docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove template tags (#589)

This commit is contained in:
Jim Galasyn 2018-04-06 11:22:47 -07:00
parent 23682a9354
commit e4f56fe84e
82 changed files with 160 additions and 972 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ee/backup.md
View File

@ -1,18 +1,10 @@
---
title: Backup Docker EE
description: |
Learn how to create a backup of your Docker Enterprise Edition, and how to restore from a backup.
ui_tabs:
- version: dee-2.0
orhigher: false
next_steps:
- path: upgrade/
title: Upgrade Docker EE
description: Learn how to create a backup of your Docker Enterprise Edition, and how to restore from a backup.
keywords: enterprise, backup, restore
redirect_from:
- /enterprise/backup/
---
{% if include.version=="dee-2.0" %}
To backup Docker Enterprise Edition you need to create individual backups
for each of the following components:
@ -42,4 +34,6 @@ components one by one:
2. Universal Control Plane (UCP). [Learn more](/ee/ucp/admin/backups-and-disaster-recovery.md#restore-your-swarm).
3. Docker Trusted Registry (DTR). [Learn more](/ee/dtr/admin/disaster-recovery/index.md).
{% endif %}
## Where to go next
- [Upgrade Docker EE](upgrade.md)

15
ee/docker-ee-architecture.md
View File

@ -2,18 +2,8 @@
title: Docker EE architecture
description: Learn about the architecture of Docker Enterprise Edition and how it delivers high availability for your workloads.
keywords: Docker EE, UCP, DTR, architecture, orchestration, Kubernetes, Swarm, cluster, high availability
ui_tabs:
- version: dee-2.0
orhigher: false
next_steps:
- path: /ee/ucp/ucp-architecture/
title: UCP architecture
- path: /ee/dtr/architecture/
title: DTR architecture
---
{% if include.version=="dee-2.0" %}
Docker Enterprise Edition (EE) enables deploying your workloads for high
availability (HA) onto the orchestrator of your choice. Docker EE system
components can run on multiple manager nodes in the cluster, and if one manager
@ -108,4 +98,7 @@ All DTR replicas run the same set of services, and changes to their configuratio
are automatically propagated to other replicas.
[Learn about DTR architecture](/ee/dtr/architecture.md).
{% endif %}
## Where to go next
- [UCP architecture](/ee/ucp/ucp-architecture.md)
- [DTR architecture](/ee/dtr/architecture.md)

20
ee/get-support.md
View File

@ -2,16 +2,7 @@
title: Get support
description: Your Docker EE subscription gives you access to prioritized support. You can file tickets via email or the support portal.
keywords: support, help
ui_tabs:
- version: ucp-3.0
orlower: true
cli_tabs:
- version: docker-cli-linux
- version: docker-cli-win
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
Your Docker Enterprise Edition subscription gives you access to prioritized
support. The service levels depend on your subscription.
@ -36,12 +27,7 @@ support dump:
![](images/get-support-1.png){: .with-border}
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
## Use the CLI to get a support dump
To get the support dump from the CLI, use SSH to log into a UCP manager node
and run:
@ -59,7 +45,7 @@ This support dump only contains logs for the node where you're running the
command. If your UCP is highly available, you should collect support dumps
from all of the manager nodes.
{% elsif include.version=="docker-cli-win" %}
## Use PowerShell to get a support dump
On Windows worker nodes, run the following command to generate a local support dump:
@ -70,5 +56,3 @@ docker container run --name windowssupport -v 'C:\ProgramData\docker\daemoncerts
This command creates a directory named `dsinfo` in your current directory.
If you want an archive file, you need to create it from the `dsinfo` directory.
{% endif %}
{% endif %}

30
ee/index.md
View File

@ -1,25 +1,11 @@
---
title: Docker Enterprise Edition Platform
description: |
Learn about Docker Enterprise Edition, the enterprise-grade cluster management solution from Docker.
ui_tabs:
- version: dee-2.0
orhigher: false
cli_tabs:
- version: docker-cli-linux
- version: kubectl
next_steps:
- path: supported-platforms/
title: Supported platforms
- path: docker-ee-architecture/
title: Docker EE architecture
description: Learn about Docker Enterprise Edition, the enterprise-grade cluster management solution from Docker.
keywords: Docker EE, UCP, DTR, orchestration, cluster, Kubernetes
redirect_from:
- /enterprise/
---
{% if include.version=="dee-2.0" %}
Docker Enterprise Edition Platform 2.0 (*Docker EE*) is a
Containers-as-a-Service (CaaS) platform that enables a secure software supply
chain and deploys diverse applications for high availability across disparate
@ -152,12 +138,6 @@ are safe and can't be tampered with.
You can also enforce security policies and only allow running applications
that use Docker images you know and trust.
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
## Docker EE and the CLI
Docker EE exposes the standard Docker API, so you can continue using the tools
@ -189,7 +169,7 @@ Managers: 1
```
{% elsif include.version=="kubectl" %}
## Use the Kubernetes CLI
Docker EE exposes the standard Kubernetes API, and it installs the command-line
tool, `kubectl`, by default, so you can use the usual Kubernetes commands, like
@ -208,5 +188,7 @@ KubeDNS is running at https://54.200.115.43:6443/api/v1/namespaces/kube-system/s
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
```
{% endif %}
{% endif %}
## Where to go next
- [Supported platforms](supported-platforms.md)
- [Docker EE architecture](docker-ee-architecture.md)

17
ee/supported-platforms.md
View File

@ -1,20 +1,10 @@
---
title: About Docker EE
description: |
Information about Docker Enterprise Edition Platform 2.0
ui_tabs:
- version: dee-2.0
orhigher: false
next_steps:
- path: /engine/installation/
title: Install Docker
- path: /get-started/
title: Get Started with Docker
description: Information about Docker Enterprise Edition Platform 2.0
keywords: enterprise, enterprise edition, ee, docker ee, docker enterprise edition, lts, commercial, cs engine
redirect_from:
- /enterprise/supported-platforms/
---
{% if include.version=="dee-2.0" %}
Docker Enterprise Edition (*Docker EE*) is designed for enterprise
development and IT teams who build, ship, and run business-critical
@ -80,4 +70,7 @@ deployed version, or you can upgrade to the latest Docker EE version. For
more info, see [Scope of Coverage and Maintenance
Lifecycle](https://success.docker.com/Policies/Scope_of_Support).
{% endif %}
## Where to go next
- [Install Docker](/engine/installation/index.md)
- [Get Started with Docker](/get-started/index.md)

