl for Linux on the node where you want
+To use kubectl, install the binary on a workstation which has access to your UCP endpoint.
-to control Kubernetes. You can install kubectl on both manager and worker
-nodes. Learn how to [install and set up kubectl](https://v1-8.docs.kubernetes.io/docs/tasks/tools/install-kubectl/).
 
-On any node in your UCP cluster, run the following commands.
+> Must install compatible version
+>
+> Kubernetes only guarantees compatibility with kubectl versions that are +/-1 minor versions away from the Kubernetes version.
+{: .important}
+
+First, find which version of Kubernetes is running in your cluster. This can be found 
+within the Universal Control Plane dashboard or at the UCP API endpoint [version](/reference/ucp/3.0/api/). 
+
+From the UCP dashboard, click on **About Docker EE** within the **Admin** menu in the top left corner
+ of the dashboard. Then navigate to **Kubernetes**.
+
+ ![Find Kubernetes version](../images/kubernetes-version.png){: .with-border}
+
+Once you have the Kubernetes version, install the kubectl client for the relevant
+operating system.
+
+<ul class="nav nav-tabs">
+  <li class="active"><a data-toggle="tab" data-target="#mac">Mac OS</a></li>
+  <li><a data-toggle="tab" data-target="#linux">Linux</a></li>
+  <li><a data-toggle="tab" data-target="#win">Windows</a></li>
+</ul>
+<div class="tab-content">
+<div id="mac" class="tab-pane fade in active" markdown="1">
+```
+# Set the Kubernetes version as found in the UCP Dashboard or API
+k8sversion=v1.8.11
 
-```bash
 # Get the kubectl binary.
-curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
+curl -LO https://storage.googleapis.com/kubernetes-release/release/$k8sversion/bin/darwin/amd64/kubectl
 
 # Make the kubectl binary executable.
 chmod +x ./kubectl
 
 # Move the kubectl executable to /usr/local/bin.
 sudo mv ./kubectl /usr/local/bin/kubectl
-
 ```
-
+<hr>
-Repeat these commands on every node that you want to control Kubernetes from.
+</div>
-
+<div id="linux" class="tab-pane fade" markdown="1">
-## Install the UCP client bundle
-
-To access the Kubernetes API server that UCP exposes, you need the private and
-public key pair that authorizes your requests to UCP. Follow the instructions
-in [CLI-based access](cli.md#download-client-certificates-by-using-the-rest-api)
-to install the client bundle.
-
-> UCP client bundle is required
->
-> If you run a kubectl command without the client bundle, you'll get an
-> error like this:
-> ```
-> The connection to the server localhost:8080 was refused - did you specify the right host or port?
-> ```
-{: .warning}
-
-## Confirm the connection to UCP
-
-To confirm that kubectl is communicating with UCP, run:
-
-```bash
-kubectl config current-context
 ```
+# Set the Kubernetes version as found in the UCP Dashboard or API
+k8sversion=v1.8.11
 
-If the UCP client bundle is installed correctly, you'll see something like
+# Get the kubectl binary.
-this: 
+curl -LO https://storage.googleapis.com/kubernetes-release/release/$k8sversion/bin/linux/amd64/kubectl
 
+# Make the kubectl binary executable.
+chmod +x ./kubectl
+
+# Move the kubectl executable to /usr/local/bin.
+sudo mv ./kubectl /usr/local/bin/kubectl
 ```
-ucp_54.70.245.225:6443_admin
+<hr>
+</div>
+<div id="win" class="tab-pane fade" markdown="1">
+You can download the binary from this [link](https://storage.googleapis.com/kubernetes-release/release/v.1.8.11/bin/windows/amd64/kubectl.exe)
+
+If you have curl installed on your system, you use these commands in Powershell.
+
+```cmd
+$env:k8sversion = "v1.8.11"
+
+curl https://storage.googleapis.com/kubernetes-release/release/$env:k8sversion/bin/windows/amd64/kubectl.exe
 ```
+<hr>
+</div>
+</div>
 
