diff --git a/compose/compose-file/index.md b/compose/compose-file/index.md
index 3083dc6f2d..f21990b09c 100644
--- a/compose/compose-file/index.md
+++ b/compose/compose-file/index.md
@@ -1140,7 +1140,7 @@ Run an init inside the container that forwards signals and reaps processes.
Either set a boolean value to use the default `init`, or specify a path to
a custom one.
- version: '2.2'
+ version: '3.7'
services:
web:
image: alpine:latest
diff --git a/compose/environment-variables.md b/compose/environment-variables.md
index f0ff04c69f..42680cce17 100644
--- a/compose/environment-variables.md
+++ b/compose/environment-variables.md
@@ -129,10 +129,11 @@ services:
When you set the same environment variable in multiple files, here's the
priority used by Compose to choose which value to use:
-1. Compose file,
-2. Environment file,
-3. Dockerfile,
-4. Variable is not defined.
+1. Compose file
+2. Shell environment variables
+3. Environment file
+4. Dockerfile
+5. Variable is not defined
In the example below, we set the same environment variable on an Environment
file, and the Compose file:
diff --git a/compose/startup-order.md b/compose/startup-order.md
index 4810a0932f..152ade0c88 100644
--- a/compose/startup-order.md
+++ b/compose/startup-order.md
@@ -6,7 +6,7 @@ notoc: true
---
You can control the order of service startup with the
-[depends_on](compose-file.md#depends-on) option. Compose always starts
+[depends_on](compose-file.md#depends_on) option. Compose always starts
containers in dependency order, where dependencies are determined by
`depends_on`, `links`, `volumes_from`, and `network_mode: "service:..."`.
diff --git a/develop/develop-images/multistage-build.md b/develop/develop-images/multistage-build.md
index dcff323fc0..2f3ae15005 100644
--- a/develop/develop-images/multistage-build.md
+++ b/develop/develop-images/multistage-build.md
@@ -92,7 +92,7 @@ With multi-stage builds, you use multiple `FROM` statements in your Dockerfile.
Each `FROM` instruction can use a different base, and each of them begins a new
stage of the build. You can selectively copy artifacts from one stage to
another, leaving behind everything you don't want in the final image. To show
-how this works, Let's adapt the Dockerfile from the previous section to use
+how this works, let's adapt the Dockerfile from the previous section to use
multi-stage builds.
**`Dockerfile`**:
diff --git a/docker-for-mac/index.md b/docker-for-mac/index.md
index d83f266c7d..f6791cf5e0 100644
--- a/docker-for-mac/index.md
+++ b/docker-for-mac/index.md
@@ -252,12 +252,7 @@ changes, click another preference tab, then choose to discard or not apply chang
### Kubernetes
-**Kubernetes is only available in Docker for Mac 17.12 CE and higher, on the Edge channel.**
-Kubernetes support is not included in Docker for Mac Stable releases. To find
-out more about Stable and Edge channels and how to switch between them, see
-[General configuration](#general){:target="_blank" class="_"}.
-
-Docker for Mac 17.12 CE (and higher) Edge includes a standalone Kubernetes server
+Docker for Mac 17.12 CE (and higher) includes a standalone Kubernetes server
that runs on your Mac, so that you can test deploying your Docker workloads on
Kubernetes.
diff --git a/docker-hub/repos.md b/docker-hub/repos.md
index 9ac512246b..4e13fc3769 100644
--- a/docker-hub/repos.md
+++ b/docker-hub/repos.md
@@ -140,8 +140,10 @@ team.
To work with a private repository on [Docker Hub](https://hub.docker.com), you
need to add one using the [Add Repository](https://hub.docker.com/add/repository/) button. You get one private
repository for free with your Docker Hub user account (not usable for
-organizations you're a member of). If you need more accounts you can upgrade
-your [Docker Hub](https://hub.docker.com/account/billing-plans/) plan.
+organizations you're a member of). If you need more private repositories for your user account, upgrade
+your Docker Hub plan from your [Billing Information](https://hub.docker.com/account/billing-plans/) page.
+
+User and organization accounts maintain separate billing profiles. For more information on managing billing for your account, you may refer to the [Where can I change my billing details?](https://success.docker.com/article/where-can-i-change-my-billing-details) kbase article.
Once the private repository is created, you can `push` and `pull` images to and
from it using Docker.
diff --git a/ee/dtr/admin/configure/use-a-load-balancer.md b/ee/dtr/admin/configure/use-a-load-balancer.md
index e1d8f2c38e..5351e917fb 100644
--- a/ee/dtr/admin/configure/use-a-load-balancer.md
+++ b/ee/dtr/admin/configure/use-a-load-balancer.md
@@ -30,6 +30,12 @@ replicas.