44
ee/telemetry.md
View File

@ -1,20 +1,10 @@
---
name: Manage usage data collection
title: Manage usage data collection
description: |
Understand and manage usage data collected by Docker EE and sent to Docker.
ui_tabs:
- version: dee-2.0
orhigher: false
cli_tabs:
- version: docker-cli-linux
description: Understand and manage usage data collected by Docker EE and sent to Docker.
keywords: enterprise, telemetry, data collection
redirect_from:
- /enterprise/telemetry/
---
{% if include.ui %}
{% if include.version=="dee-2.0" %}
Docker EE Engine version 17.06 and later includes a telemetry plugin.
The plugin is enabled by default on Ubuntu starting with Docker EE 17.06.0
@ -61,18 +51,12 @@ You can find out more about an individual option by clicking the **?** icon.
> about what API endpoints are used. API payload contents aren't collected.
{: .important}
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
## Use the CLI to control telemetry
To disable the telemetry plugin, use the `docker plugin disable` with either the plugin NAME or ID:
```bash
docker plugin ls
$ docker plugin ls
ID NAME [..]
114dbeaa400c docker/telemetry:1.0.0.linux-x86_64-stable [..]
@ -84,27 +68,9 @@ This command must be run on each Docker host.
To re-enable the telemetry plugin, you can use `docker plugin enable` with either the plugin NAME or ID:
```bash
docker plugin ls
$ docker plugin ls
ID NAME [..]
114dbeaa400c docker/telemetry:1.0.0.linux-x86_64-stable [..]
docker plugin enable docker/telemetry:1.0.0.linux-x86_64-stable
$ docker plugin enable docker/telemetry:1.0.0.linux-x86_64-stable
```
### Use Universal Control Plane
If you use Universal Control Plane with Docker EE, do not use the Docker CLI to
disable the telemetry plugin. Instead, you can manage the information sent to
Docker by going to **Admin Settings** and choosing **Usage**.
![UCP admin settings Usage defaults](images/usage-defaults.png){: .with-border}
To disable the telemetry plugin, disable all three options and click **Save**.
Enabling either or both of the top two options enable the telemetry plugin.
You can find out more about an individual option by clicking the **?** icon.
> **Note**: If API usage statistics are enabled, Docker only gathers aggregate
stats about what API endpoints are used. API payload contents are not collected.
{% endif %}
{% endif %}

18
ee/ucp/admin/backups-and-disaster-recovery.md
View File

@ -3,18 +3,7 @@ title: Backups and disaster recovery
description: Learn how to backup your Docker Universal Control Plane swarm, and
to recover your swarm from an existing backup.
keywords: ucp, backup, restore, recovery
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: configure/join-nodes/
title: Set up high availability
- path: ../ucp-architecture/
title: UCP architecture
---
{% if include.version=="ucp-3.0" %}
When you decide to start using Docker Universal Control Plane on a production
setting, you should
@ -208,8 +197,7 @@ manager failures, the system should be configured for
nodes](configure/scale-your-cluster.md) from the swarm and then re-join
them using a `docker swarm join` operation with the swarm's new join-token.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [backups and disaster recovery](/datacenter/ucp/2.2/guides/admin/backups-and-disaster-recovery.md).
{% endif %}
- [UCP architecture](../ucp-architecture.md)
- [Set up high availability](configure/join-nodes/index.md)

14
ee/ucp/admin/configure/add-labels-to-cluster-nodes.md
View File

@ -2,16 +2,7 @@
title: Add labels to swarm nodes
description: Learn how to add metadata to swarm nodes that can be used to specify constraints when deploying services.
keywords: cluster, node, label, swarm, metadata
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: store-logs-in-an-external-system/
title: Store logs in an external system
---
{% if include.version=="ucp-3.0" %}
With Docker UCP, you can add labels to your nodes. Labels are metadata that
describe the node, like its role (development, QA, production), its region
@ -144,9 +135,8 @@ To edit the labels on the service, click **Configure** and select
You can add or remove deployment constraints on this page.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [adding labels to cluster nodes](/datacenter/ucp/2.2/guides/admin/configure/add-labels-to-cluster-nodes.md).
- [Store logs in an external system](store-logs-in-an-external-system.md)
{% endif %}

11
ee/ucp/admin/configure/add-sans-to-cluster.md
View File

@ -2,13 +2,7 @@
title: Add SANs to cluster certificates
description: Learn how to add new SANs to cluster nodes, allowing you to connect to UCP with a different hostname
keywords: cluster, node, label, certificate, SAN
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
UCP always runs with HTTPS enabled. When you connect to UCP, you need to make
sure that the hostname that you use to connect is recognized by UCP's
@ -60,8 +54,3 @@ docker node update --label-add com.docker.ucp.SANs=<SANs-list> <node-id>
`<SANs-list>` is the list of SANs with your new SAN appended at the end. As in
the web UI, you must do this for every manager node.
{% elsif include.version=="ucp-2.2" %}
Learn about [adding SANs to cluster certificates](/datacenter/ucp/2.2/guides/admin/configure/add-sans-to-cluster.md).
{% endif %}

18
ee/ucp/admin/configure/external-auth/enable-ldap-config-file.md
View File

@ -2,18 +2,7 @@
title: Integrate with LDAP by using a configuration file
description: Set up LDAP authentication by using a configuration file.
keywords: UCP, LDAP, config
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../../../authorization/create-teams-with-ldap/
title: Create teams with LDAP
- path: ../../../authorization/create-users-and-teams-manually/
title: Create users and teams manually
---
{% if include.version=="ucp-3.0" %}
Docker UCP integrates with LDAP directory services, so that you can manage
users and groups from your organization's directory and automatically
@ -73,8 +62,7 @@ docker container run --rm {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_ver
have their accounts created when they log in with their username and LDAP
password.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [integrating with LDAP by using a configuration file](/datacenter/ucp/2.2/guides/admin/configure/external-auth/enable-ldap-config-file.md).
{% endif %}
- [Create users and teams manually](../../../authorization/create-users-and-teams-manually.md)
- [Create teams with LDAP](../../../authorization/create-teams-with-ldap.md)

21
ee/ucp/admin/configure/external-auth/index.md
View File

@ -3,20 +3,7 @@ title: Integrate with an LDAP directory
description: Learn how to integrate UCP with an LDAP service, so that you can
manage users from a single place.
keywords: LDAP, UCP, authentication, user management
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: enable-ldap-config-file/
title: Enable LDAP integration by using a configuration file
- path: ../../../authorization/create-teams-with-ldap/
title: Create teams with LDAP
- path: ../../../authorization/create-users-and-teams-manually/
title: Create users and teams manually
---
{% if include.version=="ucp-3.0" %}
Docker UCP integrates with LDAP directory services, so that you can manage
users and groups from your organization's directory and it will automatically
@ -231,8 +218,8 @@ UCP enables syncing teams with a search query or group in your organization's
LDAP directory.
[Sync team members with your organization's LDAP directory](../../../authorization/create-teams-with-ldap.md).
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [integrating with an LDAP directory](/datacenter/ucp/2.2/guides/admin/configure/external-auth/index.md).
{% endif %}
- [Create users and teams manually](../../../authorization/create-users-and-teams-manually.md)
- [Create teams with LDAP](../../../authorization/create-teams-with-ldap.md)
- [Enable LDAP integration by using a configuration file](enable-ldap-config-file.md)

11
ee/ucp/admin/configure/integrate-with-multiple-registries.md
View File

@ -2,16 +2,9 @@
title: Integrate with multiple registries
description: Integrate UCP with multiple registries
keywords: trust, registry, integrate, UCP, DTR
ui_tabs:
- version: ucp-3.0
orhigher: false
next_steps:
- path: external-auth/enable-ldap-config-file/
title: Integrate with LDAP by using a configuration file
redirect_from:
- /datacenter/ucp/3.0/guides/admin/configure/integrate-with-multiple-registries/
---
{% if include.version=="ucp-3.0" %}
Universal Control Plane can pull and run images from any image registry,
including Docker Trusted Registry and Docker Store.
@ -75,4 +68,6 @@ EOL
You can then append the content of `trust-dtr.toml` to your current UCP
configuration to make UCP trust this DTR deployment.
{% endif %}
## Where to go next
- [Integrate with LDAP by using a configuration file](external-auth/enable-ldap-config-file.md)

21
ee/ucp/admin/configure/join-nodes/index.md
View File

@ -2,20 +2,7 @@
title: Set up high availability
description: Docker Universal Control plane has support for high availability. Learn how to set up your installation to ensure it tolerates failures.
keywords: ucp, high availability, replica
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: join-linux-nodes-to-cluster/
title: Join nodes to your cluster
- path: join-windows-nodes-to-cluster/
title: Join Windows worker nodes to your cluster
- path: use-a-load-balancer/
title: Use a load balancer
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane is designed for high availability (HA). You can
join multiple manager nodes to the cluster, so that if one manager node fails,
@ -48,8 +35,8 @@ For production-grade deployments, follow these rules of thumb:
degradation, as changes to configurations need to be replicated across all
manager nodes. The maximum advisable is seven manager nodes.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [scaling your cluster](/datacenter/ucp/2.2/guides/admin/configure/scale-your-cluster.md).
{% endif %}
- [Join nodes to your cluster](join-linux-nodes-to-cluster.md)
- [Join Windows worker nodes to your cluster](join-windows-nodes-to-cluster.md)
- [Use a load balancer](use-a-load-balancer.md)

23
ee/ucp/admin/configure/join-nodes/join-linux-nodes-to-cluster.md
View File

@ -2,17 +2,7 @@
title: Join Linux nodes to your cluster
description: Learn how to scale a Docker Enterprise Edition cluster by adding manager and worker nodes.
keywords: Docker EE, UCP, cluster, scale, worker, manager
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
cli_tabs:
- version: docker-cli-linux
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
Docker EE is designed for scaling horizontally as your applications grow in
size and usage. You can add or remove nodes from the cluster to scale it
@ -150,16 +140,7 @@ the node to leave the cluster manually. To do this, connect to the target node
through SSH and run `docker swarm leave --force` directly against the local
Docker EE Engine.
{% elsif include.version=="ucp-2.2" %}
Learn how to [scale your cluster](/datacenter/ucp/2.2/guides/admin/configure/scale-your-cluster.md).
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
## Use the CLI to join nodes
You can use the command line to join a node to a Docker EE cluster.
To get the join token, run the following command on a manager node:
@ -211,5 +192,3 @@ the cluster.
docker node rm <nodeID or hostname>
```
{% endif %}
{% endif %}

11
ee/ucp/admin/configure/join-nodes/join-windows-nodes-to-cluster.md
View File

@ -2,15 +2,9 @@
title: Join Windows worker nodes to your cluster
description: Join worker nodes that are running on Windows Server 2016 to a Docker EE cluster.
keywords: Docker EE, UCP, cluster, scale, worker, Windows
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
redirect_from:
- /datacenter/ucp/3.0/guides/admin/configure/join-nodes/join-windows-nodes-to-cluster/
---
{% if include.version=="ucp-3.0" %}
Docker Enterprise Edition supports worker nodes that run on Windows Server 2016.
Only worker nodes are supported on Windows, and all manager nodes in the cluster
@ -212,8 +206,3 @@ Some features are not yet supported on Windows nodes:
* On Windows, Docker can't listen on a Unix socket. Use TCP or a named pipe
instead.
{% elsif include.version=="ucp-2.2" %}
Learn about [joining Windows worker nodes to a cluster](/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes.md).
{% endif %}

15
ee/ucp/admin/configure/join-nodes/use-a-load-balancer.md
View File

@ -2,16 +2,7 @@
title: Use a load balancer
description: Learn how to set up a load balancer to access the UCP web UI using an hostname.
keywords: UCP, high-availability, load balancer
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../add-labels-to-cluster-nodes/
title: Add labels to cluster nodes
---
{% if include.version=="ucp-3.0" %}
Once you've joined multiple manager nodes for high-availability, you can
configure your own load balancer to balance user requests across all
@ -219,8 +210,6 @@ docker run --detach \
</div>
</div>
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [using a load balancer](/datacenter/ucp/2.2/guides/admin/configure/use-a-load-balancer.md).
{% endif %}
- [Add labels to cluster nodes](../add-labels-to-cluster-nodes.md)