-## Inspect Kubernetes resources
+## Using kubectl with a Docker EE cluster
 
-When the kubectl executable is in place and the UCP client bundle is
+Docker Enterprise Edition provides users unique certificates and keys to authenticate against
-installed, you can run kubectl commands against the UCP cluster, like you
+ the Docker and Kubernetes APIs. Instructions on how to download these certificates and how to 
-would on any Kubernetes deployment.
+ configure kubectl to use them can be found in [CLI-based access.](cli.md#download-client-certificates)
-
-For example, to see all resources in the default namespace, run:
-
-```bash
-kubectl get all
-```
-
-If you haven't deployed any Kubernetes workloads or created any Kubernetes
-objects, you'll see something like this:
-
-```
-NAME             TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
-svc/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   5d
-```
 
 ## Where to go next
 

engine/security/antivirus.md

@@ -8,7 +8,7 @@ When antivirus software scans files used by Docker, these files may be locked
 in a way that causes Docker commands to hang.
 
 One way to reduce these problems is to add the Docker data directory
-(`/var/lib/docker` on Linux or `$Env:ProgramData` on Windows Server) to the
+(`/var/lib/docker` on Linux, `$Env:ProgramData` on Windows Server, or `$HOME/Library/Containers/com.docker.docker/` on Mac) to the
 antivirus's exclusion list. However, this comes with the trade-off that viruses
 or malware in Docker images, writable layers of containers, or volumes are not
 detected. If you do choose to exclude Docker's data directory from background

engine/security/userns-remap.md

@@ -225,7 +225,7 @@ $ dockerd --userns-remap="testuser:testuser"
     ```
 
     Your directory listing may have some differences, especially if you
-    user a different container storage driver than `aufs`.
+    use a different container storage driver than `aufs`.
 
     The directories which are owned by the remapped user are used instead
     of the same directories directly beneath `/var/lib/docker/` and the

install/index.md

@@ -56,10 +56,15 @@ channel also receives patch releases when they become available.
 ### Nightly builds
 
 Nightly builds are created once per day from the master branch. The version
-number for nightly builds take the format `0.YYYYmmdd.HHMMSS`,
+number for nightly builds take the format:
-for example `0.20181231.093045`.  These builds allow for testing from the
+
-latest code on the master branch. No qualifications or guarantees are made
+    0.0.0-YYYYmmddHHMMSS-abcdefabcdef
-for the nightly builds.
+
+where the time is the commit time in UTC and the final suffix is the prefix
+of the commit hash, for example `0.0.0-20180720214833-f61e0f7`.
+
+These builds allow for testing from the latest code on the master branch. No
+qualifications or guarantees are made for the nightly builds.
 
 The release channel for these builds is called `nightly`.
 

network/bridge.md

@@ -43,7 +43,7 @@ network.**
 
   Imagine an application with a web front-end and a database back-end. The
   outside world needs access to the web front-end (perhaps on port 80), but only
-  the front-end itself needs access to the database host and port. Using a
+  the back-end itself needs access to the database host and port. Using a
   user-defined bridge, only the web port needs to be opened, and the database
   application doesn't need any ports open, since the web front-end can reach it
   over the user-defined bridge.

storage/tmpfs.md

@@ -111,7 +111,7 @@ Remove the container:
 ```bash
 $ docker container stop tmptest
 
-$ Docker container rm tmptest
+$ docker container rm tmptest
 ```
 
 ### Specify tmpfs options

test.md

@@ -10,7 +10,7 @@ Welcome to the Docker documentation test page!
 This is a demo of components, tags, styles, tools, and strategies we use for the
 docs. We explain the code behind the published page and demo the effects. So, if
 you want to see, for example, how admonitions and notes are coded in markdown,
-read the section on [Admonitions (notes)](/test/#admonitions-notes) on the web
+read the section on [Admonitions (notes)](/test.md#admonitions-notes) on the web
 published page and study the pre-processed `test.md` to see how they are
 implemented. The Docker documentation team uses this page as "note to self"
 reminders. Since we invite docs suggestions and contributions from the
@@ -586,66 +586,76 @@ Current styles for admonitions in
 [`_scss/_notes.scss`](https://github.com/docker/docker.github.io/blob/master/_scss/_notes.scss)
 support these broad categories of admonitions:
 
