docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Beta v2 updates to various topics 

- admin swarms: new dtr-storage param, UCP pw in create output, new
topic on security groups, note on COS storage not being deleted when
you delete a swarm

- cli-ref: new param to create cluster

- dtr-ibm-cos: new topics for Swift API COS, note on the delete

- faqs: permissions table

- Quickstart: UCP pw updates

- registry: point to new DTR COS topics

- release notes: add beta v1.0.2
This commit is contained in:
art 2018-01-25 16:52:10 -05:00 committed by Joao Fernandes
parent 6916f2a1a3
commit c81e31dfd6
4 changed files with 196 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docker-for-ibm-cloud/cli-ref.md
View File

@ -4,9 +4,10 @@ keywords: ibm, ibm cloud, cli, iaas, reference
title: CLI reference for Docker EE for IBM Cloud
---
With the Docker EE for IBM Cloud (Beta) plug-in for the IBM Cloud CLI, you can manage your Docker swarms alongside other IBM Cloud operations.
With the Docker EE for IBM Cloud (beta) plug-in for the IBM Cloud CLI, you can manage your Docker swarms alongside other IBM Cloud operations.
## Docker for IBM Cloud plug-in commands
Refer to these commands to manage your Docker EE for IBM Cloud clusters.
* To view a list of commands, run the `bx d4ic help` command.
@ -26,7 +27,7 @@ Create a Docker EE swarm cluster.
### Usage
```bash
$ bx d4ic create --sl-user SOFTLAYER_USERNAME --sl-api-key SOFTLAYER_API_KEY --ssh-label SSH_KEY_LABEL --ssh-key SSH_KEY_PATH --docker-ee-url DOCKER_EE_URL --swarm-name SWARM_NAME [--datacenter DATACENTER] [--workers NUMBER] [--managers NUMBER] [--hardware SHARED|DEDICATED] [--manager-machine-type MANAGER_MACHINE_TYPE] [--worker-machine-type WORKER_MACHINE_TYPE] [-v] [--version VERSION]
$ bx d4ic create --sl-user SOFTLAYER_USERNAME --sl-api-key SOFTLAYER_API_KEY --ssh-label SSH_KEY_LABEL --ssh-key SSH_KEY_PATH --docker-ee-url DOCKER_EE_URL --swarm-name SWARM_NAME [--datacenter DATACENTER] [--workers NUMBER] [--managers NUMBER] [--hardware SHARED|DEDICATED] [--manager-machine-type MANAGER_MACHINE_TYPE] [--worker-machine-type WORKER_MACHINE_TYPE] [--disable-dtr-storage] [-v] [--version VERSION]
```
### Options
@ -46,16 +47,18 @@ $ bx d4ic create --sl-user SOFTLAYER_USERNAME --sl-api-key SOFTLAYER_API_KEY --s
| `--hardware` | If "dedicated" then the nodes are created on hosts with compute instances in the same account. | Shared | Optional |
| `--manager-machine-type` | The machine type of the manager nodes: u1c.1x2, u1c.2x4, b1c.4x16, b1c.16x64, b1c.32x128, or b1c.56x242. Higher machine types cost more, but deliver better performance: for example, u1c.2x4 is 2 cores and 4 GB memory, and b1c.56x242 is 56 cores and 242 GB memory. | b1c.4x16 | Optional |
| `--worker-machine-type` | The machine type of the worker nodes: u1c.1x2, u1c.2x4, b1c.4x16, b1c.16x64, b1c.32x128, or b1c.56x242. Higher machine types cost more, but deliver better performance: for example, u1c.2x4 is 2 cores and 4 GB memory, and b1c.56x242 is 56 cores and 242 GB memory. | u1c.1x2 | Optional |
| `--disable-dtr-storage` | By default, the `bx d4ic create` command orders an IBM Cloud Swift API Object Storage account and creates a container named `dtr-container`. If you want to prevent this, include the `--disable-dtr-storage`. Note that you must then [set up IBM Cloud Object Storage](dtr-ibm-cos.md) yourself so that DTR works with your cluster. | Enabled by default. | Optional |
| `--version` | The Docker EE version of the created cluster. For the beta, only the default version is available. | Default version | Optional |
## bx d4ic delete
Delete a Docker EE swarm cluster.
