With Mirantis Kubernetes Engine you can continue using the tools you know and love like the Docker CLI client and kubectl. You just need to download and use a MKE client bundle.
A client bundle contains a private and public key pair that authorizes your requests in MKE. It also contains utility scripts you can use to configure your Docker and kubectl client tools to talk to your MKE deployment.
Download the Docker CLI client by using the MKE web UI. The web UI ensures that you have the right version of the CLI tools for the current version of MKE.
docker
archive.To use the Docker CLI with MKE, download a client certificate bundle by using the MKE web UI.
Once you’ve downloaded a client certificate bundle to your local computer, you can use it to authenticate your requests.
Navigate to the directory where you downloaded the user bundle, and extract the zip file into a directory. Then use the utility script appropriate for your system:
cd client-bundle && eval "$(<env.sh)"
# Run this from an elevated prompt session
cd client-bundle && env.cmd
The client bundle utility scripts update the environment variables
DOCKER_HOST
to make your client tools communicate with your MKE
deployment, and the DOCKER_CERT_PATH
environment variable to use the
client certificates that are included in the client bundle you
downloaded. The utility scripts also run the kubectl config
command
to configure kubectl.
To confirm that your client tools are now communicating with MKE, run:
docker version --format '{{.Server.Version}}'
kubectl config current-context
The expected Docker server version starts with ucp/
, and the
expected kubectl context name starts with ucp_
.
You can now use the Docker and kubectl clients to create resources in MKE.
In Docker Enterprise 3.0, new files are contained in the MKE bundle.
These changes support the use of .zip
files with
docker context import
and allow you to directly change your context
using the bundle .zip
file. Navigate to the directory where you
downloaded the user bundle and use docker context import
to add the
new context:
cd client-bundle && docker context import myucp ucp-bundle-$USER.zip"
Refer to `Working with
Contexts </engine/context/working-with-contexts/>`__ for more
information on using Docker contexts.
MKE issues different types of certificates depending on the user:
You can also download client bundles by using the MKE REST
API. In this example, we use curl
to
make the web requests to the API, jq
to parse the responses, and
unzip
to unpack the zip archive.
To install these tools on an Ubuntu distribution, you can run:
sudo apt-get update && sudo apt-get install curl jq unzip
Then you get an authentication token from MKE and use it to download the client certificates.
# Create an environment variable with the user security token
AUTHTOKEN=$(curl -sk -d '{"username":"<username>","password":"<password>"}' https://<mke-ip>/auth/login | jq -r .auth_token)
# Download the client certificate bundle
curl -k -H "Authorization: Bearer $AUTHTOKEN" https://<mke-ip>/api/clientbundle -o bundle.zip
# Unzip the bundle.
unzip bundle.zip
# Run the utility script.
eval "$(<env.sh)"
# Confirm that you can see MKE containers:
docker ps -af state=running
On Windows Server 2016, open an elevated PowerShell prompt and run:
$AUTHTOKEN=((Invoke-WebRequest -Body '{"username":"<username>", "password":"<password>"}' -Uri https://`<mke-ip`>/auth/login -Method POST).Content)|ConvertFrom-Json|select auth_token -ExpandProperty auth_token
[io.file]::WriteAllBytes("ucp-bundle.zip", ((Invoke-WebRequest -Uri https://`<mke-ip`>/api/clientbundle -Headers @{"Authorization"="Bearer $AUTHTOKEN"}).Content))
When using a MKE client bundle and buildkit, follow the instructions provided in Restrict services to worker nodes to make sure that builds are not accidentally scheduled on manager nodes.
For additional information on ‘docker build’ and buildkit, refer to build command documentation and buildkit documentation.