-- Notes in the old style (no Liquid tag required)
+- Notes (no Liquid tag required) (deprecated)
-- Notes with a prefixed icon (no Liquid tag required)
+- Important, which use the `{: .important}` tag
-- Important and Warning admonitions, which take `{: .important}` and `{: .warning}` tags, respectively
+- Warning , which use the `{: .warning}` tag
 
 The new styles include prepended icons, color sidebars, and bold color titles
 for multi-paragraph notes, but no auto-prepended text. These are defined in a
 way that does not impact admonitions formatted with the original styles, so
 notes in your published documents are not adversely affected.
 
-Examples of both styles are shown below.
+Examples are shown in the following sections.
 
-### Examples (original styles, prefix words)
+### Note (Deprecated)
 
-Admonitions with prefixed icons use the following class tags, as shown in the examples.
+Notes are deprecated and should not longer be used. Use important or warning instead.
 
-* **Note:** No class tag is needed for standard notes.
+A standard note is formatted like this:
-* **Important:** Use the `important` class.
-* **Warning:** Use the `warning` class.
 
+```
+> Handling transient errors
+>
+> Note the way the `get_hit_count` function is written. This basic retry
+> loop lets us attempt our request multiple times if the redis service is
+> not available. This is useful at startup while the application comes
+> online, but also makes our application more resilient if the Redis
+> service needs to be restarted anytime during the app's lifetime. In a
+> cluster, this also helps handling momentary connection drops between
+> nodes.
+```
 
-> **Note**: This is a note using the old note style
+It renders like this with a colored sidebar and icon:
 
+![note admonition example](/images/note-admonition-example.png)
+
+Notes were previously formatted like this:
+
+```
+> **Note**: This is a note using the old note style.
+```
+
+These will still render as a note with a colored sidebar to the left but no icon will be added.
+
+### Important
+
+Add the `important` class to your blockquotes if you want to tell users to be careful about something:
+
+```
 > Pssst, wanna know something?
 >
 > You include a small description here telling users to be on the lookout
-
-> It's not safe out there, take this Moby with you
->
-> Add the `important` class to your blockquotes if you want to tell users
- to be careful about something.
 {: .important}
+```
+
+It renders like this  with a colored sidebar and icon:
+
+![important admonition example](/images/important-admonition-example.png)
+
+### Warning
+
+Use the `warning` class to let people know this is dangerous or they should pay close attention to this part of the road before moving on:
 
 > Ouch, don't do that!
 >
-> Use the `warning` class to let people know this is dangerous or they
+> Sticking your finger in an electrical outlet can result in an electric shock.
- should pay close attention to this part of the road.
 >
-> You can also add more paragraphs here if your explanation is
+> You can also add more paragraphs here if your explanation is super complex.
- super complex.
 {: .warning}
 
->**This is a crazy note**
+It will render like this  with a colored sidebar and icon:
->
-> This note has tons of content in it:
->
-> - List item 1
-> - List item 2
->
-> |Table column 1  | Table column 2 |
-> |----------------|----------------|
-> | Row 1 column 1 | Row 2 column 2 |
-> | Row 2 column 1 | Row 2 column 2 |
->
-> And another sentence to top it all off.
 
-> **Important**: Single paragraph important note with the prefix word "important" manually typed in as bold at the beginning.
+![warning admonition example](/images/warning-admonition-example.png)
-{: .important}
-
-> **Warning**: Single paragraph warning with the prefix word "warning" manually typed in as bold at the beginning.
-{: .warning}
 
 ## Code blocks