diff --git a/content/manuals/admin/company/_index.md b/content/manuals/admin/company/_index.md index 42b2bb20a1c2..ef9332f1cf83 100644 --- a/content/manuals/admin/company/_index.md +++ b/content/manuals/admin/company/_index.md @@ -42,6 +42,8 @@ aliases: - /docker-hub/creating-companies/ --- +{{< summary-bar feature_name="Company" >}} + {{< include "admin-company-overview.md" >}} Learn how to administer a company in the following sections. diff --git a/content/manuals/admin/company/new-company.md b/content/manuals/admin/company/new-company.md index 9100cf85629b..d7525c4622ad 100644 --- a/content/manuals/admin/company/new-company.md +++ b/content/manuals/admin/company/new-company.md @@ -6,6 +6,8 @@ aliases: - /docker-hub/new-company/ --- +{{< summary-bar feature_name="Company" >}} + You can create a new company in the Docker Admin Console. Before you begin, you must: - Be the owner of the organization you want to add to your company - Have a Docker Business subscription diff --git a/content/manuals/admin/company/organizations.md b/content/manuals/admin/company/organizations.md index d5dba2d5c8f3..37964a816160 100644 --- a/content/manuals/admin/company/organizations.md +++ b/content/manuals/admin/company/organizations.md @@ -4,6 +4,8 @@ keywords: company, multiple organizations, manage organizations title: Manage company organizations --- +{{< summary-bar feature_name="Company" >}} + You can manage the organizations in a company in the Docker Admin Console. {{< include "admin-early-access.md" >}} diff --git a/content/manuals/admin/company/owners.md b/content/manuals/admin/company/owners.md index ba028a727aad..e5c21edba9f7 100644 --- a/content/manuals/admin/company/owners.md +++ b/content/manuals/admin/company/owners.md @@ -6,6 +6,8 @@ aliases: - /docker-hub/company-owner/ --- +{{< summary-bar feature_name="Company" >}} + A company can have multiple owners. Company owners have company-wide observability and can manage company-wide settings that apply to all associated organizations. In addition, company owners have the same access as organization diff --git a/content/manuals/admin/company/users.md b/content/manuals/admin/company/users.md index 9f7b6ec12941..f76ec83e29e4 100644 --- a/content/manuals/admin/company/users.md +++ b/content/manuals/admin/company/users.md @@ -4,6 +4,8 @@ keywords: company, company users, users, admin, Admin Console title: Manage company users --- +{{< summary-bar feature_name="Company" >}} + You can manage users at the company-level in the Docker Admin Console. {{% admin-users product="admin" layer="company" %}} diff --git a/content/manuals/admin/deactivate-account.md b/content/manuals/admin/deactivate-account.md index 0aa4b64fe8c1..e23437a7b20b 100644 --- a/content/manuals/admin/deactivate-account.md +++ b/content/manuals/admin/deactivate-account.md @@ -6,6 +6,8 @@ aliases: - /docker-hub/deactivate-account/ --- +{{< summary-bar feature_name="General admin" >}} + You can deactivate an account at any time. This section describes the prerequisites and steps to deactivate an organization account. For information on deactivating a user account, see [Deactivate a user account](../accounts/deactivate-user-account.md). > [!WARNING] diff --git a/content/manuals/admin/organization/activity-logs.md b/content/manuals/admin/organization/activity-logs.md index 576a6fd10f86..7dc4659b7a0d 100644 --- a/content/manuals/admin/organization/activity-logs.md +++ b/content/manuals/admin/organization/activity-logs.md @@ -7,6 +7,8 @@ aliases: - /docker-hub/audit-log/ --- +{{< summary-bar feature_name="Activity logs" >}} + Activity logs display a chronological list of activities that occur at organization and repository levels. It provides a report to owners on all their member activities. With activity logs, owners can view and track: @@ -18,10 +20,6 @@ For example, activity logs display activities such as the date when a repository Owners can also see the activity logs for their repository if the repository is part of the organization subscribed to a Docker Business or Team plan. -> [!NOTE] -> -> Activity logs requires a [Docker Team or Business subscription](/manuals/subscription/_index.md). - ## Manage activity logs {{< tabs >}} diff --git a/content/manuals/admin/organization/convert-account.md b/content/manuals/admin/organization/convert-account.md index aaf8d5f32195..da6eaada9b3f 100644 --- a/content/manuals/admin/organization/convert-account.md +++ b/content/manuals/admin/organization/convert-account.md @@ -7,6 +7,8 @@ aliases: - /docker-hub/convert-account/ --- +{{< summary-bar feature_name="Admin orgs" >}} + You can convert an existing user account to an organization. This is useful if you need multiple users to access your account and the repositories that it’s connected to. Converting it to an organization gives you better control over permissions for these users through [teams](manage-a-team.md) and [roles](roles-and-permissions.md). When you convert a user account to an organization, the account is migrated to a Docker Team plan. diff --git a/content/manuals/admin/organization/insights.md b/content/manuals/admin/organization/insights.md index a66f77fa4698..c313e49e1735 100644 --- a/content/manuals/admin/organization/insights.md +++ b/content/manuals/admin/organization/insights.md @@ -4,9 +4,7 @@ keywords: organization, insights title: Insights --- -> [!NOTE] -> -> Insights requires a [Docker Business subscription](../../subscription/details.md#docker-business) and administrators must [enforce sign-in](/security/for-admins/enforce-sign-in/). This ensures users sign in with an account associated with their organization. +{{< summary-bar feature_name="Insights" >}} Insights helps administrators visualize and understand how Docker is used within their organizations. With Insights, administrators can ensure their teams are @@ -24,6 +22,12 @@ Key benefits include: - Optimized license use. Ensure that developers have access to advanced features provided by a Docker subscription. +## Prerequisites + +- [Docker Business subscription](../../subscription/details.md#docker-business) +- Administrators must [enforce sign-in](/security/for-admins/enforce-sign-in/) for users +- Insights enabled by your Customer Success Manager + ## View Insights for organization users {{< include "admin-early-access.md" >}} diff --git a/content/manuals/admin/organization/manage-a-team.md b/content/manuals/admin/organization/manage-a-team.md index efc865e0690a..e0a06d291715 100644 --- a/content/manuals/admin/organization/manage-a-team.md +++ b/content/manuals/admin/organization/manage-a-team.md @@ -8,6 +8,8 @@ aliases: - /docker-hub/manage-a-team/ --- +{{< summary-bar feature_name="Admin orgs" >}} + You can create teams for your organization in Docker Hub and the Docker Admin Console. You can [configure repository access for a team](#configure-repository-permissions-for-a-team) in Docker Hub. A team is a group of Docker users that belong to an organization. An organization can have multiple teams. An organization owner can then create new teams and add members to an existing team using their Docker ID or email address and by selecting a team the user should be part of. Members aren't required to be part of a team to be associated with an organization. diff --git a/content/manuals/admin/organization/manage-products.md b/content/manuals/admin/organization/manage-products.md index 4cf0b98ad038..b20004ed23f3 100644 --- a/content/manuals/admin/organization/manage-products.md +++ b/content/manuals/admin/organization/manage-products.md @@ -5,6 +5,8 @@ description: Learn how to manage Docker products for your organization keywords: organization, tools, products --- +{{< summary-bar feature_name="Admin orgs" >}} + In this section, learn how to manage access and view usage of the Docker products for your organization. For more detailed information about each product, including how to set up and configure them, see the following manuals: diff --git a/content/manuals/admin/organization/members.md b/content/manuals/admin/organization/members.md index fdb1e19e14cd..888435904b3a 100644 --- a/content/manuals/admin/organization/members.md +++ b/content/manuals/admin/organization/members.md @@ -197,6 +197,8 @@ To update a member role: ## Export members CSV file +{{< summary-bar feature_name="Admin orgs" >}} + Owners can export a CSV file containing all members. The CSV file for a company contains the following fields: - Name: The user's name - Username: The user's Docker ID diff --git a/content/manuals/admin/organization/onboard.md b/content/manuals/admin/organization/onboard.md index 74a31e69beae..01f81e0c19ab 100644 --- a/content/manuals/admin/organization/onboard.md +++ b/content/manuals/admin/organization/onboard.md @@ -11,6 +11,8 @@ aliases: - /docker-hub/onboard-business/ --- +{{< summary-bar feature_name="Admin orgs" >}} + {{< include "admin-early-access.md" >}} Learn how to onboard your organization using Docker Hub or the Docker Admin Console. diff --git a/content/manuals/admin/organization/orgs.md b/content/manuals/admin/organization/orgs.md index 426a2d80d1e7..ceea6a7f34db 100644 --- a/content/manuals/admin/organization/orgs.md +++ b/content/manuals/admin/organization/orgs.md @@ -8,6 +8,8 @@ aliases: - /docker-hub/orgs/ --- +{{< summary-bar feature_name="Admin orgs" >}} + This section describes how to create an organization. Before you begin: - You need a [Docker ID](/accounts/create-account/) diff --git a/content/manuals/build-cloud/_index.md b/content/manuals/build-cloud/_index.md index 04600233b8cb..a9072b04a963 100644 --- a/content/manuals/build-cloud/_index.md +++ b/content/manuals/build-cloud/_index.md @@ -11,6 +11,8 @@ aliases: - /build/cloud/ --- +{{< summary-bar feature_name="Docker Build Cloud" >}} + Docker Build Cloud is a service that lets you build your container images faster, both locally and in CI. Builds run on cloud infrastructure optimally dimensioned for your workloads, no configuration required. The service uses a diff --git a/content/manuals/build/bake/_index.md b/content/manuals/build/bake/_index.md index 93dfc11b946e..5c9b5c15ab8c 100644 --- a/content/manuals/build/bake/_index.md +++ b/content/manuals/build/bake/_index.md @@ -6,6 +6,8 @@ aliases: - /build/customize/bake/ --- +{{< summary-bar feature_name="Build bake" >}} + Bake is a feature of Docker Buildx that lets you define your build configuration using a declarative file, as opposed to specifying a complex CLI expression. It also lets you run multiple builds concurrently with a single invocation. @@ -14,7 +16,7 @@ A Bake file can be written in HCL, JSON, or YAML formats, where the YAML format is an extension of a Docker Compose file. Here's an example Bake file in HCL format: -```hcl +```hcl {title=docker-bake.hcl} group "default" { targets = ["frontend", "backend"] } diff --git a/content/manuals/build/bake/contexts.md b/content/manuals/build/bake/contexts.md index 276939cefc33..6157b805b503 100644 --- a/content/manuals/build/bake/contexts.md +++ b/content/manuals/build/bake/contexts.md @@ -29,14 +29,13 @@ Supported context values are: ## Pinning alpine image -```dockerfile +```dockerfile {title=Dockerfile} # syntax=docker/dockerfile:1 FROM alpine RUN echo "Hello world" ``` -```hcl -# docker-bake.hcl +```hcl {title=docker-bake.hcl} target "app" { contexts = { alpine = "docker-image://alpine:3.13" @@ -46,16 +45,14 @@ target "app" { ## Using a secondary source directory -```dockerfile -# syntax=docker/dockerfile:1 -FROM scratch AS src - +```dockerfile {title=Dockerfile} FROM golang COPY --from=src . . ``` -```hcl -# docker-bake.hcl +```hcl {title=docker-bake.hcl} +# Running `docker buildx bake app` will result in `src` not pointing +# to some previous build stage but to the client filesystem, not part of the context. target "app" { contexts = { src = "../path/to/source" @@ -68,14 +65,16 @@ target "app" { To use a result of one target as a build context of another, specify the target name with `target:` prefix. -```dockerfile +```dockerfile {title=baseapp.Dockerfile} +FROM scratch +``` +```dockerfile {title=Dockerfile} # syntax=docker/dockerfile:1 FROM baseapp RUN echo "Hello world" ``` -```hcl -# docker-bake.hcl +```hcl {title=docker-bake.hcl} target "base" { dockerfile = "baseapp.Dockerfile" } @@ -119,7 +118,7 @@ result in significant impact on build time, depending on your build configuration. For example, say you have a Bake file that defines the following group of targets: -```hcl +```hcl {title=docker-bake.hcl} group "default" { targets = ["target1", "target2"] } @@ -148,7 +147,7 @@ context that only loads the context files, and have each target that needs those files reference that named context. For example, the following Bake file defines a named target `ctx`, which is used by both `target1` and `target2`: -```hcl +```hcl {title=docker-bake.hcl} group "default" { targets = ["target1", "target2"] } @@ -177,7 +176,7 @@ The named context `ctx` represents a Dockerfile stage, which copies the files from its context (`.`). Other stages in the Dockerfile can now reference the `ctx` named context and, for example, mount its files with `--mount=from=ctx`. -```dockerfile +```dockerfile {title=Dockerfile} FROM scratch AS ctx COPY --link . . diff --git a/content/manuals/build/bake/expressions.md b/content/manuals/build/bake/expressions.md index ded6d0eb505a..71e7ef7de72e 100644 --- a/content/manuals/build/bake/expressions.md +++ b/content/manuals/build/bake/expressions.md @@ -30,7 +30,7 @@ Printing the Bake file with the `--print` flag shows the evaluated value for the `answer` build argument. ```console -$ docker buildx bake --print app +$ docker buildx bake --print ``` ```json @@ -76,13 +76,8 @@ $ docker buildx bake --print ```json { - "group": { - "default": { - "targets": ["default"] - } - }, "target": { - "webapp": { + "default": { "context": ".", "dockerfile": "Dockerfile", "tags": ["my-image:latest"] diff --git a/content/manuals/build/bake/inheritance.md b/content/manuals/build/bake/inheritance.md index b07a56bcec86..6f4328579d1c 100644 --- a/content/manuals/build/bake/inheritance.md +++ b/content/manuals/build/bake/inheritance.md @@ -10,7 +10,7 @@ Targets can inherit attributes from other targets, using the `inherits` attribute. For example, imagine that you have a target that builds a Docker image for a development environment: -```hcl +```hcl {title=docker-bake.hcl} target "app-dev" { args = { GO_VERSION = "{{% param example_go_version %}}" @@ -28,7 +28,7 @@ slightly different attributes for a production build. In this example, the `app-release` target inherits the `app-dev` target, but overrides the `tags` attribute and adds a new `platforms` attribute: -```hcl +```hcl {title=docker-bake.hcl} target "app-release" { inherits = ["app-dev"] tags = ["docker.io/username/myapp:latest"] @@ -43,7 +43,7 @@ shared attributes for all or many of the build targets in the project. For example, the following `_common` target defines a common set of build arguments: -```hcl +```hcl {title=docker-bake.hcl} target "_common" { args = { GO_VERSION = "{{% param example_go_version %}}" @@ -55,7 +55,7 @@ target "_common" { You can then inherit the `_common` target in other targets to apply the shared attributes: -```hcl +```hcl {title=docker-bake.hcl} target "lint" { inherits = ["_common"] dockerfile = "./dockerfiles/lint.Dockerfile" @@ -88,7 +88,7 @@ When a target inherits another target, it can override any of the inherited attributes. For example, the following target overrides the `args` attribute from the inherited target: -```hcl +```hcl {title=docker-bake.hcl} target "app-dev" { inherits = ["_common"] args = { @@ -110,7 +110,7 @@ The `inherits` attribute is a list, meaning you can reuse attributes from multiple other targets. In the following example, the app-release target reuses attributes from both the `app-dev` and `_common` targets. -```hcl +```hcl {title=docker-bake.hcl} target "_common" { args = { GO_VERSION = "{{% param example_go_version %}}" diff --git a/content/manuals/build/bake/introduction.md b/content/manuals/build/bake/introduction.md index 02c23ff67303..5265a26e3878 100644 --- a/content/manuals/build/bake/introduction.md +++ b/content/manuals/build/bake/introduction.md @@ -71,7 +71,7 @@ $ docker build \ The Bake equivalent would be: -```hcl +```hcl {title=docker-bake.hcl} target "myapp" { context = "." dockerfile = "Dockerfile" diff --git a/content/manuals/build/bake/matrices.md b/content/manuals/build/bake/matrices.md index c4764132f4c9..c53da9278541 100644 --- a/content/manuals/build/bake/matrices.md +++ b/content/manuals/build/bake/matrices.md @@ -19,7 +19,7 @@ should resolve, use the name attribute. The following example resolves the app target to `app-foo` and `app-bar`. It also uses the matrix value to define the [target build stage](/build/bake/reference/#targettarget). -```hcl +```hcl {title=docker-bake.hcl} target "app" { name = "app-${tgt}" matrix = { @@ -73,7 +73,7 @@ The following example builds four targets: - `app-bar-1-0` - `app-bar-2-0` -```hcl +```hcl {title=docker-bake.hcl} target "app" { name = "app-${tgt}-${replace(version, ".", "-")}" matrix = { @@ -98,7 +98,7 @@ The following example builds two targets: - `app-foo-1-0` - `app-bar-2-0` -```hcl +```hcl {title=docker-bake.hcl} target "app" { name = "app-${item.tgt}-${replace(item.version, ".", "-")}" matrix = { diff --git a/content/manuals/build/bake/remote-definition.md b/content/manuals/build/bake/remote-definition.md index ff13e70a4db5..bffe599c0857 100644 --- a/content/manuals/build/bake/remote-definition.md +++ b/content/manuals/build/bake/remote-definition.md @@ -91,7 +91,7 @@ execution context as named contexts. The following example defines the `docs` context as `./src/docs/content`, relative to the current working directory where Bake is run as a named context. -```hcl +```hcl {title=docker-bake.hcl} target "default" { contexts = { docs = "cwd://src/docs/content" diff --git a/content/manuals/build/bake/targets.md b/content/manuals/build/bake/targets.md index 64b74e259047..29c6a1d376b6 100644 --- a/content/manuals/build/bake/targets.md +++ b/content/manuals/build/bake/targets.md @@ -9,7 +9,7 @@ keywords: bake, target, targets, buildx, docker, buildkit, default A target in a Bake file represents a build invocation. It holds all the information you would normally pass to a `docker build` command using flags. -```hcl +```hcl {title=docker-bake.hcl} target "webapp" { dockerfile = "webapp.Dockerfile" tags = ["docker.io/username/webapp:latest"] @@ -35,7 +35,7 @@ $ docker buildx bake webapp api tests If you don't specify a target when running `docker buildx bake`, Bake will build the target named `default`. -```hcl +```hcl {title=docker-bake.hcl} target "default" { dockerfile = "webapp.Dockerfile" tags = ["docker.io/username/webapp:latest"] @@ -61,7 +61,7 @@ For all the properties you can set for a target, see the [Bake reference](/build You can group targets together using the `group` block. This is useful when you want to build multiple targets at once. -```hcl +```hcl {title=docker-bake.hcl} group "all" { targets = ["webapp", "api", "tests"] } diff --git a/content/manuals/build/bake/variables.md b/content/manuals/build/bake/variables.md index 0db49d53718d..e4861a5a7239 100644 --- a/content/manuals/build/bake/variables.md +++ b/content/manuals/build/bake/variables.md @@ -15,7 +15,7 @@ environment variables. Use the `variable` block to define a variable. -```hcl +```hcl {title=docker-bake.hcl} variable "TAG" { default = "docker.io/username/webapp:latest" } @@ -23,8 +23,8 @@ variable "TAG" { The following example shows how to use the `TAG` variable in a target. -```hcl -target "default" { +```hcl {title=docker-bake.hcl} +target "webapp" { context = "." dockerfile = "Dockerfile" tags = [ TAG ] @@ -37,7 +37,7 @@ Bake supports string interpolation of variables into values. You can use the `${}` syntax to interpolate a variable into a value. The following example defines a `TAG` variable with a value of `latest`. -```hcl +```hcl {title=docker-bake.hcl} variable "TAG" { default = "latest" } @@ -46,8 +46,16 @@ variable "TAG" { To interpolate the `TAG` variable into the value of an attribute, use the `${TAG}` syntax. -```hcl -target "default" { +```hcl {title=docker-bake.hcl} +group "default" { + targets = [ "webapp" ] +} + +variable "TAG" { + default = "latest" +} + +target "webapp" { context = "." dockerfile = "Dockerfile" tags = ["docker.io/username/webapp:${TAG}"] @@ -87,7 +95,7 @@ range, or other condition, you can define custom validation rules using the In the following example, validation is used to enforce a numeric constraint on a variable value; the `PORT` variable must be 1024 or higher. -```hcl +```hcl {title=docker-bake.hcl} # Define a variable `PORT` with a default value and a validation rule variable "PORT" { default = 3000 # Default value assigned to `PORT` @@ -115,7 +123,7 @@ the variable. All conditions must be `true`. Here’s an example: -```hcl +```hcl {title=docker-bake.hcl} # Define a variable `VAR` with multiple validation rules variable "VAR" { # First validation block: Ensure the variable is not empty @@ -148,7 +156,7 @@ dependent variables are set correctly before proceeding. Here’s an example: -```hcl +```hcl {title=docker-bake.hcl} # Define a variable `FOO` variable "FOO" {} @@ -171,8 +179,8 @@ will trigger the validation error. If you want to bypass variable interpolation when parsing the Bake definition, use double dollar signs (`$${VARIABLE}`). -```hcl -target "default" { +```hcl {title=docker-bake.hcl} +target "webapp" { dockerfile-inline = <}} The `azblob` cache store uploads your resulting build cache to [Azure's blob storage service](https://azure.microsoft.com/en-us/services/storage/blobs/). diff --git a/content/manuals/build/cache/backends/gha.md b/content/manuals/build/cache/backends/gha.md index 807d143611c7..e5de3accdae5 100644 --- a/content/manuals/build/cache/backends/gha.md +++ b/content/manuals/build/cache/backends/gha.md @@ -6,10 +6,7 @@ aliases: - /build/building/cache/backends/gha/ --- -{{% restricted %}} -This is an experimental feature. The interface and behavior are unstable and -may change in future releases. -{{% /restricted %}} +{{< summary-bar feature_name="GitHub Actions cache" >}} The GitHub Actions cache utilizes the [GitHub-provided Action's cache](https://github.com/actions/cache) or other diff --git a/content/manuals/build/cache/backends/s3.md b/content/manuals/build/cache/backends/s3.md index ddf490982bcc..abfbfe80c20f 100644 --- a/content/manuals/build/cache/backends/s3.md +++ b/content/manuals/build/cache/backends/s3.md @@ -6,10 +6,7 @@ aliases: - /build/building/cache/backends/s3/ --- -{{% restricted %}} -This is an experimental feature. The interface and behavior are unstable and -may change in future releases. -{{% /restricted %}} +{{< summary-bar feature_name="Amazon S3 cache" >}} The `s3` cache storage uploads your resulting build cache to [Amazon S3 file storage service](https://aws.amazon.com/s3/) diff --git a/content/manuals/build/checks.md b/content/manuals/build/checks.md index 84df51a0b4c2..b741f71800e7 100644 --- a/content/manuals/build/checks.md +++ b/content/manuals/build/checks.md @@ -11,7 +11,7 @@ description: Learn how to use build checks to validate your build configuration. keywords: build, buildx, buildkit, checks, validate, configuration, lint --- -{{< introduced buildx 0.15.0 >}} +{{< summary-bar feature_name="Build checks" >}} Build checks are a feature introduced in Dockerfile 1.8. It lets you validate your build configuration and conduct a series of checks prior to executing your diff --git a/content/manuals/build/ci/github-actions/build-summary.md b/content/manuals/build/ci/github-actions/build-summary.md index b60c6442cbd6..a2e74b5093c3 100644 --- a/content/manuals/build/ci/github-actions/build-summary.md +++ b/content/manuals/build/ci/github-actions/build-summary.md @@ -31,11 +31,7 @@ message that caused the build to fail: ## Import build records to Docker Desktop -{{< introduced desktop 4.31 >}} - -{{% experimental title="Beta feature" %}} -Import builds is currently in [Beta](../../../release-lifecycle.md#Beta). -{{% /experimental %}} +{{< summary-bar feature_name="Import builds" >}} The job summary includes a link for downloading a build record archive for the run. The build record archive is a ZIP file containing the details about a build diff --git a/content/manuals/build/ci/github-actions/cache.md b/content/manuals/build/ci/github-actions/cache.md index d0e8ffcf0767..f005c97cd5c4 100644 --- a/content/manuals/build/ci/github-actions/cache.md +++ b/content/manuals/build/ci/github-actions/cache.md @@ -84,11 +84,7 @@ jobs: ### Cache backend API -{{% experimental %}} -This cache exporter is experimental. Please provide feedback on the -[BuildKit repository](https://github.com/moby/buildkit) -if you experience any issues. -{{% /experimental %}} +{{< summary-bar feature_name="Cache backend API" >}} The [GitHub Actions cache exporter](../../cache/backends/gha.md) backend uses the [GitHub Cache API](https://github.com/tonistiigi/go-actions-cache/blob/master/api.md) diff --git a/content/manuals/compose/bridge/_index.md b/content/manuals/compose/bridge/_index.md index a620376e4876..c17ec26aa738 100644 --- a/content/manuals/compose/bridge/_index.md +++ b/content/manuals/compose/bridge/_index.md @@ -6,7 +6,7 @@ linkTitle: Compose Bridge weight: 50 --- -{{< include "compose-bridge-experimental.md" >}} +{{< summary-bar feature_name="Compose bridge" >}} Compose Bridge lets you transform your Compose configuration file into configuration files for different platforms, primarily focusing on Kubernetes. The default transformation generates Kubernetes manifests and a Kustomize overlay which are designed for deployment on Docker Desktop with Kubernetes enabled. diff --git a/content/manuals/compose/bridge/advanced-integration.md b/content/manuals/compose/bridge/advanced-integration.md index e83e38939f49..db9e71837542 100644 --- a/content/manuals/compose/bridge/advanced-integration.md +++ b/content/manuals/compose/bridge/advanced-integration.md @@ -6,7 +6,7 @@ description: Learn about how Compose Bridge can function a kubectl plugin keywords: kubernetes, compose, compose bridge, plugin, advanced --- -{{< include "compose-bridge-experimental.md" >}} +{{< summary-bar feature_name="Compose bridge" >}} Compose Bridge can also function as a `kubectl` plugin, allowing you to integrate its capabilities directly into your Kubernetes command-line operations. This integration simplifies the process of converting and deploying applications from Docker Compose to Kubernetes. diff --git a/content/manuals/compose/bridge/customize.md b/content/manuals/compose/bridge/customize.md index f56a0d044557..62bdcb880ddb 100644 --- a/content/manuals/compose/bridge/customize.md +++ b/content/manuals/compose/bridge/customize.md @@ -6,7 +6,7 @@ description: Learn about the Compose Bridge templates syntax keywords: compose, bridge, templates --- -{{< include "compose-bridge-experimental.md" >}} +{{< summary-bar feature_name="Compose bridge" >}} This page explains how Compose Bridge utilizes templating to efficiently translate Docker Compose files into Kubernetes manifests. It also explain how you can customize these templates for your specific requirements and needs, or how you can build your own transformation. diff --git a/content/manuals/compose/bridge/usage.md b/content/manuals/compose/bridge/usage.md index ee425cf8f6d9..091457fbeefb 100644 --- a/content/manuals/compose/bridge/usage.md +++ b/content/manuals/compose/bridge/usage.md @@ -6,7 +6,7 @@ description: Learn about and use the Compose Bridge default transformation keywords: compose, bridge, kubernetes --- -{{< include "compose-bridge-experimental.md" >}} +{{< summary-bar feature_name="Compose bridge" >}} Compose Bridge supplies an out-of-the box transformation for your Compose configuration file. Based on an arbitrary `compose.yaml` file, Compose Bridge produces: diff --git a/content/manuals/copilot/_index.md b/content/manuals/copilot/_index.md index e38267582a8b..b40f6caedb11 100644 --- a/content/manuals/copilot/_index.md +++ b/content/manuals/copilot/_index.md @@ -15,9 +15,7 @@ description: | keywords: Docker, GitHub Copilot, extension, Visual Studio Code, chat, ai, containerization --- -{{% restricted title="Early Access" %}} -The Docker for GitHub Copilot extension is an [early access](/release-lifecycle#early-access-ea) product. -{{% /restricted %}} +{{< summary-bar feature_name="Docker GitHub Copilot" >}} The [Docker for GitHub Copilot](https://github.com/marketplace/docker-for-github-copilot) extension integrates Docker's capabilities with GitHub Copilot, providing diff --git a/content/manuals/copilot/examples.md b/content/manuals/copilot/examples.md index f9573a6a1b0f..23bc2c8edf91 100644 --- a/content/manuals/copilot/examples.md +++ b/content/manuals/copilot/examples.md @@ -7,9 +7,7 @@ description: | weight: 30 --- -{{% restricted title="Early Access" %}} -The Docker for GitHub Copilot extension is an [early access](/release-lifecycle#early-access-ea) product. -{{% /restricted %}} +{{< summary-bar feature_name="Docker GitHub Copilot" >}} ## Use cases diff --git a/content/manuals/copilot/install.md b/content/manuals/copilot/install.md index 35756b6cfd2c..6b8dd2a87186 100644 --- a/content/manuals/copilot/install.md +++ b/content/manuals/copilot/install.md @@ -7,9 +7,7 @@ description: | weight: 10 --- -{{% restricted title="Early Access" %}} -The Docker for GitHub Copilot extension is an [early access](/release-lifecycle#early-access-ea) product. -{{% /restricted %}} +{{< summary-bar feature_name="Docker GitHub Copilot" >}} To use the Docker for GitHub copilot extension, you first need to [install](#install) the extension for your organization, and diff --git a/content/manuals/copilot/usage.md b/content/manuals/copilot/usage.md index 92cba9c494a6..51ba028f20a3 100644 --- a/content/manuals/copilot/usage.md +++ b/content/manuals/copilot/usage.md @@ -8,9 +8,7 @@ description: | weight: 20 --- -{{% restricted title="Early Access" %}} -The Docker for GitHub Copilot extension is an [early access](/release-lifecycle#early-access-ea) product. -{{% /restricted %}} +{{< summary-bar feature_name="Docker GitHub Copilot" >}} The Docker Extension for GitHub Copilot provides a chat interface that you can use to interact with the Docker agent. You can ask questions and get help diff --git a/content/manuals/desktop/features/desktop-cli.md b/content/manuals/desktop/features/desktop-cli.md index 1c6d428ac472..b2d8524f27bb 100644 --- a/content/manuals/desktop/features/desktop-cli.md +++ b/content/manuals/desktop/features/desktop-cli.md @@ -11,9 +11,7 @@ params: text: New --- -{{% experimental title="Beta" %}} -Docker Desktop CLI is currently in [Beta](../../release-lifecycle.md#beta). -{{% /experimental %}} +{{< summary-bar feature_name="Docker Desktop CLI" >}} The Docker Desktop CLI lets you perform key operations such as starting, stopping, restarting, and checking the status of Docker Desktop directly from the command line. It is available with Docker Desktop version 4.37 and later. diff --git a/content/manuals/desktop/features/dev-environments/_index.md b/content/manuals/desktop/features/dev-environments/_index.md index 85cdf9285832..a4df3143c6fc 100644 --- a/content/manuals/desktop/features/dev-environments/_index.md +++ b/content/manuals/desktop/features/dev-environments/_index.md @@ -10,9 +10,7 @@ aliases: {{< include "dev-envs-changing.md" >}} -{{% experimental title="Beta" %}} -The Dev Environments feature is currently in [Beta](/manuals/release-lifecycle.md#beta). -{{% /experimental %}} +{{< summary-bar feature_name="Dev Environments" >}} Dev Environments let you create a configurable developer environment with all the code and tools you need to quickly get up and running. diff --git a/content/manuals/desktop/features/synchronized-file-sharing.md b/content/manuals/desktop/features/synchronized-file-sharing.md index 91a98a39c625..f424fe3291d6 100644 --- a/content/manuals/desktop/features/synchronized-file-sharing.md +++ b/content/manuals/desktop/features/synchronized-file-sharing.md @@ -7,9 +7,7 @@ aliases: - /desktop/synchronized-file-sharing/ --- -> [!NOTE] -> -> Synchronized file shares is available with Docker Desktop version 4.27 and later. It is available for customers with a Docker Pro, Team, or Business subscription. +{{< summary-bar feature_name="Synchronized file sharing" >}} Synchronized file shares is an alternative file sharing mechanism that provides fast and flexible host-to-VM file sharing, enhancing bind mount performance through the use of synchronized filesystem caches. diff --git a/content/manuals/desktop/features/usbip.md b/content/manuals/desktop/features/usbip.md index 12483da06bfb..3ed10113c923 100644 --- a/content/manuals/desktop/features/usbip.md +++ b/content/manuals/desktop/features/usbip.md @@ -14,7 +14,7 @@ params: text: New --- -{{< introduced desktop 4.35.0 "../../desktop/release-notes.md#4350" >}} +{{< summary-bar feature_name="USB/IP support" >}} > [!NOTE] > diff --git a/content/manuals/desktop/features/vmm.md b/content/manuals/desktop/features/vmm.md index ab88b8b4b8e0..474caa182d97 100644 --- a/content/manuals/desktop/features/vmm.md +++ b/content/manuals/desktop/features/vmm.md @@ -13,13 +13,15 @@ aliases: - /desktop/vmm/ --- +{{< summary-bar feature_name="VMM" >}} + The Virtual Machine Manager (VMM) in Docker Desktop for Mac is responsible for creating and managing the virtual machine used to run containers. Depending on your system architecture and performance needs, you can choose from multiple VMM options in Docker Desktop's [settings](/manuals/desktop/settings-and-maintenance/settings.md#general). This page provides an overview of the available options. -## Docker VMM (Beta) +## Docker VMM -Docker VMM is a new, container-optimized hypervisor introduced in Docker Desktop 4.35 and available on Apple Silicon Macs only. Its enhanced speed and resource efficiency makes it an ideal choice for optimizing your workflow. +Docker VMM is a new, container-optimized hypervisor introduced in Docker Desktop 4.35 and available on Apple Silicon Macs only. Its enhanced speed and resource efficiency makes it an ideal choice for optimizing your workflow. -Docker VMM brings exciting advancements specifically tailored for Apple Silicon machines. By optimizing both the Linux kernel and hypervisor layers, Docker VMM delivers significant performance enhancements across common developer tasks. +Docker VMM brings exciting advancements specifically tailored for Apple Silicon machines. By optimizing both the Linux kernel and hypervisor layers, Docker VMM delivers significant performance enhancements across common developer tasks. Some key performance enhancements provided by Docker VMM include: - Faster I/O operations: With a cold cache, iterating over a large shared filesystem with `find` is 2x faster than when the Apple Virtualization Framework is used. @@ -31,9 +33,7 @@ These improvements directly impact developers who rely on frequent file access a > > Docker VMM requires a minimum of 4GB of memory to be allocated to the Docker Linux VM. The memory needs to be increased before Docker VMM is enabled, and this can be done from the **Resources** tab in **Settings**. -Docker VMM is based on [libkrun](https://github.com/containers/libkrun). - -### Known issues +### Known issues As Docker VMM is still in Beta, there are a few known limitations: diff --git a/content/manuals/desktop/features/wasm.md b/content/manuals/desktop/features/wasm.md index 741637fc12f1..07103eeb8c5a 100644 --- a/content/manuals/desktop/features/wasm.md +++ b/content/manuals/desktop/features/wasm.md @@ -8,11 +8,7 @@ aliases: - /desktop/wasm/ --- -{{% experimental title="Beta" %}} -The Wasm feature is currently in [Beta](/manuals/release-lifecycle.md#beta). -We recommend that you do not use this feature in production environments as -this feature may change or be removed from future releases. -{{% /experimental %}} +{{< summary-bar feature_name="Wasm workloads" >}} Wasm (short for WebAssembly) is a fast, light alternative to the Linux and Windows containers you’re using in Docker today (with diff --git a/content/manuals/desktop/setup/allow-list.md b/content/manuals/desktop/setup/allow-list.md index 7c6df19e23cf..a801607e0466 100644 --- a/content/manuals/desktop/setup/allow-list.md +++ b/content/manuals/desktop/setup/allow-list.md @@ -9,6 +9,8 @@ aliases: - /desktop/allow-list/ --- +{{< summary-bar feature_name="Allow list" >}} + This page contains the domain URLs that you need to add to a firewall allowlist to ensure Docker Desktop works properly within your organization. ## Domain URLs to allow diff --git a/content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md b/content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md index be154a60b2f0..1307cdb96ab9 100644 --- a/content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md +++ b/content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md @@ -11,9 +11,7 @@ params: text: EA --- -{{% restricted title="Early Access" %}} -The PKG installer is currently an [Early Access](/manuals/release-lifecycle.md) feature and is available to all company and organization owners with a Business subscription and Docker Desktop version 4.36 and later. -{{% /restricted %}} +{{< summary-bar feature_name="PKG installer" >}} The PKG package supports various MDM (Mobile Device Management) solutions, making it ideal for bulk installations and eliminating the need for manual setups by individual users. With this package, IT administrators can ensure standardized, policy-driven installations of Docker Desktop, enhancing efficiency and software management across their organizations. diff --git a/content/manuals/desktop/setup/install/enterprise-deployment/use-intune.md b/content/manuals/desktop/setup/install/enterprise-deployment/use-intune.md index e2a7446b9965..721b60359d5d 100644 --- a/content/manuals/desktop/setup/install/enterprise-deployment/use-intune.md +++ b/content/manuals/desktop/setup/install/enterprise-deployment/use-intune.md @@ -9,6 +9,8 @@ aliases: - /desktop/setup/install/msi/use-intune/ --- +{{< summary-bar feature_name="Intune" >}} + Learn how to deploy Docker Desktop for Windows and Mac using Intune, Microsoft's cloud-based device management tool. {{< tabs >}} diff --git a/content/manuals/desktop/setup/install/linux/archlinux.md b/content/manuals/desktop/setup/install/linux/archlinux.md index 055960f4b7d6..f981d9d136ce 100644 --- a/content/manuals/desktop/setup/install/linux/archlinux.md +++ b/content/manuals/desktop/setup/install/linux/archlinux.md @@ -19,9 +19,7 @@ aliases: This page contains information on how to install, launch and upgrade Docker Desktop on an Arch-based distribution. -> [!IMPORTANT] -> -> This is an experimental installation package. Docker has not tested or verified the installation. +{{< summary-bar feature_name="Docker Desktop Archlinux" >}} ## Prerequisites diff --git a/content/manuals/desktop/setup/sign-in.md b/content/manuals/desktop/setup/sign-in.md index 0fcac9e92a58..72ac850af5ce 100644 --- a/content/manuals/desktop/setup/sign-in.md +++ b/content/manuals/desktop/setup/sign-in.md @@ -42,7 +42,7 @@ In large enterprises where admin access is restricted, administrators can [enfor - You can access your Docker Hub repositories directly from Docker Desktop. -- Authenticated users also get a higher pull rate limit compared to anonymous users. For example, if you are authenticated, you get 200 pulls per 6 hour period, compared to 100 pulls per 6 hour period per IP address for anonymous users. For more information, see [Download rate limit](/manuals/docker-hub/download-rate-limit.md). +- Authenticated users also get a higher pull rate limit compared to anonymous users. For more information, see [Usage and limits](/manuals/docker-hub/usage/_index.md). - Improve your organization’s security posture for containerized development by taking advantage of [Hardened Desktop](/manuals/security/for-admins/hardened-desktop/_index.md). diff --git a/content/manuals/desktop/use-desktop/builds.md b/content/manuals/desktop/use-desktop/builds.md index ed469449a258..24b17e952443 100644 --- a/content/manuals/desktop/use-desktop/builds.md +++ b/content/manuals/desktop/use-desktop/builds.md @@ -42,9 +42,7 @@ Docker Desktop settings. ### Import builds -{{% experimental title="Beta feature" %}} -Import builds is currently in [Beta](../../release-lifecycle.md#Beta). -{{% /experimental %}} +{{< summary-bar feature_name="Import builds" >}} The **Import builds** button lets you import build records for builds by other people, or builds in a CI environment. When you've imported a build record, it diff --git a/content/manuals/docker-hub/_index.md b/content/manuals/docker-hub/_index.md index c47f97f76dcf..f1da3b3f5b72 