docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/ucp/architecture.md

93 lines
6.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
description: Learn about the architecture of Docker Universal Control Plane.
keywords:
- docker, ucp, architecture
menu:
main:
identifier: ucp_architecture
parent: mn_ucp
weight: 20
title: Architecture
---
# UCP architecture
UCP is a containerized application, so the first step to install UCP is
installing the Commercially Supported (CS) Docker Engine on all the nodes that
are going to be part of the cluster.
![](images/architecture-1.png)
After CS Docker Engine is installed, you install UCP, and join as many
nodes as you want to the cluster.
![](images/architecture-2.png)
## Architecture
A UCP cluster has two types of nodes:
* Controller: manages the cluster and persists the cluster configurations.
* Node: run your containers.
### UCP controller node
When you install Docker UCP on a node, the following containers are started.
![](images/architecture-3.png)
| Name | Description |
|:--------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------|
| ucp-proxy | A TLS proxy. It allows secure access to the local Docker Engine. |
| ucp-controller | The UCP application. It uses the key-value store for persisting configurations. |
| ucp-swarm-manager | Provides the clustering capabilities. It uses the key-value store for leader election, and keeping track of cluster members. |
| ucp-swarm-join | Heartbeat to record on the key-value store that this node is alive. If the node goes down, this heartbeat stops, and the node is removed from the cluster. |
| ucp-auth-api | The centralized API for identity and authentication used by UCP and DTR. |
| ucp-auth-worker | Performs scheduled LDAP synchronizations and cleans data on the ucp-auth-store. |
| ucp-auth-store | Stores authentication configurations, and data for users, organizations and teams. |
| ucp-kv | Used to store the UCP configurations. Don't use it in your applications, since it's for internal use only. |
| ucp-cluster-root-ca | A certificate authority to sign the certificates used when joining new nodes, and on administrator client bundles. |
| ucp-client-root-ca | A certificate authority to sign user bundles. Only used when UCP is installed without an external root CA. |
### UCP node
When you join a node to a Docker UCP cluster, the following containers are
started.
![](images/architecture-4.png)
| Name | Description |
|:---------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------|
| ucp-proxy | A TLS proxy. It allows secure access to the local Docker Engine. |
| ucp-swarm-join | Heartbeat to record on the key-value store that this node is alive. If the node goes down, this heartbeat stops, and the node is dropped from the cluster. |
## Volumes
Docker UCP uses these named volumes for persisting data:
| Node | Volume name | Location on host (/var/lib/docker/volumes/) | Description |
|:-----------|:----------------------------|:--------------------------------------------|:---------------------------------------------------------------------------------------------------------------|
| all | ucp-client-root-ca | ucp-client-root-ca/_data | The certificate and key for the UCP root CA. Do not create this volume if you are using your own certificates. |
| all | ucp-cluster-root-ca | ucp-cluster-root-ca/_data | The certificate and key for the Swarm root CA. |
| all | ucp-controller-client-certs | ucp-controller-client-certs/_data | The UCP Controller Swarm client certificates for the current node. |
| all | ucp-controller-server-certs | ucp-controller-server-certs/_data | The controller certificates for the UCP controllers web server. |
| controller | ucp-kv | ucp-kv/_data | Key value store persistence. |
| all | ucp-kv-certs | ucp-kv-certs/_data | The Swarm KV client certificates for the current node (repeated on every node in the cluster). |
| all | ucp-node-certs | ucp-node-certs/_data | The Swarm certificates for the current node (repeated on every node in the cluster). |
If you dont create these volumes before when installing UCP, they are created with
the default volume driver and flags.
## High-availability support
For load balancing and high-availability, you can install multiple controller
nodes and join them to create a cluster.
[Learn more about high availability](high-availability/set-up-high-availability.md).
## Where to go next
* [System requirements](installation/system-requirements.md)
* [Plan a production installation](installation/plan-production-install.md)
Reference in New Issue View Git Blame Copy Permalink