### Usage
```bash
$ bx d4ic delete (--swarm-name SWARM_NAME | --id ID) --sl-user SOFTLAYER_USERNAME --sl-api-key SOFTLAYER_API_KEY --ssh-key SSH_KEY_PATH [--insecure] [--force]
$ bx d4ic delete (--swarm-name SWARM_NAME | --id ID) --sl-user SOFTLAYER_USERNAME --sl-api-key SOFTLAYER_API_KEY --ssh-label SSH_KEY_LABEL --ssh-key SSH_KEY_PATH [--insecure] [--force]
```
### Options
@ -64,6 +67,7 @@ $ bx d4ic delete (--swarm-name SWARM_NAME | --id ID) --sl-user SOFTLAYER_USERNAM
|---|---|---|---|
| `--sl-user`, `-u` | [Log in to IBM Cloud infrastructure](https://control.softlayer.com/), select your profile, and locate your **API Username** under the API Access Information section. | | Required |
| `--sl-api-key`, `-k` | [Log in to IBM Cloud infrastructure](https://control.softlayer.com/), select your profile, and locate your **Authentication Key** under the API Access Information section. | | Required |
| `--ssh-label`, `--label` | Your IBM Cloud infrastructure SSH key label for the manager node. To create a key, [log in to IBM Cloud infrastructure](https://control.softlayer.com/) and select **Devices > Manage > SSH Keys > Add**. Copy the key label and insert it here. | | Required |
| `--ssh-key` | The path to the SSH key on your local client that matches the SSH key label in your IBM Cloud infrastructure account. | | Required |
| `--swarm-name`, `--name` | The name of your cluster. If the name is not provided, you must provide the ID. | | Required |
| `--id` | The ID of your cluster. If the ID is not provided, you must provide the name. | | Required |
@ -72,6 +76,7 @@ $ bx d4ic delete (--swarm-name SWARM_NAME | --id ID) --sl-user SOFTLAYER_USERNAM
| `--force`, `-f` | Force deletion without confirmation. | | Optional |
## bx d4ic key-create
Create a key for a service instance. Before you can create a key, create an IBM Cloud service.
### Usage
@ -93,6 +98,7 @@ $ bx d4ic key-create (--swarm-name SWARM_NAME | --id ID) --cert-path CERT_PATH -
| `--sl-api-key`, `-k` | [Log in to IBM Cloud infrastructure](https://control.softlayer.com/), select your profile, and locate your **Authentication Key** under the API Access Information section. | | Required |
## bx d4ic list
List the clusters in your Docker EE for IBM Cloud account.
### Usage
@ -133,6 +139,7 @@ $ bx d4ic logmet (--swarm-name SWARM_NAME | --id ID) --cert-path CERT_PATH --sl-
| `--disable` | Disable sending log activity to IBM Cloud Log Analysis and Monitoring services. You must include either `--enable` or `--disable` in the command. | | Optional |
## bx d4ic show
Show information about the IBM Cloud infrastructure components, such as load balancer URLs, of a specific cluster.
### Usage

148
docker-for-ibm-cloud/dtr-ibm-cos.md
View File

@ -5,33 +5,65 @@ title: Set up IBM Cloud Object Storage for Docker Trusted Registry
---
# Use DTR with Docker EE for IBM Cloud
To use [Docker Trusted Registry (DTR)](/datacenter/dtr/2.4/guides/) with Docker EE for IBM Cloud, configure DTR to store images on [IBM Cloud Object Storage (COS)](https://ibm-public-cos.github.io/crs-docs/).
Your DTR files are stored in "buckets", and users have permissions to read, write, and delete files from those buckets. When you integrate DTR with IBM Cloud Object Storage, DTR sends all read and write operations to the COS bucket so that the images are persisted there.
To use [Docker Trusted Registry (DTR)](docs.docker.com/datacenter/dtr/2.4/guides/) with Docker EE for IBM Cloud, DTR stores images on [IBM Cloud Object Storage (COS)](https://ibm-public-cos.github.io/crs-docs/).