100644 --- a/content/manuals/docker-hub/_index.md +++ b/content/manuals/docker-hub/_index.md @@ -24,10 +24,10 @@ grid: description: Learn about organization administration. icon: store link: /admin/ -- title: Usage +- title: Usage and limits description: Explore usage limits and how to better utilize Docker Hub. icon: leaderboard - link: /docker-hub/download-rate-limit/ + link: /docker-hub/usage/ - title: Release notes description: Find out about new features, improvements, and bug fixes. icon: note_add diff --git a/content/manuals/docker-hub/download-rate-limit.md b/content/manuals/docker-hub/download-rate-limit.md deleted file mode 100644 index 477d40625f49..000000000000 --- a/content/manuals/docker-hub/download-rate-limit.md +++ /dev/null @@ -1,381 +0,0 @@ ---- -description: Learn about usage and rate limits for Docker Hub. -keywords: Docker Hub, pulls, download, limit, usage, storage -title: Docker Hub usage and rate limits -linkTitle: Usage and rate limits -weight: 30 ---- - -Docker may impose usage and rate limits for Docker Hub to ensure fair resource -consumption and maintain service quality. Understanding your usage helps you -manage your and your organization's usage effectively. - -## Usage - -Usage refers to both: -- Pulls: The amount of data transferred from Docker Hub -- Storage: The amount of data stored on Docker Hub - -### Fair use - -When utilizing the Docker Platform, users should be aware that excessive data -transfer, pull rates, or data storage can lead to throttling, or additional -charges. To ensure fair resource usage and maintain service quality, we reserve -the right to impose restrictions or apply additional charges to accounts -exhibiting excessive data and storage consumption. - -### View Docker Hub usage - -1. Sign in to [Docker Hub](https://hub.docker.com). - - If you want to download usage for all members of an organization, you must - sign in to an account that is an owner for that organization. Otherwise, - you can only view your own personal usage. - -2. In Docker Hub, select **Usage** from the top-level navigation menu. -3. In the drop-down, select whether you want to view your personal or organization data. -4. The usage page displays **Pulls** and **Storage** usage. -5. Select a usage type and use the available filters to view usage. - -### Download Docker Hub pulls usage - -You can download a CSV file of your or your organization's Docker Hub pulls usage. You can't download a CSV file for storage usage. - -To download the pulls usage file: - -1. Sign in to [Docker Hub](https://hub.docker.com). - - If you want to download usage for all members of an organization, you must - sign in to an account that is an owner for that organization. Otherwise, - you can only view your own personal usage. - -2. In Docker Hub, select **Usage** from the top-level navigation menu. -3. In the drop-down, select whether you want to view your personal or organization data. -4. Optional. Use the **Filter by privacy** drop-down to select **Public** or **Private** pulls. -5. Use the **From** and **To** filters to select a date range for the data. -6. Select **Send report to email** to have Docker email you a link to the data - file. Note that email processing time may vary. - -The file contains the following comma separated values: - -| CSV column | Definition | Usage guidance | -|----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `datehour` | The date and hour (`yyyy/mm/dd/hh`) of the pull that resulted in the data transfer. | This helps in identifying peak usage times and patterns. | -| `user_name` | The Docker ID of the user that pulled the image | This lets organization owners track data consumption per user and manage resources effectively. | -| `repository` | The name of the repository of the image that was pulled. | This lets you identify which repositories are most frequently accessed and consume most of the data transfer. | -| `access_token_name` | Name of the access token that was used for authentication with Docker CLI. `generated` tokens are automatically generated by the Docker client when a user signs in. | Personal access tokens are usually used to authenticate automated tools (Docker Desktop, CI/CD tools, etc.). This is useful for identifying which automated system issued the pull. | -| `ips` | The IP address that was used to pull the image. This field is aggregated, so more than one IP address may appear, representing all the IPs used to pull an image within the same date and hour. | This helps you understand the origin of the data transfer, which is useful for diagnosing and identifying patterns in automated or manual pulls. | -| `repository_privacy` | The privacy state of the image repository that was pulled. This can either be `public` or `private`. | This distinguishes between public and private repositories to identify which data transfer threshold the pull impacts. | -| `tag` | The tag for the image. The tag is only available if the pull included a tag. | This helps in identifying the image. Tags are often used to identify specific versions or variants of an image. | -| `digest` | The unique image digest for the image. | This helps in identifying the image. | -| `version_checks` | The number of version checks accumulated for the date and hour of each image repository. Depending on the client, a pull can do a version check to verify the existence of an image or tag without downloading it. | This helps identify the frequency of version checks, which you can use to analyze usage trends and potential unexpected behaviors. | -| `pulls` | The number of pulls accumulated for the date and hour of each image repository. | This helps identify the frequency of repository pulls, which you can use to analyze usage trends and potential unexpected behaviors. | - -### Best practices for managing Docker Hub usage - -Use the following steps to help optimize and manage your Docker Hub usage for -both individuals and organizations: - -1. [View your Docker Hub usage](#view-docker-hub-usage). - -2. Use the Docker Hub usage data to identify which accounts consume the most - data, determine peak usage times, and identify which images are related to - the most data usage. In addition, look for usage trends, such as the - following: - - - Inefficient pull behavior: Identify frequently accessed repositories to - assess whether you can optimize caching practices or consolidate usage to - reduce pulls. - - Inefficient automated systems: Check which automated tools, such as CI/CD - pipelines, may be causing higher pull rates, and configure them to avoid - unnecessary image pulls. - -3. Optimize image pulls by: - - - Use caching: Implement local image caching via - [mirroring](/docker-hub/mirror/) or within your CI/CD pipelines to reduce - redundant pulls. - - Automate manual workflows: Avoid unnecessary pulls by configuring automated - systems to pull only when a new version of an image is available. - -4. Optimize your storage by: - - - Regularly audit and remove repositories with untagged, unused, or outdated images. - - Look for private repositories in Hub storage that exceed your plan's limits. - -5. Increase your limits by upgrading or purchasing additional consumption. For - details, see [Scale your subscription](../subscription/scale.md). - -6. For organizations, monitor and enforce organizational policies by doing the - following: - - - Routinely [view Docker Hub usage](#view-docker-hub-usage) to monitor usage. - - [Enforce sign-in](/security/for-admins/enforce-sign-in/) to ensure that you - can monitor the usage of your users and users receive higher usage limits. - - Look for duplicate user accounts in Docker and remove accounts from your organization - as needed. - -## Storage and repository limits - -{{< include "hub-limits.md" >}} - -The following storage and repository limits apply based on your subscription, subject to fair use: - -| Plan | Public repositories | Public repository storage | Private repositories | Private repository storage | -|----------|---------------------|---------------------------|----------------------------|----------------------------| -| Personal | Unlimited | Unlimited | Up to 1 private repository | Up to 2 GB | -| Pro | Unlimited | Unlimited | Unlimited | Up to 5 GB | -| Team | Unlimited | Unlimited | Unlimited | Up to 50 GB | -| Business | Unlimited | Unlimited | Unlimited | Up to 500 GB | - - -Private repository storage is calculated on a monthly basis based on the average -storage used throughout the month per organization. Docker measures your storage -usage in the amount of Bytes stored per hour, which are accumulated throughout -the month to determine your monthly storage. If a repository is private at any -point within an hour, it is counted as private for the full hour. The total -hours are calculated based on the actual number of days in the month. Any -storage usage beyond the included amounts in each paid subscription tier will be -charged at an on-demand rate. You can [scale your -limit](../subscription/scale.md) or [upgrade](../subscription/change.md) to get -a higher limit. - -For more information on how Docker Hub storage pricing is calculated, see the [Docker Hub storage pricing](/manuals/billing/docker-hub-pricing.md) guide. - -## Pull limit and rate limit - -A pull is defined as the following: - - - A Docker pull includes both a version check and any download that - occurs as a result of the pull. Depending on the client, a `docker pull` can - verify the existence of an image or tag without downloading it by performing - a version check. - - Version checks do not count towards usage pricing. - - A pull for a normal image makes one pull for a [single - manifest](https://github.com/opencontainers/image-spec/blob/main/manifest.md). - - A pull for a multi-arch image will count as one pull for each - different architecture. - -### Pull attribution - -Pulls can be attributed to either a personal or organization [namespace](https://docs.docker.com/contribute/style/terminology/#namespace). - -#### Private pulls - -Pulls for private repositories are attributed to the repository's namespace owner. - -#### Public pulls - -When pulling images from a public repository, attribution