docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/reference/ucp/3.0/cli/install.md

89 lines
12 KiB
Markdown
Raw Blame History

---
title: docker/ucp install
description: Install UCP on this node
keywords: ucp, cli, install
---
Install UCP on this node
## Usage
```bash
docker container run --rm -it \
--name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp \
--unmanaged-cni <true|false>
install [command options]
```
## Description
This command initializes a new swarm, turns this node into a manager, and installs
Docker Universal Control Plane (UCP).
When installing UCP you can customize:
* The certificates used by the UCP web server. Create a volume
named `ucp-controller-server-certs` and copy the `ca.pem`, `cert.pem`, and `key.pem`
files to the root directory. Then run the install command with the
`--external-server-cert` flag.
* The license used by UCP, by bind-mounting the file at
`/config/docker_subscription.lic` in the tool. E.g. `-v /path/to/my/config/docker_subscription.lic:/config/docker_subscription.lic`
or by specifying with `--license "$(cat license.lic)`
If you're joining more nodes to this swarm, open the following ports in your
firewall:
* 443 or the '--controller-port'
* 2376 or the '--swarm-port'
* 12376, 12379, 12380, 12381, 12382, 12383, 12384, 12385, 12386, 12387
* 4789 (udp) and 7946 (tcp/udp) for overlay networking
If you have SELinux policies enabled for your Docker install, you will need to
use `docker container run --rm -it --security-opt label=disable ...` when running this
command.
## Options
| Option | Description |
|:-------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--debug, D` | Enable debug mode |
| `--jsonlog` | Produce json formatted output for easier parsing |
| `--interactive, i` | Run in interactive mode and prompt for configuration values |
| `--admin-username` | The UCP administrator username |
| `--admin-password` | The UCP administrator password |
| `--san` | Add subject alternative names to certificates (e.g. --san www1.acme.com --san www2.acme.com) |
| `--unmanaged-cni` | This determines who manages the CNI plugin, using `true` or `false`. The default is false. The `true` value installs UCP without a managed CNI plugin. UCP and the Kubernetes components will be running but pod to pod networking will not function until a CNI plugin is manually installed. This will impact some functionality of UCP until a CNI plugin is running. |
| `--host-address` | The network address to advertise to other nodes. Format: IP address or network interface name |
| `--data-path-addr` | Address or interface to use for data path traffic. Format: IP address or network interface name |
| `--controller-port` | Port for the web UI and API |
| `--kube-apiserver-port` | Port for the Kubernetes API server (default: 6443) |
| `--swarm-port` | Port for the Docker Swarm manager. Used for backwards compatibility |
| `--swarm-grpc-port` | Port for communication between nodes |
| `--pod-cidr` | Kubernetes cluster IP pool for the pods to allocated IPs from (Default: 192.168.0.0/16) |
| `--cloud-provider` | The cloud provider for the cluster |
| `--dns` | Set custom DNS servers for the UCP containers |
| `--dns-opt` | Set DNS options for the UCP containers |
| `--dns-search` | Set custom DNS search domains for the UCP containers |
| `--unlock-key` | The unlock key for this swarm-mode cluster, if one exists. |
| `--existing-config` | Use the latest existing UCP config during this installation. The install fails if a config is not found. |
| `--force-minimums` | Force the install/upgrade even if the system doesn't meet the minimum requirements. |
| `--pull` | Pull UCP images: `always`, when `missing`, or `never` |
| `--registry-username` | Username to use when pulling images |
| `--registry-password` | Password to use when pulling images |
| `--kv-timeout` | Timeout in milliseconds for the key-value store |
| `--kv-snapshot-count` | Number of changes between key-value store snapshots |
| `--swarm-experimental` | Enable Docker Swarm experimental features. Used for backwards compatibility |
| `--disable-tracking` | Disable anonymous tracking and analytics |
| `--disable-usage` | Disable anonymous usage reporting |
| `--external-server-cert` | Use the certificates in the `ucp-controller-server-certs` volume instead of generating self-signed certs during installation |
| `--preserve-certs` | Don't generate certificates if they already exist |
| `--binpack` | Set the Docker Swarm scheduler to binpack mode. Used for backwards compatibility |
| `--random` | Set the Docker Swarm scheduler to random mode. Used for backwards compatibility |
| `--external-service-lb` | Set the external service load balancer reported in the UI |
| `--enable-profiling` | Enable performance profiling |
| `--license` | Add a license: e.g. --license "$(cat license.lic)" |
| `--force-insecure-tcp` | Force install to continue even with unauthenticated Docker Engine ports |
Reference in New Issue View Git Blame Copy Permalink