Docker Community Forums

Share and learn in the Docker community.

How to add label(s) to engine nodes

(Aavillaatyp) #1

Just need to know how to add label(s) to engine nodes when using UCP if at all possible. Goal is to limit my jobs to only run on engines, and not on the controllers.

(Aavillaatyp) #2

Answered my own question by doing something like:

docker run -e constraint:node==/name-of-server-to-run-on/ image

(Alm. Brand Docker admins) #3

If you know the name of your controller node, you could probably make a constraint like this:

docker run -e constraint:node!=/name-of-controller-server/ image

(Campbech) #4

What is the best practice for applying labels to nodes? I am running ubuntu nodes and have modified /etc/default/docker to include my label in the docker opts –label com.mydomain.key=“value” but that doesn’t seem to work. Also, this is a clunky way of adding labels, it would be better if the UCP UI & API allowed for adding labels to nodes.

(Vivek Saraswat) #5

There’s no specific best practice around this right now, although here’s some examples from the documentation:

We will definitely keep in mind the request for adding labels via UCP UI/API.

(Hmaeck) #6

Do you have to edit the labels on the nodes itself? I’m running 2 boot2docker nodes and I would like to add some labels, but I don’t know where to do that :frowning: Or should I edit something on the machine that connects to the cluster (centos system that runs docker-machine)

on the boot2docker inside /var/lib/boot2docker/profile there was a --label provider=vmwarevsphere
I changed it to vmwarevsphereS and rebooted, and nothing changed :frowning:

It worked, I think you have to reboot the masternode after the change.

(Campbech) #7

I was able to get this to work. It required rebooting the docker service and waiting a bit for it to be reflected in the UCP UI.

(Alm. Brand Docker admins) #8

In several of the examples/guides about RBAC in UCP I’ve seen permission names such as ‘prod’, ‘staging’, etc.

Will we be able to add a label such as com.docker.ucp.access.label=prod-nodes to a node to restrict who can run containers in production?

(Vivek Saraswat) #9

At the moment RBAC labels apply to containers, not specific nodes. This is to ensure that access control to a particular container type is done independently of the nodes they are scheduled on. (container label maps to a team, not to a node).

Separately, however, you can use affinity and anti-affinity rules to affect node scheduling ( You could use this to ensure that certain containers are only scheduled on certain types of nodes.

(Roberto Quintanilla) #10

I came by this post several months ago.

I finally came by the answer a couple of weeks ago :slight_smile: Hope this helps:

(Tperelle) #11

But when we inspect node object, the label com.docker.ucp.access.label is present.