diff --git a/datacenter/ucp/3.0/guides/admin/configure/add-labels-to-cluster-nodes.md b/datacenter/ucp/3.0/guides/admin/configure/add-labels-to-cluster-nodes.md index 4ac0853a2a..68d707cbc4 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/add-labels-to-cluster-nodes.md +++ b/datacenter/ucp/3.0/guides/admin/configure/add-labels-to-cluster-nodes.md @@ -2,7 +2,16 @@ title: Add labels to swarm nodes description: Learn how to add metadata to swarm nodes that can be used to specify constraints when deploying services. keywords: cluster, node, label, swarm, metadata +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: store-logs-in-an-external-system/ + title: Store logs in an external system --- +{% if include.version=="ucp-3.0" %} With Docker UCP, you can add labels to your nodes. Labels are metadata that describe the node, like its role (development, QA, production), its region @@ -17,7 +26,7 @@ lifecycle, or the hardware resources they have. Don't create labels for authorization and permissions to resources. Instead, use collections to organize access to your swarm. -[Learn about managing access with collections](../../access-control/manage-access-with-collections.md). +[Learn about managing access with collections](../../authorization/group-resources.md). ## Apply labels to a node @@ -41,7 +50,7 @@ pane, click **Labels** to view the labels that are applied to the node. You can also do this from the CLI by running: ```bash -$ docker node update --label-add = +docker node update --label-add = ``` ## Deploy a service with constraints @@ -134,6 +143,9 @@ To edit the labels on the service, click **Configure** and select You can add or remove deployment constraints on this page. -## Where to go next +{% elsif include.version=="ucp-2.2" %} + +Learn about [adding labels to cluster nodes](/datacenter/ucp/2.2/guides/admin/configure/add-labels-to-cluster-nodes.md). + +{% endif %} -* [Store logs in an external system](store-logs-in-an-external-system.md) diff --git a/datacenter/ucp/3.0/guides/admin/configure/add-sans-to-cluster.md b/datacenter/ucp/3.0/guides/admin/configure/add-sans-to-cluster.md index 115338f569..4c195fdda2 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/add-sans-to-cluster.md +++ b/datacenter/ucp/3.0/guides/admin/configure/add-sans-to-cluster.md @@ -2,7 +2,13 @@ title: Add SANs to cluster certificates description: Learn how to add new SANs to cluster nodes, allowing you to connect to UCP with a different hostname keywords: cluster, node, label, certificate, SAN +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true --- +{% if include.version=="ucp-3.0" %} UCP always runs with HTTPS enabled. When you connect to UCP, you need to make sure that the hostname that you use to connect is recognized by UCP's @@ -38,7 +44,7 @@ You can also do this from the CLI by first running: ```bash {% raw %} -$ docker node inspect --format '{{ index .Spec.Labels "com.docker.ucp.SANs" }}' +docker node inspect --format '{{ index .Spec.Labels "com.docker.ucp.SANs" }}' default-cs,127.0.0.1,172.17.0.1 {% endraw %} ``` @@ -48,8 +54,14 @@ desired SAN to this list, for example `default-cs,127.0.0.1,172.17.0.1,example.c and then run: ```bash -$ docker node update --label-add com.docker.ucp.SANs= +docker node update --label-add com.docker.ucp.SANs= ``` `` is the list of SANs with your new SAN appended at the end. As in the web UI, you must do this for every manager node. + +{% elsif include.version=="ucp-2.2" %} + +Learn about [adding SANs to cluster certificates](/datacenter/ucp/2.2/guides/admin/configure/add-sans-to-cluster.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/external-auth/enable-ldap-config-file.md b/datacenter/ucp/3.0/guides/admin/configure/external-auth/enable-ldap-config-file.md index e075325b6b..997e72536d 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/external-auth/enable-ldap-config-file.md +++ b/datacenter/ucp/3.0/guides/admin/configure/external-auth/enable-ldap-config-file.md @@ -2,7 +2,18 @@ title: Integrate with LDAP by using a configuration file description: Set up LDAP authentication by using a configuration file. keywords: UCP, LDAP, config +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: ../../../authorization/create-teams-with-ldap/ + title: Create teams with LDAP +- path: ../../../authorization/create-users-and-teams-manually/ + title: Create users and teams manually --- +{% if include.version=="ucp-3.0" %} Docker UCP integrates with LDAP directory services, so that you can manage users and groups from your organization's directory and automatically @@ -15,7 +26,7 @@ run UCP with the `example-config` option. [Learn about UCP configuration files](../ucp-configuration-file.md). ```bash -$ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} example-config +docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} example-config ``` ## Set up LDAP by using a configuration file @@ -33,7 +44,7 @@ $ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_v ```bash {% raw %} - $ docker config inspect --format '{{ printf "%s" .Spec.Data }}' $CURRENT_CONFIG_NAME > config.toml + docker config inspect --format '{{ printf "%s" .Spec.Data }}' $CURRENT_CONFIG_NAME > config.toml {% endraw %} ``` @@ -45,7 +56,7 @@ $ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_v Config object by using