18
ee/ucp/admin/configure/license-your-installation.md
View File

@ -2,18 +2,7 @@
title: License your installation
description: Learn how to license your Docker Universal Control Plane installation.
keywords: Universal Control Plane, UCP, install, license
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../install/
title: Install UCP
- path: ../install/install-offline/
title: Install UCP offline
---
{% if include.version=="ucp-3.0" %}
After installing Docker Universal Control Plane, you need to license your
installation. Here's how to do it.
@ -38,8 +27,7 @@ license refreshes immediately, and you don't need to click **Save**.
![](../../images/license-ucp-2.png){: .with-border}
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [licensing your installation](/datacenter/ucp/2.2/guides/admin/configure/license-your-installation.md).
{% endif %}
- [Install UCP](../install.md)
- [Install UCP offline](../install/install-offline.md)

5
ee/ucp/admin/configure/manage-and-deploy-private-images.md
View File

@ -2,11 +2,7 @@
title: Manage and deploy private images
description: Learn how to push an image to Docker Trusted Registry and deploy it to a Kubernetes cluster managed by Docker Enterprise Edition.
keywords: Docker EE, DTR, UCP, image, Kubernetes, orchestration, cluster
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
Docker Enterprise Edition (EE) has its own image registry (DTR) so that
you can store and manage the images that you deploy to your cluster.
@ -138,4 +134,3 @@ from outside the cluster.
![](../../images/manage-and-deploy-private-images-4.png){: .with-border}
{% endif %}

11
ee/ucp/admin/configure/restrict-services-to-worker-nodes.md
View File

@ -2,13 +2,7 @@
title: Restrict services to worker nodes
description: Learn how to configure Universal Control Plane to only allow running services in worker nodes.
keywords: ucp, configuration, worker
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
You can configure UCP to allow users to deploy and run services only in
worker nodes. This ensures all cluster management functionality stays
@ -30,9 +24,4 @@ or not.
Having a grant with the `Scheduler` role against the `/` collection takes
precedence over any other grants with `Node Schedule` on subcollections.
{% elsif include.version=="ucp-2.2" %}
Learn about [restricting services to worker nodes](/datacenter/ucp/2.2/guides/admin/configure/restrict-services-to-worker-nodes.md).
{% endif %}

15
ee/ucp/admin/configure/run-only-the-images-you-trust.md
View File

@ -2,16 +2,7 @@
title: Run only the images you trust
description: Configure a Docker UCP cluster to only allow running applications that use images you trust.
keywords: ucp, dtr, security, trust
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: /ee/dtr/user/manage-images/sign-images/
title: Sign and push images to DTR
---
{% if include.version=="ucp-3.0" %}
With Docker Universal Control Plane you can enforce applications to only use
Docker images signed by UCP users you trust. When a user tries to deploy an
@ -75,8 +66,6 @@ Click **Save** for UCP to start enforcing the policy. From now on, existing
services will continue running and can be restarted if needed, but UCP will only
allow deploying new services that use a trusted image.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [running only the images you trust](/datacenter/ucp/2.2/guides/admin/configure/run-only-the-images-you-trust.md).
{% endif %}
- [Sign and push images to DTR](/ee/dtr/user/manage-images/sign-images.md)

32
ee/ucp/admin/configure/scale-your-cluster.md
View File

@ -2,22 +2,7 @@
title: Scale your cluster
description: Learn how to scale Docker Universal Control Plane cluster, by adding and removing nodes.
keywords: UCP, cluster, scale
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
cli_tabs:
- version: docker-cli-linux
next_steps:
- path: use-your-own-tls-certificates/
title: Use your own TLS certificates
- path: join-nodes/
title: Set up high availability
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
Docker UCP is designed for scaling horizontally as your applications grow in
size and usage. You can add or remove nodes from the UCP cluster to make it
@ -126,16 +111,7 @@ If you're load-balancing user requests to UCP across multiple manager nodes,
when demoting those nodes into workers, don't forget to remove them from your
load-balancing pool.
{% elsif include.version=="ucp-2.2" %}
Learn about [scaling your cluster](/datacenter/ucp/2.2/guides/admin/configure/scale-your-cluster.md).
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
## Use the CLI to scale your cluster
You can also use the command line to do all of the above operations. To get the
join token, run the following command on a manager node:
@ -175,5 +151,7 @@ To remove the node, use:
docker node rm <node-hostname>
```
{% endif %}
{% endif %}
## Where to go next
- [Use your own TLS certificates](use-your-own-tls-certificates.md)
- [Set up high availability](join-nodes/index.md)

20
ee/ucp/admin/configure/set-orchestrator-type.md
View File

@ -2,15 +2,7 @@
title: Set the orchestrator type for a node
description: Learn how to specify the orchestrator for nodes in a Docker Enterprise Edition cluster.
keywords: Docker EE, UCP, cluster, orchestrator
ui_tabs:
- version: ucp-3.0
orhigher: false
cli_tabs:
- version: docker-cli-linux
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
When you add a node to the cluster, the node's workloads are managed by a
default orchestrator, either Docker Swarm or Kubernetes. When you install
@ -128,12 +120,7 @@ new orchestrator.
> its orchestrator type remains as `Mixed`.
{: important}
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
## Use the CLI to set the orchestrator type
Set the orchestrator on a node by assigning the orchestrator labels,
`com.docker.ucp.orchestrator.swarm` or `com.docker.ucp.orchestrator.kubernetes`,
@ -203,7 +190,6 @@ default_node_orchestrator = "swarm"
The value can be `swarm` or `kubernetes`.
[Learn to set up Docker EE by using a config file](ucp-configuration-file.md).
## Where to go next
{% endif %}
{% endif %}
- [Set up Docker EE by using a config file](ucp-configuration-file.md)

12
ee/ucp/admin/configure/set-session-timeout.md
View File

@ -2,13 +2,7 @@
title: Set the user's session timeout
description: Learn how to set the session timeout for users and other session properties.
keywords: UCP, authorization, authentication, security, session, timeout
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane enables setting properties of user sessions,
like session timeout and number of concurrent sessions.
@ -25,9 +19,3 @@ To configure UCP login sessions, go to the UCP web UI, navigate to the
| Lifetime Hours | The initial lifetime of a login session, from the time UCP generates it. When this time expires, UCP invalidates the session, and the user must authenticate again to establish a new session. The default is 72 hours. |
| Renewal Threshold Hours | The time before session expiration when UCP extends an active session. UCP extends the session by the number of hours specified in **Lifetime Hours**. The threshold value can't be greater than **Lifetime Hours**. The default is 24 hours. To specify that sessions are extended with every use, set the threshold equal to the lifetime. To specify that sessions are never extended, set the threshold to zero. This may cause users to be logged out unexpectedly while using the UCP web UI. |
| Per User Limit | The maximum number of simultaneous logins for a user. If creating a new session exceeds this limit, UCP deletes the least recently used session. To disable the limit, set the value to zero. |
{% elsif include.version=="ucp-2.2" %}
Learn about [setting the user's session timeout](/datacenter/ucp/2.2/guides/admin/configure/set-session-timeout.md).
{% endif %}

15
ee/ucp/admin/configure/store-logs-in-an-external-system.md
View File

@ -3,16 +3,7 @@ title: Configure UCP logging
description: Learn how to configure Docker Universal Control Plane to store your logs
on an external log system.
keywords: ucp, integrate, logs
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: restrict-services-to-worker-nodes/
title: Restrict services to worker nodes
---
{% if include.version=="ucp-3.0" %}
You can configure UCP for sending logs to a remote logging service:
@ -68,8 +59,6 @@ When deployed in a production environment, you should secure your ELK
stack. UCP does not do this itself, but there are a number of 3rd party
options that can accomplish this, like the Shield plug-in for Kibana.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn how to [configure UCP logging](/datacenter/ucp/2.2/guides/admin/configure/store-logs-in-an-external-system.md).
{% endif %}
- [Restrict services to worker nodes](restrict-services-to-worker-nodes.md)

11
ee/ucp/admin/configure/ucp-configuration-file.md
View File

@ -2,13 +2,7 @@
title: UCP configuration file
description: Set up UCP deployments by using a configuration file.
keywords: Docker EE, UCP, configuration, config
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
Override the default UCP settings by providing a configuration file when you
create UCP manager nodes. This is useful for scripted installations.
@ -256,8 +250,3 @@ custom_kubelet_flags = ["--http-check-frequency=20s"]
custom_kube_scheduler_flags = ["--algorithm-provider=DefaultProvider"]
```
{% elsif include.version=="ucp-2.2" %}
Learn about [UCP configuration files](/datacenter/ucp/2.2/guides/admin/configure/ucp-configuration-file.md).
{% endif %}

11
ee/ucp/admin/configure/use-node-local-network-in-swarm.md
View File

@ -2,13 +2,7 @@
title: Use a local node network in a cluster
description: Learn how to use a local node network, like MAC VLAN, in a UCP cluster.
keywords: ucp, network, macvlan
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane can use your local networking drivers to
orchestrate your cluster. You can create a *config* network, with a driver like
@ -50,8 +44,3 @@ the networks won't have the right access labels and won't be available in UCP.
6. Click **Create** to create the network.
{% elsif include.version=="ucp-2.2" %}
Learn about [using a local node network in a cluster](/datacenter/ucp/2.2/guides/admin/configure/use-node-local-network-in-swarm.md).
{% endif %}

