The ucp
component enables Cluster to customize the Universal Control Plane
(UCP) configuration.
cluster:
ucp:
ca: "path_to/ca.pem"
cert: "path_to/cert.pem"
install_options: "--option1=value --option2=value"
key: "path_to/key.pem"
password: "dockerdocker"
pre_pull_images: true
username: "admin"
version: "docker/ucp:#.#.#"
Setting | Type | Default | Description |
---|---|---|---|
ca |
String | None | Path to the CA certificate |
cert |
String | None | Path to the TLS/SSL public certificate |
install_options |
String | None | Additional options to pass to mirantis/ucp install |
key |
String | None | Path to the TLS/SSL private key |
password |
String | “dockerdocker” | Password for the Administrator user account |
pre_pull_images |
Boolean | false |
Pre pull the UCP images on each node |
username |
String | “admin” | Username for the Administrator user account |
version |
String | “docker/ucp:3.3.0” | Image of UCP to use |
Docker Cluster also accepts all MKE Configuration File settings and creates the initial UCP config on installation.
Setting | Type | Default | Description |
---|---|---|---|
anonymize_tracking |
Boolean | false |
Anonymize license ID in analytic data |
audit_level |
String | “disabled” | Audit logging level
Options: “disabled”, “metadata”, “request”
|
auto_refresh |
Boolean | true |
Automatically refresh license when the license nears expiration. |
azure_ip_count |
Integer | 128 | Number of IPs for the Azure allocator to allocate per virtual machine |
backend |
String | “managed” | Authorization backend
Options: “managed”, “ldap”
|
calico_mtu |
String | “1480” | MTU (maximum transmission unit) setting for Calico |
cloud_provider |
String | Derived | Kubernetes Cloud Provider |
cluster_label |
String | None | Label to be included with analytics |
cni_installer_url |
String | Calico | URL of a Kubernetes YAML file to be used for installing a CNI plugin. Only applies during initial installation. |
controller_port |
Integer | 443 | Port to listen on for the ucp-controller |
custom_header_name |
String | None | Name of the customer header |
custom_header_value |
String | None | Value of the customer header |
default_new_user_role |
String | “restrictedcontrol” | Role assigned to users for their private collection
Options: “admin”, “fullcontrol”, “restrictedcontrol”, “scheduler”,
“viewonly”
|
default_node_orchestrator |
Type | “swarm” | Orchestrator configured for new nodes that join to the cluster
Options: “kubernetes”, “swarm”
|
disable_tracking |
Boolean | false |
Disable analytics of API call information |
disable_usageinfo |
Boolean | false |
Disable analytics of usage information |
dns |
String | None | Comma separated list of IP addresses to be added as nameservers |
dns_opt |
String | None | Comma separated list of options to use with the DNS resolvers |
dns_search |
String | None | Comma separated list of domain names to search when a bare unqualified hostname is used inside of a container |
enable_admin_ucp_scheduling |
Boolean | false |
Allow admins to schedule containers on system nodes |
external_service_lb |
String | None | FQDN of an external load balancer for default links to services with exposed ports in the web interface |
host_address |
String | None | Address of DTR instance connected to this cluster |
log_host |
String | None | Remote syslog server to send controller logs to |
idpMetadataURL |
String | None | Identity Provider Metadata URL |
image_repository |
String | None | Repository to use for UCP images |
install_args |
String | None | Additional arguments to pass to the UCP installer |
ipip_mtu |
String | 1480 | IP-in-IP MTU for the calico IP-in-IP tunnel interface |
kube_apiserver_port |
Integer | 6443 | Kubernetes API server listener port |
kv_snapshot_count |
Integer | 20000 | Key-value store maximum snapshot count |
kv_timeout |
String | 5000 | Key-value store timeout setting, in milliseconds |
lifetime_minutes |
Integer | 4320 | Initial session lifetime, in minutes |
local_volume_collection_mapping |
Boolean | false |
Stores data about collections for volumes in UCP’s local KV store instead of on the volume labels. This is used for enforcing access control on volumes. |
log_level |
String | “err” | Logging level for UCP components
Options: “debug”, “info”, “notice”, “warning”, “err”, “crit”, “alert”,
“emerg”
|
managedPasswordDisabled |
Boolean | false |
Disable UCP managed accounts |
managedPasswordFallbackUser |
String | None | Fallback user when the managed password authentication is disabled |
manager_kube_reserved_resources |
String | “cpu=250m,memory=2Gi,ephemeral-storage=4Gi” | Resources to reserve for Docker UCP and Kubernetes components running on manager nodes. |
metrics_disk_usage_interval |
String | None | Interval for storage metrics gathering frequency |
metrics_retention_time |
String | “24h” | Adjusts the metrics retention time |
metrics_scrape_interval |
String | “1m” | Frequency that managers gather metrics from nodes in the cluster. |
nodeport_range |
String | “32768-35535” | Port range for NodePort of Kubernetes services |
per_user_limit |
Integer | 5 | Maximum number of sessions that a user can have active simultaneously. A value of zero disables the limit. |
pod_cidr |
String | “192.168.0.0/16” | CIDR range from which the IPs for the pods will be allocated |
profiling_enabled |
Boolean | false |
Enable specialized debugging endpoints for profiling UCP performance |
log_protocol |
String | “ucp” | Protocol to use for remote logging
Options: “tcp”, “udp”
|
renewal_threshold_minutes |
Integer | 1440 | Length of time, in minutes, before the expiration of a session. When used, a session is extended by the currently configured lifetime from that point in time. A zero value disables session extension. |
require_content_trust |
Boolean | false |
Require images be signed by content trust |
require_signature_from |
String | None | Comma separated list of users or teams required to sign an image |
rethinkdb_cache_size |
String | “1GB” | Size of the cache used by UCP’s RethinkDB. Setting this to auto
instructs RethinkDB to determine a cache size automatically. |
rootCerts |
String | None | Root SSL/TLS certificate |
samlEnabled |
Boolean | false |
Enable SAML |
samlLoginText |
String | None | Customized SAML login button text |
service_id |
String | None | DTR instance’s OpenID Connect Client ID, as registered with the Docker authentication provider |
spHost |
String | None | Service Provider Host |
storage_driver |
String | None | UCP storage driver to install |
support_dump_include_audit_logs |
Boolean | false |
Include audit logs from the ‘ucp-controller’ container of each manager node in the support dump. |
swarm_port |
Integer | 2376 | Listener port for the ‘ucp-swarm-manager’ |
swarm_strategy |
String | “spread” | Swarm placement strategy for container scheduling
Options: “binpack”, “random”, “spread”
|
tlsSkipVerify |
Boolean | false |
Skip TLS verification for IdP Metadata |
unmanaged_cni |
Boolean | false |
Use an unmanaged CNI |
worker_kube_reserved_resources |
String | “cpu=50m,memory=300Mi,ephemeral-storage=500Mi” | Resources to reserve for Docker UCP and Kubernetes components that are running on worker nodes. |
These settings are for development and testing purposes only. Arbitrary Kubernetes configuration parameters are not tested and supported under the Docker Enterprise Software Support Agreement.
Setting | Type | Default | Description |
---|---|---|---|
custom_kube_api_server_flags |
String | None | Configuration options for the Kubernetes API server |
custom_kube_controller_manager_flags |
String | None | Configuration options for the Kubernetes controller manager |
custom_kube_scheduler_flags |
String | None | Configuration options for the Kubernetes scheduler |
custom_kubelet_flags |
String | None | Configuration options for the Kubelet |