The Container Service is fully compatible with the Docker Swarm API. You can access and manage Docker clusters using common Docker tools, such as Docker Client and Docker Compose.
Obtain the access address.
Log on to the Container Service console.
Click Clusters in the left navigation pane.
Select a cluster in the cluster list and click Manage.
The cluster details page is displayed, showing the cluster connection information.
Download and save the certificate.
Configure a TLS certificate before using the preceding service address to access the Docker cluster.
Click Download Certificate in the cluster details page to download the certificate which is contained in the
certFile.zipfile. In the following example, the downloaded certificate is saved to the
ClusterNameindicates the name of your cluster. You can save the certificate to a different directory, but the
~/.acs/certs/ClusterName/directory is recommended for easy management.
mkdir ~/.acs/certs/ClusterName/ #Replace ClusterName with your cluster name
cp /path/to/certFile.zip .
You can use Docker Client to access the container clusters of the Container Service. To do this, you need to configure a certificate and a service address using either of the following two methods.
Configure a certificate using command-line parameters.
docker --tlsverify --tlscacert=~/.acs/certs/ClusterName/ca.pem --tlscert=~/.acs/certs/ClusterName/cert.pem --tlskey=~/.acs/certs/ClusterName/key.pem \
-H=tcp://master4g4.cs-cn-hangzhou.aliyun.com:10351 ps #Replace ClusterName and tcp://master4g4.cs-cn-hangzhou.aliyun.com:10351 with the actual path and access address
Use environment variables.
export DOCKER_HOST="tcp://master4g4.cs-cn-hangzhou.aliyun.com:10351" #Replace tcp://master4g4.cs-cn-hangzhou.aliyun.com:10351 with the actual access address
export DOCKER_CERT_PATH=~/.acs/certs/ClusterName #Replace ClusterName with the actual path
The preceding two examples show how to run the
docker pscommand in the cluster. You can replace
pswith any other Docker command. For example, you can run the
docker runcommand to start a new container.
Docker Compose supports the use of environment variables to declare a service address and a certificate.
In case of accidental disclosure of your certificate during usage, you need to revoke the certificate as soon as possible. Click Revoke Downloaded Certificate in the cluster details page to revoke the downloaded certificate. The revoked certificate will then be unavailable, and you can download a new certificate.
Note: Clicking Revoke Downloaded Certificate will invalidate the earlier downloaded certificate.