12
ee/ucp/admin/configure/use-trusted-images-for-ci.md
View File

@ -2,13 +2,7 @@
title: Use trusted images for continuous integration
description: Set up and configure content trust and signing policy for use with a continuous integration system
keywords: cup, trust, notary, security, continuous integration
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
The document provides a minimal example on setting up Docker Content Trust (DCT) in
Universal Control Plane (UCP) for use with a Continuous Integration (CI) system. It
@ -153,9 +147,3 @@ that do not meet our signing policy cannot be used. The signing policy we set up
that the "CI" team must have signed any image we attempt to `docker image pull`, `docker container run`,
or `docker service create`, and the only member of that team is the "jenkins" user. This
restricts us to only running images that were published by our Jenkins CI system.
{% elsif include.version=="ucp-2.2" %}
Learn about [using trusted images for continuous integration](/datacenter/ucp/2.2/guides/admin/configure/use-trusted-images-for-ci.md).
{% endif %}

15
ee/ucp/admin/configure/use-your-own-tls-certificates.md
View File

@ -2,16 +2,7 @@
title: Use your own TLS certificates
description: Learn how to configure Docker Universal Control Plane to use your own certificates.
keywords: Universal Control Plane, UCP, certificate, authentication, tls
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../../user-access/cli/
title: Access UCP from the CLI
---
{% if include.version=="ucp-3.0" %}
All UCP services are exposed using HTTPS, to ensure all communications between
clients and UCP are encrypted. By default, this is done using self-signed TLS
@ -64,8 +55,6 @@ If you deployed Docker Trusted Registry, you'll also need to reconfigure it
to trust the new UCP TLS certificates.
[Learn how to configure DTR](/reference/dtr/2.5/cli/reconfigure.md).
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [using your own TLS certificates](/datacenter/ucp/2.2/guides/admin/configure/use-your-own-tls-certificates.md).
{% endif %}
- [Access UCP from the CLI](../../user-access/cli.md)

6
ee/ucp/admin/configure/view-namespace-resources.md
View File

@ -2,11 +2,7 @@
title: View Kubernetes objects in a namespace
description: Learn how to set the Kubernetes namespace context in a Docker Enterprise Edition cluster.
keywords: Docker EE, UCP, Kubernetes, namespace
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
With Docker Enterprise Edition, administrators can filter the view of
Kubernetes objects by the namespace the objects are assigned to. You can
@ -114,5 +110,3 @@ objects in one namespace.
To view the `app-service-blue` service, repeat the previous steps, but this
time, select **Set Context** on the **blue** namespace.
{% endif %}

15
ee/ucp/admin/install/architecture-specific-images.md
View File

@ -2,16 +2,7 @@
title: Architecture-specific images
description: Learn how to deploy Docker Universal Control Plane using images that are specific to particular hardware architectures.
keywords: UCP, Docker EE, image, IBM z, Windows
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../configure/join-nodes/
title: Join nodes to your cluster
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane deploys images for a number of different
hardware architectures, including IBM z systems. Some architectures require
@ -51,8 +42,6 @@ following table to ensure that you're pulling the right images for each node.
| ucp-agent | ucp-agent-win | ucp-agent-s390x |
| ucp-dsinfo | ucp-dsinfo-win | ucp-dsinfo-s390x |
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [architecture-specific images](/datacenter/ucp/2.2/guides/admin/install/architecture-specific-images.md).
{% endif %}
- [Join nodes to your cluster](../configure/join-nodes.md)

18
ee/ucp/admin/install/index.md
View File

@ -2,20 +2,9 @@
title: Install UCP for production
description: Learn how to install Docker Universal Control Plane on production.
keywords: Universal Control Plane, UCP, install, Docker EE
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../configure/use-your-own-tls-certificates/
title: Use your own TLS certificates
- path: ../configure/join-nodes/
title: Join nodes to your cluster
redirect_from:
- /datacenter/ucp/3.0/guides/admin/install/
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane (UCP) is a containerized application that you
can install on-premise or on a cloud infrastructure.
@ -173,8 +162,7 @@ To add more computational resources to your swarm, you can join worker nodes.
These nodes execute tasks assigned to them by the manager nodes. Follow the
same steps as before, but don't check the **Add node as a manager** option.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [installing UCP for production](/datacenter/ucp/2.2/guides/admin/install/index.md).
{% endif %}
- [Join nodes to your cluster](../configure/join-nodes.md)
- [Use your own TLS certificates](../configure/use-your-own-tls-certificates.md)

20
ee/ucp/admin/install/install-offline.md
View File

@ -3,18 +3,7 @@ title: Install UCP offline
description: Learn how to install Docker Universal Control Plane. on a machine with
no internet access.
keywords: UCP, install, offline, Docker EE
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: index/
title: Install UCP
- path: system-requirements/
title: System requirements
---
{% if include.version=="ucp-3.0" %}
The procedure to install Docker Universal Control Plane on a host is the same,
whether the host has access to the internet or not.
@ -78,10 +67,7 @@ Follow the same steps for the DTR binaries.
Now that the offline hosts have all the images needed to install UCP,
you can [install Docker UCP on one of the manager nodes](index.md).
{% elsif include.version=="ucp-2.2" %}
Learn about [installing UCP offline](/datacenter/ucp/2.2/guides/admin/install/install-offline.md).
{% endif %}
## Where to go next
- [System requirements](system-requirements.md)
- [Install UCP](index.md)

17
ee/ucp/admin/install/plan-installation.md
View File

@ -2,18 +2,7 @@
title: Plan a production UCP installation
description: Learn about the Docker Universal Control Plane architecture, and the requirements to install it on production.
keywords: UCP, install, Docker EE
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: index/
title: Install UCP
- path: system-requirements/
title: UCP System requirements
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane helps you manage your container cluster from a
centralized place. This article explains what you need to consider before
@ -113,8 +102,8 @@ for all managers, rather than one for each manager node. In this case,
the certificate files are copied automatically to any new
manager nodes joining the cluster or being promoted to a manager role.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [planning your UCP installation](/datacenter/ucp/2.2/guides/admin/install/plan-installation.md).
- [System requirements](system-requirements.md)
- [Install UCP](index.md)
{% endif %}

15
ee/ucp/admin/install/uninstall.md
View File

@ -2,16 +2,7 @@
title: Uninstall UCP
description: Learn how to uninstall a Docker Universal Control Plane swarm.
keywords: UCP, uninstall, install, Docker EE
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../configure/join-nodes/
title: Join nodes to your cluster
---
{% if include.version=="ucp-3.0" %}
Docker UCP is designed to scale as your applications grow in size and usage.
You can [add and remove nodes](../configure/scale-your-cluster.md) from the
@ -64,8 +55,6 @@ When you install UCP, the Calico network plugin changes the host's IP tables.
When you uninstall UCP, the IP tables aren't reverted to their previous state.
After you uninstall UCP, restart the node to restore its IP tables.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [uninstalling UCP](/datacenter/ucp/2.2/guides/admin/install/uninstall.md).
{% endif %}
- [Join nodes to your cluster](../configure/join-nodes.md)

18
ee/ucp/admin/install/upgrade-offline.md
View File

@ -2,18 +2,7 @@
title: Upgrade UCP offline
description: Learn how to upgrade Docker Universal Control Plane on a machine with no internet access.
keywords: ucp, upgrade, offline
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: upgrade/
title: Upgrade UCP
- path: ../../release-notes/
title: Release Notes
---
{% if include.version=="ucp-3.0" %}
Upgrading Universal Control Plane is the same, whether your hosts have access to
the internet or not.
@ -66,8 +55,7 @@ For each machine that you want to manage with UCP:
Now that the offline hosts have all the images needed to upgrade UCP,
you can [upgrade Docker UCP](upgrade.md).
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [upgrading UCP offline](/datacenter/ucp/2.2/guides/admin/install/upgrade-offline.md).
{% endif %}
- [UCP release notes](../../release-notes.md)
- [Upgrade UCP](upgrade.md)

32
ee/ucp/admin/monitor-and-troubleshoot/index.md
View File

@ -2,22 +2,7 @@
title: Monitor the cluster status
description: Monitor your Docker Universal Control Plane installation, and learn how to troubleshoot it.
keywords: UCP, troubleshoot, health, cluster
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
cli_tabs:
- version: docker-cli-linux
next_steps:
- path: troubleshoot-with-logs/
title: Troubleshoot with logs
- path: troubleshoot-node-messages/
title: Troubleshoot node states
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
You can monitor the status of UCP by using the web UI or the CLI.
You can also use the `_ping` endpoint to build monitoring automation.
@ -40,16 +25,7 @@ Click the node to get more info on its status. In the details pane, click
**Actions** and select **Agent logs** to see the log entries from the
node.
{% elsif include.version=="ucp-2.2" %}
Learn how to [monitor the cluster status](/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/index.md).
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
## Use the CLI to monitor the status of a cluster
You can also monitor the status of a UCP cluster using the Docker CLI client.
Download [a UCP client certificate bundle](../../user-access/cli.md)
@ -84,5 +60,7 @@ URL of a manager node, and not a load balancer. In addition, please be aware tha
pinging the endpoint with HEAD will result in a 404 error code. It is better to
use GET instead.
{% endif %}
{% endif %}
## Where to go next
- [Troubleshoot with logs](troubleshoot-with-logs.md)
- [Troubleshoot node states](troubleshoot-node-messages.md)

15
ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-configurations.md
View File

