* Reorganize docs to make docs easier to browse
* Remove duplicate information
* Update information for UCP 1.1
* Adds new docs for
* System requirements
* Architecture
* Offline install
Still missing docs for 1.1 features like:
* Backup/restore
* eNZi impacts, if any.
The name of this flag used to make sense when this effectiely turned
off the user CA, but that's not the case in the shipping product. What
this flag really means is you're bringing your own server cert, so lets
fix it. Since folks may have scripted the old flag, I've preserved it for now
but we can drop it in the future.
The format for node advertisement in swarm and docker engine (for
networking) is the same, and can be shared. Doing so allows us to start
toward removing the swarm-join container, and improves our HA situation
after engine discovery is run. Resolves#670.
Specifically, swarm was previously somewhat HA: if you set up 1
controller, 2 replicas and 1 node, then you could lose the controller
and still remain functional unless the swarm node needed to restart.
This change improves HA by removing the above failure mode as long as
engine discovery has been run and is up to date.
See also docker/swarm#1368 which implemented this flag, and lays out the
future scenario we hope to achieve, and also #1032 which is our goal of
removing swarm join with automatical engine discovery.
The --image-version flag is for internal use only.
The `ucp help` command doesn't output that flag anymore, so
I'm removing it from the docs also.
Fixes#795
Signed-off-by: Joao Fernandes <joao.fernandes@docker.com>
Structured the release notes to make them look cleaner, and
included new release notes for v0.9 and v1.0.
Signed-off-by: Joao Fernandes <joao.fernandes@docker.com>
* LDAP Settings material
* Closes#651
* Combining work into single branch
* Updating index
* Fixing code examples
* Adding in note from Johnny's feedabck
* Menu positions, HA terms
* Copy edit of users
* Adding deploy an application
* Updating the overview page to include more text
* Updating with comments from review page
* Updating the constraints and port
* Layout check/fix
Signed-off-by: Mary Anthony <mary@docker.com>
During the UCP beta we had created a quickstart guide
that included installation prerequisites (like ports that
need to be open), and the installation procedure.
Now we're breaking that information in two different documents.
This makes the information more accessible to someone who just
wants to prepare the installation.
Few tweaks on check
Update with comments from Dan
Last comments;fix some build breaks
Tighten language add reconfigure info
Signed-off-by: Mary Anthony <mary@docker.com>
The original implementation assumed that if you brought your own server
cert, then users certs would be signed by the same CA, but this will
make it quite challenging for large enterprises who would be forced to
manage certs for users, or worse, buy them from the same external CA.
Since the UCP controller already trusts multiple root, there's no reason
we can't add another.
Prior to this change the CA stored next to the server cert was the
"full" trust chain including the root CAs. With this change, we flip
that around and use the swarm cert CA for the controller. This is a
tiny bit messy, because we have to be careful not to accidentally wind
up with that CA on the cluster components other than the controller,
so I've enhanced our integration tests to cover this case specifically
and make sure we don't mistakenly open the system up. In doing so,
I had to refine the integration test so all the servers were signed by
the same CA (the prior code was sloppy and used a fresh CA for each HA
node, which meant the bundles broke on the replica controllers.)
In the future, we'll likely have intermediaries with differnet
privileges/scopes, and may revisit the multiple root CA model, so this
seems like a reasonable compromise to keep the code churn down for now.
Adrian Kreher
Joao Fernandes
Alex Mavrogiannis
Daniel Hiltgen
Michael Friis
Vivek Saraswat
Vivek Saraswat
Matt Bentley
Mary Anthony
Patrick Devine
kizbitz