DTR does not provide a load balancing service. You can use an on-premises
or cloud-based load balancer to balance requests across multiple DTR replicas.
+> Additional load balancer requirements for UCP
+>
+> If you are also using UCP, there are [additional requirements](https://docs.docker.com/ee/ucp/admin/configure/join-nodes/use-a-load-balancer/#load-balancing-ucp-and-dtr) if you plan to load balance both UCP and DTR using the same load balancer.
+>
+>{: .important}
+
You can use the unauthenticated `/_ping` endpoint on each DTR replica,
to check if the replica is healthy and if it should remain in the load balancing
pool or not.
diff --git a/ee/dtr/admin/upgrade.md b/ee/dtr/admin/upgrade.md
index 08e9183192..53068b05c4 100644
--- a/ee/dtr/admin/upgrade.md
+++ b/ee/dtr/admin/upgrade.md
@@ -43,7 +43,7 @@ Before starting your upgrade, make sure that:
* The version of UCP you are using is supported by the version of DTR you
are trying to upgrade to. [Check the compatibility matrix](https://success.docker.com/Policies/Compatibility_Matrix).
* You have a recent [DTR backup](disaster-recovery/create-a-backup.md).
-* You [disable Docker content trust in UCP](/datacenter/ucp/2.2/guides/admin/configure/run-only-the-images-you-trust.md).
+* You [disable Docker content trust in UCP](/ee/ucp/admin/configure/run-only-the-images-you-trust/).
### Step 1. Upgrade DTR to {{ previous_version }} if necessary
diff --git a/ee/dtr/user/manage-images/index.md b/ee/dtr/user/manage-images/index.md
index dee4775fcb..36267e4cd0 100644
--- a/ee/dtr/user/manage-images/index.md
+++ b/ee/dtr/user/manage-images/index.md
@@ -34,9 +34,14 @@ When creating a repository in DTR, the full name of the repository becomes
`
//`. In this example, the full
name of our repository will be `dtr.example.org/dave.lauper/golang`.
-DTR only allows image names with 255 characters. This includes the domain,
-organization, and repository name. When you create a repository, make sure
-its full name has less than 255 characters.
+> Image name size for DTR
+>
+> When creating an image name for use with DTR ensure that the organization and repository name has less than 56 characters and that the entire image name which includes domain, organization and repository name does not exceed 255 characters.
+>
+> The 56 character `` limit in DTR is due to an underlying limitation in how the image name information is stored within DTR metadata in RethinkDB. RethinkDB currently has a Primary Key length limit of 127 characters.
+>
+> When DTR stores the above data it appends a sha256sum comprised of 72 characters to the end of the value to ensure uniqueness within the database. If the `` exceeds 56 characters it will then exceed the 127 character limit in RethinkDB (72+56=128).
+{: .important}
## Where to go next
diff --git a/ee/engine/release-notes.md b/ee/engine/release-notes.md
index 47e52a4ef5..a8863b41f2 100644
--- a/ee/engine/release-notes.md
+++ b/ee/engine/release-notes.md
@@ -49,6 +49,7 @@ adopted as quickly for consistency and compatibility reasons.
+ Update to docker-ce 18.03.1 engine.
+ Add support for FIPS 140-2 on x86_64.
+ Add support for Microsoft Windows Server 1709 and 1803 with support for [swarm ingress routing mesh](https://docs.docker.com/engine/swarm/ingress/), [VIP service discovery](https://docs.docker.com/v17.09/engine/swarm/networking/#configure-service-discovery), and [named pipe mounting](https://blog.docker.com/2017/09/docker-windows-server-1709/).
++ Add support for Ubuntu 18.04.
+ Windows opt-out telemetry stream.
+ Support for `--chown` with `COPY` and `ADD` in `Dockerfile`.
+ Add support for multiple logging drivers for `docker logs`.
diff --git a/ee/index.md b/ee/index.md
index 5dc198703d..e8e344b6fc 100644
--- a/ee/index.md
+++ b/ee/index.md
@@ -14,7 +14,7 @@ infrastructure, both on-premises and in the cloud.
Docker Enterprise Edition is a secure, scalable, and supported container
platform for building and orchestrating applications across multi-tenant Linux,
-Windows Server 2016, and IBM z Systems environments.
+Windows Server 2016, and IBM Z environments.
Docker EE enables deploying your workloads for high availability (HA) onto the
orchestrator of your choice. Docker EE automates many of the tasks that
diff --git a/ee/ucp/admin/install/system-requirements.md b/ee/ucp/admin/install/system-requirements.md
index 63e79fa9b0..a52686a251 100644
--- a/ee/ucp/admin/install/system-requirements.md
+++ b/ee/ucp/admin/install/system-requirements.md
@@ -13,7 +13,7 @@ Before installing, be sure your infrastructure has these requirements.