@ -2,16 +2,7 @@
title: Troubleshoot cluster configurations
description: Learn how to troubleshoot your Docker Universal Control Plane cluster.
keywords: troubleshoot, etcd, rethinkdb, key, value, store, database, ucp, health, cluster
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../../get-support/
title: Get support
---
{% if include.version=="ucp-3.0" %}
UCP automatically tries to heal itself by monitoring its internal
components and trying to bring them to a healthy state.
@ -152,8 +143,6 @@ time="2017-07-14T20:46:09Z" level=debug msg="(01/16) Emergency Repaired Table \"
{% endraw %}
```
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn how to [troubleshoot cluster configurations](/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-configurations.md).
{% endif %}
- [Get support](../../../get-support.md)

11
ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md
View File

@ -2,13 +2,7 @@
title: Troubleshoot UCP node states
description: Learn how to troubleshoot individual UCP nodes.
keywords: UCP, troubleshoot, health, swarm
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
---
{% if include.version=="ucp-3.0" %}
There are several cases in the lifecycle of UCP when a node is actively
transitioning from one state to another, such as when a new node is joining the
@ -34,8 +28,3 @@ UCP node, their explanation, and the expected duration of a given step.
| Unhealthy UCP Controller: unable to reach controller | The controller that we are currently communicating with is not reachable within a predetermined timeout. Please refresh the node listing to see if the symptom persists. If the symptom appears intermittently, this could indicate latency spikes between manager nodes, which can lead to temporary loss in the availability of UCP itself. Please ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved |
| Unhealthy UCP Controller: Docker Swarm Cluster: Local node `<ip>` has status Pending | The Engine ID of an engine is not unique in the swarm. When a node first joins the cluster, it's added to the node inventory and discovered as `Pending` by Docker Swarm. The engine is "validated" if a `ucp-swarm-manager` container can connect to it via TLS, and if its Engine ID is unique in the swarm. If you see this issue repeatedly, make sure that your engines don't have duplicate IDs. Use `docker info` to see the Engine ID. Refresh the ID by removing the `/etc/docker/key.json` file and restarting the daemon. | Until resolved |
{% elsif include.version=="ucp-2.2" %}
Learn how to [troubleshoot UCP node states](/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md).
{% endif %}

15
ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-with-logs.md
View File

@ -2,16 +2,7 @@
title: Troubleshoot your cluster
description: Learn how to troubleshoot your Docker Universal Control Plane cluster.
keywords: ucp, troubleshoot, health, cluster
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: troubleshoot-configurations/
title: Troubleshoot configurations
---
{% if include.version=="ucp-3.0" %}
If you detect problems in your UCP cluster, you can start your troubleshooting
session by checking the logs of the
@ -105,8 +96,6 @@ transition to a different state. The `ucp-reconcile` container is responsible
for creating and removing containers, issuing certificates, and pulling
missing images.
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn how to [troubleshoot cluster configurations](/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs.md).
{% endif %}
- [Troubleshoot configurations](troubleshoot-configurations.md)

6
ee/ucp/authorization/create-teams-with-ldap.md
View File

@ -2,11 +2,7 @@
title: Create teams with LDAP
description: Learn how to enable LDAP and sync users and teams in Docker Universal Control Plane.
keywords: authorize, authentication, users, teams, UCP, LDAP
ui_tabs:
- version: ucp-3.0
orlower: true
---
{% if include.version=="ucp-3.0" %}
To enable LDAP in UCP and sync to your LDAP directory:
@ -58,5 +54,3 @@ synced to match the users in the search results.
scope are added as members of the team.
- **Search subtree**: Defines search through the full LDAP tree, not just one
level, starting at the Base DN.
{% endif %}

20
ee/ucp/authorization/create-users-and-teams-manually.md
View File

@ -2,22 +2,9 @@
title: Create users and teams manually
description: Learn how to add users and define teams in Docker Universal Control Plane.
keywords: rbac, authorize, authentication, users, teams, UCP
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: create-teams-with-ldap/
title: Synchronize teams with LDAP
- path: define-roles/
title: Define roles with authorized API operations
- path: group-resources/
title: Group and isolate cluster resources
- path: grant-permissions/
title: Grant role-access to cluster resources
redirect_from:
- /datacenter/ucp/3.0/guides/authorization/create-users-and-teams-manually/
---
{% if include.version=="ucp-3.0" %}
Users, teams, and organizations are referred to as subjects in Docker EE.
@ -98,4 +85,9 @@ To manually create users in UCP:
![](../images/ucp_usermgmt_users_create01.png){: .with-border}
![](../images/ucp_usermgmt_users_create02.png){: .with-border}
{% endif %}
## Where to go next
- [Synchronize teams with LDAP](create-teams-with-ldap.md)
- [Define roles with authorized API operations](define-roles.md)
- [Group and isolate cluster resources](group-resources.md)
- [Grant role-access to cluster resources](grant-permissions.md)

17
ee/ucp/authorization/define-roles.md
View File

@ -2,18 +2,7 @@
title: Define roles with authorized API operations
description: Learn how to create roles and set permissions in Docker Universal Control Plane.
keywords: rbac, authorization, authentication, users, teams, UCP
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: create-users-and-teams-manually/
title: Create and configure users and teams
- path: group-resources/
title: Group and isolate cluster resources
- path: grant-permissions/
title: Grant role-access to cluster resources
---
{% if include.version=="ucp-3.0" %}
A role defines a set of API operations permitted against a resource set.
You apply roles to users and teams by creating grants.
@ -57,4 +46,8 @@ the same name to different resource sets.
> - Roles used within a grant can be deleted only after first deleting the grant.
> - Only administrators can create and delete roles.
{% endif %}
## Where to go next
- [Create and configure users and teams](create-users-and-teams-manually.md)
- [Group and isolate cluster resources](group-resources.md)
- [Grant role-access to cluster resources](grant-permissions.md)

5
ee/ucp/authorization/deploy-stateless-app.md
View File

@ -2,11 +2,7 @@
title: Deploy a simple stateless app with RBAC
description: Learn how to deploy a simple application and customize access to resources.
keywords: rbac, authorize, authentication, user, team, UCP, Kubernetes
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
This tutorial explains how to deploy a NGINX web server and limit access to one
team with role-based access control (RBAC).
@ -177,4 +173,3 @@ service.
- `dba` (alex) cannot see `nginx-collection`.
- `dev` (bett) cannot see `nginx-collection`.
{% endif %}

5
ee/ucp/authorization/ee-advanced.md
View File

@ -2,11 +2,7 @@
title: Access control design with Docker EE Advanced
description: Learn how to architect multitenancy with Docker Enterprise Edition Advanced.
keywords: authorize, authentication, users, teams, groups, sync, UCP, role, access control
ui_tabs:
- version: ucp-3.0
orlower: true
---
{% if include.version=="ucp-3.0" %}
Go through the [Docker Enterprise Standard tutorial](ee-standard.md),
before continuing here with Docker Enterprise Advanced.
@ -138,4 +134,3 @@ that are provided by the `db` team.
![image](../images/design-access-control-adv-mobile.png){: .with-border}
{% endif %}

11
ee/ucp/authorization/ee-standard.md
View File

@ -2,14 +2,7 @@
title: Access control design with Docker EE Standard
description: Learn how to architect multitenancy by using Docker Enterprise Edition Advanced.
keywords: authorize, authentication, users, teams, groups, sync, UCP, role, access control
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: ee-advanced/
title: Access control design with Docker EE Advanced
---
{% if include.version=="ucp-3.0" %}
[Collections and grants](index.md) are strong tools that can be used to control
access and visibility to resources in UCP.
@ -135,4 +128,6 @@ minus the database tier that is managed by the `db` team.
![image](../images/design-access-control-adv-4.png){: .with-border}
{% endif %}
## Where to go next
- [Access control design with Docker EE Advanced](ee-advanced.md)

15
ee/ucp/authorization/grant-permissions.md
View File

@ -2,18 +2,9 @@
title: Grant role-access to cluster resources
description: Learn how to grant users and teams access to cluster resources with role-based access control.
keywords: rbac, ucp, grant, role, permission, authentication, authorization, namespace, Kubernetes
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: false
next_steps:
- path: deploy-stateless-app/
title: Deploy a simple stateless app with RBAC
redirect_from:
- /datacenter/ucp/3.0/guides/authorization/grant-permissions/
---
{% if include.version=="ucp-3.0" %}
Docker EE administrators can create _grants_ to control how users and
organizations access [resource sets](group-resources.md).
@ -77,8 +68,6 @@ To create a grant in UCP:
> `docker-datacenter` org as a subject.
{: .important}
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn to [grant permissions to users based on roles](/datacenter/ucp/2.2/guides/access-control/grant-permissions.md).
{% endif %}
- [Deploy a simple stateless app with RBAC](deploy-stateless-app.md)

21
ee/ucp/authorization/group-resources.md
View File

@ -2,22 +2,9 @@
title: Group and isolate cluster resources
description: Learn how to group resources into collections or namespaces to control user access.
keywords: rbac, ucp, grant, role, permission, authentication, resource set, collection, namespace, Kubernetes
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: false
next_steps:
- path: create-users-and-teams-manually/
title: Create and configure users and teams
- path: define-roles/
title: Define roles with authorized API operations
- path: grant-permissions/
title: Grant role-access to cluster resources
redirect_from:
- /datacenter/ucp/3.0/guides/authorization/group-resources/
---
{% if include.version=="ucp-3.0" %}
Docker EE enables access control to cluster resources by grouping resources
into *resource sets*. Combine resource sets with [grants](grant-permissions)
@ -171,8 +158,8 @@ If you want to isolate nodes against other teams, place these nodes in new
collections, and assign the `Scheduler` role, which contains the `Node Schedule`
permission, to the team. [Isolate swarm nodes to a specific team](isolate-nodes.md).
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn to [manage access to resources by using collections](/datacenter/ucp/2.2/guides/access-control/manage-access-with-collections.md).
{% endif %}
- [Create and configure users and teams](create-users-and-teams-manually.md)
- [Define roles with authorized API operations](define-roles.md)
- [Grant role-access to cluster resources](grant-permissions.md)

24
ee/ucp/authorization/index.md
View File

@ -2,22 +2,7 @@
title: Access control model
description: Manage access to resources with role-based access control.
keywords: ucp, grant, role, permission, authentication, authorization, resource, namespace, Kubernetes
ui_tabs:
- version: ucp-3.0
orlower: false
- version: ucp-2.2
orlower: false
next_steps:
- path: create-users-and-teams-manually/
title: Create and configure users and teams
- path: define-roles/
title: Define roles with authorized API operations
- path: group-resources/
title: Group and isolate cluster resources
- path: grant-permissions/
title: Grant role-access to cluster resources
---
{% if include.version=="ucp-3.0" %}
[Docker Universal Control Plane (UCP)](../index.md),
the UI for [Docker EE](https://www.docker.com/enterprise-edition), lets you
@ -111,8 +96,9 @@ resources.
> and applies grants to users and teams.
{: .important}
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [access control model in UCP](/datacenter/ucp/2.2/guides/access-control/index.md).
{% endif %}
- [Create and configure users and teams](create-users-and-teams-manually.md)
- [Define roles with authorized API operations](define-roles.md)
- [Grant role-access to cluster resources](grant-permissions.md)
- [Group and isolate cluster resources](group-resources.md)

16
ee/ucp/authorization/isolate-nodes.md
View File

@ -2,16 +2,7 @@
title: Isolate cluster nodes in Docker Advanced
description: Create grants that limit access to nodes to specific teams.
keywords: ucp, grant, role, permission, authentication, node, Kubernetes
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: isolate-volumes/
title: Isolate volumes
---
{% if include.version=="ucp-3.0" %}
With Docker EE Advanced, you can enable physical isolation of resources
by organizing nodes into collections and granting `Scheduler` access for
@ -283,9 +274,6 @@ The last step is to link the Kubernetes namespace the `/Prod` collection.
![](../images/isolate-nodes-10.png){: .with-border}
## Where to go next
{% elsif include.version=="ucp-2.2" %}
Learn about [isolating cluster nodes in Docker Advanced](/datacenter/ucp/2.2/guides/access-control/isolate-nodes-between-teams.md).
{% endif %}
- [Isolate volumes](isolate-volumes.md)

11
ee/ucp/authorization/isolate-volumes.md
View File

@ -2,14 +2,7 @@
title: Isolate volumes to a specific team
description: Create grants that limit access to volumes to specific teams.
keywords: ucp, grant, role, permission, authentication
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: isolate-nodes/
title: Isolate Swarm nodes in Docker Advanced
---
{% if include.version=="ucp-3.0" %}
In this example, two teams are granted access to volumes in two different
resource collections. UCP access control prevents the teams from viewing and
@ -98,4 +91,6 @@ created by the Dev and Prod users.
![](../images/isolate-volumes-4.png){: .with-border}
{% endif %}
## Where to go next
- [Isolate Swarm nodes in Docker Advanced](isolate-nodes.md)

6
ee/ucp/authorization/migrate-kubernetes-roles.md
View File

@ -2,11 +2,7 @@
title: Migrate Kubernetes roles to Docker EE authorization
description: Learn how to transfer Kubernetes Role and RoleBinding objects to UCP roles and grants.
keywords: authorization, authentication, authorize, authenticate, user, team, UCP, Kubernetes, role, grant
ui_tabs:
- version: ucp-3.0
orlower: false
---
{% if include.version=="ucp-3.0" %}
With Docker Enterprise Edition, you can create roles and grants
that implement the permissions that are defined in your Kubernetes apps.
@ -126,5 +122,3 @@ Kubernetes workloads:
The `default` service account has no permissions and can't use the Kubernetes
API. All other service accounts have full admin permissions and can only be
used by Docker EE administrators.
{% endif %}

7
ee/ucp/authorization/reset-user-password.md
View File

@ -2,13 +2,7 @@
title: Reset a user password
description: Learn how to recover your Docker Enterprise Edition credentials.
keywords: ucp, authentication, password
ui_tabs:
- version: ucp-3.0
orlower: true
---
{% if include.version=="ucp-3.0" %}
## Change user passwords
Docker EE administrators can reset user passwords managed in UCP:
@ -35,6 +29,5 @@ docker exec -it ucp-auth-api enzi \
{% endraw %}
```
{% endif %}

