docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Port config topics to template (#387)

This commit is contained in:
Jim Galasyn 2018-01-03 12:15:06 -08:00
parent 043be2dcd2
commit e37b7ccc6a
26 changed files with 352 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
datacenter/ucp/3.0/guides/admin/configure/add-labels-to-cluster-nodes.md
View File

@ -2,7 +2,16 @@
title: Add labels to swarm nodes
description: Learn how to add metadata to swarm nodes that can be used to specify constraints when deploying services.
keywords: cluster, node, label, swarm, metadata
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: store-logs-in-an-external-system/
title: Store logs in an external system
---
{% if include.version=="ucp-3.0" %}
With Docker UCP, you can add labels to your nodes. Labels are metadata that
describe the node, like its role (development, QA, production), its region
@ -17,7 +26,7 @@ lifecycle, or the hardware resources they have.
Don't create labels for authorization and permissions to resources.
Instead, use collections to organize access to your swarm.
[Learn about managing access with collections](../../access-control/manage-access-with-collections.md).
[Learn about managing access with collections](../../authorization/group-resources.md).
## Apply labels to a node
@ -41,7 +50,7 @@ pane, click **Labels** to view the labels that are applied to the node.
You can also do this from the CLI by running:
```bash
$ docker node update --label-add <key>=<value> <node-id>
docker node update --label-add <key>=<value> <node-id>
```
## Deploy a service with constraints
@ -134,6 +143,9 @@ To edit the labels on the service, click **Configure** and select
You can add or remove deployment constraints on this page.
## Where to go next
{% elsif include.version=="ucp-2.2" %}
Learn about [adding labels to cluster nodes](/datacenter/ucp/2.2/guides/admin/configure/add-labels-to-cluster-nodes.md).
{% endif %}
* [Store logs in an external system](store-logs-in-an-external-system.md)

16
datacenter/ucp/3.0/guides/admin/configure/add-sans-to-cluster.md
View File

@ -2,7 +2,13 @@
title: Add SANs to cluster certificates
description: Learn how to add new SANs to cluster nodes, allowing you to connect to UCP with a different hostname
keywords: cluster, node, label, certificate, SAN
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
UCP always runs with HTTPS enabled. When you connect to UCP, you need to make
sure that the hostname that you use to connect is recognized by UCP's
@ -38,7 +44,7 @@ You can also do this from the CLI by first running:
```bash
{% raw %}
$ docker node inspect --format '{{ index .Spec.Labels "com.docker.ucp.SANs" }}' <node-id>
docker node inspect --format '{{ index .Spec.Labels "com.docker.ucp.SANs" }}' <node-id>
default-cs,127.0.0.1,172.17.0.1
{% endraw %}
```
@ -48,8 +54,14 @@ desired SAN to this list, for example `default-cs,127.0.0.1,172.17.0.1,example.c
and then run:
```bash
$ docker node update --label-add com.docker.ucp.SANs=<SANs-list> <node-id>
docker node update --label-add com.docker.ucp.SANs=<SANs-list> <node-id>
```
`<SANs-list>` is the list of SANs with your new SAN appended at the end. As in
the web UI, you must do this for every manager node.
{% elsif include.version=="ucp-2.2" %}
Learn about [adding SANs to cluster certificates](/datacenter/ucp/2.2/guides/admin/configure/add-sans-to-cluster.md).
{% endif %}

26
datacenter/ucp/3.0/guides/admin/configure/external-auth/enable-ldap-config-file.md
View File

