UCP System requirements

Estimated reading time: 5 minutes

These are the docs for UCP version 2.2.4

To select a different version, use the selector below.

Docker Universal Control Plane can be installed on-premises or on the cloud. Before installing, be sure your infrastructure has these requirements.

Hardware and software requirements

You can install UCP on-premises or on a cloud provider. Common requirements:

Minimum requirements

  • 8GB of RAM for manager nodes or nodes running DTR
  • 4GB of RAM for worker nodes
  • 3GB of free disk space
  • 16GB of RAM for manager nodes or nodes running DTR
  • 4 vCPUs for manager nodes or nodes running DTR
  • 25-100GB of free disk space

Note that Windows container images are typically larger than Linux ones and for that reason, you should consider provisioning more local storage for Windows nodes and for DTR setups that will store Windows container images.

Note that, when planning for host storage, workflows based around docker pull through UCP will result in higher storage requirements on manager nodes, since docker pull through UCP results in the image being pulled on all nodes.

Also, make sure the nodes are running an operating system support by Docker EE.

For highly-available installations, you also need a way to transfer files between hosts.

Workloads on manager nodes

These requirements assume that manager nodes won’t run regular workloads. If you plan to run additional workloads on manager nodes, you may need to provision more powerful nodes. If manager nodes become overloaded, the swarm may experience issues.

Ports used

When installing UCP on a host, make sure the following ports are open:

HostsDirectionPortPurpose
managers, workersinTCP 443 (configurable)Port for the UCP web UI and API
managersinTCP 2376 (configurable)Port for the Docker Swarm manager. Used for backwards compatibility
managers, workersinTCP 2377 (configurable)Port for communication between swarm nodes
workersoutTCP 2377 (configurable)Port for communication between swarm nodes
managers, workersin, outUDP 4789Port for overlay networking
managers, workersin, outTCP, UDP 7946Port for gossip-based clustering
managers, workersinTCP 12376Port for a TLS proxy that provides access to UCP, Docker Engine, and Docker Swarm
managersinTCP 12379Port for internal node configuration, cluster configuration, and HA
managersinTCP 12380Port for internal node configuration, cluster configuration, and HA
managersinTCP 12381Port for the certificate authority
managersinTCP 12382Port for the UCP certificate authority
managersinTCP 12383Port for the authentication storage backend
managersinTCP 12384Port for the authentication storage backend for replication across managers
managersinTCP 12385Port for the authentication service API
managersinTCP 12386Port for the authentication worker
managersinTCP 12387Port for the metrics service

For overlay networks with encryption to work, you need to ensure that IP protocol 50 (ESP) traffic is allowed.

Also, make sure the networks you’re using allow the UCP components enough time to communicate before they time out.

ComponentTimeout (ms)Configurable
Raft consensus between manager nodes3000no
Gossip protocol for overlay networking5000no
etcd500yes
RethinkDB10000no
Stand-alone swarm90000no

Time Synchronization

In distributed systems like Docker UCP, time synchronization is critical to ensure proper operation. As a best practice to ensure consistency between the engines in a UCP swarm, all engines should regularly synchronize time with a Network Time Protocol (NTP) server. If a server’s clock is skewed, unexpected behavior may cause poor performance or even failures.

Compatibility and maintenance lifecycle

Docker EE is a software subscription that includes three products:

  • Docker Engine with enterprise-grade support,
  • Docker Trusted Registry,
  • Docker Universal Control Plane.

Learn more about compatibility and the maintenance lifecycle for these products:

Version compatibility

UCP 2.2 requires minimum versions of the following Docker components:

  • Docker Engine 17.06 or higher
  • DTR 2.3 or higher

Where to go next

UCP, architecture, requirements, Docker EE