26
ee/ucp/index.md
View File

@ -2,24 +2,11 @@
title: Universal Control Plane overview
description: |
Learn about Docker Universal Control Plane, the enterprise-grade cluster management solution from Docker.
ui_tabs:
- version: ucp-3.0
orhigher: true
cli_tabs:
- version: docker-cli-linux
next_steps:
- path: admin/install/
title: Install UCP
- path: /ee/docker-ee-architecture/
title: Docker EE Platform 2.0 architecture
keywords: ucp, overview, orchestration, cluster
redirect_from:
- /ucp/
- /datacenter/ucp/3.0/guides/
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane (UCP) is the enterprise-grade cluster management
solution from Docker. You install it on-premises or in your virtual private
@ -63,12 +50,7 @@ are safe and can't be tampered with.
You can also enforce security policies and only allow running applications
that use Docker images you know and trust.
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
## Use the Docker CLI client
Because UCP exposes the standard Docker API, you can continue using the tools
you already know, including the Docker CLI client, to deploy and manage your
@ -99,5 +81,7 @@ Managers: 1
```
{% endif %}
{% endif %}
## Where to go next
- [Install UCP](admin/install/index.md)
- [Docker EE Platform 2.0 architecture](/ee/docker-ee-architecture.md)

6
ee/ucp/interlock/architecture.md
View File

@ -3,13 +3,8 @@ title: Interlock architecture
description: Learn more about the architecture of the layer 7 routing solution
for Docker swarm services.
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
The layer 7 routing solution for swarm workloads is known as Interlock, and has
three components:
@ -76,4 +71,3 @@ based on the labels you've added to your services.
This all happens in milliseconds and with rolling updates. Even though
services are being reconfigured, users won't notice it.
{% endif %}

6
ee/ucp/interlock/deploy/configuration-reference.md
View File

@ -2,13 +2,8 @@
title: Layer 7 routing configuration reference
description: Learn the configuration options for the UCP layer 7 routing solution
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
Once you enable the layer 7 routing service, UCP creates the
`com.docker.ucp.interlock.conf-1` configuration and uses it to configure all
the internal components of this service.
@ -151,4 +146,3 @@ available for the proxy service:
| `TraceLogFormat` | string | [Format](http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) to use for trace logger. |
{% endif %}

6
ee/ucp/interlock/deploy/configure.md
View File

@ -3,13 +3,8 @@ title: Configure the layer 7 routing service
description: Learn how to configure the layer 7 routing solution for UCP, that allows
you to route traffic to swarm services.
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
[When enabling the layer 7 routing solution](index.md) from the UCP web UI,
you can configure the ports for incoming traffic. If you want to further
customize the layer 7 routing solution, you can do it by updating the
@ -66,4 +61,3 @@ you'll have to update it again to use the Docker configuration object
you've created.
{% endif %}

14
ee/ucp/interlock/deploy/index.md
View File

@ -1,16 +1,10 @@
---
title: Enable ayer 7 routing
title: Enable layer 7 routing
description: Learn how to enable the layer 7 routing solution for UCP, that allows
you to route traffic to swarm services.
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
---
{% if include.version=="ucp-3.0" %}
To enable support for layer 7 routing, also known as HTTP routing mesh,
log in to the UCP web UI as an administrator, navigate to the **Admin Settings**
page, and click the **Routing Mesh** option. Check the **Enable routing mesh** option.
@ -22,9 +16,3 @@ By default, the routing mesh service listens on port 80 for HTTP and port
them.
Once you save, the layer 7 routing service can be used by your swarm services.
{% elsif include.version=="ucp-2.2" %}
* [Configure UCP 2.2 HTTP routing mesh](/datacenter/ucp/2.2/guides/admin/configure/use-domain-names-to-access-services.md)
{% endif %}

6
ee/ucp/interlock/deploy/production.md
View File

@ -3,13 +3,8 @@ title: Configure layer 7 routing for production
description: Learn how to configure the layer 7 routing solution for a production
environment.
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
The layer 7 solution that ships out of the box with UCP is highly available
and fault tolerant. It is also designed to work independently of how many
nodes you're managing with UCP.
@ -92,4 +87,3 @@ load balancer with the domain names or IP addresses of those nodes.
This makes sure all traffic is directed to these nodes.
{% endif %}

5
ee/ucp/interlock/index.md
View File

@ -2,11 +2,7 @@
title: Layer 7 routing overview
description: Learn how to route layer 7 traffic to your swarm services
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
Docker Engine running in swarm mode has a routing mesh, which makes it easy
to expose your services to the outside world. Since all nodes participate
@ -49,4 +45,3 @@ performance.
* **Security**: The layer 7 routing components that are exposed to the outside
world run on worker nodes. Even if they get compromised, your cluster won't.
{% endif %}

6
ee/ucp/interlock/usage/canary.md
View File

@ -2,13 +2,8 @@
title: Canary application instances
description: Learn how to do canary deployments for your Docker swarm services
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
In this example we will publish a service and deploy an updated service as canary instances.
First we will create an overlay network so that service traffic is isolated and secure:
@ -110,4 +105,3 @@ demo-v1
This will route all application traffic to the new version. If you need to rollback, simply scale the v1 service
back up and v2 down.
{% endif %}

6
ee/ucp/interlock/usage/context.md
View File

@ -3,13 +3,8 @@ title: Context/path based routing
description: Learn how to do route traffic to your Docker swarm services based
on a url path
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
In this example we will publish a service using context or path based routing.
First we will create an overlay network so that service traffic is isolated and secure:
@ -61,4 +56,3 @@ $> curl -vs -H "Host: demo.local" http://127.0.0.1/app/
...
```
{% endif %}