the following command. ```bash - $ NEW_CONFIG_NAME="com.docker.ucp.config-$(( $(cut -d '-' -f 2 <<< "$CURRENT_CONFIG_NAME") + 1 ))" + NEW_CONFIG_NAME="com.docker.ucp.config-$(( $(cut -d '-' -f 2 <<< "$CURRENT_CONFIG_NAME") + 1 ))" docker config create $NEW_CONFIG_NAME config.toml ``` @@ -53,7 +64,7 @@ $ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_v and add a reference to the new config. ```bash - $ docker service update --config-rm "$CURRENT_CONFIG_NAME" --config-add "source=${NEW_CONFIG_NAME},target=/etc/ucp/ucp.toml" ucp-agent + docker service update --config-rm "$CURRENT_CONFIG_NAME" --config-add "source=${NEW_CONFIG_NAME},target=/etc/ucp/ucp.toml" ucp-agent ``` 6. Wait a few moments for the `ucp-agent` service tasks to update across @@ -62,7 +73,8 @@ $ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_v have their accounts created when they log in with their username and LDAP password. -## Where to go next +{% elsif include.version=="ucp-2.2" %} -- [Create and manage users](../../../access-control/create-and-manage-users.md) -- [Create and manage teams](../../../access-control/create-and-manage-teams.md) \ No newline at end of file +Learn about [integrating with LDAP by using a configuration file](/datacenter/ucp/2.2/guides/admin/configure/external-auth/enable-ldap-config-file.md). + +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/admin/configure/external-auth/index.md b/datacenter/ucp/3.0/guides/admin/configure/external-auth/index.md index 2c2ba3d9ab..218eef02d2 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/external-auth/index.md +++ b/datacenter/ucp/3.0/guides/admin/configure/external-auth/index.md @@ -1,9 +1,22 @@ --- -title: Integrate with an LDAP Directory +title: Integrate with an LDAP directory description: Learn how to integrate UCP with an LDAP service, so that you can manage users from a single place. keywords: LDAP, UCP, authentication, user management +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: enable-ldap-config-file/ + title: Enable LDAP integration by using a configuration file +- path: ../../../authorization/create-teams-with-ldap/ + title: Create teams with LDAP +- path: ../../../authorization/create-users-and-teams-manually/ + title: Create users and teams manually --- +{% if include.version=="ucp-3.0" %} Docker UCP integrates with LDAP directory services, so that you can manage users and groups from your organization's directory and it will automatically @@ -123,7 +136,7 @@ to the private collections of new users. For example, if you change the value to `View Only`, all users who log in for the first time after the setting is changed have `View Only` access to their private collections, but permissions remain unchanged for all existing users. -[Learn more about permission levels](../../../access-control/permission-levels.md). +[Learn more about permission levels](../../../authorization/define-roles.md). ## LDAP enabled @@ -216,11 +229,10 @@ UCP does not store any additional data from the directory server. UCP enables syncing teams with a search query or group in your organization's LDAP directory. -[Sync team members with your organization's LDAP directory](../../../access-control/create-and-manage-teams.md). +[Sync team members with your organization's LDAP directory](../../../authorization/create-teams-with-ldap.md). -## Where to go next +{% elsif include.version=="ucp-2.2" %} -- [Create and manage users](../../../access-control/create-and-manage-users.md) -- [Create and manage teams](../../../access-control/create-and-manage-teams.md) -- [UCP permission levels](../../../access-control/permission-levels.md) -- [Enable LDAP integration by using a configuration file](enable-ldap-config-file.md) +Learn about [integrating with an LDAP directory](/datacenter/ucp/2.2/guides/admin/configure/external-auth/index.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/integrate-with-dtr.md b/datacenter/ucp/3.0/guides/admin/configure/integrate-with-dtr.md index 7d20396094..b515140833 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/integrate-with-dtr.md +++ b/datacenter/ucp/3.0/guides/admin/configure/integrate-with-dtr.md @@ -2,16 +2,25 @@ title: Integrate with Docker Trusted Registry description: Integrate UCP with Docker Trusted Registry keywords: trust, registry, integrate, UCP, DTR +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: use-your-own-tls-certificates/ + title: Use your own TLS certificates --- +{% if include.version=="ucp-3.0" %} Once you deploy Docker Trusted Registry (DTR), you can use it to store your Docker images and deploy services to UCP using these images. -[Learn how to deploy DTR](/datacenter/dtr/2.3/guides/admin/install/index.md). +[Learn how to deploy DTR](/datacenter/dtr/2.5/guides/admin/install/index.md). Docker UCP integrates out of the box with Docker Trusted Registry (DTR). This means that you can deploy services from the UCP web UI, using Docker images that are stored in DTR. You can also use a -[UCP client bundle](../access-ucp/cli-based-access.md) to do the same from the +[UCP client bundle](../../user/access-ucp/cli-based-access.md) to do the same from the CLI. If you've configured DTR to use TLS certificates issued by a globally-trusted @@ -57,26 +66,26 @@ system: ```bash # Download the DTR CA certificate - $ sudo curl -k https:///ca -o /usr/local/share/ca-certificates/.crt + sudo curl -k https:///ca -o /usr/local/share/ca-certificates/.crt # Refresh the list of certificates to trust - $ sudo update-ca-certificates + sudo update-ca-certificates # Restart the Docker daemon - $ sudo service docker restart + sudo service docker restart ``` * For CentOS or RHEL: ```bash # Download the DTR CA certificate - $ sudo curl -k https:///ca -o /etc/pki/ca-trust/source/anchors/.crt + sudo curl -k https:///ca -o /etc/pki/ca-trust/source/anchors/.crt # Refresh the list of certificates to trust - $ sudo update-ca-trust + sudo update-ca-trust # Restart the Docker daemon - $ sudo /bin/systemctl restart docker.service + sudo /bin/systemctl restart docker.service ``` ## 2. Test your local setup @@ -137,7 +146,8 @@ For each UCP node: 2. Configure the system to trust the DTR TLS certificates, following the same steps as you used to configure your local computer. +{% elsif include.version=="ucp-2.2" %} -## Where to go next +Learn about [integrating with DTR](/datacenter/ucp/2.2/guides/admin/configure/integrate-with-dtr.md). -* [Use your own TLS certificates](use-your-own-tls-certificates.md) +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/integrate-with-multiple-registries.md b/datacenter/ucp/3.0/guides/admin/configure/integrate-with-multiple-registries.md index 6cbcce67c3..015d8cfd56 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/integrate-with-multiple-registries.md +++ b/datacenter/ucp/3.0/guides/admin/configure/integrate-with-multiple-registries.md @@ -2,7 +2,14 @@ title: Integrate with multiple registries description: Integrate UCP with multiple registries keywords: trust, registry, integrate, UCP, DTR +ui_tabs: +- version: ucp-3.0 + orhigher: false +next_steps: +- path: external-auth/enable-ldap-config-file/ + title: Integrate with LDAP by using a configuration file --- +{% if include.version=="ucp-3.0" %} Universal Control Plane can pull and run images from any image registry, including Docker Trusted Registry and Docker Store. @@ -65,4 +72,5 @@ EOL You can then append the content of `trust-dtr.toml` to your current UCP configuration to make UCP trust this DTR deployment. -[Learn how to customize your UCP configuration file](external-auth/enable-ldap-config-file.md). + +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/admin/configure/join-nodes/index.md b/datacenter/ucp/3.0/guides/admin/configure/join-nodes/index.md index 3c8f1bc412..8898cd62f7 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/join-nodes/index.md +++ b/datacenter/ucp/3.0/guides/admin/configure/join-nodes/index.md @@ -2,7 +2,20 @@ title: Set up high availability description: Docker Universal Control plane has support for high availability. Learn how to set up your installation to ensure it tolerates failures. keywords: ucp, high availability, replica +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: join-linux-nodes-to-cluster/ + title: Join nodes to your cluster +- path: join-windows-nodes-to-cluster/ + title: Join Windows worker nodes to your cluster +- path: use-a-load-balancer/ + title: Use a load balancer --- +{% if include.version=="ucp-3.0" %} Docker Universal Control Plane is designed for high availability (HA). You can join multiple manager nodes to the cluster, so that if one manager node fails, @@ -35,7 +48,8 @@ For production-grade deployments, follow these rules of thumb: degradation, as changes to configurations need to be replicated across all manager nodes. The maximum advisable is seven manager nodes. -## Where to go next +{% elsif include.version=="ucp-2.2" %} -* [Join nodes to your cluster](join-linux-nodes-to-cluster.md) -* [Use a load balancer](use-a-load-balancer.md) +Learn about [scaling your cluster](/datacenter/ucp/2.2/guides/admin/configure/scale-your-cluster.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-linux-nodes-to-cluster.md b/datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-linux-nodes-to-cluster.md index d9a8bda9ee..b9b64cf5ea 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-linux-nodes-to-cluster.md +++ b/datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-linux-nodes-to-cluster.md @@ -2,7 +2,17 @@ title: Join Linux nodes to your cluster description: Learn how to scale a Docker Enterprise Edition cluster by adding manager and worker nodes. keywords: Docker EE, UCP, cluster, scale, worker, manager +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +cli_tabs: +- version: docker-cli-linux --- +{% if include.ui %} + +{% if include.version=="ucp-3.0" %} Docker EE is designed for scaling horizontally as your applications grow in size and usage. You can add or remove nodes from the cluster to scale it @@ -140,7 +150,16 @@ the node to leave the cluster manually. To do this, connect to the target node through SSH and run `docker swarm leave --force` directly against the local Docker EE Engine. -## Join nodes by using the CLI +{% elsif include.version=="ucp-2.2" %} + +Learn how to [scale your cluster](/datacenter/ucp/2.2/guides/admin/configure/scale-your-cluster.md). + +{% endif %} +{% endif %} + +{% if include.cli %} + +{% if include.version=="docker-cli-linux" %} You can use the command line to join a node to a Docker EE cluster. To get the join token, run the following command on a manager node: @@ -192,4 +211,5 @@ the cluster. docker node rm ``` - +{% endif %} +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-windows-nodes-to-cluster.md b/datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-windows-nodes-to-cluster.md index bad8ec05f4..08b13dfcc6 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-windows-nodes-to-cluster.md +++ b/datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-windows-nodes-to-cluster.md @@ -2,7 +2,13 @@ title: Join Windows worker nodes to your cluster description: Join worker nodes that are running on Windows Server 2016 to a Docker EE cluster. keywords: Docker EE, UCP, cluster, scale, worker, Windows +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true --- +{% if include.version=="ucp-3.0" %} Docker Enterprise Edition supports worker nodes that run on Windows Server 2016. Only worker nodes are supported on Windows, and all manager nodes in the cluster @@ -16,7 +22,7 @@ Follow these steps to enable a worker node on Windows. ## Install Docker EE Engine on Windows Server 2016 -[Install Docker EE Engine](/docker-ee-for-windows/install/#using-a-script-to-install-docker-ee) +[Install Docker EE Engine](/engine/installation/windows/docker-ee/#use-a-script-to-install-docker-ee) on a Windows Server 2016 instance to enable joining a cluster that's managed by Docker Enterprise Edition. @@ -201,3 +207,9 @@ Some features are not yet supported on Windows nodes: * Mounts * On Windows, Docker can't listen on a Unix socket. Use TCP or a named pipe instead. + +{% elsif include.version=="ucp-2.2" %} + +Learn about [joining Windows worker nodes to a cluster](/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes.md). + +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/admin/configure/join-nodes/use-a-load-balancer.md b/datacenter/ucp/3.0/guides/admin/configure/join-nodes/use-a-load-balancer.md index 238bee2573..5683bc57ec 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/join-nodes/use-a-load-balancer.md +++ b/datacenter/ucp/3.0/guides/admin/configure/join-nodes/use-a-load-balancer.md @@ -2,7 +2,16 @@ title: Use a load balancer description: Learn how to set up a load balancer to access the UCP web UI using an hostname. keywords: UCP, high-availability, load balancer +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: ../add-labels-to-cluster-nodes/ + title: Add labels to cluster nodes --- +{% if include.version=="ucp-3.0" %} Once you've joined multiple manager nodes for high-availability, you can configure your own load balancer to balance user requests across all @@ -210,6 +219,8 @@ docker run --detach \ -## Where to go next +{% elsif include.version=="ucp-2.2" %} -* [Add labels to cluster nodes](../add-labels-to-cluster-nodes.md) +Learn about [using a load balancer](/datacenter/ucp/2.2/guides/admin/configure/use-a-load-balancer.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/license-your-installation.md b/datacenter/ucp/3.0/guides/admin/configure/license-your-installation.md index 8f0956a682..fcbd7a416e 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/license-your-installation.md +++ b/datacenter/ucp/3.0/guides/admin/configure/license-your-installation.md @@ -2,7 +2,18 @@ title: License your installation description: Learn how to license your Docker Universal Control Plane installation. keywords: Universal Control Plane, UCP, install, license +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: ../install/ + title: Install UCP +- path: ../install/install-offline/ + title: Install UCP offline --- +{% if include.version=="ucp-3.0" %} After installing Docker Universal Control Plane, you need to license your installation. Here's how to do it. @@ -27,7 +38,8 @@ license refreshes immediately, and you don't need to click **Save**. ![](../../images/license-ucp-2.png){: .with-border} -## Where to go next +{% elsif include.version=="ucp-2.2" %} -* [Install UCP](../install/index.md) -* [Install UCP offline](../install/install-offline.md) +Learn about [licensing your installation](/datacenter/ucp/2.2/guides/admin/configure/license-your-installation.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/manage-and-deploy-private-images.md b/datacenter/ucp/3.0/guides/admin/configure/manage-and-deploy-private-images.md index eb4d6ed25d..4a7a6b0078 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/manage-and-deploy-private-images.md +++ b/datacenter/ucp/3.0/guides/admin/configure/manage-and-deploy-private-images.md @@ -2,7 +2,11 @@ title: Manage and deploy private images description: Learn how to push an image to Docker Trusted Registry and deploy it to a Kubernetes cluster managed by Docker Enterprise Edition. keywords: Docker EE, DTR, UCP, image, Kubernetes, orchestration, cluster +ui_tabs: +- version: ucp-3.0 + orhigher: false --- +{% if include.version=="ucp-3.0" %} Docker Enterprise Edition (EE) has its own image registry (DTR) so that you can store and manage the images that you deploy to your cluster. @@ -31,15 +35,15 @@ using the Kubernetes orchestrator. ## Push an image to DTR -Instead of building an image from scratch, we'll pull the official Wordpress -image from Docker Hub, tag it, and push it to DTR. Once that wordpress version +Instead of building an image from scratch, we'll pull the official WordPress +image from Docker Hub, tag it, and push it to DTR. Once that WordPress version is in DTR, only authorized users can change it. To push images to DTR, you need CLI access to a licensed installation of Docker EE. - [License your installation](license-your-installation.md). -- [Set up your Docker CLI](/datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access.md). +- [Set up your Docker CLI](../../user/access-ucp/cli-based-access.md). When you're set up for CLI-based access to a licensed Docker EE instance, you can push images to DTR. @@ -133,3 +137,5 @@ from outside the cluster. 7. Click the URL to open the default WordPress home page. ![](../../images/manage-and-deploy-private-images-4.png){: .with-border} + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/restrict-services-to-worker-nodes.md b/datacenter/ucp/3.0/guides/admin/configure/restrict-services-to-worker-nodes.md index d4ede3797c..e3247adacf 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/restrict-services-to-worker-nodes.md +++ b/datacenter/ucp/3.0/guides/admin/configure/restrict-services-to-worker-nodes.md @@ -2,7 +2,13 @@ title: Restrict services to worker nodes description: Learn how to configure Universal Control Plane to only allow running services in worker nodes. keywords: ucp, configuration, worker +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true --- +{% if include.version=="ucp-3.0" %} You can configure UCP to allow users to deploy and run services only in worker nodes. This ensures all cluster management functionality stays @@ -23,3 +29,10 @@ or not. Having a grant with the `Scheduler` role against the `/` collection takes precedence over any other grants with `Node Schedule` on subcollections. + +{% elsif include.version=="ucp-2.2" %} + +Learn about [restricting services to worker nodes](/datacenter/ucp/2.2/guides/admin/configure/restrict-services-to-worker-nodes.md). + +{% endif %} + diff --git a/datacenter/ucp/3.0/guides/admin/configure/run-only-the-images-you-trust.md b/datacenter/ucp/3.0/guides/admin/configure/run-only-the-images-you-trust.md index b1999620f9..1a2aaafa3b 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/run-only-the-images-you-trust.md +++ b/datacenter/ucp/3.0/guides/admin/configure/run-only-the-images-you-trust.md @@ -2,7 +2,16 @@ title: Run only the images you trust description: Configure a Docker UCP cluster to only allow running applications that use images you trust. keywords: ucp, dtr, security, trust +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: /datacenter/dtr/2.5/guides/user/manage-images/sign-images/ + title: Sign and push images to DTR --- +{% if include.version=="ucp-3.0" %} With Docker Universal Control Plane you can enforce applications to only use Docker images signed by UCP users you trust. When a user tries to deploy an @@ -66,6 +75,8 @@ Click **Save** for UCP to start enforcing the policy. From now on, existing services will continue running and can be restarted if needed, but UCP will only allow deploying new services that use a trusted image. -## Where to go next +{% elsif include.version=="ucp-2.2" %} -* [Sign and push images to DTR](/datacenter/dtr/2.3/guides/user/manage-images/sign-images/index.md) +Learn about [running only the images you trust](/datacenter/ucp/2.2/guides/admin/configure/run-only-the-images-you-trust.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/scale-your-cluster.md b/datacenter/ucp/3.0/guides/admin/configure/scale-your-cluster.md index aa7cd13868..392db4c3cf 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/scale-your-cluster.md +++ b/datacenter/ucp/3.0/guides/admin/configure/scale-your-cluster.md @@ -2,7 +2,22 @@ title: Scale your cluster description: Learn how to scale Docker Universal Control Plane cluster, by adding and removing nodes. keywords: UCP, cluster, scale +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +cli_tabs: +- version: docker-cli-linux +next_steps: +- path: use-your-own-tls-certificates/ + title: Use your own TLS certificates +- path: join-nodes/ + title: Set up high availability --- +{% if include.ui %} + +{% if include.version=="ucp-3.0" %} Docker UCP is designed for scaling horizontally as your applications grow in size and usage. You can add or remove nodes from the UCP cluster to make it @@ -58,7 +73,7 @@ Copy the displayed command, use ssh to log into the host that you want to join to the cluster, and run the `docker swarm join` command on the host. To add a Windows node, click **Windows** and follow the instructions in -[Join Windows worker nodes to a cluster](join-windows-worker-nodes.md). +[Join Windows worker nodes to a cluster](join-nodes/join-windows-nodes-to-cluster.md). After you run the join command in the node, the node is displayed in the UCP web UI. @@ -111,13 +126,18 @@ If you're load-balancing user requests to UCP across multiple manager nodes, when demoting those nodes into workers, don't forget to remove them from your load-balancing pool. -## Scale your cluster from the CLI +{% endif %} +{% endif %} + +{% if include.cli %} + +{% if include.version=="docker-cli-linux" %} You can also use the command line to do all of the above operations. To get the join token, run the following command on a manager node: ```bash -$ docker swarm join-token worker +docker swarm join-token worker ``` If you want to add a new manager node instead of a worker node, use @@ -125,7 +145,7 @@ If you want to add a new manager node instead of a worker node, use address, add the `--listen-addr` arg: ```bash -$ docker swarm join \ +docker swarm join \ --token SWMTKN-1-2o5ra9t7022neymg4u15f3jjfh0qh3yof817nunoioxa9i7lsp-dkmt01ebwp2m0wce1u31h6lmj \ --listen-addr 234.234.234.234 \ 192.168.99.100:2377 @@ -134,13 +154,13 @@ $ docker swarm join \ Once your node is added, you can see it by running `docker node ls` on a manager: ```bash -$ docker node ls +docker node ls ``` To change the node's availability, use: ```bash -$ docker node update --availability drain node2 +docker node update --availability drain node2 ``` You can set the availability to `active`, `pause`, or `drain`. @@ -148,10 +168,13 @@ You can set the availability to `active`, `pause`, or `drain`. To remove the node, use: ```bash -$ docker node rm +docker node rm ``` ## Where to go next * [Use your own TLS certificates](use-your-own-tls-certificates.md) * [Set up high availability](join-nodes/index.md) + +{% endif %} +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/set-orchestrator-type.md b/datacenter/ucp/3.0/guides/admin/configure/set-orchestrator-type.md index 1339248fc3..dfa7e7a70b 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/set-orchestrator-type.md +++ b/datacenter/ucp/3.0/guides/admin/configure/set-orchestrator-type.md @@ -2,7 +2,15 @@ title: Set the orchestrator type for a node description: Learn how to specify the orchestrator for nodes in a Docker Enterprise Edition cluster. keywords: Docker EE, UCP, cluster, orchestrator +ui_tabs: +- version: ucp-3.0 + orhigher: false +cli_tabs: +- version: docker-cli-linux --- +{% if include.ui %} + +{% if include.version=="ucp-3.0" %} When you add a node to the cluster, the node's workloads are managed by a default orchestrator, either Docker Swarm or Kubernetes. When you install @@ -113,7 +121,12 @@ avoid changing the orchestrator setting. If you do change the orchestrator for a node, your workloads are evicted, and you must deploy them again through the new orchestrator. -## Set the orchestrator by using the CLI +{% endif %} +{% endif %} + +{% if include.cli %} + +{% if include.version=="docker-cli-linux" %} Set the orchestrator on a node by assigning the orchestrator labels, `com.docker.ucp.orchestrator.swarm` or `com.docker.ucp.orchestrator.kubernetes`, @@ -176,4 +189,5 @@ The value can be `swarm` or `kubernetes`. [Learn to set up Docker EE by using a config file](ucp-configuration-file.md). - +{% endif %} +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/admin/configure/set-session-timeout.md b/datacenter/ucp/3.0/guides/admin/configure/set-session-timeout.md index 766fd99517..e1a90229e3 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/set-session-timeout.md +++ b/datacenter/ucp/3.0/guides/admin/configure/set-session-timeout.md @@ -1,8 +1,14 @@ --- title: Set the user's session timeout description: Learn how to set the session timeout for users and other session properties. -keywords: UCP, authorization, authenticaztion, security, session, timeout +keywords: UCP, authorization, authentication, security, session, timeout +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true --- +{% if include.version=="ucp-3.0" %} Docker Universal Control Plane enables setting properties of user sessions, like session timeout and number of concurrent sessions. @@ -19,3 +25,9 @@ To configure UCP login sessions, go to the UCP web UI, navigate to the | Lifetime Hours | The initial lifetime of a login session, from the time UCP generates it. When this time expires, UCP invalidates the session, and the user must authenticate again to establish a new session. The default is 72 hours. | | Renewal Threshold Hours | The time before session expiration when UCP extends an active session. UCP extends the session by the number of hours specified in **Lifetime Hours**. The threshold value can't be greater than **Lifetime Hours**. The default is 24 hours. To specify that sessions are extended with every use, set the threshold equal to the lifetime. To specify that sessions are never extended, set the threshold to zero. This may cause users to be logged out unexpectedly while using the UCP web UI. | | Per User Limit | The maximum number of simultaneous logins for a user. If creating a new session exceeds this limit, UCP deletes the least recently used session. To disable the limit, set the value to zero. | + +{% elsif include.version=="ucp-2.2" %} + +Learn about [setting the user's session timeout](/datacenter/ucp/2.2/guides/admin/configure/set-session-timeout.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/store-logs-in-an-external-system.md b/datacenter/ucp/3.0/guides/admin/configure/store-logs-in-an-external-system.md index ac9e3ac3df..3229ca0a30 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/store-logs-in-an-external-system.md +++ b/datacenter/ucp/3.0/guides/admin/configure/store-logs-in-an-external-system.md @@ -3,7 +3,16 @@ title: Configure UCP logging description: Learn how to configure Docker Universal Control Plane to store your logs on an external log system. keywords: ucp, integrate, logs +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: restrict-services-to-worker-nodes/ + title: Restrict services to worker nodes --- +{% if include.version=="ucp-3.0" %} You can configure UCP for sending logs to a remote logging service: @@ -59,6 +68,8 @@ When deployed in a production environment, you should secure your ELK stack. UCP does not do this itself, but there are a number of 3rd party options that can accomplish this, like the Shield plug-in for Kibana. -## Where to go next +{% elsif include.version=="ucp-2.2" %} -* [Require all images to be signed](restrict-services-to-worker-nodes.md) +Learn how to [configure UCP logging](/datacenter/ucp/2.2/guides/admin/configure/store-logs-in-an-external-system.