> COS for DTR enabled by default
>
> When you [create a cluster](administering-swarms.md#create-swarms), Docker EE for IBM Cloud orders an IBM Cloud Swift API Object Storage account and creates a container named `dtr-container`.
>
> If you used the `--disable-dtr-storage` parameter to prevent the `dtr-container` from being created, then follow the steps on this page to configure DTR to store images using IBM COS. You can order a new COS account, or use an existing one.
>
> Whether you use the default Swift or set up S3, the COS persists after you delete your cluster. To permanently remove the COS, see [Delete IBM Cloud Object Storage](#delete-ibm-cloud-object-storage).
With IBM Cloud Object Storage S3, your DTR files are stored in "buckets", and users have permissions to read, write, and delete files from those buckets. When you integrate DTR with IBM Cloud Object Storage, DTR sends all read and write operations to the COS bucket so that the images are persisted there.
## Configure DTR to use IBM Cloud Object Storage
To use IBM Cloud Object Storage, make sure that you have [an IBM Cloud Pay As You Go or Subscription account](https://console.bluemix.net/docs/pricing/index.html#accounts) that can provision infrastructure resources. You might need to [upgrade or link your account](https://console.bluemix.net/docs/pricing/index.html#accounts).
### Create an IBM Cloud Object Storage account instance
If you already have an IBM Cloud Object Storage account that you want to use for your swarm, you can skip the create instructions and configure your [S3](#configure-the-s3-bucket-access-and-permissions-in-dtr) or [Swift](#configure-the-regional-swift-api-container-access-in-dtr) Cloud Object Storage accounts for DTR.
## Create an IBM Cloud Object Storage account instance
1. Log in to your [IBM Cloud infrastructure](https://control.softlayer.com/) account.
2. Click **Storage** > **Object Storage** > **Order Object Storage**.
3. Select the default storage type of **Cloud Object Storage - S3 API**, then click **Continue**.
3. Select the storage type, **Cloud Object Storage - S3 API** or **Cloud Object Storage - Standard Regional Swift API**, then click **Continue**.
4. Select the **Master Service Agreement** acknowledge check box, then click **Place Order**.
5. The new object storage account instance is provisioned shortly, and appears in the table. Click the **Short Description** field to identify what the instance is for, such as **my-d4ic-dtr-cos**.
The next steps depend on which type of COS you created:
* [Configure S3 API](#configure-ibm-cloud-object-storage-s3-for-dtr)
* [Configure Regional Swift API](#configure-ibm-cloud-object-storage-regional-swift-api-for-dtr)
## Configure IBM Cloud Object Storage S3 for DTR
Create and configure your COS S3 bucket to use with DTR.
### Create an IBM Cloud Object Storage bucket
Before you begin, [create an IBM Cloud Object Storage account instance](#create-an-ibm-cloud-object-storage-account-instance).
1. From your [IBM Cloud infrastructure](https://control.softlayer.com/) **Storage** > **Object Storage** page, select the storage account instance that you made previously.
2. From **Manage Buckets**, click the **Add Bucket** icon.
3. Configure your bucket.
* For **Resiliency/Location**, select the region that you want to use, such as **Region - us south**. For higher resiliency, you can select a **Cross Region** option.
* For **Storage Class**, keep the default of **Standard**.
* For the **Bucket Name**, give your bucket a name, such as **dtr**. The name must be unique within your IBM Cloud infrastructure COS account; [learn more about naming requirements](https://ibm-public-cos.github.io/crs-docs/storing-and-retrieving-objects#using-buckets).
4. Click **Add**.
Next, [configure the S3 bucket access and permissions in DTR](#configure-the-s3-bucket-access-and-permissions-in-dtr).
### Configure the S3 bucket access and permissions in DTR
Once youve created a bucket, you can configure DTR to use it. You use the information from your IBM Cloud Object Storage instance to configure DTR external storage.
Before you begin:
@ -43,7 +75,9 @@ Before you begin:
Steps:
1. From your [IBM Cloud infrastructure](https://control.softlayer.com/) **Storage** > **Object Storage** page, select the storage account instance that you made previously.
