docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/reference/ucp/3.1/cli/install.md

84 lines
7.9 KiB
Markdown
Raw Blame History

---
title: docker/ucp install
description: Install UCP on a node
keywords: ucp, cli, install
---
Install UCP on a node
## Usage
```bash
docker container run --rm -it \
--name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp \
install [command options]
```
## Description
This command initializes a new swarm, turns anode into a manager, and installs
Docker Universal Control Plane (UCP).
When installing UCP you can customize:
* The UCP web server certificates. Create a volume named `ucp-controller-server-certs` and copy the `ca.pem`, `cert.pem`, and `key.pem` files to the root directory. Then run the install command with the `--external-server-cert` flag.
* The license used by UCP, which you can accomplish by bind-mounting the file at `/config/docker_subscription.lic` in the tool. For example, `-v /path/to/my/config/docker_subscription.lic:/config/docker_subscription.lic` or by specifying the `--license $(cat license.lic)` option.
If you're joining more nodes to this swarm, open the following ports in your
firewall:
* 443 or the `--controller-port`
* 2376 or the `--swarm-port`
* 12376, 12379, 12380, 12381, 12382, 12383, 12384, 12385, 12386, 12387
* 4789 (udp) and 7946 (tcp/udp) for overlay networking
If you have SELinux policies enabled for your Docker install, you will need to
use `docker container run --rm -it --security-opt label=disable ...` when running this
command.
## Options
| Option | Description |
|:-------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--debug, D` | Enable debug mode |
| `--jsonlog` | Produce json formatted output for easier parsing |
| `--interactive, i` | Run in interactive mode and prompt for configuration values |
| `--admin-username` | The UCP administrator username |
| `--admin-password` | The UCP administrator password |
| `--san` | Add subject alternative names to certificates (e.g. --san www1.acme.com --san www2.acme.com) | | `--unmanaged-cni` | This determines who manages the CNI plugin, using `true` or `false`. The default is `false`. The `true` value installs UCP without a managed CNI plugin. UCP and the Kubernetes components will be running but pod to pod networking will not function until a CNI plugin is manually installed. This will impact some functionality of UCP until a CNI plugin is running. |
| `--host-address` | The network address to advertise to other nodes. Format: IP address or network interface name |
| `--data-path-addr` | Address or interface to use for data path traffic. Format: IP address or network interface name |
| `--controller-port` | Port for the web UI and API |
| `--kube-apiserver-port` | Port for the Kubernetes API server (default: 6443) |
| `--swarm-port` | Port for the Docker Swarm manager. Used for backwards compatibility |
| `--swarm-grpc-port` | Port for communication between nodes |
| `--cni-installer-url` | Deprecated feature. A URL pointing to a Kubernetes YAML file to be used as an installer for the CNI plugin of the cluster. If specified, the default CNI plugin is not installed. If the URL uses the HTTPS scheme, no certificate verification is performed. |
| `--unmanaged-cni` | flag to indicate if cni provider is calico and managed by UCP (calico is the default CNI provider). The default value is "true" when using the default Calico CNI. |
| `--pod-cidr` | Kubernetes cluster IP pool for the pods to allocated IPs from (Default: `192.168.0.0/16`) |
| `--cloud-provider` | The cloud provider for the cluster
| `--skip-cloud-provider` | Disables checks that rely on detecting the cloud provider (if any) on which the cluster is currently running. |
| `--dns` | Set custom DNS servers for the UCP containers |
| `--dns-opt` | Set DNS options for the UCP containers |
| `--dns-search` | Set custom DNS search domains for the UCP containers |
| `--unlock-key` | The unlock key for this swarm-mode cluster, if one exists. |
| `--existing-config` | Use the latest existing UCP config during this installation. The install fails if a config is not found. |
| `--force-minimums` | Force the install/upgrade even if the system doesn't meet the minimum requirements. |
| `--pull` | Pull UCP images: `always`, when `missing`, or `never` |
| `--registry-username` | Username to use when pulling images |
| `--registry-password` | Password to use when pulling images |
| `--kv-timeout` | Timeout in milliseconds for the key-value store |
| `--kv-snapshot-count` | Number of changes between key-value store snapshots |
| `--swarm-experimental` | Enable Docker Swarm experimental features. Used for backwards compatibility |
| `--disable-tracking` | Disable anonymous tracking and analytics |
| `--disable-usage` | Disable anonymous usage reporting |
| `--external-server-cert` | Use the certificates in the `ucp-controller-server-certs` volume instead of generating self-signed certs during installation |
| `--preserve-certs` | Don't generate certificates if they already exist |
| `--binpack` | Set the Docker Swarm scheduler to binpack mode. Used for backwards compatibility |
| `--random` | Set the Docker Swarm scheduler to random mode. Used for backwards compatibility |
| `--external-service-lb` | Set the external service load balancer reported in the UI |
| `--enable-profiling` | Enable performance profiling |
| `--license` | Add a license: e.g.` --license "$(cat license.lic)" ` |
| `--force-insecure-tcp` | Force install to continue even with unauthenticated Docker Engine ports |
Reference in New Issue View Git Blame Copy Permalink