When trying to install UDP and DTR, I see un the requirements install a series of ports need to be opened. On the other hand, the install is just a container to run.
So, why do we have to open some ports?
In the
docker runcommand, I didn't see the port mapping (host/container), how can we access to UCP web UI?docker container run --rm -it \ --name ucp \ -v /var/run/docker.sock:/var/run/docker.sock \ docker/ucp install
PS: docker-ee version : 18.03.1-ee-1
The set of ports that the UCP (Universal Control Plane) or DTR (Docker Trusted Registry) will check for availability during the installation are listed here.
These ports will be used by Docker EE components, Swarm and external users connecting to the platform.
On some Operating Systems by default, a software Firewall is active and running. Follows that the Firewall process blocks all the networking traffic, and makes failing the installation. So, you have to specifically configure this firewall process or in some very specific cases, you can also deactivate it. An example of such OS can be CentOS.
Usually in completely isolated environments and offline installation of UCP, you run the following commands to deactive the Firewalld on CentOS:
After a successful installation of the UCP, you can access the UCP Web UI using the IP address of any of your Swarm managers. For example: open a tab in your web browser and type, https://ip-of-a-swarm-manager. Any HTTP traffic will be redirected to HTTPS.
In case you put a load balancer in front of your Swarm managers, you need to use as IP the VIP of you load balancer.
Very good materials about architecting and installing UCP and DTR can be found on https://success.docker.com/; for example this reference architecture for Docker EE 17.06.