@ -2,7 +2,18 @@
title: Integrate with LDAP by using a configuration file
description: Set up LDAP authentication by using a configuration file.
keywords: UCP, LDAP, config
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../../../authorization/create-teams-with-ldap/
title: Create teams with LDAP
- path: ../../../authorization/create-users-and-teams-manually/
title: Create users and teams manually
---
{% if include.version=="ucp-3.0" %}
Docker UCP integrates with LDAP directory services, so that you can manage
users and groups from your organization's directory and automatically
@ -15,7 +26,7 @@ run UCP with the `example-config` option.
[Learn about UCP configuration files](../ucp-configuration-file.md).
```bash
$ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} example-config
docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} example-config
```
## Set up LDAP by using a configuration file
@ -33,7 +44,7 @@ $ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_v
```bash
{% raw %}
$ docker config inspect --format '{{ printf "%s" .Spec.Data }}' $CURRENT_CONFIG_NAME > config.toml
docker config inspect --format '{{ printf "%s" .Spec.Data }}' $CURRENT_CONFIG_NAME > config.toml
{% endraw %}
```
@ -45,7 +56,7 @@ $ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_v
Config object by using the following command.
```bash
$ NEW_CONFIG_NAME="com.docker.ucp.config-$(( $(cut -d '-' -f 2 <<< "$CURRENT_CONFIG_NAME") + 1 ))"
NEW_CONFIG_NAME="com.docker.ucp.config-$(( $(cut -d '-' -f 2 <<< "$CURRENT_CONFIG_NAME") + 1 ))"
docker config create $NEW_CONFIG_NAME config.toml
```
@ -53,7 +64,7 @@ $ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_v
and add a reference to the new config.
```bash
$ docker service update --config-rm "$CURRENT_CONFIG_NAME" --config-add "source=${NEW_CONFIG_NAME},target=/etc/ucp/ucp.toml" ucp-agent
docker service update --config-rm "$CURRENT_CONFIG_NAME" --config-add "source=${NEW_CONFIG_NAME},target=/etc/ucp/ucp.toml" ucp-agent
```
6. Wait a few moments for the `ucp-agent` service tasks to update across
@ -62,7 +73,8 @@ $ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_v
have their accounts created when they log in with their username and LDAP
password.
## Where to go next
{% elsif include.version=="ucp-2.2" %}
- [Create and manage users](../../../access-control/create-and-manage-users.md)
- [Create and manage teams](../../../access-control/create-and-manage-teams.md)
Learn about [integrating with LDAP by using a configuration file](/datacenter/ucp/2.2/guides/admin/configure/external-auth/enable-ldap-config-file.md).
{% endif %}

28
datacenter/ucp/3.0/guides/admin/configure/external-auth/index.md
View File

@ -1,9 +1,22 @@
---
title: Integrate with an LDAP Directory
title: Integrate with an LDAP directory
description: Learn how to integrate UCP with an LDAP service, so that you can
manage users from a single place.
keywords: LDAP, UCP, authentication, user management
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: enable-ldap-config-file/
title: Enable LDAP integration by using a configuration file
- path: ../../../authorization/create-teams-with-ldap/
title: Create teams with LDAP
- path: ../../../authorization/create-users-and-teams-manually/
title: Create users and teams manually
---
{% if include.version=="ucp-3.0" %}
Docker UCP integrates with LDAP directory services, so that you can manage
users and groups from your organization's directory and it will automatically
@ -123,7 +136,7 @@ to the private collections of new users. For example, if you change the value
to `View Only`, all users who log in for the first time after the setting is
changed have `View Only` access to their private collections, but permissions
remain unchanged for all existing users.
[Learn more about permission levels](../../../access-control/permission-levels.md).
[Learn more about permission levels](../../../authorization/define-roles.md).
## LDAP enabled
@ -216,11 +229,10 @@ UCP does not store any additional data from the directory server.
UCP enables syncing teams with a search query or group in your organization's
LDAP directory.
[Sync team members with your organization's LDAP directory](../../../access-control/create-and-manage-teams.md).
[Sync team members with your organization's LDAP directory](../../../authorization/create-teams-with-ldap.md).
## Where to go next
{% elsif include.version=="ucp-2.2" %}
- [Create and manage users](../../../access-control/create-and-manage-users.md)
- [Create and manage teams](../../../access-control/create-and-manage-teams.md)
- [UCP permission levels](../../../access-control/permission-levels.md)
- [Enable LDAP integration by using a configuration file](enable-ldap-config-file.md)
Learn about [integrating with an LDAP directory](/datacenter/ucp/2.2/guides/admin/configure/external-auth/index.md).
{% endif %}