2. Select **Access & Permissions**. Keep this page handy, as you use its information to fill in the DTR external storage required fields later in these steps.
3. Retrieve your cluster's DTR URL. If you don't remember your cluster's name, you can use the `bx d4ic list` command:
```bash
@ -63,7 +97,9 @@ Steps:
```
5. From the DTR GUI, navigate to **Settings** > **Storage**.
6. Choose **Cloud** storage type, and then select the **Amazon S3** cloud storage provider.
7. Fill in the **S3 Settings** form with the information from your IBM Cloud Object Storage **dtr** bucket. The following table describes the required fields and what information to include:
| Field | Description of what to include |
@ -77,7 +113,91 @@ Steps:
8. From the DTR GUI, click **Save**.
## Configure IBM Cloud Object Storage Regional Swift API for DTR
Create and configure your COS Regional Swift API container to use with DTR.
### Create an IBM Cloud Object Storage Regional Swift API container
Before you begin, [create an IBM Cloud Object Storage account instance](#create-an-ibm-cloud-object-storage-account-instance). You also can reuse a COS Regional Swift API account that you made with a previously deleted swarm. When you [create a new swarm](administering-swarms.md#create-swarms), include the `--disable-dtr-storage` parameter and then follow these steps to reuse the COS account.
1. From your [IBM Cloud infrastructure](https://control.softlayer.com/) **Storage** > **Object Storage** page, select the storage account instance that you made previously.
2. Select a data center location within the region that you created your swarm in. For example, by default swarms are created in `wdc07`, so select **Washington 1, wdc - wdc01**.
| Docker for IBM Cloud location | Cloud Object Storage location |
| --- | --- |
| Dallas `dal12`, `dal13` | Dallas 5 `dal - dal05` |
| Frankfurt `fra02` | Frankfurt 2 `fra - fra02` |
| Hong Kong `hgk02` | Hong Kong 2 `hkg - hkg02` |
| London `lon04` | London 2 `lon - lon02` |
| Paris `par01` | Paris 1 `par - par01` |
| Sydney `syd01`, `syd04` | Sydney 1 `syd - syd01` |
| Toronto `tor01` | Toronto 1 `tor - tor01` |
| Washington DC `wdc06`, `wdc07`| Washington 1 `wdc - wdc01` |
3. Click **Add Container**.
4. Name the container `dtr-container`.
5. Click the **View Credentials** link.
6. Copy the following information:
* **Authentication Endpoint**: Public URL. For example, `https://wdc.objectstorage.softlayer.net/auth/v1.0/`.
* **Username**: The user name for the COS account. For example, `IBMOS1234567-01:user.name.1234567`.
* **API Key (Password)**: An alphanumeric password for the COS account.
Next, [configure the Regional Swift API container access and permissions in DTR](#configure-the-regional-swift-api-container-access-in-dtr).
### Configure the Regional Swift API container access in DTR
Once youve created a COS Swift API container, you can configure DTR to use it. You use the information from your IBM Cloud Object Storage instance to configure DTR external storage.
Before you begin:
* Retrieve your [IBM Cloud infrastructure user name and API key](https://knowledgelayer.softlayer.com/procedure/retrieve-your-api-key).
* [Create a cluster](administering-swarms.md#create-swarms) and [set up UCP](administering-swarms.md#use-the-universal-control-plane).
* Get your UCP password by running `$ docker logs mycluster_ID`.
Steps:
1. Retrieve the container name, public authentication endpoint, user name, and API key that you copied from the previous step.
2. Retrieve your cluster's DTR URL. If you don't remember your cluster's name, you can use the `bx d4ic list` command:
```bash
$ bx d4ic list --sl-user user.name.1234567 --sl-api-key api_key
$ bx d4ic show --swarm-name mycluster --sl-user user.name.1234567 --sl-api-key api_key
...
Load Balancers
ID Name Address Type
...
ID mycluster-dtr mycluster-dtr-1234567-wdc07.lb.bluemix.net dtr
```
3. Log in to DTR with your credentials of `admin` and the UCP password that you previously retrieved, or the credentials that your admin assigned you.
