Installing Docker's Universal Control Plane

SSH into your UCP/manager node and install the Docker UCP. As you might expect, the UCP installer runs from inside a container called docker/ucp:3.1.2. Notice how the container mounts the Docker socket as a volume so it can issues docker commands to a Docker daemon running on the host from inside the UCP installer's container. This is the preferred approach over Docker in Docker (DinD), which requires the --privileged flag and can lead to filesystem corruption.

The following code block shows the UCP install command with an example.

$ docker container run -it --rm --name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp:3.1.2 install \
--host-address {internal IP Address of UCP Node}  \
--admin-username admin \
--admin-password {add your password here} \
--san {Internal IP of UCP node, i.e., 172.31.0.99}  \
--san {External DNS name UCP node, i.e., ucp.mydomain.com} \
--san {External IP of UCP node, i.e., 54.189.176.6} \
--interactive

## --- Actual example with my clusters values ---
$ docker run -it --rm --name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp:3.1.2 install \
--swarm-port 3376 \
--host-address 172.31.0.170 \
--admin-username admin \
--admin-password notReallyThePassword \
--san ip-172-31-0-170.us-west-2.compute.internal \
--san ec2-54-245-193-10.us-west-2.compute.amazonaws.com \
--san 54.245.193.10 \
--interactive

Looking at the Docker command in the previous code block, we see the Docker container runs the install binary inside the ucp:3.1.2 container with an interactive Terminal -it flag (output from the container shows in the host Terminal screen and input, if prompted, is directed to the container's standard input) and --name ucp names the container ucp. The --rm removes the ucp container from the local node after the install finishes. We see the volume mount of the Docker socket with -v /var/run/docker.sock:/var/run/docker.sock used by the container to access the host's Docker daemon. Make sure you replace all of your node-specific values { ... } before running the install command. The next part of the command is docker/ucp:3.1.2 install with the following parameters:

• --host-address is the internal IP address of UCP node on—something like 172.o.31.2.
• --admin-username is the username for the main administrator account, usually something like admin.
• --admin-password is the password for the main administrator account; this should be a strong password, where you may consider using a password generator. 
• --san is a subject alternative name, another valid name for the certificate. UCP generates a self-signed certificate during installation and adds sans for each alternative name provided. See the following sample command, where we add any possible UCP IP or DNS name that might be used access the UCP node. This includes internal/external IP addresses as well as internal/external IP addresses. Without these, you may get x509 certificate errors when interacting with the UCP node.
• --interactive is for interactive mode where the installer prompts for additional information when necessary.

Once the install completes successfully, it's time to log in. Since the --interactive flag is used, you may be prompted for additional information.