After setting up and configuring a cluster for Docker Enterprise Edition (EE), I've created a new service with a constraint to run the tasks in that service on a UCP Manager Node or a DTR replica node. The service starts successfully, but when I inspected the service, I see it running on another node. Why is this happening?
This behavior is the default, by-design function of UCP. A best practice and Docker recommendation is to reserve the nodes running UCP and DTR to execute only containers directly related to providing UCP and DTR services. Consequently, the default, out of the box, configuration for UCP-based clusters prevents user-originated or non-system containers from running on nodes running UCP or DTR.
Docker does not recommend changing this configuration unless you do so strictly for testing purposes (and intend to change this back prior to running production loads), unless advised to do so by Docker Technical Support or Technical Field personnel, or unless you understand the risks inherent in running workloads on the cluster's "master" nodes. If you do wish to run workloads on UCP manager or DTR nodes, please see the following documents, or the documentation for your release of UCP: