docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1254 from ollypom/docsprivatemaster 

docker.github.io master into docs-private master
This commit is contained in:
Dawn W 2019-07-08 14:43:41 -07:00 committed by GitHub
parent 15491655f2 9bafc04bcc
commit f27ff20502
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 730 additions and 368 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_config.yml
View File

@ -135,7 +135,7 @@ defaults:
hide_from_sitemap: true
dtr_org: "docker"
dtr_repo: "dtr"
dtr_version: "2.5.11"
dtr_version: "2.5.12"
- scope:
path: "datacenter/dtr/2.4"
values:
@ -193,14 +193,14 @@ defaults:
hide_from_sitemap: true
ucp_org: "docker"
ucp_repo: "ucp"
ucp_version: "3.0.11"
ucp_version: "3.0.12"
- scope:
path: "datacenter/ucp/2.2"
values:
hide_from_sitemap: true
ucp_org: "docker"
ucp_repo: "ucp"
ucp_version: "2.2.18"
ucp_version: "2.2.19"
- scope:
path: "datacenter/ucp/2.1"
values:

36
_data/ddc_offline_files_2.yaml
View File

@ -5,7 +5,15 @@
# Used by _includes/components/ddc_url_list_2.html
- product: "ucp"
version: "3.1"
tar-files:
tar-files:
- description: "3.1.8 Linux"
url: https://packages.docker.com/caas/ucp_images_3.1.8.tar.gz
- description: "3.1.8 Windows Server 2016 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_2016_3.1.8.tar.gz
- description: "3.1.8 Windows Server 1803"
url: https://packages.docker.com/caas/ucp_images_win_1803_3.1.8.tar.gz
- description: "3.1.8 Windows Server 2019 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_2019_3.1.8.tar.gz
- description: "3.1.7 Linux"
url: https://packages.docker.com/caas/ucp_images_3.1.7.tar.gz
- description: "3.1.7 Windows Server 2016 LTSC"
@ -83,6 +91,14 @@
- product: "ucp"
version: "3.0"
tar-files:
- description: "3.0.12 Linux"
url: https://packages.docker.com/caas/ucp_images_3.0.12.tar.gz
- description: "3.0.12 IBM Z"
url: https://packages.docker.com/caas/ucp_images_s390x_3.0.12.tar.gz
- description: "3.0.12 Windows Server 2016 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.12.tar.gz
- description: "3.0.12 Windows Server 1803"
url: https://packages.docker.com/caas/ucp_images_win_1803_3.0.12.tar.gz
- description: "3.0.11 Linux"
url: https://packages.docker.com/caas/ucp_images_3.0.11.tar.gz
- description: "3.0.11 IBM Z"
@ -186,6 +202,12 @@
- product: "ucp"
version: "2.2"
tar-files:
- description: "2.2.19 Linux"
url: https://packages.docker.com/caas/ucp_images_2.2.19.tar.gz
- description: "2.2.19 IBM Z"
url: https://packages.docker.com/caas/ucp_images_s390x_2.2.19.tar.gz
- description: "2.2.19 Windows"
url: https://packages.docker.com/caas/ucp_images_win_2.2.19.tar.gz
- description: "2.2.18 Linux"
url: https://packages.docker.com/caas/ucp_images_2.2.18.tar.gz
- description: "2.2.18 IBM Z"
@ -296,14 +318,16 @@
- product: "dtr"
version: "2.6"
tar-files:
- description: "DTR 2.6.7 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.7.tar.gz
- description: "DTR 2.6.6 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.6.tar.gz
url: https://packages.docker.com/caas/dtr_images_2.6.6.tar.gz
- description: "DTR 2.6.5 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.5.tar.gz
url: https://packages.docker.com/caas/dtr_images_2.6.5.tar.gz
- description: "DTR 2.6.4 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.4.tar.gz
url: https://packages.docker.com/caas/dtr_images_2.6.4.tar.gz
- description: "DTR 2.6.3 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.3.tar.gz
url: https://packages.docker.com/caas/dtr_images_2.6.3.tar.gz
- description: "DTR 2.6.2 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.2.tar.gz
- description: "DTR 2.6.1 Linux x86"
@ -313,6 +337,8 @@
- product: "dtr"
version: "2.5"
tar-files:
- description: "DTR 2.5.12 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.12.tar.gz
- description: "DTR 2.5.11 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.11.tar.gz
- description: "DTR 2.5.10 Linux x86"

2
_data/toc.yaml
View File

@ -3371,7 +3371,7 @@ manuals:
title: CLI reference
- sectiontitle: Docker Compose
section:
- path: /compose/overview/
- path: /compose/
title: Overview of Docker Compose
- path: /compose/install/
title: Install Compose

183
compose/index.md
View File

@ -1,24 +1,187 @@
---
description: Introduction and Overview of Compose
keywords: documentation, docs, docker, compose, orchestration, containers
title: Docker Compose
notoc: true
keywords: documentation, docs, docker, compose, orchestration, containers
title: Overview of Docker Compose
redirect_from:
- /compose/overview/
---
Compose is a tool for defining and running multi-container Docker applications. To learn more about Compose refer to the following documentation:
>**Looking for Compose file reference?** [Find the latest version here](/compose/compose-file/index.md).
- [Compose Overview](overview.md)
- [Install Compose](install.md)
Compose is a tool for defining and running multi-container Docker applications.
With Compose, you use a YAML file to configure your application's services.
Then, with a single command, you create and start all the services
from your configuration. To learn more about all the features of Compose,
see [the list of features](overview.md#features).
Compose works in all environments: production, staging, development, testing, as
well as CI workflows. You can learn more about each case in [Common Use
Cases](overview.md#common-use-cases).
Using Compose is basically a three-step process:
1. Define your app's environment with a `Dockerfile` so it can be reproduced
anywhere.
2. Define the services that make up your app in `docker-compose.yml`
so they can be run together in an isolated environment.
3. Run `docker-compose up` and Compose starts and runs your entire app.
A `docker-compose.yml` looks like this:
version: '3'
services:
web:
build: .
ports:
- "5000:5000"
volumes:
- .:/code
- logvolume01:/var/log
links:
- redis
redis:
image: redis
volumes:
logvolume01: {}
For more information about the Compose file, see the
[Compose file reference](compose-file/index.md).
Compose has commands for managing the whole lifecycle of your application:
* Start, stop, and rebuild services
* View the status of running services
* Stream the log output of running services
* Run a one-off command on a service
## Compose documentation
- [Installing Compose](install.md)
- [Getting Started](gettingstarted.md)
- [Get started with Django](django.md)
- [Get started with Rails](rails.md)
- [Get started with WordPress](wordpress.md)
- [Get started with Drupal](/samples/drupal/)
- [Frequently asked questions](faq.md)
- [Command-line reference](./reference/index.md)
- [Compose file reference](/compose/compose-file/index.md)
- [Environment file](env-file.md)
- [Command line reference](./reference/index.md)
- [Compose file reference](compose-file/index.md)
## Features
The features of Compose that make it effective are:
* [Multiple isolated environments on a single host](overview.md#Multiple-isolated-environments-on-a-single-host)
* [Preserve volume data when containers are created](overview.md#preserve-volume-data-when-containers-are-created)
* [Only recreate containers that have changed](overview.md#only-recreate-containers-that-have-changed)
* [Variables and moving a composition between environments](overview.md#variables-and-moving-a-composition-between-environments)
### Multiple isolated environments on a single host
Compose uses a project name to isolate environments from each other. You can make use of this project name in several different contexts:
* on a dev host, to create multiple copies of a single environment, such as when you want to run a stable copy for each feature branch of a project
* on a CI server, to keep builds from interfering with each other, you can set
the project name to a unique build number
* on a shared host or dev host, to prevent different projects, which may use the
same service names, from interfering with each other
The default project name is the basename of the project directory. You can set
a custom project name by using the
[`-p` command line option](./reference/overview.md) or the
[`COMPOSE_PROJECT_NAME` environment variable](./reference/envvars.md#compose-project-name).
### Preserve volume data when containers are created
Compose preserves all volumes used by your services. When `docker-compose up`
runs, if it finds any containers from previous runs, it copies the volumes from
the old container to the new container. This process ensures that any data
you've created in volumes isn't lost.
If you use `docker-compose` on a Windows machine, see
[Environment variables](reference/envvars.md) and adjust the necessary environment
variables for your specific needs.
### Only recreate containers that have changed
Compose caches the configuration used to create a container. When you
restart a service that has not changed, Compose re-uses the existing
containers. Re-using containers means that you can make changes to your
environment very quickly.
### Variables and moving a composition between environments
Compose supports variables in the Compose file. You can use these variables
to customize your composition for different environments, or different users.
See [Variable substitution](compose-file.md#variable-substitution) for more
details.
You can extend a Compose file using the `extends` field or by creating multiple
Compose files. See [extends](extends.md) for more details.
## Common use cases
Compose can be used in many different ways. Some common use cases are outlined
below.
### Development environments
When you're developing software, the ability to run an application in an
isolated environment and interact with it is crucial. The Compose command
line tool can be used to create the environment and interact with it.
The [Compose file](compose-file.md) provides a way to document and configure
all of the application's service dependencies (databases, queues, caches,
web service APIs, etc). Using the Compose command line tool you can create
and start one or more containers for each dependency with a single command
(`docker-compose up`).
Together, these features provide a convenient way for developers to get
started on a project. Compose can reduce a multi-page "developer getting
started guide" to a single machine readable Compose file and a few commands.
### Automated testing environments
An important part of any Continuous Deployment or Continuous Integration process
is the automated test suite. Automated end-to-end testing requires an
environment in which to run tests. Compose provides a convenient way to create
and destroy isolated testing environments for your test suite. By defining the full environment in a [Compose file](compose-file.md), you can create and destroy these environments in just a few commands:
$ docker-compose up -d
$ ./run_tests
$ docker-compose down
### Single host deployments
Compose has traditionally been focused on development and testing workflows,
but with each release we're making progress on more production-oriented features. You can use Compose to deploy to a remote Docker Engine. The Docker Engine may be a single instance provisioned with
[Docker Machine](/machine/overview.md) or an entire
[Docker Swarm](/engine/swarm/index.md) cluster.
For details on using production-oriented features, see
[compose in production](production.md) in this documentation.
## Release notes
To see a detailed list of changes for past and current releases of Docker
Compose, refer to the
[CHANGELOG](https://github.com/docker/compose/blob/master/CHANGELOG.md).
## Getting help
Docker Compose is under active development. If you need help, would like to
contribute, or simply want to talk about the project with like-minded
individuals, we have a number of open channels for communication.
* To report bugs or file feature requests: use the [issue tracker on Github](https://github.com/docker/compose/issues).
* To talk about the project with people in real time: join the
`#docker-compose` channel on freenode IRC.
* To contribute code or documentation changes: submit a [pull request on Github](https://github.com/docker/compose/pulls).
For more information and resources, visit the [Getting Help project page](/opensource/get-help/).

185
compose/overview.md
View File

@ -1,185 +0,0 @@
---
description: Introduction and Overview of Compose
keywords: documentation, docs, docker, compose, orchestration, containers
title: Overview of Docker Compose
---
>**Looking for Compose file reference?** [Find the latest version here](/compose/compose-file/index.md).
Compose is a tool for defining and running multi-container Docker applications.
With Compose, you use a YAML file to configure your application's services.
Then, with a single command, you create and start all the services
from your configuration. To learn more about all the features of Compose,
see [the list of features](overview.md#features).
Compose works in all environments: production, staging, development, testing, as
well as CI workflows. You can learn more about each case in [Common Use
Cases](overview.md#common-use-cases).
Using Compose is basically a three-step process:
1. Define your app's environment with a `Dockerfile` so it can be reproduced
anywhere.
2. Define the services that make up your app in `docker-compose.yml`
so they can be run together in an isolated environment.
3. Run `docker-compose up` and Compose starts and runs your entire app.
A `docker-compose.yml` looks like this:
version: '3'
services:
web:
build: .
ports:
- "5000:5000"
volumes:
- .:/code
- logvolume01:/var/log
links:
- redis
redis:
image: redis
volumes:
logvolume01: {}
For more information about the Compose file, see the
[Compose file reference](compose-file/index.md).
Compose has commands for managing the whole lifecycle of your application:
* Start, stop, and rebuild services
* View the status of running services
* Stream the log output of running services
* Run a one-off command on a service
## Compose documentation
- [Installing Compose](install.md)
- [Getting Started](gettingstarted.md)
- [Get started with Django](django.md)
- [Get started with Rails](rails.md)
- [Get started with WordPress](wordpress.md)
- [Frequently asked questions](faq.md)
- [Command line reference](./reference/index.md)
- [Compose file reference](compose-file/index.md)
## Features
The features of Compose that make it effective are:
* [Multiple isolated environments on a single host](overview.md#Multiple-isolated-environments-on-a-single-host)
* [Preserve volume data when containers are created](overview.md#preserve-volume-data-when-containers-are-created)
* [Only recreate containers that have changed](overview.md#only-recreate-containers-that-have-changed)
* [Variables and moving a composition between environments](overview.md#variables-and-moving-a-composition-between-environments)
### Multiple isolated environments on a single host
Compose uses a project name to isolate environments from each other. You can make use of this project name in several different contexts:
* on a dev host, to create multiple copies of a single environment, such as when you want to run a stable copy for each feature branch of a project
* on a CI server, to keep builds from interfering with each other, you can set
the project name to a unique build number
* on a shared host or dev host, to prevent different projects, which may use the
same service names, from interfering with each other
The default project name is the basename of the project directory. You can set
a custom project name by using the
[`-p` command line option](./reference/overview.md) or the
[`COMPOSE_PROJECT_NAME` environment variable](./reference/envvars.md#compose-project-name).
### Preserve volume data when containers are created
Compose preserves all volumes used by your services. When `docker-compose up`
runs, if it finds any containers from previous runs, it copies the volumes from
the old container to the new container. This process ensures that any data
you've created in volumes isn't lost.
If you use `docker-compose` on a Windows machine, see
[Environment variables](reference/envvars.md) and adjust the necessary environment
variables for your specific needs.
### Only recreate containers that have changed
Compose caches the configuration used to create a container. When you
restart a service that has not changed, Compose re-uses the existing
containers. Re-using containers means that you can make changes to your
environment very quickly.
### Variables and moving a composition between environments
Compose supports variables in the Compose file. You can use these variables
to customize your composition for different environments, or different users.
See [Variable substitution](compose-file.md#variable-substitution) for more
details.
You can extend a Compose file using the `extends` field or by creating multiple
Compose files. See [extends](extends.md) for more details.
## Common use cases
Compose can be used in many different ways. Some common use cases are outlined
below.
### Development environments
When you're developing software, the ability to run an application in an
isolated environment and interact with it is crucial. The Compose command
line tool can be used to create the environment and interact with it.
The [Compose file](compose-file.md) provides a way to document and configure
all of the application's service dependencies (databases, queues, caches,
web service APIs, etc). Using the Compose command line tool you can create
and start one or more containers for each dependency with a single command
(`docker-compose up`).
Together, these features provide a convenient way for developers to get
started on a project. Compose can reduce a multi-page "developer getting
started guide" to a single machine readable Compose file and a few commands.
### Automated testing environments
An important part of any Continuous Deployment or Continuous Integration process
is the automated test suite. Automated end-to-end testing requires an
environment in which to run tests. Compose provides a convenient way to create
and destroy isolated testing environments for your test suite. By defining the full environment in a [Compose file](compose-file.md), you can create and destroy these environments in just a few commands:
$ docker-compose up -d
$ ./run_tests
$ docker-compose down
### Single host deployments
Compose has traditionally been focused on development and testing workflows,
but with each release we're making progress on more production-oriented features. You can use Compose to deploy to a remote Docker Engine. The Docker Engine may be a single instance provisioned with
[Docker Machine](/machine/overview.md) or an entire
[Docker Swarm](/engine/swarm/index.md) cluster.
For details on using production-oriented features, see
[compose in production](production.md) in this documentation.
## Release notes
To see a detailed list of changes for past and current releases of Docker
Compose, refer to the
[CHANGELOG](https://github.com/docker/compose/blob/master/CHANGELOG.md).
## Getting help
Docker Compose is under active development. If you need help, would like to
contribute, or simply want to talk about the project with like-minded
individuals, we have a number of open channels for communication.
* To report bugs or file feature requests: use the [issue tracker on Github](https://github.com/docker/compose/issues).
* To talk about the project with people in real time: join the
`#docker-compose` channel on freenode IRC.
* To contribute code or documentation changes: submit a [pull request on Github](https://github.com/docker/compose/pulls).
For more information and resources, visit the [Getting Help project page](/opensource/get-help/).

28
docker-for-mac/edge-release-notes.md
View File

@ -18,6 +18,34 @@ for Mac](install.md#download-docker-for-mac).
## Edge Releases of 2019
### Docker Community Edition 2.0.5.0 2019-06-12
[Download](https://download.docker.com/mac/edge/35318/Docker.dmg)
This is the Edge channel, which gives you early access to our newest features. Be aware that some of them may be experimental, and some of them may not ever reach the Stable release.
This release contains a Kubernetes upgrade. Note that your local Kubernetes cluster will be reset after install.
* Upgrades
- [Docker 19.03.0-rc2](https://github.com/docker/docker-ce/releases/tag/v19.03.0-rc2)
- [Kubernetes 1.14.3](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.3)
- [Compose on Kubernetes 0.4.23](https://github.com/docker/compose-on-kubernetes/releases/tag/v0.4.23)
- [linuxkit v0.7](https://github.com/linuxkit/linuxkit/releases/tag/v0.7)
- [Qemu 4.0.0](https://github.com/docker/binfmt) for cross compiling for ARM
* New
- Docker Desktop includes the `buildx` plugin (currently experimental).
- Selecting the `Experimental features` checkbox on the Docker Desktop Preferences Daemon page enables experimental features in the Docker daemon and the Docker CLI.
- Docker Desktop has improved the reliability of `com.docker.osxfs trace` performance profiling command.
- Users can now run the `com.docker.osxfs trace --summary` option to get a high-level summary of operations, instead of receiving a trace of all operations.
- Docker Desktop now supports large lists of DNS resource records on Mac. Fixes [docker/for-mac#2160](https://github.com/docker/for-mac/issues/2160#issuecomment-431571031)
* Bug fixes and minor changes
- Docker Desktop does not send DNS queries for `docker-desktop.<domain>` every 10s. It now relies on the host's DNS domain search order rather than trying to replicate it inside the VM.
- Docker Desktop has removed the ability to log in using email address as a username as the Docker command line does not support this.
- Docker Desktop now allows running a Docker registry inside a container. Fixes [docker/for-mac#3611](https://github.com/docker/for-mac/issues/3611)
- Fixed a stability issue with the DNS resolver.
### Docker Community Edition 2.0.4.1 2019-05-07
[Download](https://download.docker.com/mac/edge/34207/Docker.dmg)

2
docker-for-mac/install.md
View File

@ -49,7 +49,7 @@ for Docker Desktop for Mac, and how the two products can coexist.
* **What the install includes**: The installation provides
[Docker Engine](/engine/userguide/), Docker CLI client,
[Docker Compose](/compose/overview/), [Docker Machine](/machine/overview/), and [Kitematic](/kitematic/userguide.md).
[Docker Compose](/compose/), [Docker Machine](/machine/overview/), and [Kitematic](/kitematic/userguide.md).
## Install and run Docker Desktop for Mac