7
ee/ucp/interlock/usage/default-service.md
View File

@ -3,14 +3,8 @@ title: Set a default service
description: Learn about Interlock, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, interlock, load balancing
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
---
{% if include.version=="ucp-3.0" %}
The default proxy service used by UCP to provide layer 7 routing is NGINX,
so when users try to access a route that hasn't been configured, they will
see the default NGINX 404 page.
@ -54,4 +48,3 @@ to this demo service.
![Custom default page](../../images/interlock-default-service-2.png){: .with-border}
{% endif %}

11
ee/ucp/interlock/usage/index.md
View File

@ -2,14 +2,8 @@
title: Route traffic to a simple swarm service
description: Learn how to do canary deployments for your Docker swarm services
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
---
{% if include.version=="ucp-3.0" %}
Once the [layer 7 routing solution is enabled](../deploy/index.md), you can
start using it in your swarm services.
@ -99,8 +93,3 @@ able to start using the service from your browser.
![browser](../../images/route-simple-app-1.png){: .with-border }
{% elsif include.version=="ucp-2.2" %}
* [Use domain names to access services](/datacenter/ucp/2.2/guides/user/services/use-domain-names-to-access-services.md)
{% endif %}

6
ee/ucp/interlock/usage/labels-reference.md
View File

@ -3,13 +3,8 @@ title: Layer 7 routing labels reference
description: Learn about the labels you can use in your swarm services to route
layer 7 traffic to them.
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
Once the layer 7 routing solution is enabled, you can
[start using it in your swarm services](index.md).
@ -34,4 +29,3 @@ The following labels are available for you to use in swarm services:
| `com.docker.lb.redirects` | Semi-colon separated list of redirects to add in the format of `<source>,<target>`. Example: `http://old.example.com,http://new.example.com;` | `none` |
| `com.docker.lb.ssl_passthrough` | Enable SSL passthrough. | `false` |
{% endif %}

6
ee/ucp/interlock/usage/service-clusters.md
View File

@ -3,13 +3,8 @@ title: Service clusters
description: Learn about Interlock, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, interlock, load balancing
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
In this example we will configure an eight (8) node Swarm cluster that uses service clusters
to route traffic to different proxies. There are three (3) managers
and five (5) workers. Two of the workers are configured with node labels to be dedicated
@ -203,4 +198,3 @@ Application traffic is isolated to each service cluster. Interlock also ensures
to its designated service cluster. So in this example, updates to the `us-east` cluster will not affect the `us-west` cluster. If there is a problem
the others will not be affected.
{% endif %}

6
ee/ucp/interlock/usage/sessions.md
View File

@ -3,13 +3,8 @@ title: Persistent (sticky) sessions
description: Learn how to configure your swarm services with persistent sessions
using UCP.
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
In this example we will publish a service and configure the proxy for persistent (sticky) sessions.
# Cookies
@ -134,4 +129,3 @@ Note: due to the way the IP hashing works for extensions, you will notice a new
expected as internally the proxy uses the new set of replicas to decide on a backend on which to pin. Once the upstreams are
determined a new "sticky" backend will be chosen and that will be the dedicated upstream.
{% endif %}

6
ee/ucp/interlock/usage/websockets.md
View File

@ -3,13 +3,8 @@ title: Websockets
description: Learn how to use websocket in your swarm services when using the
layer 7 routing solution for UCP.
keywords: routing, proxy
ui_tabs:
- version: ucp-3.0
orhigher: false
---
{% if include.version=="ucp-3.0" %}
In this example we will publish a service and configure support for websockets.
First we will create an overlay network so that service traffic is isolated and secure:
@ -39,4 +34,3 @@ Interlock will detect once the service is available and publish it. Once the ta
and the proxy service has been updated the application should be available via `http://demo.local`. Open
two instances of your browser and you should see text on both instances as you type.
{% endif %}

12
ee/ucp/kubernetes/create-service-account.md
View File

@ -2,16 +2,8 @@
title: Create a service account for a Kubernetes app
description: Learn how to use a service account to give a Kubernetes workload access to cluster resources.
keywords: UCP, Docker EE, Kubernetes, authorization, access control, grant
ui_tabs:
- version: ucp-3.0
orlower: false
next_steps:
- path: deploy-ingress-controller/
title: Deploy an ingress controller for a Kubernetes app
---
{% if include.version=="ucp-3.0" %}
Kubernetes enables access control for workloads by providing service accounts.
A service account represents an identity for processes that run in a pod.
When a process is authenticated through a service account, it can contact the
@ -89,4 +81,6 @@ To give the service account access to cluster resources, create a grant with
Now `nginx-service-account` has access to all cluster resources that are
assigned to the `nginx` namespace.
{% endif %}
## Where to go next
- [Deploy an ingress controller for a Kubernetes app](deploy-ingress-controller.md)

6
ee/ucp/kubernetes/deploy-ingress-controller.md
View File

@ -2,11 +2,7 @@
title: Deploy an ingress controller for a Kubernetes app
description: Learn how to enable routing for a Kubernetes workload in Docker Enterprise Edition.
keywords: UCP, Docker EE, Kubernetes, ingress, routing
ui_tabs:
- version: ucp-3.0
orlower: false
---
{% if include.version=="ucp-3.0" %}
When you deploy your Kubernetes app on a Docker EE cluster, you may want to
expose a service that enables external users to connect to it. Also, you may
@ -332,5 +328,3 @@ This command returns the following result.
HTTP/1.1 200 OK
Server: nginx/1.13.8
```
{% endif %}

5
ee/ucp/kubernetes/deploy-with-compose.md
View File

@ -4,11 +4,7 @@ description: Use Docker Enterprise Edition to deploy a Kubernetes workload from
keywords: UCP, Docker EE, Kubernetes, Compose
redirect_from:
- /ee/ucp/user/services/deploy-compose-on-kubernetes/
ui_tabs:
- version: ucp-3.0
orlower: false
---
{% if include.version=="ucp-3.0" %}
Docker Enterprise Edition enables deploying [Docker Compose](/compose/overview.md/)
files to Kubernetes clusters. Starting in Compile file version 3.3, you use the
@ -91,4 +87,3 @@ are running.
7. Refresh the page to see how the load is balanced across the pods.
{% endif %}

17
ee/ucp/kubernetes/index.md
View File

@ -4,15 +4,7 @@ description: Use Docker Enterprise Edition to deploy Kubernetes workloads from y
keywords: UCP, Docker EE, orchestration, Kubernetes, cluster
redirect_from:
- /ee/ucp/user/services/deploy-kubernetes-workload/
ui_tabs:
- version: ucp-3.0
orlower: false
cli_tabs:
- version: kubectl
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
The Docker EE web UI enables deploying your Kubernetes YAML files. In most
cases, no modifications are necessary to deploy on a cluster that's managed by
@ -150,12 +142,7 @@ spec:
4. Find the **image: nginx:1.7.9** entry and change it to **image: nginx:1.8**.
5. Click **Edit** to update the deployment with the new YAML.
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="kubectl" %}
## Use the CLI to deploy Kubernetes objects
With Docker EE, you deploy your Kubernetes objects on the command line by using
`kubectl`. [Install and set up kubectl](https://v1-8.docs.kubernetes.io/docs/tasks/tools/install-kubectl/).
@ -263,5 +250,3 @@ You should see the currently running image:
Image: nginx:1.8
```
{% endif %}
{% endif %}

15
ee/ucp/kubernetes/install-cni-plugin.md
View File

@ -2,18 +2,8 @@
title: Install a CNI plugin
description: Learn how to install a Container Networking Interface plugin on Docker Universal Control Plane.
keywords: ucp, cli, administration, kubectl, Kubernetes, cni, Container Networking Interface, flannel, weave, ipip, calico
ui_tabs:
- version: ucp-3.0
orhigher: false
next_steps:
- path: ../admin/install/
title: Install UCP for production
- path: ../kubernetes/
title: Deploy a workload to a Kubernetes cluster
---
{% if include.version=="ucp-3.0" %}
With Docker Universal Control Plane, you can install a third-party Container
Networking Interface (CNI) plugin when you install UCP, by using the
`--cni-installer-url` option. By default, Docker EE installs the built-in
@ -98,4 +88,7 @@ wget https://github.com/projectcalico/calicoctl/releases/download/v1.6.3/calicoc
These steps disable overlay tunneling, and Calico uses the underlay networking,
in environments where it's supported.
{% endif %}
## Where to go next
- [Install UCP for production](../admin/install.md)
- [Deploy a workload to a Kubernetes cluster](../kubernetes.md)

10
ee/ucp/release-notes.md
View File

@ -3,15 +3,9 @@ title: UCP 3.0 Beta release notes
description: Release notes for Docker Universal Control Plane. Learn more about the
changes introduced in the latest versions.
keywords: UCP, release notes
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
redirect_from:
- /datacenter/ucp/3.0/guides/release-notes/
---
{% if include.version=="ucp-3.0" %}
Here you can learn about new features, bug fixes, breaking changes, and
known issues for the latest UCP version.
@ -194,11 +188,9 @@ up on the web UI but not be available for use.
* Deploying a Compose V2 or older file as a Kubernetes is not supported but
currently UCP doesn't present a meaningful error message to the user.
{% elsif include.version=="ucp-2.2" %}
## Release notes for earlier versions
- [UCP 2.2 release notes](/datacenter/ucp/2.2/guides/release-notes.md)
- [UCP 2.1 release notes](/datacenter/ucp/2.1/guides/release-notes/index.md)
- [UCP 2.0 release notes](/datacenter/ucp/2.0/guides/release-notes.md)
- [UCP 1.1 release notes](/datacenter/ucp/1.1/release_notes.md)
{% endif %}

6
ee/ucp/swarm/deploy-multi-service-app.md
View File

@ -6,13 +6,8 @@ redirect_from:
- /ee/ucp/user/services/
- /ee/ucp/swarm/deploy-from-cli/
- /ee/ucp/swarm/deploy-from-ui/
ui_tabs:
- version: ucp-3.0
orlower: true
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane allows you to use the tools you already know,
like `docker stack deploy` to deploy multi-service applications. You can
also deploy your applications from the UCP web UI.
@ -163,4 +158,3 @@ Swarm. For that reason, the following keywords are not supported:
Also, UCP doesn't store the stack definition you've used to deploy the stack.
You can use a version control system for this.
{% endif %}

17
ee/ucp/swarm/deploy-to-collection.md
View File

@ -4,18 +4,7 @@ description: Learn how to manage user access to application resources by using c
keywords: UCP, authentication, user management, stack, collection, role, application, resources
redirect_from:
- /ee/ucp/user/services/deploy-stack-to-collection/
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: ../kubernetes/deploy-with-compose/
title: Deploy a Compose-based app to a Kubernetes cluster
- path: /engine/reference/commandline/service_create/#set-metadata-on-a-service--l-label/
title: Set metadata on a service (-l, label)
- path: /engine/userguide/labels-custom-metadata/
title: Docker object labels
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane enforces role-based access control when you
deploy services. By default, you don't need to do anything, because UCP deploys
@ -105,4 +94,8 @@ To confirm that the service deployed to the `/Shared/wordpress` collection:
![](../images/deploy-stack-to-collection.png){: .with-border}
{% endif %}
## Where to go next
- [Deploy a Compose-based app to a Kubernetes cluster](../kubernetes/deploy-with-compose.md)
- [Set metadata on a service (-l, label)](/engine/reference/commandline/service_create/#set-metadata-on-a-service--l-label.md)
- [Docker object labels](/engine/userguide/labels-custom-metadata/.md)

17
ee/ucp/swarm/index.md
View File

@ -4,15 +4,7 @@ description: Learn how to deploy services to a cluster managed by Universal Cont
keywords: ucp, deploy, service
redirect_from:
- /ee/ucp/user/services/deploy-a-service/
ui_tabs:
- version: ucp-3.0
orlower: true
cli_tabs:
- version: docker-cli-linux
---
{% if include.ui %}
{% if include.version=="ucp-3.0" %}
You can deploy and monitor your services from the UCP web UI. In this example
we'll deploy an [NGINX](https://www.nginx.com/) web server and make it
@ -53,12 +45,7 @@ page, by going to `http://<node-ip>:8000`.
![](../images/deploy-a-service-4.png){: .with-border}
{% endif %}
{% endif %}
{% if include.cli %}
{% if include.version=="docker-cli-linux" %}
## Use the CLI to deploy the service
You can also deploy the same service from the CLI. Once you've set up your
[UCP client bundle](../user-access/cli.md), run:
@ -70,5 +57,3 @@ docker service create --name nginx \
nginx
```
{% endif %}
{% endif %}

6
ee/ucp/swarm/use-secrets.md
View File

@ -4,11 +4,7 @@ description: Learn how to manage your passwords, certificates, and other secrets
keywords: UCP, secret, password, certificate, private key
redirect_from:
- /ee/ucp/user/secrets/
ui_tabs:
- version: ucp-3.0
orlower: true
---
{% if include.version=="ucp-3.0" %}
When deploying and orchestrating services, you often need to configure them
with sensitive information like passwords, TLS certificates, or private keys.
@ -194,4 +190,4 @@ WordPress application is running and using the new password.
You can find additional documentation on managing secrets through the CLI at [How Docker manages secrets](/engine/swarm/secrets/#read-more-about-docker-secret-commands).
{% endif %}

14
ee/ucp/ucp-architecture.md
View File

@ -2,16 +2,7 @@
title: UCP architecture
description: Learn about the architecture of Docker Universal Control Plane.
keywords: ucp, architecture
ui_tabs:
- version: ucp-3.0
orhigher: false
next_steps:
- path: admin/install/system-requirements
title: System requirements
- path: admin/install/plan-installation
title: Plan your installation
---
{% if include.version=="ucp-3.0" %}
Universal Control Plane is a containerized application that runs on
[Docker Enterprise Edition](/ee/index.md) and extends its functionality
@ -210,4 +201,7 @@ tools to authenticate your requests using
[client certificates](user-access/index.md) that you can download
from your UCP profile page.
{% endif %}
## Where to go next
- [System requirements](admin/install/system-requirements.md)
- [Plan your installation](admin/install/plan-installation.md)

15
ee/ucp/user-access/cli.md
View File

@ -2,19 +2,10 @@
title: CLI-based access
description: Learn how to access Docker Universal Control Plane from the CLI.
keywords: ucp, cli, administration
ui_tabs:
- version: ucp-3.0
orhigher: false
- version: ucp-2.2
orlower: true
next_steps:
- path: ../swarm/
title: Deploy a service
redirect_from:
- /datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access/
- /ee/ucp/user/access-ucp/cli-based-access/
---
{% if include.version=="ucp-3.0" %}
With Universal Control Plane you can continue using the tools you know and
love like the Docker CLI client and kubectl. You just need to download and use
@ -169,8 +160,6 @@ $AUTHTOKEN=((Invoke-WebRequest -Body '{"username":"<username>", "password":"<pas
[io.file]::WriteAllBytes("ucp-bundle.zip", ((Invoke-WebRequest -Uri https://`<ucp-ip`>/api/clientbundle -Headers @{"Authorization"="Bearer $AUTHTOKEN"}).Content))
```
{% elsif include.version=="ucp-2.2" %}
## Where to go next
Learn about [CLI-based access](/datacenter/ucp/2.2/guides/user/access-ucp/cli-based-access.md).
{% endif %}
- [Deploy a service](../swarm.md)

14
ee/ucp/user-access/index.md
View File

@ -2,18 +2,9 @@
title: Web-based access
description: Learn how to access Docker Universal Control Plane from the web browser.
keywords: ucp, web, administration
ui_tabs:
- version: ucp-3.0
orlower: true
next_steps:
- path: ../authorization/
title: Authorization
- path: cli/
title: Access UCP from the CLI
redirect_from:
- /ee/ucp/user/access-ucp/
---
{% if include.version=="ucp-3.0" %}
Docker Universal Control Plane allows you to manage your cluster in a visual
way, from your browser.
@ -36,4 +27,7 @@ From the browser, administrators can:
Non-admin users can only see and change the images, networks, volumes, and
containers, and only when they're granted access by an administrator.
{% endif %}
## Where to go next
- [Authorization](../authorization.md)
- [Access UCP from the CLI](cli.md)

15
ee/ucp/user-access/kubectl.md
View File

@ -2,18 +2,8 @@
title: Install the Kubernetes CLI
description: Learn how to install kubectl, the Kubernetes command-line tool, on Docker Universal Control Plane.
keywords: ucp, cli, administration, kubectl, Kubernetes
ui_tabs:
- version: ucp-3.0
orhigher: false
next_steps:
- path: ../kubernetes/
title: Deploy a workload to a Kubernetes cluster
- path: /docker-for-mac/kubernetes/
title: Deploy to Kubernetes on Docker for Mac
---
{% if include.version=="ucp-3.0" %}
Docker EE installs Kubernetes automatically when you install UCP, and the
web UI enables deploying Kubernetes workloads and monitoring pods. You can
also interact with the Kubernetes deployment by using the Kubernetes
@ -103,5 +93,8 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d
```
{% endif %}
## Where to go next
- [Deploy a workload to a Kubernetes cluster](../kubernetes.md)
- [Deploy to Kubernetes on Docker for Mac](/docker-for-mac/kubernetes.md)

14
ee/upgrade.md
View File

@ -1,18 +1,10 @@
---
title: Upgrade Docker EE
description: |
Learn how to upgrade your Docker Enterprise Edition, to start using the latest features and security patches.
ui_tabs:
- version: dee-2.0
orhigher: false
next_steps:
- path: backup/
title: Backup Docker EE
description: Learn how to upgrade your Docker Enterprise Edition, to start using the latest features and security patches.
keywords: enterprise, upgrade
redirect_from:
- /enterprise/upgrade/
---
{% if include.version=="dee-2.0" %}
To upgrade Docker Enterprise Edition you need to individually upgrade each of the
following components:
@ -131,4 +123,6 @@ Log in into the DTR web UI to check if there's a new version available.
Then follow these [instructions to upgrade DTR](/ee/dtr/admin/upgrade.md).
When this is finished, your Docker EE has been upgraded.
{% endif %}
## Where to go next
- [Backup Docker EE](backup.md)