Connect to a cluster by using Docker tools

Last Updated: Jun 27, 2017

The Container Service is fully compatible with the Docker Swarm API. You can access and manage Docker clusters using common Docker tools, such as Docker Client and Docker Compose.

For more information, refer to Docker Swarm and Docker Compose.

Install a certificate

  1. Obtain the access address.

    1. Log on to the Container Service console.

    2. Click Clusters in the left navigation pane.

    3. Select a cluster in the cluster list and click Manage.

      The cluster details page is displayed, showing the cluster connection information.


  2. Download and save the certificate.

    Configure a TLS certificate before using the preceding service address to access the Docker cluster.

    Click Download Certificate in the cluster details page to download the certificate which is contained in the file. In the following example, the downloaded certificate is saved to the ~/.acs/certs/ClusterName/ directory. ClusterName indicates the name of your cluster. You can save the certificate to a different directory, but the ~/.acs/certs/ClusterName/ directory is recommended for easy management.

    1. mkdir ~/.acs/certs/ClusterName/ #Replace ClusterName with your cluster name
    2. cd ~/.acs/certs/ClusterName/
    3. cp /path/to/ .
    4. unzip

    The file contains ca.pem, cert.pem, and key.pem files.

Manage clusters

Use Docker Client to manage clusters

You can use Docker Client to access the container clusters of the Container Service. To do this, you need to configure a certificate and a service address using either of the following two methods.

  • Configure a certificate using command-line parameters.

    1. docker --tlsverify --tlscacert=~/.acs/certs/ClusterName/ca.pem --tlscert=~/.acs/certs/ClusterName/cert.pem --tlskey=~/.acs/certs/ClusterName/key.pem \
    2. -H=tcp:// ps #Replace ClusterName and tcp:// with the actual path and access address
  • Use environment variables.

    1. export DOCKER_TLS_VERIFY="1"
    2. export DOCKER_HOST="tcp://" #Replace tcp:// with the actual access address
    3. export DOCKER_CERT_PATH=~/.acs/certs/ClusterName #Replace ClusterName with the actual path
    4. docker ps

    The preceding two examples show how to run the docker ps command in the cluster. You can replace ps with any other Docker command. For example, you can run the docker run command to start a new container.

Use Docker Compose to manage clusters

Docker Compose supports the use of environment variables to declare a service address and a certificate.

  1. export DOCKER_TLS_VERIFY="1"
  2. export DOCKER_HOST="tcp://"
  3. export DOCKER_CERT_PATH=~/.acs/certs/ClusterName
  4. docker-compose up

Revoke a certificate

In case of accidental disclosure of your certificate during usage, you need to revoke the certificate as soon as possible. Click Revoke Downloaded Certificate in the cluster details page to revoke the downloaded certificate. The revoked certificate will then be unavailable, and you can download a new certificate.

Note: Clicking Revoke Downloaded Certificate will invalidate the earlier downloaded certificate.

Thank you! We've received your feedback.