is determined based on domain affiliation and organization membership. - -#### Verified domain ownership - -When pulling an image from an account linked to a verified domain, the attribution is set to be the owner of that [domain](https://docs.docker.com/security/faqs/single-sign-on/domain-faqs/) - -#### Single organization membership - -- If the owner of the verified domain is a company and the user is part of only one organization within that [company](https://docs.docker.com/admin/faqs/company-faqs/#what-features-are-supported-at-the-company-level), the pull is attributed to that specific organization. -- If the user is part of only one organization, the pull is attributed to that specific organization. - -#### Multiple organization memberships - -If the user is part of multiple organizations under the company, the pull is attributed to the user's personal namespace. - -### Pull limit - -Rate limits apply to pull usage. A user's rate limit is equal to the highest entitlement of their personal account or any organization they belong to. To take advantage of this, you must sign in to [Docker Hub](https://hub.docker.com/) as an authenticated user. For -more information, see [How do I authenticate pull -requests](#how-do-i-authenticate-pulls). Unauthenticated (anonymous) -users will have the limits enforced via IP. - -Pull limit refers to the total number of image pulls allowed within a specific time frame. For example, a Business plan has a total pull limit of 1M pulls per month. - -The pull limit is calculated on a per month basis and only applies to -Docker Pro, Docker Team, and Docker Business users. The limit automatically -scales on-demand, but on-demand rates do apply. You can [scale your -limit](../subscription/scale.md) or [upgrade](../subscription/change.md) to get -a higher limit. - - -| User type | Pull count per month | -|--------------------------|----------------------| -| Business (authenticated) | 1M | -| Team (authenticated) | 100K | -| Pro (authenticated) | 25K | -| Personal (authenticated) | Not applicable | -| Unauthenticated users | Not applicable | - -### Pull rate limit - -Pull rate limit refers to the frequency of image pulls per unit of time, specifying how quickly you can pull images within a specific time. - -The pull rate limit is calculated on a per hour basis. There is no -pull rate limit for users or automated systems with a paid subscription. -Unauthenticated and Docker Personal users using Docker Hub will experience rate -limits on image pulls. - -The following table describes the pull rate limit per hour -for each subscription tier, subject to fair use: - -| User type | Pull rate limit per hour | -|--------------------------|--------------------------| -| Business (authenticated) | No limit | -| Team (authenticated) | No limit | -| Pro (authenticated) | No limit | -| Personal (authenticated) | 40 | -| Unauthenticated users | 10 per IP address | - -> [!TIP] -> -> Always sign in to Docker. Authenticated Docker Personal users receive -> increased rate limits, while authenticated Docker Pro, Team, and Business -> users are not rate limited. For more information, see [How do I authenticate -> pulls](#how-do-i-authenticate-pulls). - -#### How do I know my pulls are being limited? - -When you issue a pull and you are over the limit, Docker Hub returns a -`429` response code with the following body when the manifest is requested: - -```text -You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limits -``` - -This error message appears in the Docker CLI or in the Docker Engine logs. - -#### How can I check my current rate? - -Valid API requests to Hub usually include the following rate limit headers in -the response: - -```text -ratelimit-limit -ratelimit-remaining -docker-ratelimit-source -``` - -These headers are returned on both GET and HEAD requests. - -> [!NOTE] -> -> Using GET emulates a real pull and counts towards the limit. Using HEAD won't. -> To check your limits, you need `curl`, `grep`, and `jq` installed. - -To get a token anonymously, if you are pulling anonymously: - -```console -$ TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) -``` - -To get a token with a user account, if you are authenticated (insert your -username and password in the following command): - -```console -$ TOKEN=$(curl --user 'username:password' "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) -``` - -Then to get the headers showing your limits, run the following: - -```console -$ curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest -``` - -Which should return the following headers: - -```http -ratelimit-limit: 100;w=21600 -ratelimit-remaining: 76;w=21600 -docker-ratelimit-source: 192.0.2.1 -``` - -In the previous example, the pull limit is 100 pulls per 21600 seconds (6 -hours), and there are 76 pulls remaining. - -If you don't see any RateLimit header, it could be because the image or your IP -is unlimited in partnership with a publisher, provider, or an open source -organization. It could also mean that the user you are pulling as is part of a -paid Docker plan. Pulling that image won’t count toward pull rate limits if you -don't see these headers. Note that users with a paid subscription have a monthly -pull limit that can be viewed in the Docker Hub [usage dashboard](#view-docker-hub-usage). - -#### I'm being limited to a lower rate even though I have a paid Docker subscription - -To take advantage of the unlimited limits included in a paid Docker subscription, -you must [authenticate pulls](#how-do-i-authenticate-pulls) with your -user account. - -A Pro, Team, or a Business tier doesn't increase limits on your images for other -users. See Docker's [Open -Source](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/), -[Publisher](https://www.docker.com/partners/programs), or [Large -Organization](https://www.docker.com/pricing) offerings. - -#### Other limits - -Docker Hub also has an abuse rate limit to protect the application and -infrastructure. This limit applies to all requests to Hub properties including -web pages, APIs, and image pulls. The limit is applied per-IP, and while the -limit changes over time depending on load and other factors, it's in the order -of thousands of requests per minute. The abuse limit applies to all users -equally regardless of account level. - -You can differentiate between these limits by looking at the error code. The -"abuse limit" returns a simple `429 Too Many Requests` response. The pull -limit returns a longer error message that includes a link to this page. - -### How do I authenticate pulls? - -The following section contains information on how to sign in to Docker Hub to -authenticate pulls. - -#### Docker Desktop - -If you are using Docker Desktop, you can sign in to Docker Hub from the Docker -Desktop menu. - -Select **Sign in / Create Docker ID** from the Docker Desktop menu and follow -the on-screen instructions to complete the sign-in process. - -#### Docker Engine - -If you're using a standalone version of Docker Engine, run the `docker login` -command from a terminal to authenticate with Docker Hub. For information on how -to use the command, see [docker login](/reference/cli/docker/login.md). - -#### Docker Swarm - -If you're running Docker Swarm, you must use the `--with-registry-auth` flag to -authenticate with Docker Hub. For more information, see [Create a -service](/reference/cli/docker/service/create.md#with-registry-auth). If you -are using a Docker Compose file to deploy an application stack, see [docker -stack deploy](/reference/cli/docker/stack/deploy.md). - -#### GitHub Actions - -If you're using GitHub Actions to build and push Docker images to Docker Hub, -see [login action](https://github.com/docker/login-action#dockerhub). If you are -using another Action, you must add your username and access token in a similar -way for authentication. - -#### Kubernetes - -If you're running Kubernetes, follow the instructions in [Pull an Image from a -Private -Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) -for information on authentication. - -#### Third-party platforms - -If you're using any third-party platforms, follow your provider’s instructions on using registry authentication. - -- [Artifactory](https://www.jfrog.com/confluence/display/JFROG/Advanced+Settings#AdvancedSettings-RemoteCredentials) -- [AWS CodeBuild](https://aws.amazon.com/blogs/devops/how-to-use-docker-images-from-a-private-registry-in-aws-codebuild-for-your-build-environment/) -- [AWS ECS/Fargate](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html) -- [Azure Pipelines](https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#sep-docreg) -- [Chipper CI](https://docs.chipperci.com/builds/docker/#rate-limit-auth) -- [CircleCI](https://circleci.com/docs/2.0/private-images/) -- [Codefresh](https://codefresh.io/docs/docs/docker-registries/external-docker-registries/docker-hub/) -- [Drone.io](https://docs.drone.io/pipeline/docker/syntax/images/#pulling-private-images) -- [GitLab](https://docs.gitlab.com/ee/user/packages/container_registry/#authenticate-with-the-container-registry) -- [LayerCI](https://layerci.com/docs/advanced-workflows#logging-in-to-docker) -- [TeamCity](https://www.jetbrains.com/help/teamcity/integrating-teamcity-with-docker.html#Conforming+with+Docker+download+rate+limits) diff --git a/content/manuals/docker-hub/image-library/mirror.md b/content/manuals/docker-hub/image-library/mirror.md index 7b993055cc9a..94a87e866b3c 100644 --- a/content/manuals/docker-hub/image-library/mirror.md +++ b/content/manuals/docker-hub/image-library/mirror.md @@ -38,7 +38,7 @@ Hub can be mirrored. > [!NOTE] > -> Mirrors of Docker Hub are still subject to Docker's [fair use policy](/manuals/docker-hub/download-rate-limit.md#fair-use). +> Mirrors of Docker Hub are still subject to Docker's [fair use policy](/manuals/docker-hub/usage/_index.md#fair-use). ### Solution diff --git a/content/manuals/docker-hub/release-notes.md b/content/manuals/docker-hub/release-notes.md index 69dc8b48d2a8..18efecb5d33a 100644 --- a/content/manuals/docker-hub/release-notes.md +++ b/content/manuals/docker-hub/release-notes.md @@ -199,7 +199,7 @@ Docker introduces Hub Vulnerability Scanning