docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-6

This commit is contained in:
Tammy Fox 2018-08-24 16:19:12 -04:00 committed by GitHub
parent 1641eb2e0c 0ab7b3d96f
commit a7cf91064f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 173 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_data/engine-cli/docker_load.yaml
View File

@ -28,7 +28,7 @@ options:
swarm: false swarm: false
examples: |- examples: |-
```bash ```bash
$ docker docker image ls $ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE REPOSITORY TAG IMAGE ID CREATED SIZE

4
_includes/global-header.html
View File

@ -42,10 +42,6 @@
</nav> </nav>
</div> </div>
</div> </div>
<!-- DockerCon banner -->
<div class="banner">
<a target="_blank" href="https://2018.dockercon.com/"><img src="/images/dockercon.svg" alt="DockerCon banner"></a>
</div>
<!-- hero banner text --> <!-- hero banner text -->
<div class="container-fluid"> <div class="container-fluid">
<div class="row"> <div class="row">

2
compose/compose-file/index.md
View File

@ -1140,7 +1140,7 @@ Run an init inside the container that forwards signals and reaps processes.
Either set a boolean value to use the default `init`, or specify a path to Either set a boolean value to use the default `init`, or specify a path to
a custom one. a custom one.
version: '2.2' version: '3.7'
services: services:
web: web:
image: alpine:latest image: alpine:latest

9
compose/environment-variables.md
View File

@ -129,10 +129,11 @@ services:
When you set the same environment variable in multiple files, here's the When you set the same environment variable in multiple files, here's the
priority used by Compose to choose which value to use: priority used by Compose to choose which value to use:
1. Compose file, 1. Compose file
2. Environment file, 2. Shell environment variables
3. Dockerfile, 3. Environment file
4. Variable is not defined. 4. Dockerfile
5. Variable is not defined
In the example below, we set the same environment variable on an Environment In the example below, we set the same environment variable on an Environment
file, and the Compose file: file, and the Compose file:

2
compose/startup-order.md
View File

@ -6,7 +6,7 @@ notoc: true
--- ---
You can control the order of service startup with the You can control the order of service startup with the
[depends_on](compose-file.md#depends-on) option. Compose always starts [depends_on](compose-file.md#depends_on) option. Compose always starts
containers in dependency order, where dependencies are determined by containers in dependency order, where dependencies are determined by
`depends_on`, `links`, `volumes_from`, and `network_mode: "service:..."`. `depends_on`, `links`, `volumes_from`, and `network_mode: "service:..."`.

2
develop/develop-images/multistage-build.md
View File

@ -92,7 +92,7 @@ With multi-stage builds, you use multiple `FROM` statements in your Dockerfile.
Each `FROM` instruction can use a different base, and each of them begins a new Each `FROM` instruction can use a different base, and each of them begins a new
stage of the build. You can selectively copy artifacts from one stage to stage of the build. You can selectively copy artifacts from one stage to
another, leaving behind everything you don't want in the final image. To show another, leaving behind everything you don't want in the final image. To show
how this works, Let's adapt the Dockerfile from the previous section to use how this works, let's adapt the Dockerfile from the previous section to use
multi-stage builds. multi-stage builds.
**`Dockerfile`**: **`Dockerfile`**:

7
docker-for-mac/index.md
View File

@ -252,12 +252,7 @@ changes, click another preference tab, then choose to discard or not apply chang
### Kubernetes ### Kubernetes
**Kubernetes is only available in Docker for Mac 17.12 CE and higher, on the Edge channel.** Docker for Mac 17.12 CE (and higher) includes a standalone Kubernetes server
Kubernetes support is not included in Docker for Mac Stable releases. To find
out more about Stable and Edge channels and how to switch between them, see
[General configuration](#general){:target="_blank" class="_"}.
Docker for Mac 17.12 CE (and higher) Edge includes a standalone Kubernetes server
that runs on your Mac, so that you can test deploying your Docker workloads on that runs on your Mac, so that you can test deploying your Docker workloads on
Kubernetes. Kubernetes.