```none
https://mycluster-dtr-1234567-wdc07.lb.bluemix.net
```
4. From the DTR GUI, navigate to **Settings** > **Storage**.
5. Choose **Cloud** storage type, and then select the **OpenStack Swift** cloud storage provider.
6. Fill in the **Swift Settings** form with the information from your IBM Cloud Object Storage **dtr-container** container:
* **Authorization URL**: Fill in the public authentical endpoint that you previously retrieved. For example, `https://wdc.objectstorage.softlayer.net/auth/v1.0/`.
* **Username**: Fill in the COS account user name that you previously retrieved. For example, `IBMOS1234567-01:user.name.1234567`.
* **Password**: Fill in the COS account API Key (Password) that you previously retrieved.
* **Container**: Fill in the container's name that you previously made, such as `dtr-container`.
7. From the DTR GUI, click **Save**.
## Configure your client
Docker EE for IBM Cloud uses a TLS certificate in its storage backend, so you must configure your Docker Engine to trust DTR.
Before you begin:
@ -91,7 +211,7 @@ Before you begin:
```bash
$ bx d4ic list --sl-user user.name.1234567 --sl-api-key api_key
$ bx d4ic show --swarm-name mycluster
$ bx d4ic show --swarm-name mycluster --sl-user user.name.1234567 --sl-api-key api_key
...
Load Balancers
ID Name Address Type
@ -108,4 +228,22 @@ Before you begin:
3. Follow the OS-specific instructions to [configure your host](/datacenter/dtr/2.4/guides/user/access-dtr/) to use the DTR CA.
## Verify that DTR is running
Verify that DTR is set up properly by [pulling and pushing an image](/datacenter/dtr/2.4/guides/user/manage-images/pull-and-push-images/).
## Delete IBM Cloud Object Storage
1. Log in to your [IBM Cloud infrastructure account](https://control.softlayer.com/).
2. Select **Storage** > **Object**.
3. For the object storage **Account Name** that you want to delete, click the cancel icon.
> Tip to find your object storage account name
>
> You can see the name of the swarm associated with the object storage account in the description field.
> Alternatively, you can find the object storage account name for your swarm by running `bx d4ic show --swarm-name my_swarm --sl-user user.name.1234567 --sl-api-key api_key`.
4. Choose when you want to cancel the object storage account and click **Continue**.
5. Check the acknowledgement and click **Cancel Object Storage Account**.

94
docker-for-ibm-cloud/quickstart.md
View File

@ -1,9 +1,3 @@
---
description: Docker EE for IBM Cloud (Beta) Quick Start
keywords: ibm, ibm cloud, quickstart, iaas, tutorial
title: Docker EE for IBM Cloud (Beta) Quick Start
---
# Docker Enterprise Edition for IBM Cloud (Beta) Quick Start
Are you ready to orchestrate Docker Enterprise Edition swarm clusters that are enhanced with the full suite of secure IBM Cloud platform, infrastructure, and Watson services? Great! Let's get you started.
@ -16,13 +10,13 @@ To request access to the closed beta, [email IBM](mailto:sealbou@us.ibm.com).
1. Set up your IBM Cloud account:
* [Register for a Pay As You Go IBM Cloud account](https://console.bluemix.net/registration/).
* If you already have an IBM Cloud account, make sure that you can provision infrastructure resources. You might need to [upgrade or link your account](https://console.bluemix.net/docs/pricing/index.html#accounts).
* [Register for a Pay As You Go IBM Cloud account](https://console.bluemix.net/registration/).
* If you already have an IBM Cloud account, make sure that you can provision infrastructure resources. You might need to [upgrade or link your account](https://console.bluemix.net/docs/pricing/index.html#accounts).
2. Get your IBM Cloud infrastructure credentials:
* [Add your SSH key to IBM Cloud infrastructure](https://knowledgelayer.softlayer.com/procedure/add-ssh-key), label it, and note the label.
* Log in to [IBM Cloud infrastructure](https://control.softlayer.com/), select your user profile, and under the **API Access Information** section retrieve your **API Username** and **Authentication Key**.