33
docker-for-windows/edge-release-notes.md
View File

@ -18,6 +18,39 @@ for Windows](install.md#download-docker-for-windows).
## Edge Releases of 2019
### Docker Community Edition 2.0.5.0 2019-06-12
[Download](https://download.docker.com/win/edge/35318/Docker%20Desktop%20Installer.exe)
This is the Edge channel, which gives you early access to our newest features. Be aware that some of them may be experimental, and some of them may not ever reach the Stable release.
This release contains a Kubernetes upgrade. Note that your local Kubernetes cluster will be reset after installation.
* Upgrades
- [Docker 19.03.0-rc2](https://github.com/docker/docker-ce/releases/tag/v19.03.0-rc2)
- [Kubernetes 1.14.3](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.3)
- [Compose on Kubernetes 0.4.23](https://github.com/docker/compose-on-kubernetes/releases/tag/v0.4.23)
- [linuxkit v0.7](https://github.com/linuxkit/linuxkit/releases/tag/v0.7)
- [Qemu 4.0.0](https://github.com/docker/binfmt) for cross compiling for ARM
* New
- Docker Desktop includes the `buildx` plugin (currently experimental).
- Selecting the `Experimental features` checkbox on the Docker Desktop settings Daemon page enables experimental features in the Docker daemon and the Docker CLI.
- Docker Desktop now checks for stored credentials at startup before attempting to mount any shared drives. This prompts users to reenter the credentials if they are invalid.
* Bug fixes and minor changes
- Fixed race condition where Kubernetes sometimes fails to start after the app is restarted.
- The system tray icon now opens the Docker Desktop menu with left or right mouse button.
- When displaying the crash report window, Docker Desktop does not send a bugsnag crash report unless the user needs the report to upload diagnostics.
- Docker Desktop has removed the ability to log in using email address as a username as the Docker command line does not support this.
- For Linux containers on Windows (LCOW), at least one physical computer running Windows 10 Professional or Windows 10 Enterprise version 1809 or later is required.
- The `Send usage statistics` checkbox is selected by default in Docker Desktop for Windows (Community). This option cannot be modified.
- Docker Desktop has added a new dialog box during startup which allows users to retry mounting a shared drive or remove it from the shared drives list after a failed attempt.
* Known issues
- Windows containers networking does not work properly on Windows 1903.
### Docker Community Edition 2.0.4.1 2019-05-07
[Download](https://download.docker.com/win/edge/34207/Docker%20Desktop%20Installer.exe)

121
ee/dtr/release-notes.md
View File

@ -77,6 +77,37 @@ to upgrade your installation to the latest release.
# Version 2.6
## 2.6.7
(2019-6-27)
### Enhancements
* Added UI support to retain metadata when switching between storage drivers.(docker/dhe-deploy#10340). For more information, see (docker/dhe-deploy #10199) and (docker/dhe-deploy #10181).
* Added UI support to disable persistent cookies. (docker/dhe-deploy #10353)
### Bug fixes
* Fixed a UI bug where non-admin namespace owners could not create a repository. (docker/dhe-deploy #10371)
* Fixed a bug where duplicate scan jobs were causing scans to never exit. (docker/dhe-deploy #10316)
* Fixed a bug where logged in users were unable to pull from public repositories. (docker/dhe-deploy #10343)
* Fixed a bug where attempts to switch pages to navigate through the list of repositories did not result in an updated list of repositories. (docker/dhe-deploy #10377)
* Fixed a pagination issue where the number of repositories listed when switching pages was not accurate. (docker/dhe-deploy #10376)
### Known issues
* Docker Engine Enterprise Edition (Docker EE) Upgrade
* There are [important changes to the upgrade process](/ee/upgrade) that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before `18.09` to version `18.09` or greater. For DTR-specific changes, see [2.5 to 2.6 upgrade](/ee/dtr/admin/upgrade/#25-to-26-upgrade).
* Web Interface
* Poll mirroring for Docker plugins such as `docker/imagefs` is currently broken. (docker/dhe-deploy #9490)
* When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
* In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the **Repository Settings** view. (docker/dhe-deploy #9554)
* Webhooks
* When configured for "Image promoted from repository" events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
* HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
* System
* When upgrading from `2.5` to `2.6`, the system will run a `metadatastoremigration` job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](/ee/dtr/admin/upgrade/#25-to-26-upgrade).
## 2.6.6
(2019-5-6)
@ -91,7 +122,7 @@ to upgrade your installation to the latest release.
- Next, add `keep_metadata: true` as a top-level key in the JSON you just created and modify it to contain your new storage settings.
- Finally, update your Registry settings with your modified JSON file via `curl -X PUT .../api/v0/admin/settings/registry -d @storage.json`.
### Bug Fixes
### Bug fixes
* Fixed an issue where replica version was inferred from DTR volume labels. (docker/dhe-deploy#10266)
@ -116,7 +147,7 @@ to upgrade your installation to the latest release.
## 2.6.5
(2019-4-11)
### Bug Fixes
### Bug fixes
* Fixed a bug where the web interface was not rendering for non-admin users.
* Removed `Users` tab from the side navigation [#10222](https://github.com/docker/dhe-deploy/pull/10222)
@ -142,7 +173,7 @@ to upgrade your installation to the latest release.
* Added `--storage-migrated` option to reconfigure with migrated content when moving content to a new NFS URL. (ENGDTR-794)
* Added a job log status filter which allows users to exclude jobs that are not currently ***running***. (docker/dhe-deploy #10077)
### Bug Fixes
### Bug fixes
* If you have a repository in DTR 2.4 with manifest lists enabled, `docker pull` would fail on images that have been pushed to the repository after you upgrade to 2.5 and opt into garbage collection. This also applied when upgrading from 2.5 to 2.6. The issue has been fixed in DTR 2.6.4. (ENGDTR-330 and docker/dhe-deploy #10105)
@ -169,7 +200,7 @@ to upgrade your installation to the latest release.
* Bump the Golang version that is used to build DTR to version 1.11.5. (docker/dhe-deploy#10060)
### Bug Fixes
### Bug fixes
* Users with read-only permissions can no longer see the README edit button for a repository. (docker/dhe-deploy#10056)
@ -198,7 +229,7 @@ to upgrade your installation to the latest release.
(2019-1-29)
### Bug Fixes
### Bug fixes
* Fixed a bug where scanning Windows images were stuck in Pending state. (docker/dhe-deploy #9969)
@ -228,7 +259,7 @@ to upgrade your installation to the latest release.
(2019-01-09)
### Bug Fixes
### Bug fixes
* Fixed a bug where notary signing data was not being backed up properly (docker/dhe-deploy #9862)
* Allow a cluster to go from 2 replicas to 1 without forcing removal (docker/dhe-deploy #9840)
@ -263,7 +294,7 @@ to upgrade your installation to the latest release.
(2018-11-08)
### New Features
### New features
* Web Interface
* Online garbage collection is no longer an experimental feature. Users can now write to DTR and push images during garbage collection. [Learn about garbage collection](/ee/dtr/admin/configure/garbage-collection/).
@ -322,7 +353,6 @@ to upgrade your installation to the latest release.
* `DELETE /api/v0/repositories/{namespace}/{reponame}/manifests/{reference}`
* The `enableManifestLists` field on the `POST /api/v0/repositories/{namespace}` endpoint will be removed in DTR 2.7. See [Deprecation Notice](deprecation-notice) for more details.
# Version 2.5
@ -331,6 +361,41 @@ to upgrade your installation to the latest release.
>
> Upgrade path from 2.5.x to 2.6: Upgrade directly to 2.6.4.
## 2.5.12
(2019-06-27)
### Bug fixes
* Fixed a bug where duplicate scan jobs were causing scans to never exit.(docker/dhe-deploy #10322)
* Fixed a pagination issue where the number of repositories listed when switching pages was not accurate. (docker/dhe-deploy #10383)
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
repository and tag.
* When deleting a repository with signed images, the DTR web interface no longer
shows instructions on how to delete trust data.
* There's no web interface support to update mirroring policies when rotating the TLS
certificates used by DTR. Use the API instead.
* The web interface for promotion policies is currently broken if you have a large number
of repositories.
* Clicking "Save & Apply" on a promotion policy doesn't work.
* Webhooks
* There is no webhook event for when an image is pulled.
* HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
* When configured for "Image promoted from repository" events, a webhook notification will be triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
* Online garbage collection
* The events API won't report events when tags and manifests are deleted.
* The events API won't report blobs deleted by the garbage collection job.
* Docker EE Advanced features
* Scanning any new push after metadatastore migration will not yet work.
* Pushes to repos with promotion policies (repo as source) are broken when an
image has a layer over 100MB.
* On upgrade the scanningstore container may restart with this error message:
FATAL: database files are incompatible with server
## 2.5.11
(2019-05-06)
@ -341,12 +406,12 @@ to upgrade your installation to the latest release.
* Bumped the Alpine version of the base image to 3.9. (docker/dhe-deploy #10301)
* Bumped Python dependencies to address vulnerabilities. (docker/dhe-deploy #10308 and #10311)
### Bug Fixes
### Bug fixes
* Fixed an issue where read / write permissions were used when copying files into containers. (docker/dhe-deploy #10207)
* Fixed an issue where non-admin users could not access their repositories from the Repositories page on the web interface. (docker/dhe-deploy #10294)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
@ -377,11 +442,11 @@ to upgrade your installation to the latest release.
(2019-3-28)
### Bug Fixes
### Bug fixes
* If you have a repository in DTR 2.4 with manifest lists enabled, `docker pull` used to fail on images that were pushed to the repository after you upgraded to 2.5 and opted into garbage collection. This has been fixed in 2.5.10. (docker/dhe-deploy#10106)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -415,7 +480,7 @@ to upgrade your installation to the latest release.
* Bump the Golang version that is used to build DTR to version 1.10.8. (docker/dhe-deploy#10071)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -448,11 +513,11 @@ to upgrade your installation to the latest release.
(2019-1-29)
### Bug Fixes
### Bug fixes
* Fixed an issue that prevented vulnerability updates from running if they were previously interrupted. (docker/dhe-deploy #9958)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -485,7 +550,7 @@ to upgrade your installation to the latest release.
(2019-01-09)
### Bug Fixes
### Bug fixes
* Fixed a bug where manifest lists were being appended to existing manifests lists when pushed. (docker/dhe-deploy #9811)
* Updated GoRethink library to avoid potential lock contention. (docker/dhe-deploy #9812)
@ -494,7 +559,7 @@ to upgrade your installation to the latest release.
### Changelog
* GoLang version bump to 1.10.7.
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -527,7 +592,7 @@ to upgrade your installation to the latest release.
(2018-10-25)
### Bug Fixes
### Bug fixes
* Fixed a bug where Windows images could not be promoted. (docker/dhe-deploy#9215)
* Removed Python3 from base image. (docker/dhe-deploy#9219)
* Added CSP (docker/dhe-deploy#9366)
@ -536,7 +601,7 @@ to upgrade your installation to the latest release.
* Backported ManifestList fixes. (docker/dhe-deploy#9547)
* Removed support sidebar link and associated content. (docker/dhe-deploy#9411)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -569,13 +634,13 @@ to upgrade your installation to the latest release.
(2018-8-30)
### Bug Fixes
### Bug fixes
* Fixed bug where repository tag list UI was not loading after a tag migration.
* Fixed bug to enable poll mirroring with Windows images.
* The RethinkDB image has been patched to remove unused components with known vulnerabilities including the RethinkCLI. To get an equivalent interface, run RethinkCLI from a separate image using `docker run -it --rm --net dtr-ol -v dtr-ca-$REPLICA_ID:/ca dockerhubenterprise/rethinkcli:v2.3.0 $REPLICA_ID`.
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -608,17 +673,17 @@ to upgrade your installation to the latest release.
(2018-6-21)
### New Features
### New features
* Allow users to adjust DTR log levels for alternative logging solutions.
### Bug Fixes
### Bug fixes
* Fixed URL redirect to release notes.
* Prevent OOM during garbage collection by reading less data into memory at a time.
* Fixed issue where worker capacities wouldn't update on minor version upgrades.
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -893,7 +958,7 @@ of testing the server to find which version works.
(2018-10-25)
### Bug Fixes
### Bug fixes
* Added CSP (Content Security Policy). (docker/dhe-deploy#9367 and docker/dhe-deploy#9584)
* Fixed critical vulnerability in RethinkDB. (docker/dhe-deploy#9574)
@ -911,7 +976,7 @@ of testing the server to find which version works.
(2018-07-26)
### Bug Fixes
### Bug fixes
* Fixed bug where repository tag list UI was not loading after a tag migration.
* The RethinkDB image has been patched to remove unused components with known vulnerabilities including the rethinkcli. To get an equivalent interface please run the rethinkcli from a separate image using `docker run -it --rm --net dtr-ol -v dtr-ca-$REPLICA_ID:/ca dockerhubenterprise/rethinkcli $REPLICA_ID`.
@ -925,11 +990,11 @@ of testing the server to find which version works.
(2018-06-21)
**New Features**
**New features**
* Allow users to adjust DTR log levels for alternative logging solutions.
**Bug Fixes**
**Bug fixes**
* Prevent OOM during garbage collection by reading less data into memory at a time.

36
ee/telemetry.md
View File

@ -53,7 +53,36 @@ You can find out more about an individual option by clicking the **?** icon.
## Use the CLI to control telemetry
To disable the telemetry plugin, use the `docker plugin disable` with either the plugin NAME or ID:
At the engine level, there is a telemetry module built into the Docker
Enterprise Engine 18.09 or newer. It can be disabled by modifing the [daemon
configuration
file](https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file).
By default this is stored at `/etc/docker/daemon.json`.
```bash
{
"features": {
"telemetry": false
}
}
```
For the Docker daemon to pick up the changes in the configuration file, the
Docker daemon will need to be restarted.
```bash
$ sudo systemctl reboot docker
```
To reenable the telemetry module, swap the value to `"telemetry": true` or
completely remove the `"telemetry": false` line, as the default value is `true`.
### Docker Enterprise Engine 18.03 or older
For Docker Enterprise Engine 18.03 or older, the telemetry module ran as a
Docker Plugin. To disable the telemetry plugin, use the `docker plugin disable`
with either the plugin NAME or ID:
```bash
$ docker plugin ls
@ -65,7 +94,8 @@ $ docker plugin disable docker/telemetry:1.0.0.linux-x86_64-stable
This command must be run on each Docker host.
To re-enable the telemetry plugin, you can use `docker plugin enable` with either the plugin NAME or ID:
To re-enable the telemetry plugin, you can use `docker plugin enable` with
either the plugin NAME or ID:
```bash
$ docker plugin ls
@ -73,4 +103,4 @@ ID NAME [..]
114dbeaa400c docker/telemetry:1.0.0.linux-x86_64-stable [..]
$ docker plugin enable docker/telemetry:1.0.0.linux-x86_64-stable
```
```

53
ee/ucp/admin/configure/ucp-configuration-file.md
View File

@ -93,17 +93,6 @@ An array of tables that specifies the DTR instances that the current UCP instanc
| `service_id` | yes | The DTR instance's OpenID Connect Client ID, as registered with the Docker authentication provider. |
| `ca_bundle` | no | If you're using a custom certificate authority (CA), `ca_bundle` specifies the root CA bundle for the DTR instance. The value is a string with the contents of a `ca.pem` file. |
### custom headers (optional)
Included when you need to set custom API headers. You can repeat this section multiple times to specify multiple separate headers. If you include custom headers, you must specify both `name` and `value`.
[[custom_api_server_headers]]
| Item | Description |
| ----------- | ----------- |
| `name` | Set to specify the name of the custom header with `name` = "*X-Custom-Header-Name*". |
| `value` | Set to specify the value of the custom header with `value` = "*Custom Header Value*". |
### audit_log_configuration table (optional)
Configures audit logging options for UCP components.
@ -165,6 +154,31 @@ Specifies whether the your UCP license is automatically renewed.
|:---------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `auto_refresh` | no | Set to `true` to enable attempted automatic license renewal when the license nears expiration. If disabled, you must manually upload renewed license after expiration. The default is `true`. |
### custom headers (optional)
Included when you need to set custom API headers. You can repeat this section multiple times to specify multiple separate headers. If you include custom headers, you must specify both `name` and `value`.
`[[custom_api_server_headers]]`
| Item | Description |
|:--------|:--------------------------------------------------------------------------------------|
| `name` | Set to specify the name of the custom header with `name` = "*X-Custom-Header-Name*". |
| `value` | Set to specify the value of the custom header with `value` = "*Custom Header Value*". |
### user_workload_defaults (optional)
A map describing default values to set on Swarm services at creation time if
those fields are not explicitly set in the service spec.
`[user_workload_defaults]`
`[user_workload_defaults.swarm_defaults]`
| Parameter | Required | Description |
|:-------------------------------------------|:---------|:---------------------------------------------------------------------------------------------------------|
| `[tasktemplate.restartpolicy.delay]` | no | Delay between restart attempts (ns&#124;us&#124;ms&#124;s&#124;m&#124;h). The default is `value = "5s"`. |
| `[tasktemplate.restartpolicy.maxattempts]` | no | Maximum number of restarts before giving up. The default is `value = "3"`. |
### cluster_config table (required)
Configures the cluster that the current UCP instance manages.
@ -191,22 +205,23 @@ components. Assigning these values overrides the settings in a container's
| `metrics_retention_time` | no | Adjusts the metrics retention time. |
| `metrics_scrape_interval` | no | Sets the interval for how frequently managers gather metrics from nodes in the cluster. |
| `metrics_disk_usage_interval` | no | Sets the interval for how frequently storage metrics are gathered. This operation can be expensive when large volumes are present. |
| `rethinkdb_cache_size` | no | Sets the size of the cache used by UCP's RethinkDB servers. The default is 1GB, but leaving this field empty or specifying `auto` instructs RethinkDB to determine a cache size automatically. |
| `exclude_server_identity_headers` | no | Set to `true` to disable the `X-Server-Ip` and `X-Server-Name` headers. |
| `rethinkdb_cache_size` | no | Sets the size of the cache used by UCP's RethinkDB servers. The default is 1GB, but leaving this field empty or specifying `auto` instructs RethinkDB to determine a cache size automatically. |
| `exclude_server_identity_headers` | no | Set to `true` to disable the `X-Server-Ip` and `X-Server-Name` headers. |
| `cloud_provider` | no | Set the cloud provider for the kubernetes cluster. |
| `pod_cidr` | yes | Sets the subnet pool from which the IP for the Pod should be allocated from the CNI ipam plugin. Default is `192.168.0.0/16`. |
| `calico_mtu` | no | Set the MTU (maximum transmission unit) size for the Calico plugin. |
| `ipip_mtu` | no | Set the IPIP MTU size for the calico IPIP tunnel interface. |
| `azure_ip_count` | no | Set the IP count for azure allocator to allocate IPs per Azure virtual machine. |
| `service-cluster-ip-range` | yes | Sets the subnet pool from which the IP for Services should be allocated. Default is `10.96.0.0/16`.
| `azure_ip_count` | no | Set the IP count for azure allocator to allocate IPs per Azure virtual machine. |
| `service_cluster_ip_range` | yes | Sets the subnet pool from which the IP for Services should be allocated. Default is `10.96.0.0/16`. |
| `nodeport_range` | yes | Set the port range that for Kubernetes services of type NodePort can be exposed in. Default is `32768-35535`. |
| `custom_kube_api_server_flags` | no | Set the configuration options for the Kubernetes API server. (dev) |
| `custom_kube_controller_manager_flags` | no | Set the configuration options for the Kubernetes controller manager. (dev) |
| `custom_kubelet_flags` | no | Set the configuration options for Kubelets. (dev) |
| `custom_kube_scheduler_flags` | no | Set the configuration options for the Kubernetes scheduler. (dev) |
| `custom_kube_api_server_flags` | no | Set the configuration options for the Kubernetes API server. (dev) |
| `custom_kube_controller_manager_flags` | no | Set the configuration options for the Kubernetes controller manager. (dev) |
| `custom_kubelet_flags` | no | Set the configuration options for Kubelets. (dev) |
| `custom_kube_scheduler_flags` | no | Set the configuration options for the Kubernetes scheduler. (dev) |
| `local_volume_collection_mapping` | no | Store data about collections for volumes in UCP's local KV store instead of on the volume labels. This is used for enforcing access control on volumes. |
| `manager_kube_reserved_resources` | no | Reserve resources for Docker UCP and Kubernetes components which are running on manager nodes. |
| `worker_kube_reserved_resources` | no | Reserve resources for Docker UCP and Kubernetes components which are running on worker nodes. |
| `kubelet_max_pods` | yes | Set Number of Pods that can run on a node. Default is `110`.
*dev indicates that the functionality is only for development and testing. Arbitrary Kubernetes configuration parameters are not tested and supported under the Docker Enterprise Software Support Agreement.