6
docker-hub/repos.md
View File

@ -140,8 +140,10 @@ team.
To work with a private repository on [Docker Hub](https://hub.docker.com), you To work with a private repository on [Docker Hub](https://hub.docker.com), you
need to add one using the [Add Repository](https://hub.docker.com/add/repository/) button. You get one private need to add one using the [Add Repository](https://hub.docker.com/add/repository/) button. You get one private
repository for free with your Docker Hub user account (not usable for repository for free with your Docker Hub user account (not usable for
organizations you're a member of). If you need more accounts you can upgrade organizations you're a member of). If you need more private repositories for your user account, upgrade
your [Docker Hub](https://hub.docker.com/account/billing-plans/) plan. your Docker Hub plan from your [Billing Information](https://hub.docker.com/account/billing-plans/) page.
User and organization accounts maintain separate billing profiles. For more information on managing billing for your account, you may refer to the [Where can I change my billing details?](https://success.docker.com/article/where-can-i-change-my-billing-details) kbase article.
Once the private repository is created, you can `push` and `pull` images to and Once the private repository is created, you can `push` and `pull` images to and
from it using Docker. from it using Docker.

6
ee/dtr/admin/configure/use-a-load-balancer.md
View File

@ -30,6 +30,12 @@ replicas.
DTR does not provide a load balancing service. You can use an on-premises DTR does not provide a load balancing service. You can use an on-premises
or cloud-based load balancer to balance requests across multiple DTR replicas. or cloud-based load balancer to balance requests across multiple DTR replicas.
> Additional load balancer requirements for UCP
>
> If you are also using UCP, there are [additional requirements](https://docs.docker.com/ee/ucp/admin/configure/join-nodes/use-a-load-balancer/#load-balancing-ucp-and-dtr) if you plan to load balance both UCP and DTR using the same load balancer.
>
>{: .important}
You can use the unauthenticated `/_ping` endpoint on each DTR replica, You can use the unauthenticated `/_ping` endpoint on each DTR replica,
to check if the replica is healthy and if it should remain in the load balancing to check if the replica is healthy and if it should remain in the load balancing
pool or not. pool or not.

2
ee/dtr/admin/upgrade.md
View File

@ -43,7 +43,7 @@ Before starting your upgrade, make sure that:
* The version of UCP you are using is supported by the version of DTR you * The version of UCP you are using is supported by the version of DTR you
are trying to upgrade to. [Check the compatibility matrix](https://success.docker.com/Policies/Compatibility_Matrix). are trying to upgrade to. [Check the compatibility matrix](https://success.docker.com/Policies/Compatibility_Matrix).
* You have a recent [DTR backup](disaster-recovery/create-a-backup.md). * You have a recent [DTR backup](disaster-recovery/create-a-backup.md).
* You [disable Docker content trust in UCP](/datacenter/ucp/2.2/guides/admin/configure/run-only-the-images-you-trust.md). * You [disable Docker content trust in UCP](/ee/ucp/admin/configure/run-only-the-images-you-trust/).
### Step 1. Upgrade DTR to {{ previous_version }} if necessary ### Step 1. Upgrade DTR to {{ previous_version }} if necessary

11
ee/dtr/user/manage-images/index.md
View File

@ -34,9 +34,14 @@ When creating a repository in DTR, the full name of the repository becomes
`<dtr-domain-name>/<user-or-org>/<repository-name>`. In this example, the full `<dtr-domain-name>/<user-or-org>/<repository-name>`. In this example, the full
name of our repository will be `dtr.example.org/dave.lauper/golang`. name of our repository will be `dtr.example.org/dave.lauper/golang`.
DTR only allows image names with 255 characters. This includes the domain, > Image name size for DTR
organization, and repository name. When you create a repository, make sure >
its full name has less than 255 characters. > When creating an image name for use with DTR ensure that the organization and repository name has less than 56 characters and that the entire image name which includes domain, organization and repository name does not exceed 255 characters.
>
> The 56 character `<user-or-org/repository-name>` limit in DTR is due to an underlying limitation in how the image name information is stored within DTR metadata in RethinkDB. RethinkDB currently has a Primary Key length limit of 127 characters.