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/ucp-configuration-file.md b/datacenter/ucp/3.0/guides/admin/configure/ucp-configuration-file.md index 248832748e..60ffae11fc 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/ucp-configuration-file.md +++ b/datacenter/ucp/3.0/guides/admin/configure/ucp-configuration-file.md @@ -2,7 +2,13 @@ title: UCP configuration file description: Set up UCP deployments by using a configuration file. keywords: Docker EE, UCP, configuration, config +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true --- +{% if include.version=="ucp-3.0" %} Override the default UCP settings by providing a configuration file when you create UCP manager nodes. This is useful for scripted installations. @@ -62,7 +68,7 @@ You can see an example TOML config file that shows how to configure UCP settings. From the command line, run UCP with the `example-config` option: ```bash -$ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} example-config +docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} example-config ``` @@ -247,4 +253,10 @@ custom_kube_api_server_flags = ["--event-ttl=1h0m0s", "--service-node-port-range custom_kube_controller_manager_flags = ["--service-sync-period=5m0s"] custom_kubelet_flags = ["--http-check-frequency=20s"] custom_kube_scheduler_flags = ["--algorithm-provider=DefaultProvider"] -``` \ No newline at end of file +``` + +{% elsif include.version=="ucp-2.2" %} + +Learn about [UCP configuration files](/datacenter/ucp/2.2/guides/admin/configure/ucp-configuration-file.md). + +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/admin/configure/use-node-local-network-in-swarm.md b/datacenter/ucp/3.0/guides/admin/configure/use-node-local-network-in-swarm.md index c75bbeacb4..2f1ad59e5b 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/use-node-local-network-in-swarm.md +++ b/datacenter/ucp/3.0/guides/admin/configure/use-node-local-network-in-swarm.md @@ -2,7 +2,13 @@ title: Use a local node network in a cluster description: Learn how to use a local node network, like MAC VLAN, in a UCP cluster. keywords: ucp, network, macvlan +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true --- +{% if include.version=="ucp-3.0" %} Docker Universal Control Plane can use your local networking drivers to orchestrate your cluster. You can create a *config* network, with a driver like @@ -43,3 +49,9 @@ the networks won't have the right access labels and won't be available in UCP. collection placement are inherited from the related config-only networks. 6. Click **Create** to create the network. + +{% elsif include.version=="ucp-2.2" %} + +Learn about [using a local node network in a cluster](/datacenter/ucp/2.2/guides/admin/configure/use-node-local-network-in-swarm.md). + +{% endif %} diff --git a/datacenter/ucp/3.0/guides/admin/configure/use-trusted-images-for-ci.md b/datacenter/ucp/3.0/guides/admin/configure/use-trusted-images-for-ci.md index f75d5314f0..43e871770e 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/use-trusted-images-for-ci.md +++ b/datacenter/ucp/3.0/guides/admin/configure/use-trusted-images-for-ci.md @@ -1,8 +1,14 @@ --- +title: Use trusted images for continuous integration description: Set up and configure content trust and signing policy for use with a continuous integration system keywords: cup, trust, notary, security, continuous integration -title: Use trusted images for continuous integration +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true --- +{% if include.version=="ucp-3.0" %} The document provides a minimal example on setting up Docker Content Trust (DCT) in Universal Control Plane (UCP) for use with a Continuous Integration (CI) system. It @@ -147,3 +153,9 @@ that do not meet our signing policy cannot be used. The signing policy we set up that the "CI" team must have signed any image we attempt to `docker image pull`, `docker container run`, or `docker service create`, and the only member of that team is the "jenkins" user. This restricts us to only running images that were published by our Jenkins CI system. + +{% elsif include.version=="ucp-2.2" %} + +Learn about [using trusted images for continuous integration](/datacenter/ucp/2.2/guides/admin/configure/use-trusted-images-for-ci.md). + +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/admin/configure/use-your-own-tls-certificates.md b/datacenter/ucp/3.0/guides/admin/configure/use-your-own-tls-certificates.md index ca7951e6a9..0e7e96b05d 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/use-your-own-tls-certificates.md +++ b/datacenter/ucp/3.0/guides/admin/configure/use-your-own-tls-certificates.md @@ -2,7 +2,16 @@ title: Use your own TLS certificates description: Learn how to configure Docker Universal Control Plane to use your own certificates. keywords: Universal Control Plane, UCP, certificate, authentication, tls +ui_tabs: +- version: ucp-3.0 + orhigher: false +- version: ucp-2.2 + orlower: true +next_steps: +- path: ../../user/access-ucp/cli-based-access/ + title: Access UCP from the CLI --- +{% if include.version=="ucp-3.0" %} All UCP services are exposed using HTTPS, to ensure all communications between clients and UCP are encrypted. By default, this is done using self-signed TLS @@ -53,8 +62,10 @@ web UI and [get new client certificate bundles](../../user/access-ucp/cli-based- If you deployed Docker Trusted Registry, you'll also need to reconfigure it to trust the new UCP TLS certificates. -[Learn how to configure DTR](/datacenter/dtr/2.3/reference/cli/reconfigure.md). +[Learn how to configure DTR](/reference/dtr/2.5/cli/reconfigure.md). -## Where to go next +{% elsif include.version=="ucp-2.2" %} -* [Access UCP from the CLI](../../user/access-ucp/cli-based-access.md) \ No newline at end of file +Learn about [using your own TLS certificates](/datacenter/ucp/2.2/guides/admin/configure/use-your-own-tls-certificates.md). + +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/admin/configure/view-namespace-resources.md b/datacenter/ucp/3.0/guides/admin/configure/view-namespace-resources.md index de9f636329..6affd5fd0f 100644 --- a/datacenter/ucp/3.0/guides/admin/configure/view-namespace-resources.md +++ b/datacenter/ucp/3.0/guides/admin/configure/view-namespace-resources.md @@ -2,7 +2,11 @@ title: View Kubernetes objects in a namespace description: Learn how to set the Kubernetes namespace context in a Docker Enterprise Edition cluster. keywords: Docker EE, UCP, Kubernetes, namespace +ui_tabs: +- version: ucp-3.0 + orhigher: false --- +{% if include.version=="ucp-3.0" %} With Docker Enterprise Edition, administrators can filter the view of Kubernetes objects by the namespace the objects are assigned to. You can @@ -109,4 +113,6 @@ objects in one namespace. The `app-service-blue` service doesn't appear. To view the `app-service-blue` service, repeat the previous steps, but this -time, select **Set Context** on the **blue** namespace. \ No newline at end of file +time, select **Set Context** on the **blue** namespace. + +{% endif %} \ No newline at end of file diff --git a/datacenter/ucp/3.0/guides/authorization/group-resources.md b/datacenter/ucp/3.0/guides/authorization/group-resources.md index f495c167c2..c197852585 100644 --- a/datacenter/ucp/3.0/guides/authorization/group-resources.md +++ b/datacenter/ucp/3.0/guides/authorization/group-resources.md @@ -8,13 +8,13 @@ keywords: rbac, ucp, grant, role, permission, authentication, resource collectio A [namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) -is a logical area for a Kubernetes cluster. Kuberenetes comes with a "default" +is a logical area for a Kubernetes cluster. Kubernetes comes with a "default" namespace for your cluster objects (plus two more for system and public resources). You can create custom namespaces, but unlike Swarm collections, namespaces _cannot be nested_. > Resource types that can be placed into a Kubernetes namespace include: Pods, -> Deployments, NetworkPolcies, Nodes, Services, Secrets, and many more. +> Deployments, NetworkPolicies, Nodes, Services, Secrets, and many more. Resources are placed into a namespace when you create a kubernetes object. A drop down displays all available namespaces and one must be selected. @@ -85,7 +85,7 @@ set. > Default collections are good for users who ony work on a well-defined slice of > the system, as well as users who deploy stacks and don't want to edit the > contents of their compose files. A user with more versatile roles in the -> system, such as an adminitrator, might find it better to set custom labels for +> system, such as an administrator, might find it better to set custom labels for > each resource. ### Collections and labels diff --git a/datacenter/ucp/3.0/guides/authorization/index.md b/datacenter/ucp/3.0/guides/authorization/index.md index 8017daadc9..0cb3c40a68 100644 --- a/datacenter/ucp/3.0/guides/authorization/index.md +++ b/datacenter/ucp/3.0/guides/authorization/index.md @@ -64,13 +64,13 @@ assign application resources to that path. A [namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) -is a logical area for a Kubernetes cluster. Kuberenetes comes with a "default" +is a logical area for a Kubernetes cluster. Kubernetes comes with a "default" namespace for your cluster objects (plus two more for system and public resources). You can create custom namespaces, but unlike Swarm collections, namespaces _cannot be nested_. > Resource types that can be placed into a Kubernetes namespace include: Pods, -> Deployments, NetworkPolcies, Nodes, Services, Secrets, and many more. +> Deployments, NetworkPolicies, Nodes, Services, Secrets, and many more. For more, see: [Group and isolate cluster resources](group-resources.md). diff --git a/datacenter/ucp/3.0/guides/index.md b/datacenter/ucp/3.0/guides/index.md index 87aa1f4916..23fbca0768 100644 --- a/datacenter/ucp/3.0/guides/index.md +++ b/datacenter/ucp/3.0/guides/index.md @@ -5,6 +5,8 @@ description: | ui_tabs: - version: ucp-3.0 orhigher: true +cli_tabs: +- version: docker-cli-linux next_steps: - path: admin/install/ title: Install UCP