30
datacenter/ucp/3.0/guides/admin/configure/integrate-with-dtr.md
View File

@ -2,16 +2,25 @@
title: Integrate with Docker Trusted Registry
description: Integrate UCP with Docker Trusted Registry
keywords: trust, registry, integrate, UCP, DTR
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: use-your-own-tls-certificates/
title: Use your own TLS certificates
---
{% if include.version=="ucp-3.0" %}
Once you deploy Docker Trusted Registry (DTR), you can use it to store your
Docker images and deploy services to UCP using these images.
[Learn how to deploy DTR](/datacenter/dtr/2.3/guides/admin/install/index.md).
[Learn how to deploy DTR](/datacenter/dtr/2.5/guides/admin/install/index.md).
Docker UCP integrates out of the box with Docker Trusted Registry (DTR).
This means that you can deploy services from the UCP web UI, using Docker
images that are stored in DTR. You can also use a
[UCP client bundle](../access-ucp/cli-based-access.md) to do the same from the
[UCP client bundle](../../user/access-ucp/cli-based-access.md) to do the same from the
CLI.
If you've configured DTR to use TLS certificates issued by a globally-trusted
@ -57,26 +66,26 @@ system:
```bash
# Download the DTR CA certificate
$ sudo curl -k https://<dtr-url>/ca -o /usr/local/share/ca-certificates/<dtr-domain-name>.crt
sudo curl -k https://<dtr-url>/ca -o /usr/local/share/ca-certificates/<dtr-domain-name>.crt
# Refresh the list of certificates to trust
$ sudo update-ca-certificates
sudo update-ca-certificates
# Restart the Docker daemon
$ sudo service docker restart
sudo service docker restart
```
* For CentOS or RHEL:
```bash
# Download the DTR CA certificate
$ sudo curl -k https://<dtr-url>/ca -o /etc/pki/ca-trust/source/anchors/<dtr-domain-name>.crt
sudo curl -k https://<dtr-url>/ca -o /etc/pki/ca-trust/source/anchors/<dtr-domain-name>.crt
# Refresh the list of certificates to trust
$ sudo update-ca-trust
sudo update-ca-trust
# Restart the Docker daemon
$ sudo /bin/systemctl restart docker.service
sudo /bin/systemctl restart docker.service
```
## 2. Test your local setup
@ -137,7 +146,8 @@ For each UCP node:
2. Configure the system to trust the DTR TLS certificates, following the same
steps as you used to configure your local computer.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [integrating with DTR](/datacenter/ucp/2.2/guides/admin/configure/integrate-with-dtr.md).
* [Use your own TLS certificates](use-your-own-tls-certificates.md)
{% endif %}

10
datacenter/ucp/3.0/guides/admin/configure/integrate-with-multiple-registries.md
View File

@ -2,7 +2,14 @@
title: Integrate with multiple registries
description: Integrate UCP with multiple registries
keywords: trust, registry, integrate, UCP, DTR
ui_tabs:
- version: ucp-3.0
orhigher: false
next_steps:
- path: external-auth/enable-ldap-config-file/
title: Integrate with LDAP by using a configuration file
---
{% if include.version=="ucp-3.0" %}
Universal Control Plane can pull and run images from any image registry,
including Docker Trusted Registry and Docker Store.
@ -65,4 +72,5 @@ EOL
You can then append the content of `trust-dtr.toml` to your current UCP
configuration to make UCP trust this DTR deployment.
[Learn how to customize your UCP configuration file](external-auth/enable-ldap-config-file.md).
{% endif %}

20
datacenter/ucp/3.0/guides/admin/configure/join-nodes/index.md
View File

@ -2,7 +2,20 @@
title: Set up high availability
description: Docker Universal Control plane has support for high availability. Learn how to set up your installation to ensure it tolerates failures.
keywords: ucp, high availability, replica
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: join-linux-nodes-to-cluster/
title: Join nodes to your cluster
- path: join-windows-nodes-to-cluster/
title: Join Windows worker nodes to your cluster
- path: use-a-load-balancer/
title: Use a load balancer
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane is designed for high availability (HA). You can
join multiple manager nodes to the cluster, so that if one manager node fails,
@ -35,7 +48,8 @@ For production-grade deployments, follow these rules of thumb:
degradation, as changes to configurations need to be replicated across all
manager nodes. The maximum advisable is seven manager nodes.
## Where to go next
{% elsif include.version=="ucp-2.2" %}
* [Join nodes to your cluster](join-linux-nodes-to-cluster.md)
* [Use a load balancer](use-a-load-balancer.md)
Learn about [scaling your cluster](/datacenter/ucp/2.2/guides/admin/configure/scale-your-cluster.md).
{% endif %}

