docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/datacenter/ucp/3.0/guides/user/access-ucp/cli-based-access.md

4.0 KiB
Raw Blame History

title description keywords
CLI-based access Learn how to access Docker Universal Control Plane from the CLI. ucp, cli, administration

With Universal Control Plane you can continue using the tools you know and love like the Docker CLI client and Kubectl. You just need to download and use a UCP client bundle.

A client bundle contains a private and public key pair that authorizes your requests in UCP. It also contains utility scripts you can use to configure your Docker and Kubectl client tools to talk to your UCP deployment.

Download client certificates

To download a client certificate bundle, log in to the UCP web UI and navigate to the My Profile page.

In the left pane, click Client Bundles and choose New Client Bundle to download the certificate bundle.

{: .with-border}

Use client certificates

Once you've downloaded a client certificate bundle to your local computer, you can use it to authenticate your requests.

Navigate to the directory where you downloaded the user bundle, and extract the zip file into a directory. Then use the utility script appropriate for your system:

  • Linux and macOS
  • Cmd
  • PowerShell
```bash cd client-bundle && eval "$(
```cmd REM Run this from an elevated prompt session cd client-bundle && env.cmd ```
```cmd # Run this from an elevated PowerShell session cd client-bundle; Import-Module .\env.ps1 ```

The client bundle utility scripts update the the environment variables DOCKER_HOST to make your client tools communicate with your UCP deployment, and the DOCKER_CERT_PATH environment variable to use the client certificates that are included in the client bundle you downloaded. The utility scripts also run the kubectl config command to configure Kubectl.

To confirm that your client tools are now communicating with UCP, run:

  • Docker
  • Kubectl
```bash {% raw %} docker version --format '{{.Server.Version}}' {% endraw %} {{ page.ucp_repo }}/{{ page.ucp_version }} ```
```bash kubectl config current-context ```

You can now use the Docker and Kubectl clients to create resources in UCP.

Client certificates for administrators

UCP issues different types of certificates depending on the user:

  • User certificate bundles: only allow running docker commands through a UCP manager node.
  • Admin user certificate bundles: allow running docker commands on the Docker Engine of any node.

Download client certificates by using the REST API

You can also download client bundles by using the UCP REST API. In this example, we use curl to make the web requests to the API, and jq to parse the responses.

To install these tools on a Ubuntu distribution, you can run:

$ sudo apt-get update && sudo apt-get install curl jq

Then you get an authentication token from UCP, and use it to download the client certificates.

# Create an environment variable with the user security token
$ AUTHTOKEN=$(curl -sk -d '{"username":"<username>","password":"<password>"}' https://<ucp-ip>/auth/login | jq -r .auth_token)

# Download the client certificate bundle
$ curl -k -H "Authorization: Bearer $AUTHTOKEN" https://<ucp-ip>/api/clientbundle -o bundle.zip

Where to go next