>
> When DTR stores the above data it appends a sha256sum comprised of 72 characters to the end of the value to ensure uniqueness within the database. If the `<user-or-org/repository-name>` exceeds 56 characters it will then exceed the 127 character limit in RethinkDB (72+56=128).
{: .important}
## Where to go next ## Where to go next

1
ee/engine/release-notes.md
View File

@ -49,6 +49,7 @@ adopted as quickly for consistency and compatibility reasons.
+ Update to docker-ce 18.03.1 engine. + Update to docker-ce 18.03.1 engine.
+ Add support for FIPS 140-2 on x86_64. + Add support for FIPS 140-2 on x86_64.
+ Add support for Microsoft Windows Server 1709 and 1803 with support for [swarm ingress routing mesh](https://docs.docker.com/engine/swarm/ingress/), [VIP service discovery](https://docs.docker.com/v17.09/engine/swarm/networking/#configure-service-discovery), and [named pipe mounting](https://blog.docker.com/2017/09/docker-windows-server-1709/). + Add support for Microsoft Windows Server 1709 and 1803 with support for [swarm ingress routing mesh](https://docs.docker.com/engine/swarm/ingress/), [VIP service discovery](https://docs.docker.com/v17.09/engine/swarm/networking/#configure-service-discovery), and [named pipe mounting](https://blog.docker.com/2017/09/docker-windows-server-1709/).
+ Add support for Ubuntu 18.04.
+ Windows opt-out telemetry stream. + Windows opt-out telemetry stream.
+ Support for `--chown` with `COPY` and `ADD` in `Dockerfile`. + Support for `--chown` with `COPY` and `ADD` in `Dockerfile`.
+ Add support for multiple logging drivers for `docker logs`. + Add support for multiple logging drivers for `docker logs`.

2
ee/index.md
View File

@ -14,7 +14,7 @@ infrastructure, both on-premises and in the cloud.
Docker Enterprise Edition is a secure, scalable, and supported container Docker Enterprise Edition is a secure, scalable, and supported container
platform for building and orchestrating applications across multi-tenant Linux, platform for building and orchestrating applications across multi-tenant Linux,
Windows Server 2016, and IBM z Systems environments. Windows Server 2016, and IBM Z environments.
Docker EE enables deploying your workloads for high availability (HA) onto the Docker EE enables deploying your workloads for high availability (HA) onto the
orchestrator of your choice. Docker EE automates many of the tasks that orchestrator of your choice. Docker EE automates many of the tasks that

4
ee/ucp/admin/install/system-requirements.md
View File

@ -13,7 +13,7 @@ Before installing, be sure your infrastructure has these requirements.
You can install UCP on-premises or on a cloud provider. Common requirements: You can install UCP on-premises or on a cloud provider. Common requirements:
* [Docker EE Engine](/engine/installation/index.md) version 17.06.2-ee-8; * [Docker EE Engine](/ee/supported-platforms.md) version 17.06.2-ee-8;
values of `n` in the `-ee-<n>` suffix must be 8 or higher values of `n` in the `-ee-<n>` suffix must be 8 or higher
* Linux kernel version 3.10 or higher * Linux kernel version 3.10 or higher
* A static IP address * A static IP address
@ -139,4 +139,4 @@ UCP {{ page.ucp_version }} requires minimum versions of the following Docker com
## Where to go next ## Where to go next
- [Plan your installation](plan-installation.md) - [Plan your installation](plan-installation.md)
- [UCP architecture](../../ucp-architecture.md) - [UCP architecture](../../ucp-architecture.md)

4
ee/ucp/authorization/reset-user-password.md
View File

@ -23,9 +23,7 @@ or use **ssh** to log in to a manager node managed by Docker EE and run:
```none ```none
{% raw %} {% raw %}
docker exec -it ucp-auth-api enzi \ docker run --net=host -v ucp-auth-api-certs:/tls -it "$(docker inspect --format '{{ .Spec.TaskTemplate.ContainerSpec.Image }}' ucp-auth-api)" "$(docker inspect --format '{{ index .Spec.TaskTemplate.ContainerSpec.Args 0 }}' ucp-auth-api)" passwd -i
"$(docker inspect --format '{{ index .Args 0 }}' ucp-auth-api)" \
passwd -i
{% endraw %} {% endraw %}
``` ```

BIN
ee/ucp/images/kubernetes-version.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

24
ee/ucp/release-notes.md
View File

@ -20,6 +20,18 @@ upgrade your installation to the latest release.
