UCP architecture

Estimated reading time: 3 minutes

These are the docs for UCP version 1.1

To select a different version, use the selector below.

UCP is a containerized application, so the first step to install UCP is installing the Commercially Supported (CS) Docker Engine on all the nodes that are going to be part of the cluster.

After CS Docker Engine is installed, you install UCP, and join as many nodes as you want to the cluster.

Architecture

A UCP cluster has two types of nodes:

  • Controller: manages the cluster and persists the cluster configurations.
  • Node: run your containers.

UCP controller node

When you install Docker UCP on a node, the following containers are started.

NameDescription
ucp-proxyA TLS proxy. It allows secure access to the local Docker Engine.
ucp-controllerThe UCP application. It uses the key-value store for persisting configurations.
ucp-swarm-managerProvides the clustering capabilities. It uses the key-value store for leader election, and keeping track of cluster members.
ucp-swarm-joinHeartbeat to record on the key-value store that this node is alive. If the node goes down, this heartbeat stops, and the node is removed from the cluster.
ucp-auth-apiThe centralized API for identity and authentication used by UCP and DTR.
ucp-auth-workerPerforms scheduled LDAP synchronizations and cleans data on the ucp-auth-store.
ucp-auth-storeStores authentication configurations, and data for users, organizations and teams.
ucp-kvUsed to store the UCP configurations. Don’t use it in your applications, since it’s for internal use only.
ucp-cluster-root-caA certificate authority to sign the certificates used when joining new nodes, and on administrator client bundles.
ucp-client-root-caA certificate authority to sign user bundles. Only used when UCP is installed without an external root CA.

UCP node

When you join a node to a Docker UCP cluster, the following containers are started.

NameDescription
ucp-proxyA TLS proxy. It allows secure access to the local Docker Engine.
ucp-swarm-joinHeartbeat to record on the key-value store that this node is alive. If the node goes down, this heartbeat stops, and the node is dropped from the cluster.

Volumes

Docker UCP uses these named volumes for persisting data:

NodeVolume nameLocation on host (/var/lib/docker/volumes/)Description
allucp-client-root-caucp-client-root-ca/_dataThe certificate and key for the UCP root CA. Do not create this volume if you are using your own certificates.
allucp-cluster-root-caucp-cluster-root-ca/_dataThe certificate and key for the Swarm root CA.
allucp-controller-client-certsucp-controller-client-certs/_dataThe UCP Controller Swarm client certificates for the current node.
allucp-controller-server-certsucp-controller-server-certs/_dataThe controller certificates for the UCP controllers web server.
controllerucp-kvucp-kv/_dataKey value store persistence.
allucp-kv-certsucp-kv-certs/_dataThe Swarm KV client certificates for the current node (repeated on every node in the cluster).
allucp-node-certsucp-node-certs/_dataThe Swarm certificates for the current node (repeated on every node in the cluster).

If you don’t create these volumes before when installing UCP, they are created with the default volume driver and flags.

High-availability support

For load balancing and high-availability, you can install multiple controller nodes and join them to create a cluster. Learn more about high availability.

Where to go next

docker, ucp, architecture