Skip to content

Commit 2fe6a32

Browse files
author
Joao Fernandes
committed
Improves install docs
- Fixes docker#498 - Fixes docker#528 - Fixes docker#785 - Fixes docker#794 - Fixes docker#927
1 parent 0ece4fc commit 2fe6a32

10 files changed

+121
-91
lines changed

images/dashboard.png

-7.33 KB
Loading

images/docker-hub-license.png

141 KB
Loading

images/docker-hub-settings.png

71.3 KB
Loading

images/login.png

-10.8 KB
Loading

images/nodes-page.png

158 KB
Loading

images/replica-nodes.png

118 KB
Loading

images/ucp-architecture.png

-171 Bytes
Loading

manage/monitor-ucp.md

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,7 @@ if something goes wrong.
2020
Docker UCP has several components:
2121

2222
* UCP controller node: the node that handles user requests,
23-
* UCP replica nodes: replicas of the controller node that can take its place
24-
if it fails,
23+
* UCP replica nodes: replicas of the controller node, for high-availability,
2524
* UCP nodes: the nodes that run your own containers.
2625

2726
[Learn more about the UCP architecture](../plan-production-install.md#ucp-architecture).
@@ -53,8 +52,8 @@ filter dropdown choose **Show all containers** to see all the UCP components.
5352

5453
![UCP container list](../images/container-list.png)
5554

56-
You can see more information about these containers. On the right-hand side of
57-
a container, **click the options knob** to see the container details.
55+
You can see more information about these containers. **Click on the container**
56+
to see its details.
5857

5958
![UCP container details](../images/container-detail-2.png)
6059

plan-production-install.md

Lines changed: 39 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,6 @@ The following topics are covered:
2020
* [UCP architecture](#ucp-architecture)
2121
* [The UCP installation](#the-ucp-installation)
2222
* [Understand your installation options](#understand-your-installation-options)
23-
* [Security Considerations](#security-considerations)
24-
* [Docker Engine Configuration](#docker-engine-configuration)
2523
* [Installation checklist](#installation-checklist)
2624

2725
## UCP architecture
@@ -32,8 +30,8 @@ In this cluster, there are 3 different types of nodes:
3230

3331
* [UCP controller node](#UCP-controller-node): the node that handles user
3432
requests,
35-
* [UCP replica nodes](#ucp-replica-nodes): replicas of the controller node
36-
that can take its place if it fails,
33+
* [UCP replica nodes](#ucp-replica-nodes): replicas of the controller node, for
34+
high-availability,
3735
* [UCP nodes](#ucp-nodes): the nodes that run your own containers.
3836

3937
![](images/ucp-architecture.png)
@@ -46,19 +44,24 @@ using a web browser, or a CLI client.
4644
Below is a list of the containers that are deployed to the controller node,
4745
when running the `ucp install` command:
4846

49-
| Container name | Description |
50-
|:------------------|:------------------------------------------------------------------------------------------|
51-
| ucp-controller | Manages UCP resources, admin configuration, and user commands. |
52-
| ucp-swarm-manager | Accepts requests the from UCP controller. |
53-
| ucp-kv | Internal node discovery, cluster configuration, and support for HA. |
54-
| ucp-ca | Allow external systems to reach UCP. Proxy for TLS. |
55-
| ucp-swarm-ca | Allow external systems to reach UCP, Swarm, and Engine, using credentials. Proxy for TLS. |
47+
| Name | Description |
48+
|:----------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
49+
| `ucp-kv` | This container runs the key-value store used by UCP. Don't use this key-value store in your applications, since it's for internal use only. |
50+
| `ucp-swarm-manager` | This Swarm manager uses the replicated KV store for leader election and cluster membership tracking. |
51+
| `ucp-controller` | This container runs the UCP server, using the replicated KV store for configuration state. |
52+
| `ucp-swarm-join` | Runs the `swarm join` command to periodically publish this node existence to the KV store. If the node goes down, this publishing stops, and the registration times out, and the node is automatically dropped from the cluster. |
53+
| `ucp-proxy` | Runs a local TLS proxy for the docker socket to enable secure access of the local docker daemon. |
54+
| `ucp-cluster-root-ca` | Run the Swarm CA used for admin certificate bundles, and adding new nodes. |
55+
| `ucp-client-root-ca` | Run the (optional) UCP CA used for signing user bundles. |
5656

5757

5858
#### UCP replica nodes
5959

6060
Docker UCP has support for high availability. You can configure replica nodes
61-
to stand by, and be ready to take the place of the controller if it fails.
61+
for:
62+
63+
* Load-balancing user requests across the controller and replica nodes,
64+
* Maintain a copy of the system configuration, in case the controller fails.
6265

6366
A cluster with N controller and replica nodes can only tolerate (N-1)/2 node
6467
failures. So be sure to set up at least two replicas, when installing UCP for
@@ -67,13 +70,13 @@ production.
6770
Below is a list of the containers that are deployed to the controller node,
6871
when running the `ucp join --replica` command:
6972