# Version 3.0 # Version 3.0
## 3.0.4 (2018-08-09)
**Bug fixes**
* Security
* Fixed a critical security issue where the LDAP bind username and password
were stored in clear text on UCP hosts. Please refer to [this KB article](https://success.docker.com/article/upgrading-to-ucp-2-2-12-ucp-3-0-4/) for proper implementation of this fix.
**Known Issue**
* You must manually pull `docker/ucp-agent:3.0.4` in the images section of the web UI before upgrading. Alternately, you can just pull `docker/ucp-agent:3.0.4` on every manager node.
## 3.0.3 (2018-07-26) ## 3.0.3 (2018-07-26)
**New platforms** **New platforms**
@ -263,6 +275,16 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
# Version 2.2 # Version 2.2
## Version 2.2.12 (2018-08-09)
**Bug fixes**
* Security
* Fixed a critical security issue where the LDAP bind username and password
were stored in clear text on UCP hosts. Please refer to the following KB article
https://success.docker.com/article/upgrading-to-ucp-2-2-12-ucp-3-0-4/
for proper implementation of this fix.
## Version 2.2.11 (2018-07-26) ## Version 2.2.11 (2018-07-26)
**New platforms** **New platforms**
@ -274,7 +296,7 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
* Fixed an issue that causes some security headers to not be added to all API responses. * Fixed an issue that causes some security headers to not be added to all API responses.
* Core * Core
* Optimized Swarm service read API calls through UCP. * Optimized swarm service read API calls through UCP.
* Upgraded `RethinkDB` image to address potential security vulnerabilities. * Upgraded `RethinkDB` image to address potential security vulnerabilities.
* Fixee an issue where removing a worker node from the cluster would cause an etcd member to be removed on a manager node. * Fixee an issue where removing a worker node from the cluster would cause an etcd member to be removed on a manager node.
* Upgraded `etcd` version to 2.3.8. * Upgraded `etcd` version to 2.3.8.

4
ee/ucp/ucp-architecture.md
View File

@ -68,8 +68,8 @@ on a node depend on whether the node is a manager or a worker.
Internally, UCP uses the following components: Internally, UCP uses the following components:
* Calico 3.0.1. * Calico 3.0.1
* Kubernetes 1.8.9. * Kubernetes 1.8.11
### UCP components in manager nodes ### UCP components in manager nodes

128
ee/ucp/user-access/kubectl.md
View File

@ -4,94 +4,98 @@ description: Learn how to install kubectl, the Kubernetes command-line tool, on
keywords: ucp, cli, administration, kubectl, Kubernetes keywords: ucp, cli, administration, kubectl, Kubernetes
--- ---
Docker EE installs Kubernetes automatically when you install UCP, and the Docker EE 2.0 and higher deploys Kubernetes as part of a UCP installation.
web UI enables deploying Kubernetes workloads and monitoring pods. You can Deploy, manage, and monitor Kubernetes workloads from the UCP dashboard. Users can
also interact with the Kubernetes deployment by using the Kubernetes also interact with the Kubernetes deployment through the Kubernetes
command-line tool, which is named kubectl. command-line tool named kubectl.
To use kubectl, install the binary on a UCP manager or worker node. To access To access the UCP cluster with kubectl, install the [UCP client bundle](cli.md).
the UCP cluster with kubectl, install the UCP client bundle.
> Kubernetes on Docker for Mac > Kubernetes on Docker for Mac and Docker for Windows
> >
> Docker for Mac 17.12 CE Edge provides a standalone Kubernetes server that > Docker for Mac and Docker for Windows provide a standalone Kubernetes server that
> runs on your Mac, with kubectl installed by default. This installation is > runs on your development machine, with kubectl installed by default. This installation is
> separate from the Kubernetes deployment on a UCP cluster. > separate from the Kubernetes deployment on a UCP cluster.