which enables you to automatically * Docker has announced a new, per-seat pricing model to accelerate developer workflows for cloud-native development. The previous private repository/concurrent autobuild-based plans have been replaced with new **Pro** and **Team** plans that include unlimited private repositories. For more information, see [Docker subscription](../subscription/_index.md). -* Docker has enabled download rate limits for downloads and pull requests on Docker Hub. This caps the number of objects that users can download within a specified timeframe. For more information, see [Download rate limit](download-rate-limit.md). +* Docker has enabled download rate limits for downloads and pull requests on Docker Hub. This caps the number of objects that users can download within a specified timeframe. For more information, see [Usage and limits](/manuals/docker-hub/usage/_index.md). ## 2019-11-04 diff --git a/content/manuals/docker-hub/repos/manage/builds/_index.md b/content/manuals/docker-hub/repos/manage/builds/_index.md index e23c5b7c62ef..9ce20e697d13 100644 --- a/content/manuals/docker-hub/repos/manage/builds/_index.md +++ b/content/manuals/docker-hub/repos/manage/builds/_index.md @@ -7,10 +7,7 @@ aliases: - /docker-hub/builds/how-builds-work/ --- -> [!NOTE] -> -> Automated builds require a -> Docker Pro, Team, or Business subscription. +{{< summary-bar feature_name="Automated builds" >}} Docker Hub can automatically build images from source code in an external repository and automatically push the built image to your Docker repositories. diff --git a/content/manuals/docker-hub/usage/_index.md b/content/manuals/docker-hub/usage/_index.md new file mode 100644 index 000000000000..f7311adf01c4 --- /dev/null +++ b/content/manuals/docker-hub/usage/_index.md @@ -0,0 +1,56 @@ +--- +description: Learn about usage and limits for Docker Hub. +keywords: Docker Hub, limit, usage +title: Docker Hub usage and limits +linkTitle: Usage and limits +weight: 30 +aliases: + /docker-hub/download-rate-limit/ +--- + +{{< include "hub-limits.md" >}} + +When using Docker Hub, unauthenticated and Docker Personal users are subject to +strict limits. In contrast, Docker Pro, Team, and Business users benefit from a +consumption-based model with a base amount of included usage. This included +usage is not a hard limit; users can scale or upgrade their subscriptions to +receive additional usage or use on-demand usage. + +The following table provides an overview of the included usage and limits for each +user type, subject to fair use: + + +| User type | Pulls per month | Pull rate limit per hour | Public repositories | Public repository storage | Private repositories | Private repository storage | +|--------------------------|-----------------|--------------------------|---------------------|---------------------------|----------------------|----------------------------| +| Business (authenticated) | 1M | Unlimited | Unlimited | Unlimited | Unlimited | Up to 500 GB | +| Team (authenticated) | 100K | Unlimited | Unlimited | Unlimited | Unlimited | Up to 50 GB | +| Pro (authenticated) | 25K | Unlimited | Unlimited | Unlimited | Unlimited | Up to 5 GB | +| Personal (authenticated) | Not applicable | 40 | Unlimited | Unlimited | Up to 1 | Up to 2 GB | +| Unauthenticated users | Not applicable | 10 per IP address | Not applicable | Not applicable | Not applicable | Not applicable | + +For more details, see the following: + +- [Pull usage and limits](./pulls.md) +- [Storage usage and limits](./storage.md) + +## Fair use + +When utilizing the Docker Platform, users should be aware that excessive data +transfer, pull rates, or data storage can lead to throttling, or additional +charges. To ensure fair resource usage and maintain service quality, we reserve +the right to impose restrictions or apply additional charges to accounts +exhibiting excessive data and storage consumption. + +### Abuse rate limit + +Docker Hub has an abuse rate limit to protect the application and +infrastructure. This limit applies to all requests to Hub properties including +web pages, APIs, and image pulls. The limit is applied per-IP, and while the +limit changes over time depending on load and other factors, it's in the order +of thousands of requests per minute. The abuse limit applies to all users +equally regardless of account level. + +You can differentiate between the pull rate limit and abuse rate limit by +looking at the error code. The abuse limit returns a simple `429 Too Many +Requests` response. The pull limit returns a longer error message that includes +a link to documentation. diff --git a/content/manuals/docker-hub/usage/manage.md b/content/manuals/docker-hub/usage/manage.md new file mode 100644 index 000000000000..395a58a65f6c --- /dev/null +++ b/content/manuals/docker-hub/usage/manage.md @@ -0,0 +1,49 @@ +--- +description: Learn how to optimize and manage your Docker Hub usage. +keywords: Docker Hub, limit, usage +title: Best practices for optimizing Docker Hub usage +linkTitle: Optimize usage +weight: 40 +--- + +Use the following steps to help optimize and manage your Docker Hub usage for +both individuals and organizations: + +1. [View your Docker Hub usage](https://hub.docker.com/usage). + +2. Use the Docker Hub usage data to identify which accounts consume the most + data, determine peak usage times, and identify which images are related to + the most data usage. In addition, look for usage trends, such as the + following: + + - Inefficient pull behavior: Identify frequently accessed repositories to + assess whether you can optimize caching practices or consolidate usage to + reduce pulls. + - Inefficient automated systems: Check which automated tools, such as CI/CD + pipelines, may be causing higher pull rates, and configure them to avoid + unnecessary image pulls. + +3. Optimize image pulls by: + + - Using caching: Implement local image caching via + [mirroring](/docker-hub/mirror/) or within your CI/CD pipelines to reduce + redundant pulls. + - Automating manual workflows: Avoid unnecessary pulls by configuring automated + systems to pull only when a new version of an image is available. + +4. Optimize your storage by: + + - Regularly auditing and removing repositories with untagged, unused, or outdated images. + - Looking for private repositories in Hub storage that exceed your plan's limits. + +5. Increase your limits by upgrading or purchasing additional consumption. For + details, see [Scale your subscription](/manuals/subscription/scale.md). + +6. For organizations, monitor and enforce organizational policies by doing the + following: + + - Routinely [view Docker Hub usage](https://hub.docker.com/usage) to monitor usage. + - [Enforce sign-in](/security/for-admins/enforce-sign-in/) to ensure that you + can monitor the usage of your users and users receive higher usage limits. + - Look for duplicate user accounts in Docker and remove accounts from your organization + as needed. \ No newline at end of file diff --git a/content/manuals/docker-hub/usage/pulls.md b/content/manuals/docker-hub/usage/pulls.md new file mode 100644 index 000000000000..52b1c92c7e20 --- /dev/null +++ b/content/manuals/docker-hub/usage/pulls.md @@ -0,0 +1,218 @@ +--- +description: Learn about pull usage and limits for Docker Hub. +keywords: Docker Hub, pulls, usage, limit +title: Docker Hub pull usage and limits +linkTitle: Pulls +weight: 10 +--- + +{{< include "hub-limits.md" >}} + +Unauthenticated and Docker Personal users are subject to hourly pull rate limits +on Docker Hub. In contrast, Docker Pro, Team, and Business users benefit from a +base number of included pulls per month without hourly rate restrictions. This +included usage is flexible, allowing you to scale or upgrade your subscription +to accommodate additional pulls or utilize on-demand pulls as needed. + +Any pulls exceeding the included amounts in each subscription tier will be +charged at an on-demand rate. To increase your monthly pull allowance and avoid +on-demand charges, you can [scale](/manuals/subscription/scale.md) or +[upgrade](/manuals/subscription/change.md) your subscription. + +The following pull usage and limits apply based on your subscription, subject to +fair use: + + +| User type | Pulls per month | Pull rate limit per hour | +|--------------------------|-----------------|--------------------------| +| Business (authenticated) | 1M | Unlimited | +| Team (authenticated) | 100K | Unlimited | +| Pro (authenticated) | 25K | Unlimited | +| Personal (authenticated) | Not applicable | 40 | +| Unauthenticated Users | Not applicable | 10 per IP address | + +## Pull definition + +A pull is defined as the following: + + - A Docker pull includes both a version check and any download that + occurs as a result of the pull. Depending on the client, a `docker pull` can + verify the existence of an image or tag without downloading it by performing + a version check. + - Version checks do not count towards usage pricing. + - A pull for a normal image makes one pull for a [single + manifest](https://github.com/opencontainers/image-spec/blob/main/manifest.md). + - A pull for a multi-arch image will count as one pull for each + different architecture. + +## Pull attribution + +Pulls from authenticated users can be attributed to either a personal or an +organization +[namespace](/reference/glossary/#organization-name). + +Attribution is based on the following: + +- Private pulls: Pulls for private repositories are attributed to the + repository's namespace owner. +- Public pulls: When pulling images from a public repository, attribution is + determined based on domain affiliation and organization membership. +- Verified domain ownership: When pulling an image from an account linked to a + verified domain, the attribution is set to be the owner of that + [domain](/manuals/security/faqs/single-sign-on/domain-faqs.md). +- Single organization membership: + - If the owner of the verified domain is a company and the user is part of + only one organization within that + [company](../../admin/faqs/company-faqs.md#what-features-are-supported-at-the-company-level), + the pull is attributed to that specific organization. + - If the user is