3
ee/ucp/admin/install/install-on-azure.md
View File

@ -43,6 +43,9 @@ to successfully deploy Docker UCP on Azure:
Configuration](#considerations-for-ipam-configuration).
- All UCP worker and manager nodes need to be attached to the same Azure
Subnet.
- Internal IP addresses for all nodes should be [set to
Static](https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-private-ip-arm-pportal),
rather than the default of Dynamic.
- The Azure Virtual Machine Object Name needs to match the Azure Virtual Machine
Computer Name and the Node Operating System's Hostname which is the FQDN of
the host, including domain names. Note that this requires all characters to be in lowercase.

17
ee/ucp/admin/install/plan-installation.md
View File

@ -42,13 +42,24 @@ this.
## Avoid IP range conflicts
The `service-cluster-ip-range` Kubernetes API Server flag is currently set to `10.96.0.0/16` and cannot be changed.
Swarm uses a default address pool of `10.0.0.0/8` for its overlay networks. If this conflicts with your current network implementation, please use a custom IP address pool. To specify a custom IP address pool, use the `--default-address-pool` command line option during [Swarm initialization](../../../../engine/swarm/swarm-mode.md).
> **Note**: Currently, the UCP installation process does not support this flag. To deploy with a custom IP pool, Swarm must first be installed using this flag and UCP must be installed on top of it.
Kubernetes uses a default cluster IP pool for pods that is `192.168.0.0/16`. If it conflicts with your current networks, please use a custom IP pool by specifying `--pod-cidr` during UCP installation.
### Kubernetes IP Range Conflicts
There are 2 internal IP ranges used within Kubernetes that may overlap and
conflict with the underlying infrastructure:
- The Pod Network - Each Pod in Kubernetes is given an IP address from either
the Calico or Azure IPAM services. In a default installation Pods are given
IP addresses on the `192.168.0.0/16` range. This can be customised at install
time using the `--pod-cidr` flag.
- The Services Network - When a user exposes a Service in Kubernetes it is
accesible via a VIP, this VIP comes from a Cluster IP Range. By default on UCP
this range is `10.96.0.0/16`. From UCP 3.1.8 and onwards this value can be
changed at install time with the `--service-cluster-ip-range` flag.
## Avoid firewall conflicts

2
ee/ucp/interlock/usage/index.md
View File

@ -101,7 +101,7 @@ the host header, that request is forwarded to the demo service.
should attach to in order to be able to communicate with the demo service.
To use layer 7 routing, your services need to be attached to at least one network.
If your service is only attached to a single network, you don't need to add
a label to specify which network to use for routing. When using a common stack file for multiple deployments leveraging UCP Interlock / Layer 7 Routing, prefix `com.docker.lb.network` with the stack name to ensure traffic will be directed to the correct overlay network.
a label to specify which network to use for routing. When using a common stack file for multiple deployments leveraging UCP Interlock / Layer 7 Routing, prefix `com.docker.lb.network` with the stack name to ensure traffic will be directed to the correct overlay network. When using in combination with `com.docker.lb.ssl_passthrough` the label in mandatory, even if your service is only attached to a single network.
* The `com.docker.lb.port` label specifies which port the `ucp-interlock-proxy`
service should use to communicate with this demo service.
* Your service doesn't need to expose a port in the swarm routing mesh. All

2
ee/ucp/kubernetes/install-cni-plugin.md
View File

@ -55,7 +55,7 @@ will also be unavailable, as this runs in a Kubernetes pod.
Next, a platform operator should log into UCP, download a UCP client bundle, and
configure the Kubernetes CLI tool, `kubectl`. See [CLI Based
Access](ee/ucp/user-access/cli/#download-client-certificates) for more details.
Access](/ee/ucp/user-access/cli/#download-client-certificates) for more details.
With `kubectl`, you can see that the UCP components running on
Kubernetes are still pending, waiting for a CNI driver before becoming

153
ee/ucp/release-notes.md
View File

@ -217,19 +217,82 @@ https://github.com/kubernetes/kubernetes/pull/67432
# Version 3.1
## 3.1.8
(2019-06-27)
> Upgrading UCP 3.1.8
>
> UCP 3.1.8 introduces new features such as setting the `kubeletMaxPods` option for all nodes in the cluster, and an updated UCP configuration file that allows admins to set default values for Swarm services. These features not available in UCP 3.2.0. Customers using either of those features in UCP 3.1.8 or future versions of 3.1.x must upgrade to UCP 3.2.1 or later to avoid any upgrade issues. For information, see [Upgrading your UCP environment](/ee/ucp/admin/install/upgrade/).
{: .important}
### Kubernetes
* Kubernetes has been updated to version 1.11.10.
### Enhancements
* A `user_workload_defaults` section has been added to the UCP configuration
file that allows admins to set default field values that will be applied to
Swarm services if those fields are not explicitly set when the service is
created. Only a subset of Swarm service fields may be set; see [UCP
Configuration file](/ee/ucp/admin/configure/ucp-configuration-file/) for more
details. (ENGORC-2437)
* Users can now set the `kubeletMaxPods` option for all nodes in the cluster,
see the [UCP Configuration
file](/ee/ucp/admin/configure/ucp-configuration-file/) for more details.
(ENGORC-2334)
* Users can now adjust the internal Kubernetes Service IP Range from the default
`10.96.0.0/16` at install time. See [Plan
Installation](/ee/ucp/admin/install/plan-installation.md#avoid-ip-range-conflicts)
for more details. (ENGCORE-683)
### Bug fixes
* Added a migration logic to remove all actions on `pods/exec` and `pods/attach` Kubernetes subresource from the migrated UCP View-Only role. (ENGORC-2434)
* Fixed an issue that allows unauthenticated user to list directories. (ENGORC-2175)
### Deprecated platforms
* Removed support for Windows Server 1709 as it is now [end of
life](https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info).
### Known issues
* Upgrading from UCP `3.1.4` to `3.1.5` causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
* To deploy Pods with containers using Restricted Parameters, the user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with `cluster-admin` as the **ClusterRole**. Restricted Parameters on Containers include:
* Host Bind Mounts
* Privileged Mode
* Extra Capabilities
* Host Networking
* Host IPC
* Host PID
* If you delete the built-in **ClusterRole** or **ClusterRoleBinding** for `cluster-admin`, restart the `ucp-kube-apiserver` container on any manager node to recreate them. (#14483)
* Pod Security Policies are not supported in this release. (#15105)
* The default Kubelet configuration for UCP Manager nodes is expecting 4GB of free disk space in the `/var` partition. See [System Requirements](/ee/ucp/admin/install/system-requirements) for details.
### Components
| Component | Version |
| ----------- | ----------- |
| UCP | 3.1.8 |
| Kubernetes | 1.11.10 |
| Calico | 3.5.3 |
| Interlock (nginx) | 1.14.0 |
## 3.1.7
(2019-05-06)
### Security
* Refer to [UCP image vulnerabilities](https://success.docker.com/article/ucp-image-vulnerabilities) for details regarding actions to be taken, timeline, and any status updates/issues/recommendations.
### Bug Fixes
### Bug fixes
* Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities.
### Known Issues
### Known issues
* Upgrading from UCP `3.1.4` to `3.1.5` causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
* To deploy Pods with containers using Restricted Parameters, the user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with `cluster-admin` as the **ClusterRole**. Restricted Parameters on Containers include:
* Host Bind Mounts
* Privileged Mode
@ -262,7 +325,7 @@ https://github.com/kubernetes/kubernetes/pull/67432
### Authentication and Authorization
* Accessing the `ListAccount` API endpoint now requires an admin user. Accessing the `GetAccount` API endpoint now requires an admin user, the actual user, or a member of the organization being inspected. [ENGORC-100](https://docker.atlassian.net/browse/ENGORC-100)
### Known Issues
### Known issues
* Upgrading from UCP `3.1.4` to `3.1.5` causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
@ -301,12 +364,12 @@ https://github.com/kubernetes/kubernetes/pull/67432
* Hid most of the UCP banners for non-admin users. (docker/orca#14631)
* When LDAP or SAML is enabled, provided admin users an option to disable managed password authentication, which includes login and creation of new users. (ENGORC-1999)
### Bug Fixes
### Bug fixes
* Changed Interlock proxy service default `update-action-failure` to rollback. (ENGCORE-117)
* Added validation for service configuration label values. (ENGCORE-114)
* Fixed an issue with continuous interlock reconciliation if `ucp-interlock` service image does not match expected version. (ENGORC-2081)
### Known Issues
### Known issues
* Upgrading from UCP 3.1.4 to 3.1.5 causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
@ -342,10 +405,10 @@ https://github.com/kubernetes/kubernetes/pull/67432
### Kubernetes
* Kubernetes has been updated to version 1.11.7. (docker/orca#16157)
### Bug Fixes
### Bug fixes
* Bump the Golang version that is used to build UCP to version 1.10.8. (docker/orca#16068)
* Fixed an issue that caused UCP upgrade failure to upgrade with Interlock deployment. (docker/orca#16009)
* Fixed an issue that caused Windows node ucp-agent(s) to constantly reboot when audit logging is enabled. (docker/orca#16122)
* Fixed an issue that caused ucp-agent(s) on worker nodes to constantly reboot when audit logging is enabled. (docker/orca#16122)
* Fixed an issue to ensure that non-admin user actions (with the RestrictedControl role) against RBAC resources are read-only. (docker/orca#16121)
* Fixed an issue to prevent UCP users from updating services with a port that conflicts with the UCP controller port. (escalation#855)
* Fixed an issue to validate Calico certs expiration dates and update accordingly. (escalation#981)
@ -354,7 +417,7 @@ https://github.com/kubernetes/kubernetes/pull/67432
### Enhancements
* Changed packaging and builds for UCP to build bootstrapper last. This avoids the "upgrade available" banner on all UCPs until the entirety of UCP is available.
### Known Issues
### Known issues
* Newly added Windows node reports "Awaiting healthy status in classic node inventory". [Learn more](https://success.docker.com/article/newly-added-windows-node-reports-awaiting-healthy-status-in-classic-node-inventory).
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade)
@ -391,7 +454,7 @@ https://github.com/kubernetes/kubernetes/pull/67432
### Networking
* Upgraded Calico to version 3.5. (#15884)
### Bug Fixes
### Bug fixes
* Fixed system hang following UCP backup and docker daemon shutdown. (docker/escalation#841)
* Non-admin users can no longer create `PersistentVolumes` using the `Local`
Storage Class, as this allowed non-admins to by pass security controls and
@ -426,7 +489,7 @@ https://github.com/kubernetes/kubernetes/pull/67432
* UCP Audit logging is now controlled through the UCP Configuration file; it is also
now configurable within the UCP web interface. (#15466)
### Bug Fixes
### Bug fixes
* Core
* Significantly reduced database load in environments with a lot of concurrent and repeated API requests by the same user. (docker/escalation#911)
* UCP backend will now complain when a service is created/updated if the
@ -437,7 +500,7 @@ now configurable within the UCP web interface. (#15466)
* Now upgrading Interlock will also upgrade interlock proxy and interlock extension as well (escalation/871)
* Added support for 'VIP' backend mode, in which the Interlock proxy connects to the backend service's Virtual IP instead of load-balancing directly to each task IP. (docker/interlock#206) (escalation/920)
### Known Issues
### Known issues
* In the UCP web interface, LDAP settings disappear after submitting them. However, the settings are properly saved. (docker/orca#15503)
* By default, Kubelet begins deleting images, starting with the oldest unused images, after exceeding 85% disk space utilization. This causes an issue in an air-gapped environment. (docker/orca#16082)
@ -469,7 +532,7 @@ now configurable within the UCP web interface. (#15466)
2018-11-08
### Bug Fixes
### Bug fixes
* Swarm placement constraint warning banner no longer shows up for `ucp-auth` services (#14539)
* "update out of sequence" error messages no longer appear when changing admin settings (#7093)
@ -478,7 +541,7 @@ now configurable within the UCP web interface. (#15466)
* `docker network ls --filter id=<id>` now works with a UCP client bundle (#14840)
* Collection deletes are correctly blocked if there is a node in the collection (#13704)
### New Features
### New features
### Kubernetes
@ -563,11 +626,33 @@ The following features are deprecated in UCP 3.1.
# Version 3.0
## 3.0.12
2019-06-27
### Bug fixes
* Added migration logic to remove all actions on `pods/exec` and `pods/attach` Kubernetes subresource from the migrated UCP View-Only role. (ENGORC-2434)
* Fixed an issue that allows unauthenticated user to list directories. (ENGORC-2175)
### Deprecated platforms
* Removed support for Windows Server 1709 as it is now [end of
life](https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info).
### Components
| Component | Version |
| ----------- | ----------- |
| UCP | 3.0.12 |
| Kubernetes | 1.8.15 |
| Calico | 3.0.8 |
| Interlock (nginx) | 1.13.12 |
## 3.0.11
2019-05-06
### Bug Fixes
### Bug fixes
* Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities.
### Components
@ -583,7 +668,7 @@ The following features are deprecated in UCP 3.1.
2019-02-28
### Bug Fixes
### Bug fixes
* Bump the Golang version that is used to build UCP to version 1.10.8.
* Prevent UCP users from updating services with a port that conflicts with the UCP controller port. (escalation#855)
* Fixed an issue that causes UCP fail to upgrade with Interlock deployment. (docker/orca/#16009)
@ -763,7 +848,7 @@ The following features are deprecated in UCP 3.1.
* Offline bundles `ucp_images_win_1803_3.0.3.tar.gz` have been added.
* UCP 3.0.3 now supports IBM Z (s390x) as worker nodes on 3.0.x for SLES 12 SP 3. Interlock is currently not supported for 3.0.x on Z.
### Bug Fixes
### Bug fixes
* Core
* Optimize swarm service read api calls through UCP
@ -788,7 +873,7 @@ The following features are deprecated in UCP 3.1.
2018-06-21
### New Features
### New features
* UCP now supports running Windows Server 1709 workers
* Server 1709 provides smaller Windows base image sizes, as detailed [here](https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-1709)
@ -799,7 +884,7 @@ The following features are deprecated in UCP 3.1.
* Added support for dynamic volume provisioning in Kubernetes for AWS EBS and
Azure Disk when installing UCP with the `--cloud-provider` option.
### Bug Fixes
### Bug fixes
* Core
* Fixed an issue for anonymous volumes in Compose for Kubernetes.
* Fixed an issue where a fresh install would have an initial per-user session
@ -832,7 +917,7 @@ Azure Disk when installing UCP with the `--cloud-provider` option.
2018-05-17
### Bug Fixes
### Bug fixes
* Core
* Bumped Kubernetes version to 1.8.11.
* Compose for Kubernetes now respects the specified port services are exposed on.
@ -1039,11 +1124,35 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
# Version 2.2
## Version 2.2.19
2019-06-27
### Bug fixes
* Fixed an issue that allows unauthenticated user to list directories. (ENGORC-2175)
### Known issues
* Docker currently has limitations related to overlay networking and services using VIP-based endpoints. These limitations apply to use of the HTTP Routing Mesh (HRM). HRM users should familiarize themselves with these limitations. In particular, HRM may encounter virtual IP exhaustion (as evidenced by `failed to allocate network IP for task` Docker log messages). If this happens, and if the HRM service is restarted or rescheduled for any reason, HRM may fail to resume operation automatically. See the Docker EE 17.06-ee5 release notes for details.
* The Swarm admin web interface for UCP versions 2.2.0 and later contain a bug. If used with Docker Engine version 17.06.2-ee5 or earlier, attempting to update "Task History Limit", "Heartbeat Period" and "Node Certificate Expiry" settings using the UI will cause the cluster to crash on next restart. Using UCP 2.2.X and Docker Engine 17.06-ee6 and later, updating these settings will fail (but not cause the cluster to crash). Users are encouraged to update to Docker Engine version 17.06.2-ee6 and later, and to use the Docker CLI (instead of the UCP UI) to update these settings. Rotating join tokens works with any combination of Docker Engine and UCP versions. Docker Engine versions 17.03 and earlier (which use UCP version 2.1 and earlier) are not affected by this problem.
* Upgrading heterogeneous swarms from CLI may fail because x86 images are used
instead of the correct image for the worker architecture.
* Agent container log is empty even though it's running correctly.
* Rapid UI settings updates may cause unintended settings changes for logging
settings and other admin settings.
* Attempting to load an (unsupported) `tar.gz` image results in a poor error
message.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
`<node-name>/<network-name>`.
## Version 2.2.18
2019-05-06
### Bug Fixes
### Bug fixes
* Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities.
### Known issues
@ -1067,7 +1176,7 @@ instead of the correct image for the worker architecture.
2019-02-28
### Bug Fixes
### Bug fixes
* Bump the Golang version that is used to build UCP to version 1.10.8.
* Prevent UCP users from updating services with a port that conflicts with the UCP controller port. (escalation#855)

75
engine/release-notes.md
View File

@ -29,6 +29,31 @@ consistency and compatibility reasons.
> `sudo apt install docker-ce docker-ce-cli containerd.io`. See the install instructions
> for the corresponding linux distro for details.
## 18.09.7
2019-06-27
### Builder
* Fixed a panic error when building dockerfiles that contain only comments. [moby/moby#38487](https://github.com/moby/moby/pull/38487)
* Added a workaround for GCR authentication issue. [moby/moby#38246](https://github.com/moby/moby/pull/38246)
* Builder-next: Fixed a bug in the GCR token cache implementation workaround. [moby/moby#39183](https://github.com/moby/moby/pull/39183)
### Runtime
* Added performance optimizations in aufs and layer store that helps in massively parallel container creation and removal. [moby/moby#39107](https://github.com/moby/moby/pull/39107), [moby/moby#39135](https://github.com/moby/moby/pull/39135)
* Updated containerd to version 1.2.6. [moby/moby#39016](https://github.com/moby/moby/pull/39016)
* Fixed [CVE-2018-15664](https://nvd.nist.gov/vuln/detail/CVE-2018-15664) symlink-exchange attack with directory traversal. [moby/moby#39357](https://github.com/moby/moby/pull/39357)
* Windows: fixed support for `docker service create --limit-cpu`. [moby/moby#39190](https://github.com/moby/moby/pull/39190)
* daemon: fixed a mirrors validation issue. [moby/moby#38991](https://github.com/moby/moby/pull/38991)
* Docker no longer supports sorting UID and GID ranges in ID maps. [moby/moby#39288](https://github.com/moby/moby/pull/39288)
### Logging
* Added a fix that now allows large log lines for logger plugins. [moby/moby#39038](https://github.com/moby/moby/pull/39038)
### Known Issue
* There are [important changes](/ee/upgrade) to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later.
## 18.09.6
2019-05-06
@ -333,6 +358,21 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d
## Older Docker Engine EE Release notes
## 18.03.1-ee-9
2019-06-27
### Client
* Fixed annotation issues in `docker config create` and `docker secret create` commands that displayed the `--template-driver` option when connecting to an older daemon that didn't support the option. [docker/cli#1769](https://github.com/docker/cli/pull/1769) [docker/cli#1785](https://github.com/docker/cli/pull/1785)
### Runtime
* Added performance optimizations in aufs and layer store that helps in the creation and removal of massively parallel containers. [moby/moby#39107](https://github.com/moby/moby/pull/39107)
* Windows: Fixed support for `docker service create --limit-cpu`. [moby/moby#39190](https://github.com/moby/moby/pull/39190)
* Fixed a bug where the original process spec was not used for exec processes.[moby/moby#38871](https://github.com/moby/moby/pull/38871)
* Fixed [CVE-2018-15664](https://nvd.nist.gov/vuln/detail/CVE-2018-15664) symlink-exchange attack with directory traversal. [moby/moby#39357](https://github.com/moby/moby/pull/39357)
## 18.03.1-ee-8
2019-03-28
@ -478,6 +518,41 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d
+ Support for `--chown` with `COPY` and `ADD` in `Dockerfile`.
+ Added functionality for the `docker logs` command to include the output of multiple logging drivers.
## 17.06.2-ee-22
2019-06-27
### Networking
* Fixed a bug where if a service has the same number of host-mode published ports with PublishedPort 0, changes to the spec is not reflected in the service object. [docker/swarmkit#2376](https://github.com/docker/swarmkit/pull/2376)
### Runtime
* Added performance optimizations in aufs and layer store that helps in the creation and removal of massively parallel containers. [moby/moby#39107](https://github.com/moby/moby/pull/39107)
* Fixed [CVE-2018-15664](https://nvd.nist.gov/vuln/detail/CVE-2018-15664) symlink-exchange attack with directory traversal. [moby/moby#39357](https://github.com/moby/moby/pull/39357)
* Windows: fixed support for docker service `create --limit-cpu`. [moby/moby#39190](https://github.com/moby/moby/pull/39190)
### Known issues
* When all Swarm managers are stopped at the same time, the swarm might end up in a
split-brain scenario. [Learn more](https://success.docker.com/article/KB000759).
* Under certain conditions, swarm leader re-election may timeout
prematurely. During this period, docker commands may fail. Also during
this time, creation of globally-scoped networks may be unstable. As a
workaround, wait for leader election to complete before issuing commands
to the cluster.
* It's recommended that users create overlay networks with `/24` blocks (the default) of 256 IP addresses when networks are used by services created using VIP-based endpoint-mode (the default). This is because of limitations with Docker Swarm [moby/moby#30820](moby/moby/issues/30820). Users should _not_ work around this by increasing the IP block size. To work around this limitation, either use `dnsrr` endpoint-mode or use multiple smaller overlay networks.
* Docker may experience IP exhaustion if many tasks are assigned to a single overlay network, for example if many services are attached to that network or because services on the network are scaled to many replicas. The problem may also manifest when tasks are rescheduled because of node failures. In case of node failure, Docker currently waits 24h to release overlay IP addresses. The problem can be diagnosed by looking for `failed to allocate network IP for task` messages in the Docker logs.
* SELinux enablement is not supported for containers on IBM Z on RHEL because of missing Red Hat package.
* If a container is spawned on node A, using the same IP of a container destroyed
on nodeB within 5 min from the time that it exit, the container on node A is
not reachable until one of these 2 conditions happens:
1. Container on A sends a packet out,
2. The timer that cleans the arp entry in the overlay namespace is triggered (around 5 minutes).
As a workaround, send at least a packet out from each container like
(ping, GARP, etc).
## 17.06.2-ee-21
2019-04-11

4
engine/security/trust/trust_delegation.md
View File

@ -92,8 +92,8 @@ and ensure that it is available on your path.
{
"trust_dir" : "~/.docker/trust",
"remote_server": {
"url": "https://dtr.example.com"
"root_ca": "../.docker/ca.pem"
"url": "https://dtr.example.com",
"root_ca": "../.docker/ca.pem"
}
}
```

2
engine/security/userns-remap.md
View File

@ -99,7 +99,7 @@ avoid these situations.
This means that user-namespaced processes started by `testuser` are
owned by host UID `231072` (which looks like UID `0` inside the
namespace) through 296608 (231072 + 65536). These ranges should not overlap,
namespace) through 296607 (231072 + 65536 - 1). These ranges should not overlap,
to ensure that namespaced processes cannot access each other's namespaces.
After adding your user, check `/etc/subuid` and `/etc/subgid` to see if your

2
get-started/part4.md
View File

@ -145,7 +145,7 @@ You now have two VMs created, named `myvm1` and `myvm2`.
Use this command to list the machines and get their IP addresses.
> **Note**: you need to run the following as administrator or else you don't get any resonable output (only "UNKNOWN").
> **Note**: you need to run the following as administrator or else you don't get any reasonable output (only "UNKNOWN").
```shell
docker-machine ls

1
install/linux/docker-ee/suse.md
View File

@ -3,6 +3,7 @@ description: Instructions for installing Docker EE on SLES
keywords: requirements, apt, installation, suse, opensuse, sles, rpm, install, uninstall, upgrade, update
redirect_from:
- /engine/installation/SUSE/
- /engine/installation/linux/SUSE/
- /engine/installation/linux/suse/
- /engine/installation/linux/docker-ee/suse/
title: Get Docker EE for SLES

4
notary/running_a_service.md
View File

@ -8,7 +8,7 @@ This document is for anyone who wants to run their own Notary
service (such as those who want to use Notary with a
private Docker registry). Running a Notary service requires that you are already
familiar with using [Docker Engine](/engine/userguide/)
and [Docker Compose](/compose/overview/).
and [Docker Compose](/compose/).
## Run a service for testing or development
@ -178,7 +178,7 @@ One way to do this would be:
{"level":"info","msg":"Starting on :4443","time":"2016-02-25T00:53:59Z"}
You can do the same using
[Docker Compose](/compose/overview/) by setting volumes,
[Docker Compose](/compose/) by setting volumes,
environment variables, and overriding the default command for the Notary server
containers in the Compose file.

85
reference/ucp/3.1/cli/install.md
View File

@ -42,46 +42,47 @@ If you are installing on Azure, see [Install UCP on Azure](/ee/ucp/admin/install
## Options
| Option | Description |
|:--------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--debug, -D` | Enable debug mode |
| `--jsonlog` | Produce json formatted output for easier parsing |
| `--interactive, -i` | Run in interactive mode and prompt for configuration values |
| `--admin-password` *value* | The UCP administrator password [$UCP_ADMIN_PASSWORD] |
| `--admin-username` *value* | The UCP administrator username [$UCP_ADMIN_USER] |
| `--binpack` | Set the Docker Swarm scheduler to binpack mode. Used for backwards compatibility |
| `--cloud-provider` *value* | The cloud provider for the cluster |
| `--cni-installer-url` *value* | A URL pointing to a kubernetes YAML file to be used as an installer for the CNI plugin of the cluster. If specified, the default CNI plugin will not be installed. If the URL is using the HTTPS scheme, no certificate verification will be performed |
| `--controller-port` *value* | Port for the web UI and API (default: 443) |
| `--data-path-addr` *value* | Address or interface to use for data path traffic. Format: IP address or network interface name [$UCP_DATA_PATH_ADDR] |
| `--disable-tracking` | Disable anonymous tracking and analytics |
| `--disable-usage` | Disable anonymous usage reporting |
| `--dns-opt` *value* | Set DNS options for the UCP containers [$DNS_OPT] |
| `--dns-search` *value* | Set custom DNS search domains for the UCP containers [$DNS_SEARCH] |
| `--dns` *value* | Set custom DNS servers for the UCP containers [$DNS] |
| `--enable-profiling` | Enable performance profiling |
| `--existing-config` | Use the latest existing UCP config during this installation. The install will fail if a config is not found |
| `--external-server-cert` | Customize the certificates used by the UCP web server |
| `--external-service-lb` *value* | Set the IP address of the load balancer that published services are expected to be reachable on |
| `--force-insecure-tcp` | Force install to continue even with unauthenticated Docker Engine ports. |
| `--force-minimums` | Force the install/upgrade even if the system does not meet the minimum requirements |
| `--host-address` *value* | The network address to advertise to other nodes. Format: IP address or network interface name [$UCP_HOST_ADDRESS] |
| `--kube-apiserver-port` *value* | Port for the Kubernetes API server (default: 6443) |
| `--kv-snapshot-count` *value* | Number of changes between key-value store snapshots (default: 20000) [$KV_SNAPSHOT_COUNT] |
| `--kv-timeout` *value* | Timeout in milliseconds for the key-value store (default: 5000) [$KV_TIMEOUT] |
| `--license` *value* | Add a license: e.g. --license "$(cat license.lic)" [$UCP_LICENSE] |
| `--nodeport-range` *value* | Allowed port range for Kubernetes services of type NodePort (Default: 32768-35535) (default: "32768-35535") |
| `--pod-cidr` *value* | Kubernetes cluster IP pool for the pods to allocated IP from (Default: 192.168.0.0/16) (default: "192.168.0.0/16") |
| `--preserve-certs` | Don't generate certificates if they already exist |
| `--pull` *value* | Pull UCP images: 'always', when 'missing', or 'never' (default: "missing") |
| `--random` | Set the Docker Swarm scheduler to random mode. Used for backwards compatibility |
| `--registry-password` *value* | Password to use when pulling images [$REGISTRY_PASSWORD] |
| `--registry-username` *value* | Username to use when pulling images [$REGISTRY_USERNAME] |
| `--san` *value* | Add subject alternative names to certificates (e.g. --san www1.acme.com --san www2.acme.com) [$UCP_HOSTNAMES] |
| `--skip-cloud-provider-check` | Disables checks which rely on detecting which (if any) cloud provider the cluster is currently running on |
| `--swarm-experimental` | Enable Docker Swarm experimental features. Used for backwards compatibility |
| `--swarm-grpc-port` *value* | Port for communication between nodes (default: 2377) |
| `--swarm-port` *value* | Port for the Docker Swarm manager. Used for backwards compatibility (default: 2376) |
| `--unlock-key` *value* | The unlock key for this swarm-mode cluster, if one exists. [$UNLOCK_KEY] |
| `--unmanaged-cni` | Flag to indicate if cni provider is calico and managed by UCP (calico is the default CNI provider) | |
| Option | Description |
|:-------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--debug, -D` | Enable debug mode |
| `--jsonlog` | Produce json formatted output for easier parsing |
| `--interactive, -i` | Run in interactive mode and prompt for configuration values |
| `--admin-password` *value* | The UCP administrator password [$UCP_ADMIN_PASSWORD] |
| `--admin-username` *value* | The UCP administrator username [$UCP_ADMIN_USER] |
| `--binpack` | Set the Docker Swarm scheduler to binpack mode. Used for backwards compatibility |
| `--cloud-provider` *value* | The cloud provider for the cluster |
| `--cni-installer-url` *value* | A URL pointing to a kubernetes YAML file to be used as an installer for the CNI plugin of the cluster. If specified, the default CNI plugin will not be installed. If the URL is using the HTTPS scheme, no certificate verification will be performed |
| `--controller-port` *value* | Port for the web UI and API (default: 443) |
| `--data-path-addr` *value* | Address or interface to use for data path traffic. Format: IP address or network interface name [$UCP_DATA_PATH_ADDR] |
| `--disable-tracking` | Disable anonymous tracking and analytics |
| `--disable-usage` | Disable anonymous usage reporting |
| `--dns-opt` *value* | Set DNS options for the UCP containers [$DNS_OPT] |
| `--dns-search` *value* | Set custom DNS search domains for the UCP containers [$DNS_SEARCH] |
| `--dns` *value* | Set custom DNS servers for the UCP containers [$DNS] |
| `--enable-profiling` | Enable performance profiling |
| `--existing-config` | Use the latest existing UCP config during this installation. The install will fail if a config is not found |
| `--external-server-cert` | Customize the certificates used by the UCP web server |
| `--external-service-lb` *value* | Set the IP address of the load balancer that published services are expected to be reachable on |
| `--force-insecure-tcp` | Force install to continue even with unauthenticated Docker Engine ports. |
| `--force-minimums` | Force the install/upgrade even if the system does not meet the minimum requirements |
| `--host-address` *value* | The network address to advertise to other nodes. Format: IP address or network interface name [$UCP_HOST_ADDRESS] |
| `--kube-apiserver-port` *value* | Port for the Kubernetes API server (default: 6443) |
| `--kv-snapshot-count` *value* | Number of changes between key-value store snapshots (default: 20000) [$KV_SNAPSHOT_COUNT] |
| `--kv-timeout` *value* | Timeout in milliseconds for the key-value store (default: 5000) [$KV_TIMEOUT] |
| `--license` *value* | Add a license: e.g. --license "$(cat license.lic)" [$UCP_LICENSE] |
| `--nodeport-range` *value* | Allowed port range for Kubernetes services of type NodePort (Default: 32768-35535) (default: "32768-35535") |
| `--pod-cidr` *value* | Kubernetes cluster IP pool for the pods to allocated IP from (Default: 192.168.0.0/16) (default: "192.168.0.0/16") |
| `--preserve-certs` | Don't generate certificates if they already exist |
| `--pull` *value* | Pull UCP images: 'always', when 'missing', or 'never' (default: "missing") |
| `--random` | Set the Docker Swarm scheduler to random mode. Used for backwards compatibility |
| `--registry-password` *value* | Password to use when pulling images [$REGISTRY_PASSWORD] |
| `--registry-username` *value* | Username to use when pulling images [$REGISTRY_USERNAME] |
| `--san` *value* | Add subject alternative names to certificates (e.g. --san www1.acme.com --san www2.acme.com) [$UCP_HOSTNAMES] |
| `--service-cluster-ip-range` *value* | Kubernetes Cluster IP Range for Services (Default: 10.96.0.0/16) (default: "10.96.0.0/16") |
| `--skip-cloud-provider-check` | Disables checks which rely on detecting which (if any) cloud provider the cluster is currently running on |
| `--swarm-experimental` | Enable Docker Swarm experimental features. Used for backwards compatibility |
| `--swarm-grpc-port` *value* | Port for communication between nodes (default: 2377) |
| `--swarm-port` *value* | Port for the Docker Swarm manager. Used for backwards compatibility (default: 2376) |
| `--unlock-key` *value* | The unlock key for this swarm-mode cluster, if one exists. [$UNLOCK_KEY] |
| `--unmanaged-cni` | Flag to indicate if cni provider is calico and managed by UCP (calico is the default CNI provider) |

25
toolbox/overview.md
View File

@ -30,30 +30,11 @@ You can find various versions of the tools on [Toolbox Releases](https://github.
## Ready to get started?
1. Get the latest Toolbox installer for your platform:
Choose the install instructions for your platform, and follow the steps:
<table style="width:100%">
<tr>
<th style="font-size: medium; font-family: arial; text-align: center">
Toolbox for Mac</th>
<th style="font-size: medium; font-family: arial; text-align: center">
Toolbox for Windows</th>
</tr>
<tr valign="top">
<td width="50%" style="font-size: medium; font-family: arial; text-align: center">
<a class="button outline-btn" href="https://download.docker.com/mac/stable/DockerToolbox.pkg">Get Docker Toolbox for Mac</a>
</td>
<td width="50%" style="font-size: medium; font-family: arial; text-align: center">
<a class="button outline-btn" href="https://download.docker.com/win/stable/DockerToolbox.exe">Get Docker Toolbox for Windows</a>
</td>
</tr>
</table>
- [Install Docker Toolbox for macOS](toolbox_install_mac.md)
2. Choose the install instructions for your platform, and follow the steps:
* [Install Docker Toolbox on macOS](toolbox_install_mac.md)
* [Install Docker Toolbox for Windows](toolbox_install_windows.md)
- [Install Docker Toolbox for Windows](toolbox_install_windows.md)
## Next steps

20
toolbox/toolbox_install_mac.md
View File

@ -9,10 +9,6 @@ Docker Toolbox provides a way to use Docker on older Macs
that do not meet
minimal system requirements for [Docker Desktop for Mac](/docker-for-mac/index.md).
If you have not done so already, download the installer here:
[Get Docker Toolbox for Mac](https://download.docker.com/mac/stable/DockerToolbox.pkg){: class="button outline-btn" }
## What you get and how it works
Docker Toolbox includes the following Docker tools:
@ -60,14 +56,22 @@ software. To find out what version of the OS you have:
## Step 2: Install Docker Toolbox
1. Install Docker Toolbox by double-clicking the package or by right-clicking
> **Note**: Docker are no longer maintaining the download.docker.com url for
> Docker Toolbox, therefore an unsigned warning (verified publisher dialog) is
> displayed during the installation process.
1. To download the latest version of Docker Toolbox, go to [Toolbox
Releases](https://github.com/docker/toolbox/releases) and download the
latest `.pkg` file.
2. Install Docker Toolbox by double-clicking the package or by right-clicking
and choosing "Open" from the pop-up menu.
The installer launches an introductory dialog, followed by an overview of what's installed.
![Install Docker Toolbox](images/mac-welcome-page.png)
2. Press **Continue** to install the toolbox.
3. Press **Continue** to install the toolbox.
The installer presents you with options to customize the standard
installation.
@ -82,13 +86,13 @@ and choosing "Open" from the pop-up menu.
For now, don't change any of the defaults.
3. Press **Install** to perform the standard installation.
4. Press **Install** to perform the standard installation.
The system prompts you for your password.
![Password prompt](images/mac-password-prompt.png)
4. Provide your password to continue with the installation.
5. Provide your password to continue with the installation.
When it completes, the installer provides you with some
shortcuts. You can ignore this for now and click **Continue**.

18
toolbox/toolbox_install_windows.md
View File

@ -97,13 +97,15 @@ If you have a previous version of VirtualBox installed, do not reinstall it with
If you have Virtual Box running, you must shut it down before running the
installer.
1. Go to the [Docker Toolbox](https://www.docker.com/toolbox){: target="_blank" class="_" } page.
> **Note**: Docker no longer maintains the download.docker.com url for
> Docker Toolbox, therefore an unsigned warning (verified publisher dialog) is
> displayed during the installation process.
> **Note**: To continue with the latest version of Docker Toolbox, see https://github.com/docker/toolbox/releases for information about downloading the latest version and related components. If you choose to download from this location, an unsigned warning (verified publisher dialog) is displayed.
1. To download the latest version of Docker Toolbox, go to [Toolbox
Releases](https://github.com/docker/toolbox/releases) and download the
latest `.exe` file.
2. Click the installer link to download.
3. Install Docker Toolbox by double-clicking the installer.
2. Install Docker Toolbox by double-clicking the installer.
The installer launches the "Setup - Docker Toolbox" dialog.
@ -113,17 +115,17 @@ installer.
![Release page](images/installer_open.png)
4. Press **Next** to accept all the defaults and then **Install**.
3. Press **Next** to accept all the defaults and then **Install**.
Accept all the installer defaults. The installer takes a few minutes to install all the components:
5. When notified by Windows Security the installer will make changes, make sure you allow the installer to make the necessary changes.
4. When notified by Windows Security the installer will make changes, make sure you allow the installer to make the necessary changes.
When it completes, the installer reports it was successful:
![Success](images/finish.png)
6. Uncheck "View Shortcuts in File Explorer" and press **Finish**.
5. Uncheck "View Shortcuts in File Explorer" and press **Finish**.
## Step 3: Verify your installation