> Learn how to [deploy to Kubernetes on Docker for Mac](/docker-for-mac/kubernetes.md). > Learn how to [deploy to Kubernetes on Docker for Mac](/docker-for-mac/kubernetes.md).
{: .important} {: .important}
## Install the kubectl binary ## Install the kubectl binary
Install the latest version of kubectl for Linux on the node where you want To use kubectl, install the binary on a workstation which has access to your UCP endpoint.
to control Kubernetes. You can install kubectl on both manager and worker
nodes. Learn how to [install and set up kubectl](https://v1-8.docs.kubernetes.io/docs/tasks/tools/install-kubectl/).
On any node in your UCP cluster, run the following commands. > Must install compatible version
>
> Kubernetes only guarantees compatibility with kubectl versions that are +/-1 minor versions away from the Kubernetes version.
{: .important}
First, find which version of Kubernetes is running in your cluster. This can be found
within the Universal Control Plane dashboard or at the UCP API endpoint [version](/reference/ucp/3.0/api/).
From the UCP dashboard, click on **About Docker EE** within the **Admin** menu in the top left corner
of the dashboard. Then navigate to **Kubernetes**.
![Find Kubernetes version](../images/kubernetes-version.png){: .with-border}
Once you have the Kubernetes version, install the kubectl client for the relevant
operating system.
<ul class="nav nav-tabs">
<li class="active"><a data-toggle="tab" data-target="#mac">Mac OS</a></li>
<li><a data-toggle="tab" data-target="#linux">Linux</a></li>
<li><a data-toggle="tab" data-target="#win">Windows</a></li>
</ul>
<div class="tab-content">
<div id="mac" class="tab-pane fade in active" markdown="1">
```
# Set the Kubernetes version as found in the UCP Dashboard or API
k8sversion=v1.8.11
```bash
# Get the kubectl binary. # Get the kubectl binary.
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl curl -LO https://storage.googleapis.com/kubernetes-release/release/$k8sversion/bin/darwin/amd64/kubectl
# Make the kubectl binary executable. # Make the kubectl binary executable.
chmod +x ./kubectl chmod +x ./kubectl
# Move the kubectl executable to /usr/local/bin. # Move the kubectl executable to /usr/local/bin.
sudo mv ./kubectl /usr/local/bin/kubectl sudo mv ./kubectl /usr/local/bin/kubectl
``` ```
<hr>
Repeat these commands on every node that you want to control Kubernetes from. </div>
<div id="linux" class="tab-pane fade" markdown="1">
## Install the UCP client bundle
To access the Kubernetes API server that UCP exposes, you need the private and
public key pair that authorizes your requests to UCP. Follow the instructions
in [CLI-based access](cli.md#download-client-certificates-by-using-the-rest-api)
to install the client bundle.
> UCP client bundle is required
>
> If you run a kubectl command without the client bundle, you'll get an
> error like this:
> ```
> The connection to the server localhost:8080 was refused - did you specify the right host or port?
> ```
{: .warning}
## Confirm the connection to UCP
To confirm that kubectl is communicating with UCP, run:
```bash
kubectl config current-context
``` ```
# Set the Kubernetes version as found in the UCP Dashboard or API
k8sversion=v1.8.11
If the UCP client bundle is installed correctly, you'll see something like # Get the kubectl binary.
this: curl -LO https://storage.googleapis.com/kubernetes-release/release/$k8sversion/bin/linux/amd64/kubectl
# Make the kubectl binary executable.
chmod +x ./kubectl
# Move the kubectl executable to /usr/local/bin.
sudo mv ./kubectl /usr/local/bin/kubectl
``` ```
ucp_54.70.245.225:6443_admin <hr>
</div>
<div id="win" class="tab-pane fade" markdown="1">
You can download the binary from this [link](https://storage.googleapis.com/kubernetes-release/release/v.1.8.11/bin/windows/amd64/kubectl.exe)
If you have curl installed on your system, you use these commands in Powershell.
```cmd
$env:k8sversion = "v1.8.11"
curl https://storage.googleapis.com/kubernetes-release/release/$env:k8sversion/bin/windows/amd64/kubectl.exe
``` ```
<hr>
</div>
</div>
## Inspect Kubernetes resources ## Using kubectl with a Docker EE cluster
When the kubectl executable is in place and the UCP client bundle is Docker Enterprise Edition provides users unique certificates and keys to authenticate against
installed, you can run kubectl commands against the UCP cluster, like you the Docker and Kubernetes APIs. Instructions on how to download these certificates and how to
would on any Kubernetes deployment. configure kubectl to use them can be found in [CLI-based access.](cli.md#download-client-certificates)
For example, to see all resources in the default namespace, run:
```bash
kubectl get all
```
If you haven't deployed any Kubernetes workloads or created any Kubernetes
objects, you'll see something like this:
```
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d
```
## Where to go next ## Where to go next

2
engine/security/userns-remap.md
View File

@ -225,7 +225,7 @@ $ dockerd --userns-remap="testuser:testuser"
``` ```
Your directory listing may have some differences, especially if you Your directory listing may have some differences, especially if you
user a different container storage driver than `aufs`. use a different container storage driver than `aufs`.
The directories which are owned by the remapped user are used instead The directories which are owned by the remapped user are used instead
of the same directories directly beneath `/var/lib/docker/` and the of the same directories directly beneath `/var/lib/docker/` and the

19
install/linux/linux-postinstall.md
View File

@ -12,19 +12,20 @@ better with Docker.
## Manage Docker as a non-root user ## Manage Docker as a non-root user
The `docker` daemon binds to a Unix socket instead of a TCP port. By default The Docker daemon binds to a Unix socket instead of a TCP port. By default
that Unix socket is owned by the user `root` and other users can only access it that Unix socket is owned by the user `root` and other users can only access it
using `sudo`. The `docker` daemon always runs as the `root` user. using `sudo`. The Docker daemon always runs as the `root` user.
If you don't want to use `sudo` when you use the `docker` command, create a Unix If you don't want to preface the `docker` command with `sudo`, create a Unix
group called `docker` and add users to it. When the `docker` daemon starts, it group called `docker` and add users to it. When the Docker daemon starts, it
makes the ownership of the Unix socket read/writable by the `docker` group. creates a Unix socket accessible by members of the `docker` group.
> **Warning**: > Warning
>
> The `docker` group grants privileges equivalent to the `root` > The `docker` group grants privileges equivalent to the `root`
> user. For details on how this impacts security in your system, see > user. For details on how this impacts security in your system, see
> [*Docker Daemon Attack Surface*](/engine/security/security.md#docker-daemon-attack-surface). > [*Docker Daemon Attack Surface*](/engine/security/security.md#docker-daemon-attack-surface).
{:.warning} {: .warning}
To create the `docker` group and add your user: To create the `docker` group and add your user:
@ -141,9 +142,9 @@ By default, the Docker daemon listens for connections on a UNIX socket to accept
Configuring Docker to accept remote connections can be done with the `docker.service` systemd unit file for Linux distributions using systemd, such as recent versions of RedHat, CentOS, Ubuntu and SLES, or with the `daemon.json` file which is recommended for Linux distributions that do not use systemd. Configuring Docker to accept remote connections can be done with the `docker.service` systemd unit file for Linux distributions using systemd, such as recent versions of RedHat, CentOS, Ubuntu and SLES, or with the `daemon.json` file which is recommended for Linux distributions that do not use systemd.
> systemd vs `daemon.json` > systemd vs daemon.json
> >
> Configuring docker to listen for connections using both the systemd unit file and the daemon.json > Configuring Docker to listen for connections using both the `systemd` unit file and the `daemon.json`
> file causes a conflict that prevents Docker from starting. > file causes a conflict that prevents Docker from starting.
### Configuring remote access with `systemd` unit file ### Configuring remote access with `systemd` unit file

37
install/windows/docker-ee.md
View File

@ -17,7 +17,7 @@ install Docker EE.