24
datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-linux-nodes-to-cluster.md
View File

@ -2,7 +2,17 @@
title: Join Linux nodes to your cluster
description: Learn how to scale a Docker Enterprise Edition cluster by adding manager and worker nodes.
keywords: Docker EE, UCP, cluster, scale, worker, manager
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
cli_tabs:
- version: docker-cli-linux
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
Docker EE is designed for scaling horizontally as your applications grow in
size and usage. You can add or remove nodes from the cluster to scale it
@ -140,7 +150,16 @@ the node to leave the cluster manually. To do this, connect to the target node
through SSH and run `docker swarm leave --force` directly against the local
Docker EE Engine.
## Join nodes by using the CLI
{% elsif include.version=="ucp-2.2" %}
Learn how to [scale your cluster](/datacenter/ucp/2.2/guides/admin/configure/scale-your-cluster.md).
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
You can use the command line to join a node to a Docker EE cluster.
To get the join token, run the following command on a manager node:
@ -192,4 +211,5 @@ the cluster.
docker node rm <nodeID or hostname>
```
{% endif %}
{% endif %}

14
datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-windows-nodes-to-cluster.md
View File

@ -2,7 +2,13 @@
title: Join Windows worker nodes to your cluster
description: Join worker nodes that are running on Windows Server 2016 to a Docker EE cluster.
keywords: Docker EE, UCP, cluster, scale, worker, Windows
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
Docker Enterprise Edition supports worker nodes that run on Windows Server 2016.
Only worker nodes are supported on Windows, and all manager nodes in the cluster
@ -16,7 +22,7 @@ Follow these steps to enable a worker node on Windows.
## Install Docker EE Engine on Windows Server 2016
[Install Docker EE Engine](/docker-ee-for-windows/install/#using-a-script-to-install-docker-ee)
[Install Docker EE Engine](/engine/installation/windows/docker-ee/#use-a-script-to-install-docker-ee)
on a Windows Server 2016 instance to enable joining a cluster that's managed by
Docker Enterprise Edition.
@ -201,3 +207,9 @@ Some features are not yet supported on Windows nodes:
* Mounts
* On Windows, Docker can't listen on a Unix socket. Use TCP or a named pipe
instead.
{% elsif include.version=="ucp-2.2" %}
Learn about [joining Windows worker nodes to a cluster](/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes.md).
{% endif %}

15
datacenter/ucp/3.0/guides/admin/configure/join-nodes/use-a-load-balancer.md
View File

@ -2,7 +2,16 @@
title: Use a load balancer
description: Learn how to set up a load balancer to access the UCP web UI using an hostname.
keywords: UCP, high-availability, load balancer
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../add-labels-to-cluster-nodes/
title: Add labels to cluster nodes
---
{% if include.version=="ucp-3.0" %}
Once you've joined multiple manager nodes for high-availability, you can
configure your own load balancer to balance user requests across all
@ -210,6 +219,8 @@ docker run --detach \
</div>
</div>
## Where to go next
{% elsif include.version=="ucp-2.2" %}
* [Add labels to cluster nodes](../add-labels-to-cluster-nodes.md)
Learn about [using a load balancer](/datacenter/ucp/2.2/guides/admin/configure/use-a-load-balancer.md).
{% endif %}

18
datacenter/ucp/3.0/guides/admin/configure/license-your-installation.md
View File

@ -2,7 +2,18 @@
title: License your installation
description: Learn how to license your Docker Universal Control Plane installation.
keywords: Universal Control Plane, UCP, install, license
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../install/
title: Install UCP
- path: ../install/install-offline/
title: Install UCP offline
---
{% if include.version=="ucp-3.0" %}
After installing Docker Universal Control Plane, you need to license your
installation. Here's how to do it.
@ -27,7 +38,8 @@ license refreshes immediately, and you don't need to click **Save**.
![](../../images/license-ucp-2.png){: .with-border}
## Where to go next
{% elsif include.version=="ucp-2.2" %}
* [Install UCP](../install/index.md)
* [Install UCP offline](../install/install-offline.md)
Learn about [licensing your installation](/datacenter/ucp/2.2/guides/admin/configure/license-your-installation.md).
{% endif %}

12
datacenter/ucp/3.0/guides/admin/configure/manage-and-deploy-private-images.md
View File

@ -2,7 +2,11 @@
title: Manage and deploy private images
description: Learn how to push an image to Docker Trusted Registry and deploy it to a Kubernetes cluster managed by Docker Enterprise Edition.
keywords: Docker EE, DTR, UCP, image, Kubernetes, orchestration, cluster
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
Docker Enterprise Edition (EE) has its own image registry (DTR) so that
you can store and manage the images that you deploy to your cluster.
@ -31,15 +35,15 @@ using the Kubernetes orchestrator.
## Push an image to DTR
Instead of building an image from scratch, we'll pull the official Wordpress
image from Docker Hub, tag it, and push it to DTR. Once that wordpress version
Instead of building an image from scratch, we'll pull the official WordPress
image from Docker Hub, tag it, and push it to DTR. Once that WordPress version
is in DTR, only authorized users can change it.
To push images to DTR, you need CLI access to a licensed installation of
Docker EE.
- [License your installation](license-your-installation.md).
- [Set up your Docker CLI](/datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access.md).
- [Set up your Docker CLI](../../user/access-ucp/cli-based-access.md).
When you're set up for CLI-based access to a licensed Docker EE instance,
you can push images to DTR.
@ -133,3 +137,5 @@ from outside the cluster.
7. Click the URL to open the default WordPress home page.
![](../../images/manage-and-deploy-private-images-4.png){: .with-border}
{% endif %}

13
datacenter/ucp/3.0/guides/admin/configure/restrict-services-to-worker-nodes.md
View File

@ -2,7 +2,13 @@
title: Restrict services to worker nodes
description: Learn how to configure Universal Control Plane to only allow running services in worker nodes.
keywords: ucp, configuration, worker
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
You can configure UCP to allow users to deploy and run services only in
worker nodes. This ensures all cluster management functionality stays
@ -23,3 +29,10 @@ or not.
Having a grant with the `Scheduler` role against the `/` collection takes
precedence over any other grants with `Node Schedule` on subcollections.
{% elsif include.version=="ucp-2.2" %}
Learn about [restricting services to worker nodes](/datacenter/ucp/2.2/guides/admin/configure/restrict-services-to-worker-nodes.md).
{% endif %}

15
datacenter/ucp/3.0/guides/admin/configure/run-only-the-images-you-trust.md
View File

@ -2,7 +2,16 @@
title: Run only the images you trust
description: Configure a Docker UCP cluster to only allow running applications that use images you trust.
keywords: ucp, dtr, security, trust
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: /datacenter/dtr/2.5/guides/user/manage-images/sign-images/
title: Sign and push images to DTR
---
{% if include.version=="ucp-3.0" %}
With Docker Universal Control Plane you can enforce applications to only use
Docker images signed by UCP users you trust. When a user tries to deploy an
@ -66,6 +75,8 @@ Click **Save** for UCP to start enforcing the policy. From now on, existing
services will continue running and can be restarted if needed, but UCP will only
allow deploying new services that use a trusted image.
## Where to go next
{% elsif include.version=="ucp-2.2" %}
* [Sign and push images to DTR](/datacenter/dtr/2.3/guides/user/manage-images/sign-images/index.md)
Learn about [running only the images you trust](/datacenter/ucp/2.2/guides/admin/configure/run-only-the-images-you-trust.md).
{% endif %}

37
datacenter/ucp/3.0/guides/admin/configure/scale-your-cluster.md
View File

@ -2,7 +2,22 @@
title: Scale your cluster
description: Learn how to scale Docker Universal Control Plane cluster, by adding and removing nodes.
keywords: UCP, cluster, scale
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
cli_tabs:
- version: docker-cli-linux
next_steps:
- path: use-your-own-tls-certificates/
title: Use your own TLS certificates
- path: join-nodes/
title: Set up high availability
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
Docker UCP is designed for scaling horizontally as your applications grow in
size and usage. You can add or remove nodes from the UCP cluster to make it
@ -58,7 +73,7 @@ Copy the displayed command, use ssh to log into the host that you want to
join to the cluster, and run the `docker swarm join` command on the host.
To add a Windows node, click **Windows** and follow the instructions in
[Join Windows worker nodes to a cluster](join-windows-worker-nodes.md).
[Join Windows worker nodes to a cluster](join-nodes/join-windows-nodes-to-cluster.md).
After you run the join command in the node, the node is displayed in the UCP
web UI.
@ -111,13 +126,18 @@ If you're load-balancing user requests to UCP across multiple manager nodes,
when demoting those nodes into workers, don't forget to remove them from your
load-balancing pool.
## Scale your cluster from the CLI
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
You can also use the command line to do all of the above operations. To get the
join token, run the following command on a manager node:
```bash
$ docker swarm join-token worker
docker swarm join-token worker
```
If you want to add a new manager node instead of a worker node, use
@ -125,7 +145,7 @@ If you want to add a new manager node instead of a worker node, use
address, add the `--listen-addr` arg:
```bash
$ docker swarm join \
docker swarm join \
--token SWMTKN-1-2o5ra9t7022neymg4u15f3jjfh0qh3yof817nunoioxa9i7lsp-dkmt01ebwp2m0wce1u31h6lmj \
--listen-addr 234.234.234.234 \
192.168.99.100:2377
@ -134,13 +154,13 @@ $ docker swarm join \
Once your node is added, you can see it by running `docker node ls` on a manager:
```bash
$ docker node ls
docker node ls
```
To change the node's availability, use:
```bash
$ docker node update --availability drain node2
docker node update --availability drain node2
```
You can set the availability to `active`, `pause`, or `drain`.
@ -148,10 +168,13 @@ You can set the availability to `active`, `pause`, or `drain`.
To remove the node, use:
```bash
$ docker node rm <node-hostname>
docker node rm <node-hostname>
```
## Where to go next
* [Use your own TLS certificates](use-your-own-tls-certificates.md)
* [Set up high availability](join-nodes/index.md)
{% endif %}
{% endif %}