* [Add your SSH key to IBM Cloud infrastructure](https://knowledgelayer.softlayer.com/procedure/add-ssh-key), label it, and note the label.
* Get your [account API credentials](https://knowledgelayer.softlayer.com/procedure/retrieve-your-api-key).
3. If you have not already, [create an organization and space](https://console.bluemix.net/docs/admin/orgs_spaces.html#orgsspacesusers) to use when using IBM Cloud services. You must be the account owner or administrator to complete this step.
@ -30,11 +24,11 @@ To request access to the closed beta, [email IBM](mailto:sealbou@us.ibm.com).
5. Set your environment variables to use your IBM Cloud infrastructure credentials and your Docker EE installation URL. For example:
```none
export SOFTLAYER_USERNAME=user.name.1234567
export SOFTLAYER_API_KEY=api-key
export D4IC_DOCKER_EE_URL=my_docker-ee-url
```
```none
export SOFTLAYER_USERNAME=user.name.1234567
export SOFTLAYER_API_KEY=api-key
export D4IC_DOCKER_EE_URL=my_docker-ee-url
```
Now let's download some Docker for IBM Cloud tools.
@ -44,57 +38,58 @@ Now let's download some Docker for IBM Cloud tools.
2. Install the Docker for IBM Cloud plug-in. The prefix for running commands is `bx d4ic`.
```bash
$ bx plugin install docker-for-ibm-cloud -r Bluemix
```
```bash
$ bx plugin install docker-for-ibm-cloud -r Bluemix
```
3. Optional: To manage a private IBM Cloud Container Registry, install the plug-in. The prefix for running commands is `bx cr`.
```bash
$ bx plugin install container-registry -r Bluemix
```
```bash
$ bx plugin install container-registry -r Bluemix
```
4. Verify that the plug-ins have been installed properly:
```bash
$ bx plugin list
```
```bash
$ bx plugin list
```
Now we're ready to get to the fun stuff: making a cluster!
## Step 3: Create clusters
Create a Docker EE swarm cluster in IBM Cloud. During the beta, your cluster can have a maximum of 20 nodes, up to 14 of which can be worker nodes. If you need more nodes than this, work with your Docker representative to acquire an additional Docker EE license.
Create a Docker EE swarm cluster in IBM Cloud. For beta, your cluster can have a maximum of 20 nodes, up to 14 of which can be worker nodes.
1. Log in to the IBM Cloud CLI. If you have a federated ID, use the `--sso` option.
```bash
$ bx login [--sso]
```
```bash
$ bx login [--sso]
```
2. Target the IBM Cloud org and space:
```bash
$ bx target --cf
```
```bash
$ bx target --cf
```
3. Create the cluster. Use the `--swarm-name` flag to name your cluster, and fill in the credentials, SSH, and Docker EE installation URL variables with the information that you previously retrieved.
```bash
$ bx d4ic create --swarm-name my_swarm \
--ssh-label my_ssh_label \
--sl-user user.name.1234567 \
--sl-api-key api_key \
--ssh-label my_ssh_label \
--ssh-key filepath_to_my_ssh_key \
--docker-ee-url my_docker-ee-url
```
> Customize your cluster
>
> You can customize your cluster by
> [using other flags and options](cli-ref.md#bx-d4ic-create) with
> `bx d4ic help create`, but this example uses a basic swarm.
4. Note the cluster **Name** and **ID**.
5. Note the cluster **Name**, **ID**, and **UCP Password**.
Congrats! Your Docker EE for IBM Cloud cluster is provisioning. First, the manager node is deployed. Then, the rest of the infrastructure resources are deployed, including the worker nodes, DTR nodes, load balancers, subnet, and NFS volume.
@ -103,36 +98,29 @@ Congrats! Your Docker EE for IBM Cloud cluster is provisioning. First, the manag
## Step 4: Use UCP
Check it out: Docker for IBM Cloud uses [Docker Universal Control Plane (UCP)](/datacenter/ucp/2.2/guides/) to help you manage your cluster through a simple web UI!
Check it out: Docker for IBM Cloud uses [Docker Universal Control Plane (UCP)](/datacenter/ucp/2.2/guides/) to help you manage your cluster through a simple interface!
### Step 4a: Access UCP
1. Get your UCP password from the Docker logs **Outputs**:
Before you begin, get your cluster **Name**, **ID**, and **UCP Password** that you previously noted.
```bash
$ docker logs cluster-name_ID
...
ucp_password = UCP-password
...
```
1. Retrieve your cluster's **UCP URL**:
2. Retrieve your cluster's **UCP URL**:
```bash
$ bx d4ic list --sl-user user.name.1234567 --sl-api-key api_key
```
```bash
$ bx d4ic list --sl-user user.name.1234567 --sl-api-key api_key
```
2. In your browser, navigate to the **UCP URL**.
3. Copy the **UCP URL** for your swarm from the `bx d4ic list` command, and in your browser navigate to it.
4. Log in to UCP. Your credentials are `admin` and the UCP password from the `docker logs` command, or the credentials that your admin created for you.
3. Log in to UCP. Your credentials are `admin` and the UCP password from the `bx d4ic create` command output, or the credentials that your admin created for you.
We're almost done! We just need to download the UCP certificate bundle so that you can create and deploy services from your local Docker client to the cluster.
### Step 4b: Download client certificates
1. From the UCP GUI under your user name (for example, **admin**), click **My Profile**.
1. From the UCP GUI under your user name (for example, *admin*), click *My Profile*.
2. Click **Client Bundles** > **New Client Bundle**. A zip file is generated.
2. Click *Client Bundles* > *New Client Bundle*. A zip file is generated.
3. In the GUI, you are shown a labeland public key. You can edit the label by clicking the pencil icon and giving it a name, such as _d4ic-ucp_.
@ -147,7 +135,7 @@ We're almost done! We just need to download the UCP certificate bundle so that y
> Move the certificate environment variable directory to a safe and
> accessible location on your machine. It gets used a lot.
5. From the client bundle directory, update your `DOCKER_HOST` and `DOCKER_CERT_PATH` environment variables by loading the `env.sh` script contents into your environment.:
5. From the client bundle directory, update your `DOCKER_HOST` and `DOCKER_CERT_PATH` environment variables by running the `env.sh` script:
```bash
$ source env.sh
@ -161,7 +149,7 @@ That's it! Your Docker EE for IBM Cloud cluster is provisioned, connected to UCP
What's next, you ask? Why not try to:
* [Learn when to use UCP and the CLIs](administering-swarms.md#ucp-and-clis).
* [Learn when to use UCP and the CLIs](administering-swarms.md#ucp_and_clis).
* [Deploy an app](deploy.md).
* [Scale your swarm cluster](scaling.md).
* [Set up DTR to use IBM Cloud Object Storage](dtr-ibm-cos.md).

4
docker-for-ibm-cloud/registry.md
View File

@ -15,9 +15,9 @@ To deploy a container image in Docker swarm mode, you create a service that uses
## Docker Trusted Registry
[Docker Trusted Registry (DTR)](/datacenter/dtr/2.4/guides/) is a private registry that runs on a Docker EE cluster. Once deployed, you can use the DTR GUI or Docker CLI to manage your Docker images. Set up DTR to save images on external storage. Use DTR when you need a secure image registry that's integrated with Docker EE UCP.
[Docker Trusted Registry (DTR)](/datacenter/dtr/2.4/guides/) is a private registry that runs on a Docker EE cluster. Once deployed, you can use the DTR GUI or Docker CLI to manage your Docker images. You must set up DTR to save images on external storage. Use DTR when you need a secure image registry that's integrated with Docker EE UCP.
Before you can use DTR, [configure DTR to use IBM Cloud Object Storage](dtr-ibm-cos.md) to securely store your images externally.
DTR uses IBM Cloud Object Storage to securely store your images externally. By default, an IBM Cloud Object Storage Swift account and `dtr-container` is created during [cluster provisioning](#administering-swarms.md#create-swarms). If you prevented the `dtr-container` from creating with the `--disable-dtr-storage` parameter, then [configure DTR to use IBM Cloud Object Storage S3](dtr-ibm-cos.md).
## IBM Cloud Container Registry