> Release notes > Release notes
> >
> You can [get release notes for all versions here](/release-notes/) > [Release notes for all versions](/release-notes/)
## Install Docker EE ## Install Docker EE
@ -46,7 +46,7 @@ full list of prerequisites.
3. Test your Docker EE installation by running the `hello-world` container. 3. Test your Docker EE installation by running the `hello-world` container.
```PowerShell ```PowerShell
docker container run hello-world:nanoserver docker run hello-world:nanoserver
Unable to find image 'hello-world:nanoserver' locally Unable to find image 'hello-world:nanoserver' locally
nanoserver: Pulling from library/hello-world nanoserver: Pulling from library/hello-world
@ -129,26 +129,41 @@ installs, or install on air-gapped systems.
## Install a specific version ## Install a specific version
To install a specific Docker version, you can use the There are currently two channels available for Docker EE for Windows Server:
`MaximumVersion`,`MinimumVersion` or `RequiredVersion` flags. For example:
* `17.06` - Use this version if you're using Docker Enterprise Edition (Docker Engine, UCP, DTR). `17.06` is the default.
* `18.03` - Use this version if you're running Docker EE Engine alone.
To install a specific version, use the `RequiredVersion` flag:
```PowerShell ```PowerShell
Install-Package -Name docker -ProviderName DockerMsftProvider -Force -RequiredVersion 17.06.2-ee-5 Install-Package -Name docker -ProviderName DockerMsftProvider -Force -RequiredVersion 18.03
... ...
Name Version Source Summary Name Version Source Summary
---- ------- ------ ------- ---- ------- ------ -------
Docker 17.06.2-ee-5 Docker Contains Docker EE for use with Windows Server 2016... Docker 18.03.1-ee-2 Docker Contains Docker EE for use with Windows Server...
``` ```
### Updating the DockerMsftProvider
Installing specific Docker EE versions may require an update to previously installed DockerMsftProvider modules. To update:
```PowerShell
Update-Module DockerMsftProvider
```
Then open a new Powershell session for the update to take effect.
## Update Docker EE ## Update Docker EE
To update Docker EE on Windows Server 2016: To update Docker EE Engine to the most recent release, specify the `-RequiredVersion` and `-Update` flags:
```PowerShell ```PowerShell
Install-Package -Name docker -ProviderName DockerMsftProvider -Update -Force Install-Package -Name docker -ProviderName DockerMsftProvider -RequiredVersion 18.03 -Update -Force
``` ```
If Docker Universal Control Plane (UCP) is installed, run the ## Preparing a Docker EE Engine for use with UCP
Run the
[UCP installation script for Windows](/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes/#run-the-windows-node-setup-script). [UCP installation script for Windows](/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes/#run-the-windows-node-setup-script).
Start the Docker service: Start the Docker service:

4
machine/reference/rm.md
View File

@ -4,7 +4,7 @@ keywords: machine, rm, subcommand
title: docker-machine rm title: docker-machine rm
--- ---
Remove a machine. This removese the local reference and deletes it Remove a machine. This removes the local reference and deletes it
on the cloud provider or virtualization management platform. on the cloud provider or virtualization management platform.
```none ```none
@ -61,4 +61,4 @@ foo - virtualbox Running tcp://192.168.99.100:2376 v1.9.
$ docker-machine rm -y foo $ docker-machine rm -y foo
About to remove foo About to remove foo
Successfully removed foo Successfully removed foo
``` ```

2
network/bridge.md
View File

@ -43,7 +43,7 @@ network.**
Imagine an application with a web front-end and a database back-end. The Imagine an application with a web front-end and a database back-end. The
outside world needs access to the web front-end (perhaps on port 80), but only outside world needs access to the web front-end (perhaps on port 80), but only
the front-end itself needs access to the database host and port. Using a the back-end itself needs access to the database host and port. Using a
user-defined bridge, only the web port needs to be opened, and the database user-defined bridge, only the web port needs to be opened, and the database
application doesn't need any ports open, since the web front-end can reach it application doesn't need any ports open, since the web front-end can reach it
over the user-defined bridge. over the user-defined bridge.

8
reference/ucp/3.0/cli/install.md
View File

@ -24,13 +24,13 @@ Docker Universal Control Plane (UCP).
When installing UCP you can customize: When installing UCP you can customize:
* The certificates used by the UCP web server. Create a volume * The certificates used by the UCP web server. Create a volume
named 'ucp-controller-server-certs' and copy the ca.pem, cert.pem, and key.pem named `ucp-controller-server-certs` and copy the `ca.pem`, `cert.pem`, and `key.pem`
files to the root directory. Then run the install command with the files to the root directory. Then run the install command with the
`--external-server-cert` flag. `--external-server-cert` flag.
* The license used by UCP, by bind-mounting the file at * The license used by UCP, by bind-mounting the file at
'/config/docker_subscription.lic' in the tool. E.g. -v /path/to/my/config/docker_subscription.lic:/config/docker_subscription.lic `/config/docker_subscription.lic` in the tool. E.g. `-v /path/to/my/config/docker_subscription.lic:/config/docker_subscription.lic`
or by specifying with '--license "$(cat license.lic)" or by specifying with `--license "$(cat license.lic)`
If you're joining more nodes to this swarm, open the following ports in your If you're joining more nodes to this swarm, open the following ports in your
firewall: firewall:
@ -77,7 +77,7 @@ command.
| `--swarm-experimental` | Enable Docker Swarm experimental features. Used for backwards compatibility | | `--swarm-experimental` | Enable Docker Swarm experimental features. Used for backwards compatibility |
| `--disable-tracking` | Disable anonymous tracking and analytics | | `--disable-tracking` | Disable anonymous tracking and analytics |
| `--disable-usage` | Disable anonymous usage reporting | | `--disable-usage` | Disable anonymous usage reporting |
| `--external-server-cert` | Customize the certificates used by the UCP web server | | `--external-server-cert` | Use the certificates in the `ucp-controller-server-certs` volume instead of generating self-signed certs during installation |
| `--preserve-certs` | Don't generate certificates if they already exist | | `--preserve-certs` | Don't generate certificates if they already exist |
| `--binpack` | Set the Docker Swarm scheduler to binpack mode. Used for backwards compatibility | | `--binpack` | Set the Docker Swarm scheduler to binpack mode. Used for backwards compatibility |
| `--random` | Set the Docker Swarm scheduler to random mode. Used for backwards compatibility | | `--random` | Set the Docker Swarm scheduler to random mode. Used for backwards compatibility |

4
registry/deploying.md
View File

@ -458,8 +458,8 @@ secrets.
You may want to leverage more advanced basic auth implementations by using a You may want to leverage more advanced basic auth implementations by using a
proxy in front of the registry. See the [recipes list](recipes/index.md). proxy in front of the registry. See the [recipes list](recipes/index.md).
The registry also supports delegated authentiation, which redirects users to a The registry also supports delegated authentication which redirects users to a
specific, trusted token server. This approach is more complicated to set up, and specific trusted token server. This approach is more complicated to set up, and
only makes sense if you need to fully configure ACLs and need more control over only makes sense if you need to fully configure ACLs and need more control over
the registry's integration into your global authorization and authentication the registry's integration into your global authorization and authentication
systems. Refer to the following [background information](spec/auth/token.md) and systems. Refer to the following [background information](spec/auth/token.md) and

2
test.md
View File

@ -646,12 +646,14 @@ It renders like this with a colored sidebar and icon:
Use the `warning` class to let people know this is dangerous or they should pay close attention to this part of the road before moving on: Use the `warning` class to let people know this is dangerous or they should pay close attention to this part of the road before moving on:
```
> Ouch, don't do that! > Ouch, don't do that!
> >
> Sticking your finger in an electrical outlet can result in an electric shock. > Sticking your finger in an electrical outlet can result in an electric shock.
> >
> You can also add more paragraphs here if your explanation is super complex. > You can also add more paragraphs here if your explanation is super complex.
{: .warning} {: .warning}
```
It will render like this with a colored sidebar and icon: It will render like this with a colored sidebar and icon: