Connect to a cluster by using Docker tools

Last Updated: Nov 28, 2017

Container Service is fully compatible with the Docker Swarm API. You can access and manage Docker clusters by using common Docker tools, such as Docker client and Docker Compose.

For more information, see Docker Swarm and Docker Compose.

Install a certificate

Procedure

  1. Obtain the access address.

    1. Log on to the Container Service console.

    2. Click Clusters in the left-side navigation pane.

    3. On the Cluster List page, click Manage at the right of a cluster.

      The cluster details page appears, showing the cluster connection information.

      6

  2. Download and save the TLS certificate.

    Configure a TLS certificate before using the preceding access address to access the Docker cluster.

    Click Download Certificate in the cluster details page to download the TLS certificate. The certFiles.zip file is downloaded. In the following example, the downloaded certificate is saved to the ~/.acs/certs/ClusterName/ directory. ClusterName indicates the name of your cluster. You can save the certificate to a different directory, but we recommend using the ~/.acs/certs/ClusterName/ directory for easy management.

    1. mkdir ~/.acs/certs/ClusterName/ #Replace ClusterName with your cluster name
    2. cd ~/.acs/certs/ClusterName/
    3. cp /path/to/certFiles.zip .
    4. unzip certFiles.zip

    The certFiles.zip file contains ca.pem, cert.pem, and key.pem files.

Manage clusters

Use Docker client to manage clusters

You can use Docker client to access the container clusters of Container Service. To do this, you need to configure a certificate and an access address by using:

  • Command-line parameters

    1. docker --tlsverify --tlscacert=~/.acs/certs/ClusterName/ca.pem --tlscert=~/.acs/certs/ClusterName/cert.pem --tlskey=~/.acs/certs/ClusterName/key.pem \
    2. -H=tcp://master4g5.cs-cn-hangzhou.aliyun.com:21003 ps #Replace ClusterName and tcp://master4g5.cs-cn-hangzhou.aliyun.com:21003 with the actual path and access address
  • Environment variables

    1. export DOCKER_TLS_VERIFY="1"
    2. export DOCKER_HOST="tcp://master4g5.cs-cn-hangzhou.aliyun.com:21003" #Replace tcp://master4g5.cs-cn-hangzhou.aliyun.com:21003 with the actual access address
    3. export DOCKER_CERT_PATH=~/.acs/certs/ClusterName #Replace ClusterName with the actual path
    4. docker ps

    The preceding two examples show how to run the docker ps command in the cluster. You can replace ps with any other Docker command. For example, you can run the docker run command to start a new container.

Use Docker Compose to manage clusters

Docker Compose supports declaring an access address and a certificate by using environment variables.

  1. export DOCKER_TLS_VERIFY="1"
  2. export DOCKER_HOST="tcp://master4g5.cs-cn-hangzhou.aliyun.com:21003"
  3. export DOCKER_CERT_PATH=~/.acs/certs/ClusterName #Replace ClusterName with the actual path
  4. docker-compose up

Revoke a certificate

If your downloaded certificate is accidentally leaked during usage, revoke the certificate as soon as possible. Click Revoke Downloaded Certificate in the cluster details page to revoke the downloaded certificate. Then, you can download a new certificate.

Note: Clicking Revoke Downloaded Certificate will make the earlier downloaded certificate unavailable.

Thank you! We've received your feedback.