70-
| Container name | Description |
71-
|:------------------|:--------------------------------------------------------------------|
72-
| ucp-controller | Manages UCP resources, admin configuration, and user commands. |
73-
| ucp-swarm-manager | Accepts requests from the UCP controller. |
74-
| ucp-kv | Internal node discovery, cluster configuration, and support for HA. |
75-
| ucp-proxy | Manages TLS and requests from swarm manager. |
76-
| ucp-swarm-join | Heartbeat for Swarm nodes to ensure they are running. |
73+
| Name | Description |
74+
|:--------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
75+
| `ucp-kv` | This container runs the key-value store used by UCP. Don't use this key-value store in your applications, since it's for internal use only. |
76+
| `ucp-swarm-manager` | This Swarm manager uses the replicated KV store for leader election and cluster membership tracking. |
77+
| `ucp-controller` | This container runs the UCP server, using the replicated KV store for configuration state. |
78+
| `ucp-swarm-join` | Runs the `swarm join` command to periodically publish this node existence to the KV store. If the node goes down, this publishing stops, and the registration times out, and the node is automatically dropped from the cluster. |
79+
| `ucp-proxy` | Runs a local TLS proxy for the docker socket to enable secure access of the local docker daemon. |
7780

7881
In UCP v1.0 the controller serves as root CA, and no other nodes are able to
7982
sign certificates. If the controller fails, it might not be possible to add new
@@ -89,10 +92,10 @@ nodes.
8992
Below is a list of the containers that are deployed to the controller node,
9093
when running the `ucp join` command:
9194

92-
| Container name | Description |
93-
|:---------------|:------------------------------------------------------|
94-
| ucp-proxy | Manages TLS and requests from swarm manager. |
95-
| ucp-swarm-join | Heartbeat for Swarm nodes to ensure they are running. |
95+
| Name | Description |
96+
|:-----------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
97+
| `ucp-swarm-join` | Runs the `swarm join` command to periodically publish this node existence to the KV store. If the node goes down, this publishing stops, and the registration times out, and the node is automatically dropped from the cluster. |
98+
| `ucp-proxy` | Runs a local TLS proxy for the docker socket to enable secure access of the local docker daemon. |
9699

97100

98101
## The UCP installation
@@ -174,18 +177,19 @@ The following ports are using on UCP installation:
174177

175178
| Hosts | Direction | Port | Purpose |
176179
|:----------------------------|:---------:|:--------------------|:------------------------------------------------------------|
177-
| controller, replicas | in | 443 (configurable) | web app and CLI client access to UCP. |
178-
| controller, replicas | in | 2376 (configurable) | swarm manager accepts requests from UCP controller. |
179-
| controller, replicas, nodes | in | 2375 | heartbeat for nodes, to ensure they are running. |
180-
| controller, replicas, nodes | in | 12376 | proxy for TLS, provides access to UCP, Swarm, and Engine. |
181-
| controller, replicas | in | 12379 | internal node configuration, cluster configuration, and HA. |
182-
| controller, replicas | in | 12380 | internal node configuration, cluster configuration, and HA. |
183-
| controller | in | 12381 | proxy for TLS, provides access to UCP. |
184-
| controller | in | 12382 | manages TLS and requests from swarm manager. |
185-
| controller, replicas | out | 443 | send anonymous usage reports to Docker. |
186-
187-
UCP collects anonymous data on the usage of UCP and reports to Docker.
188-
This data is entirely anonymous and does not identify your company or users.
180+
| controller, replicas | in | 443 (configurable) | Web app and CLI client access to UCP. |
181+
| controller, replicas | in | 2376 (configurable) | Swarm manager accepts requests from UCP controller. |
182+
| controller, replicas, nodes | in | 2375 | Heartbeat for nodes, to ensure they are running. |
183+
| controller, replicas, nodes | in | 12376 | Proxy for TLS, provides access to UCP, Swarm, and Engine. |
184+
| controller, replicas | in | 12379 | Internal node configuration, cluster configuration, and HA. |
185+
| controller, replicas | in | 12380 | Internal node configuration, cluster configuration, and HA. |
186+
| controller | in | 12381 | Proxy for TLS, provides access to UCP. |
187+
| controller | in | 12382 | Manages TLS and requests from swarm manager. |
188+
| controller, replicas | out | 443 | Send anonymous usage reports to Docker. |
189+
190+
UCP collects anonymous usage metrics, to help us improve it.
191+
These metrics are entirely anonymous, don't identify your company, users,
192+
applications, or any other sensitive information.
189193
You can disable this at any time on the UCP settings screen.
190194

191195

@@ -204,19 +208,6 @@ you might need to create a private network for you UCP installation. In that
204208
case, make sure all nodes of the cluster can communicate using their private
205209
IPs.
206210

207-
If the nodes in the cluster cannot communicate using the private IPs,
208-
you'll need to use public IPs or Fully Qualified Domain Names.
209-
[Check the ports used](#ports-used) by UCP.
210-
211-
212-
If you are using a cloud provider such as AWS or Digital Ocean, you may need to
213-
create a private network for your UCP installation. You can use this network
214-
as long as the controller and nodes can communicate via
215-
their private IPs. If the private IPs do not support communication among the
216-
UCP cluster, using public IPs or full-qualified domain names are required. For
217-
more information about what ports and protocols are required see
218-
[Step 2: Configure your network for UCP](#step-2-configure-your-network-for-ucp).
219-
220211

221212
### Subject alternative names (SANs)
222213

0 commit comments

Comments
 (0)