18
datacenter/ucp/3.0/guides/admin/configure/set-orchestrator-type.md
View File

@ -2,7 +2,15 @@
title: Set the orchestrator type for a node
description: Learn how to specify the orchestrator for nodes in a Docker Enterprise Edition cluster.
keywords: Docker EE, UCP, cluster, orchestrator
ui_tabs:
- version: ucp-3.0
orhigher: false
cli_tabs:
- version: docker-cli-linux
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
When you add a node to the cluster, the node's workloads are managed by a
default orchestrator, either Docker Swarm or Kubernetes. When you install
@ -113,7 +121,12 @@ avoid changing the orchestrator setting. If you do change the orchestrator for a
node, your workloads are evicted, and you must deploy them again through the
new orchestrator.
## Set the orchestrator by using the CLI
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
Set the orchestrator on a node by assigning the orchestrator labels,
`com.docker.ucp.orchestrator.swarm` or `com.docker.ucp.orchestrator.kubernetes`,
@ -176,4 +189,5 @@ The value can be `swarm` or `kubernetes`.
[Learn to set up Docker EE by using a config file](ucp-configuration-file.md).
{% endif %}
{% endif %}

14
datacenter/ucp/3.0/guides/admin/configure/set-session-timeout.md
View File

@ -1,8 +1,14 @@
---
title: Set the user's session timeout
description: Learn how to set the session timeout for users and other session properties.
keywords: UCP, authorization, authenticaztion, security, session, timeout
keywords: UCP, authorization, authentication, security, session, timeout
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane enables setting properties of user sessions,
like session timeout and number of concurrent sessions.
@ -19,3 +25,9 @@ To configure UCP login sessions, go to the UCP web UI, navigate to the
| Lifetime Hours | The initial lifetime of a login session, from the time UCP generates it. When this time expires, UCP invalidates the session, and the user must authenticate again to establish a new session. The default is 72 hours. |
| Renewal Threshold Hours | The time before session expiration when UCP extends an active session. UCP extends the session by the number of hours specified in **Lifetime Hours**. The threshold value can't be greater than **Lifetime Hours**. The default is 24 hours. To specify that sessions are extended with every use, set the threshold equal to the lifetime. To specify that sessions are never extended, set the threshold to zero. This may cause users to be logged out unexpectedly while using the UCP web UI. |
| Per User Limit | The maximum number of simultaneous logins for a user. If creating a new session exceeds this limit, UCP deletes the least recently used session. To disable the limit, set the value to zero. |
{% elsif include.version=="ucp-2.2" %}
Learn about [setting the user's session timeout](/datacenter/ucp/2.2/guides/admin/configure/set-session-timeout.md).
{% endif %}

15
datacenter/ucp/3.0/guides/admin/configure/store-logs-in-an-external-system.md
View File

@ -3,7 +3,16 @@ title: Configure UCP logging
description: Learn how to configure Docker Universal Control Plane to store your logs
on an external log system.
keywords: ucp, integrate, logs
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: restrict-services-to-worker-nodes/
title: Restrict services to worker nodes
---
{% if include.version=="ucp-3.0" %}
You can configure UCP for sending logs to a remote logging service:
@ -59,6 +68,8 @@ When deployed in a production environment, you should secure your ELK
stack. UCP does not do this itself, but there are a number of 3rd party
options that can accomplish this, like the Shield plug-in for Kibana.
## Where to go next
{% elsif include.version=="ucp-2.2" %}
* [Require all images to be signed](restrict-services-to-worker-nodes.md)
Learn how to [configure UCP logging](/datacenter/ucp/2.2/guides/admin/configure/store-logs-in-an-external-system.md).
{% endif %}

16
datacenter/ucp/3.0/guides/admin/configure/ucp-configuration-file.md
View File

@ -2,7 +2,13 @@
title: UCP configuration file
description: Set up UCP deployments by using a configuration file.
keywords: Docker EE, UCP, configuration, config
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
Override the default UCP settings by providing a configuration file when you
create UCP manager nodes. This is useful for scripted installations.
@ -62,7 +68,7 @@ You can see an example TOML config file that shows how to configure UCP
settings. From the command line, run UCP with the `example-config` option:
```bash
$ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} example-config
docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} example-config
```
@ -247,4 +253,10 @@ custom_kube_api_server_flags = ["--event-ttl=1h0m0s", "--service-node-port-range
custom_kube_controller_manager_flags = ["--service-sync-period=5m0s"]
custom_kubelet_flags = ["--http-check-frequency=20s"]
custom_kube_scheduler_flags = ["--algorithm-provider=DefaultProvider"]
```
```
{% elsif include.version=="ucp-2.2" %}
Learn about [UCP configuration files](/datacenter/ucp/2.2/guides/admin/configure/ucp-configuration-file.md).
{% endif %}

12
datacenter/ucp/3.0/guides/admin/configure/use-node-local-network-in-swarm.md
View File

@ -2,7 +2,13 @@
title: Use a local node network in a cluster
description: Learn how to use a local node network, like MAC VLAN, in a UCP cluster.
keywords: ucp, network, macvlan
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane can use your local networking drivers to
orchestrate your cluster. You can create a *config* network, with a driver like
@ -43,3 +49,9 @@ the networks won't have the right access labels and won't be available in UCP.
collection placement are inherited from the related config-only networks.
6. Click **Create** to create the network.
{% elsif include.version=="ucp-2.2" %}
Learn about [using a local node network in a cluster](/datacenter/ucp/2.2/guides/admin/configure/use-node-local-network-in-swarm.md).
{% endif %}

14
datacenter/ucp/3.0/guides/admin/configure/use-trusted-images-for-ci.md
View File

@ -1,8 +1,14 @@
---
title: Use trusted images for continuous integration
description: Set up and configure content trust and signing policy for use with a continuous integration system
keywords: cup, trust, notary, security, continuous integration
title: Use trusted images for continuous integration
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
The document provides a minimal example on setting up Docker Content Trust (DCT) in
Universal Control Plane (UCP) for use with a Continuous Integration (CI) system. It
@ -147,3 +153,9 @@ that do not meet our signing policy cannot be used. The signing policy we set up
that the "CI" team must have signed any image we attempt to `docker image pull`, `docker container run`,
or `docker service create`, and the only member of that team is the "jenkins" user. This
restricts us to only running images that were published by our Jenkins CI system.
{% elsif include.version=="ucp-2.2" %}
Learn about [using trusted images for continuous integration](/datacenter/ucp/2.2/guides/admin/configure/use-trusted-images-for-ci.md).
{% endif %}

17
datacenter/ucp/3.0/guides/admin/configure/use-your-own-tls-certificates.md
View File

@ -2,7 +2,16 @@
title: Use your own TLS certificates
description: Learn how to configure Docker Universal Control Plane to use your own certificates.
keywords: Universal Control Plane, UCP, certificate, authentication, tls
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../../user/access-ucp/cli-based-access/
title: Access UCP from the CLI
---
{% if include.version=="ucp-3.0" %}
All UCP services are exposed using HTTPS, to ensure all communications between
clients and UCP are encrypted. By default, this is done using self-signed TLS
@ -53,8 +62,10 @@ web UI and [get new client certificate bundles](../../user/access-ucp/cli-based-
If you deployed Docker Trusted Registry, you'll also need to reconfigure it
to trust the new UCP TLS certificates.
[Learn how to configure DTR](/datacenter/dtr/2.3/reference/cli/reconfigure.md).
[Learn how to configure DTR](/reference/dtr/2.5/cli/reconfigure.md).
## Where to go next
{% elsif include.version=="ucp-2.2" %}
* [Access UCP from the CLI](../../user/access-ucp/cli-based-access.md)
Learn about [using your own TLS certificates](/datacenter/ucp/2.2/guides/admin/configure/use-your-own-tls-certificates.md).
{% endif %}

8
datacenter/ucp/3.0/guides/admin/configure/view-namespace-resources.md
View File

@ -2,7 +2,11 @@
title: View Kubernetes objects in a namespace
description: Learn how to set the Kubernetes namespace context in a Docker Enterprise Edition cluster.
keywords: Docker EE, UCP, Kubernetes, namespace
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
With Docker Enterprise Edition, administrators can filter the view of
Kubernetes objects by the namespace the objects are assigned to. You can
@ -109,4 +113,6 @@ objects in one namespace.
The `app-service-blue` service doesn't appear.
To view the `app-service-blue` service, repeat the previous steps, but this
time, select **Set Context** on the **blue** namespace.
time, select **Set Context** on the **blue** namespace.
{% endif %}

6
datacenter/ucp/3.0/guides/authorization/group-resources.md
View File

@ -8,13 +8,13 @@ keywords: rbac, ucp, grant, role, permission, authentication, resource collectio
A
[namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/)
is a logical area for a Kubernetes cluster. Kuberenetes comes with a "default"
is a logical area for a Kubernetes cluster. Kubernetes comes with a "default"
namespace for your cluster objects (plus two more for system and public
resources). You can create custom namespaces, but unlike Swarm collections,
namespaces _cannot be nested_.
> Resource types that can be placed into a Kubernetes namespace include: Pods,
> Deployments, NetworkPolcies, Nodes, Services, Secrets, and many more.
> Deployments, NetworkPolicies, Nodes, Services, Secrets, and many more.
Resources are placed into a namespace when you create a kubernetes object. A
drop down displays all available namespaces and one must be selected.
@ -85,7 +85,7 @@ set.
> Default collections are good for users who ony work on a well-defined slice of
> the system, as well as users who deploy stacks and don't want to edit the
> contents of their compose files. A user with more versatile roles in the
> system, such as an adminitrator, might find it better to set custom labels for
> system, such as an administrator, might find it better to set custom labels for
> each resource.
### Collections and labels

4
datacenter/ucp/3.0/guides/authorization/index.md
View File

@ -64,13 +64,13 @@ assign application resources to that path.
A
[namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/)
is a logical area for a Kubernetes cluster. Kuberenetes comes with a "default"
is a logical area for a Kubernetes cluster. Kubernetes comes with a "default"
namespace for your cluster objects (plus two more for system and public
resources). You can create custom namespaces, but unlike Swarm collections,
namespaces _cannot be nested_.
> Resource types that can be placed into a Kubernetes namespace include: Pods,
> Deployments, NetworkPolcies, Nodes, Services, Secrets, and many more.
> Deployments, NetworkPolicies, Nodes, Services, Secrets, and many more.
For more, see: [Group and isolate cluster resources](group-resources.md).

2
datacenter/ucp/3.0/guides/index.md
View File

@ -5,6 +5,8 @@ description: |
ui_tabs:
- version: ucp-3.0
orhigher: true
cli_tabs:
- version: docker-cli-linux
next_steps:
- path: admin/install/
title: Install UCP