You can install UCP on-premises or on a cloud provider. Common requirements:
-* [Docker EE Engine](/engine/installation/index.md) version 17.06.2-ee-8;
+* [Docker EE Engine](/ee/supported-platforms.md) version 17.06.2-ee-8;
values of `n` in the `-ee-` suffix must be 8 or higher
* Linux kernel version 3.10 or higher
* A static IP address
@@ -139,4 +139,4 @@ UCP {{ page.ucp_version }} requires minimum versions of the following Docker com
## Where to go next
- [Plan your installation](plan-installation.md)
-- [UCP architecture](../../ucp-architecture.md)
\ No newline at end of file
+- [UCP architecture](../../ucp-architecture.md)
diff --git a/ee/ucp/authorization/reset-user-password.md b/ee/ucp/authorization/reset-user-password.md
index 2248df02d6..e9932393a8 100644
--- a/ee/ucp/authorization/reset-user-password.md
+++ b/ee/ucp/authorization/reset-user-password.md
@@ -23,9 +23,7 @@ or use **ssh** to log in to a manager node managed by Docker EE and run:
```none
{% raw %}
-docker exec -it ucp-auth-api enzi \
- "$(docker inspect --format '{{ index .Args 0 }}' ucp-auth-api)" \
- passwd -i
+docker run --net=host -v ucp-auth-api-certs:/tls -it "$(docker inspect --format '{{ .Spec.TaskTemplate.ContainerSpec.Image }}' ucp-auth-api)" "$(docker inspect --format '{{ index .Spec.TaskTemplate.ContainerSpec.Args 0 }}' ucp-auth-api)" passwd -i
{% endraw %}
```
diff --git a/ee/ucp/images/kubernetes-version.png b/ee/ucp/images/kubernetes-version.png
new file mode 100644
index 0000000000..60a248e849
Binary files /dev/null and b/ee/ucp/images/kubernetes-version.png differ
diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md
index 77174b7b0a..ad622d48fb 100644
--- a/ee/ucp/release-notes.md
+++ b/ee/ucp/release-notes.md
@@ -20,6 +20,18 @@ upgrade your installation to the latest release.
# Version 3.0
+## 3.0.4 (2018-08-09)
+
+**Bug fixes**
+
+* Security
+ * Fixed a critical security issue where the LDAP bind username and password
+ were stored in clear text on UCP hosts. Please refer to [this KB article](https://success.docker.com/article/upgrading-to-ucp-2-2-12-ucp-3-0-4/) for proper implementation of this fix.
+
+**Known Issue**
+
+* You must manually pull `docker/ucp-agent:3.0.4` in the images section of the web UI before upgrading. Alternately, you can just pull `docker/ucp-agent:3.0.4` on every manager node.
+
## 3.0.3 (2018-07-26)
**New platforms**
@@ -263,6 +275,16 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
# Version 2.2
+## Version 2.2.12 (2018-08-09)
+
+**Bug fixes**
+
+* Security
+ * Fixed a critical security issue where the LDAP bind username and password
+ were stored in clear text on UCP hosts. Please refer to the following KB article
+ https://success.docker.com/article/upgrading-to-ucp-2-2-12-ucp-3-0-4/
+ for proper implementation of this fix.
+
## Version 2.2.11 (2018-07-26)
**New platforms**
@@ -274,7 +296,7 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
* Fixed an issue that causes some security headers to not be added to all API responses.
* Core
- * Optimized Swarm service read API calls through UCP.
+ * Optimized swarm service read API calls through UCP.
* Upgraded `RethinkDB` image to address potential security vulnerabilities.
* Fixee an issue where removing a worker node from the cluster would cause an etcd member to be removed on a manager node.
* Upgraded `etcd` version to 2.3.8.
diff --git a/ee/ucp/ucp-architecture.md b/ee/ucp/ucp-architecture.md
index 502cb0dc1d..c2f1d32e42 100644
--- a/ee/ucp/ucp-architecture.md
+++ b/ee/ucp/ucp-architecture.md
@@ -68,8 +68,8 @@ on a node depend on whether the node is a manager or a worker.
Internally, UCP uses the following components:
-* Calico 3.0.1.
-* Kubernetes 1.8.9.
+* Calico 3.0.1
+* Kubernetes 1.8.11
### UCP components in manager nodes
diff --git a/ee/ucp/user-access/kubectl.md b/ee/ucp/user-access/kubectl.md
index a60b8f1929..f7d73a825f 100644
--- a/ee/ucp/user-access/kubectl.md
+++ b/ee/ucp/user-access/kubectl.md
@@ -4,94 +4,98 @@ description: Learn how to install kubectl, the Kubernetes command-line tool, on
keywords: ucp, cli, administration, kubectl, Kubernetes
---
-Docker EE installs Kubernetes automatically when you install UCP, and the
-web UI enables deploying Kubernetes workloads and monitoring pods. You can
-also interact with the Kubernetes deployment by using the Kubernetes
-command-line tool, which is named kubectl.
+Docker EE 2.0 and higher deploys Kubernetes as part of a UCP installation.
+Deploy, manage, and monitor Kubernetes workloads from the UCP dashboard. Users can
+also interact with the Kubernetes deployment through the Kubernetes
+command-line tool named kubectl.
-To use kubectl, install the binary on a UCP manager or worker node. To access
-the UCP cluster with kubectl, install the UCP client bundle.
+To access the UCP cluster with kubectl, install the [UCP client bundle](cli.md).
-> Kubernetes on Docker for Mac
+> Kubernetes on Docker for Mac and Docker for Windows
>
-> Docker for Mac 17.12 CE Edge provides a standalone Kubernetes server that
-> runs on your Mac, with kubectl installed by default. This installation is
+> Docker for Mac and Docker for Windows provide a standalone Kubernetes server that
+> runs on your development machine, with kubectl installed by default. This installation is
> separate from the Kubernetes deployment on a UCP cluster.
> Learn how to [deploy to Kubernetes on Docker for Mac](/docker-for-mac/kubernetes.md).
{: .important}
## Install the kubectl binary
-Install the latest version of kubectl for Linux on the node where you want
-to control Kubernetes. You can install kubectl on both manager and worker
-nodes. Learn how to [install and set up kubectl](https://v1-8.docs.kubernetes.io/docs/tasks/tools/install-kubectl/).
+To use kubectl, install the binary on a workstation which has access to your UCP endpoint.
-On any node in your UCP cluster, run the following commands.
+> Must install compatible version
+>
+> Kubernetes only guarantees compatibility with kubectl versions that are +/-1 minor versions away from the Kubernetes version.
+{: .important}
+
+First, find which version of Kubernetes is running in your cluster. This can be found
+within the Universal Control Plane dashboard or at the UCP API endpoint [version](/reference/ucp/3.0/api/).
+
+From the UCP dashboard, click on **About Docker EE** within the **Admin** menu in the top left corner
+ of the dashboard. Then navigate to **Kubernetes**.
+
+ {: .with-border}
+
+Once you have the Kubernetes version, install the kubectl client for the relevant
+operating system.
+
+
+
+
+```
+# Set the Kubernetes version as found in the UCP Dashboard or API
+k8sversion=v1.8.11
-```bash
# Get the kubectl binary.
-curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
+curl -LO https://storage.googleapis.com/kubernetes-release/release/$k8sversion/bin/darwin/amd64/kubectl
# Make the kubectl binary executable.
chmod +x ./kubectl
# Move the kubectl executable to /usr/local/bin.
sudo mv ./kubectl /usr/local/bin/kubectl
-
```
-
-Repeat these commands on every node that you want to control Kubernetes from.
-
-## Install the UCP client bundle
-
-To access the Kubernetes API server that UCP exposes, you need the private and
-public key pair that authorizes your requests to UCP. Follow the instructions
-in [CLI-based access](cli.md#download-client-certificates-by-using-the-rest-api)
-to install the client bundle.
-
-> UCP client bundle is required
->
-> If you run a kubectl command without the client bundle, you'll get an
-> error like this:
-> ```
-> The connection to the server localhost:8080 was refused - did you specify the right host or port?
-> ```
-{: .warning}
-
-## Confirm the connection to UCP
-
-To confirm that kubectl is communicating with UCP, run:
-
-```bash
-kubectl config current-context
+
+
+
```
+# Set the Kubernetes version as found in the UCP Dashboard or API
+k8sversion=v1.8.11
-If the UCP client bundle is installed correctly, you'll see something like
-this:
+# Get the kubectl binary.
+curl -LO https://storage.googleapis.com/kubernetes-release/release/$k8sversion/bin/linux/amd64/kubectl
+# Make the kubectl binary executable.
+chmod +x ./kubectl
+
+# Move the kubectl executable to /usr/local/bin.
+sudo mv ./kubectl /usr/local/bin/kubectl
```
-ucp_54.70.245.225:6443_admin
+
+
+
+You can download the binary from this [link](https://storage.googleapis.com/kubernetes-release/release/v.1.8.11/bin/windows/amd64/kubectl.exe)
+
+If you have curl installed on your system, you use these commands in Powershell.
+
+```cmd
+$env:k8sversion = "v1.8.11"
+
+curl https://storage.googleapis.com/kubernetes-release/release/$env:k8sversion/bin/windows/amd64/kubectl.exe
```
+
+
+
-