part of only one organization, the pull is attributed to + that specific organization. +- Multiple organization memberships: If the user is part of multiple + organizations under the company, the pull is attributed to the user's personal + namespace. + +When pulling Docker Verified Publisher images, attribution towards rate limiting +is not applied. For more details, see [Docker Verified Publisher +Program](/manuals/docker-hub/repos/manage/trusted-content/dvp-program.md). + +### Authentication + +To ensure correct attribution of your pulls, you must authenticate with Docker +Hub. The following sections provide information on how to sign in to Docker Hub +to authenticate your pulls. + +#### Docker Desktop + +If you are using Docker Desktop, you can sign in to Docker Hub from the Docker +Desktop menu. + +Select **Sign in / Create Docker ID** from the Docker Desktop menu and follow +the on-screen instructions to complete the sign-in process. + +#### Docker Engine + +If you're using a standalone version of Docker Engine, run the `docker login` +command from a terminal to authenticate with Docker Hub. For information on how +to use the command, see [docker login](/reference/cli/docker/login.md). + +#### Docker Swarm + +If you're running Docker Swarm, you must use the `--with-registry-auth` flag to +authenticate with Docker Hub. For more information, see [Create a +service](/reference/cli/docker/service/create.md#with-registry-auth). If you +are using a Docker Compose file to deploy an application stack, see [docker +stack deploy](/reference/cli/docker/stack/deploy.md). + +#### GitHub Actions + +If you're using GitHub Actions to build and push Docker images to Docker Hub, +see [login action](https://github.com/docker/login-action#dockerhub). If you are +using another Action, you must add your username and access token in a similar +way for authentication. + +#### Kubernetes + +If you're running Kubernetes, follow the instructions in [Pull an Image from a +Private +Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) +for information on authentication. + +#### Third-party platforms + +If you're using any third-party platforms, follow your provider’s instructions on using registry authentication. + +- [Artifactory](https://www.jfrog.com/confluence/display/JFROG/Advanced+Settings#AdvancedSettings-RemoteCredentials) +- [AWS CodeBuild](https://aws.amazon.com/blogs/devops/how-to-use-docker-images-from-a-private-registry-in-aws-codebuild-for-your-build-environment/) +- [AWS ECS/Fargate](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html) +- [Azure Pipelines](https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#sep-docreg) +- [Chipper CI](https://docs.chipperci.com/builds/docker/#rate-limit-auth) +- [CircleCI](https://circleci.com/docs/2.0/private-images/) +- [Codefresh](https://codefresh.io/docs/docs/docker-registries/external-docker-registries/docker-hub/) +- [Drone.io](https://docs.drone.io/pipeline/docker/syntax/images/#pulling-private-images) +- [GitLab](https://docs.gitlab.com/ee/user/packages/container_registry/#authenticate-with-the-container-registry) +- [LayerCI](https://layerci.com/docs/advanced-workflows#logging-in-to-docker) +- [TeamCity](https://www.jetbrains.com/help/teamcity/integrating-teamcity-with-docker.html#Conforming+with+Docker+download+rate+limits) + +## View monthly pulls and included usage + +You can view your monthly pulls on the [Usage page](https://hub.docker.com/usage/pulls) in Docker Hub. + +On that page, you can also send a report to your email that contains a comma +separated file with the following detailed information. + +| CSV column | Definition | Usage guidance | +|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `datehour` | The date and hour (`yyyy/mm/dd/hh`) of the pull that resulted in the data transfer. | This helps in identifying peak usage times and patterns. | +| `user_name` | The Docker ID of the user that pulled the image | This lets organization owners track data consumption per user and manage resources effectively. | +| `repository` | The name of the repository of the image that was pulled. | This lets you identify which repositories are most frequently accessed and consume most of the data transfer. | +| `access_token_name` | Name of the access token that was used for authentication with Docker CLI. `generated` tokens are automatically generated by the Docker client when a user signs in. | Personal access tokens are usually used to authenticate automated tools (Docker Desktop, CI/CD tools, etc.). This is useful for identifying which automated system issued the pull. | +| `ips` | The IP address that was used to pull the image. This field is aggregated, so more than one IP address may appear, representing all the IPs used to pull an image within the same date and hour. | This helps you understand the origin of the data transfer, which is useful for diagnosing and identifying patterns in automated or manual pulls. | +| `repository_privacy` | The privacy state of the image repository that was pulled. This can either be `public` or `private`. | This distinguishes between public and private repositories to identify which data transfer threshold the pull impacts. | +| `tag` | The tag for the image. The tag is only available if the pull included a tag. | This helps in identifying the image. Tags are often used to identify specific versions or variants of an image. | +| `digest` | The unique image digest for the image. | This helps in identifying the image. | +| `version_checks` | The number of version checks accumulated for the date and hour of each image repository. Depending on the client, a pull can do a version check to verify the existence of an image or tag without downloading it. | This helps identify the frequency of version checks, which you can use to analyze usage trends and potential unexpected behaviors. | +| `pulls` | The number of pulls accumulated for the date and hour of each image repository. | This helps identify the frequency of repository pulls, which you can use to analyze usage trends and potential unexpected behaviors. | + + +## View hourly pull rate and limit + +The pull rate limit is calculated on a per hour basis. There is no pull rate +limit for users or automated systems with a paid subscription. Unauthenticated +and Docker Personal users using Docker Hub will experience rate limits on image +pulls. + +When you issue a pull and you are over the limit, Docker Hub returns a +`429` response code with the following body when the manifest is requested: + +```text +You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limits +``` + +This error message appears in the Docker CLI or in the Docker Engine logs. + +To view your current pull rate and limit: + +> [!NOTE] +> +> To check your limits, you need `curl`, `grep`, and `jq` installed. + +1. Get a token. + + - To get a token anonymously, if you are pulling anonymously: + + ```console + $ TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + ``` + + - To get a token with a user account, if you are authenticated (insert your + username and password in the following command): + + ```console + $ TOKEN=$(curl --user 'username:password' "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + ``` + +2. Get the headers that contain your limits. These headers are returned on both + GET and HEAD requests. Using GET emulates a real pull and counts towards the + limit. Using HEAD won't. + + + ```console + $ curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest + ``` + +3. Examine the headers. You should see the following headers. + + ```text + ratelimit-limit: 100;w=21600 + ratelimit-remaining: 76;w=21600 + docker-ratelimit-source: 192.0.2.1 + ``` + + In the previous example, the pull limit is 100 pulls per 21600 seconds (6 + hours), and there are 76 pulls remaining. + + If you don't see any `ratelimit` header, it could be because the image or your IP + is unlimited in partnership with a publisher, provider, or an open source + organization. It could also mean that the user you are pulling as is part of a + paid Docker plan. Pulling that image won't count toward pull rate limits if you + don't see these headers. \ No newline at end of file diff --git a/content/manuals/docker-hub/usage/storage.md b/content/manuals/docker-hub/usage/storage.md new file mode 100644 index 000000000000..0c8c7a4c65aa --- /dev/null +++ b/content/manuals/docker-hub/usage/storage.md @@ -0,0 +1,27 @@ +--- +description: Learn about storage usage limits for Docker Hub. +keywords: Docker Hub, usage, storage, repository +title: Docker Hub storage usage and limits +linkTitle: Storage +weight: 20 +--- + +{{< include "hub-limits.md" >}} + +The following storage and repository limits apply based on your subscription, subject to fair use: + +| Plan | Public repositories | Public repository storage | Private repositories | Private repository storage | +|----------|---------------------|---------------------------|----------------------------|----------------------------| +| Personal | Unlimited | Unlimited | Up to 1 private repository | Up to 2 GB | +| Pro | Unlimited | Unlimited | Unlimited | Up to 5 GB | +| Team | Unlimited | Unlimited | Unlimited | Up to 50 GB | +| Business | Unlimited | Unlimited | Unlimited | Up to 500 GB | + +Any storage usage beyond the included amounts in each paid subscription tier +will be charged at an on-demand rate. For more details about storage +calcultations and billing, see [Docker Hub storage +pricing](/manuals/billing/docker-hub-pricing.md). + +## View storage usage and repositories + +You can view your storage usage on the [Usage page](https://hub.docker.com/usage/storage) in Docker Hub. diff --git a/content/manuals/engine/daemon/alternative-runtimes.md b/content/manuals/engine/daemon/alternative-runtimes.md index 95bb542642de..d9d6574153ff 100644 --- a/content/manuals/engine/daemon/alternative-runtimes.md +++ b/content/manuals/engine/daemon/alternative-runtimes.md @@ -166,6 +166,8 @@ $ docker run --rm --runtime youki hello-world ### Wasmtime +{{< summary-bar feature_name="Wasmtime" >}} + Wasmtime is a [Bytecode Alliance](https://bytecodealliance.org/) project, and a Wasm runtime that lets you run Wasm containers. @@ -178,10 +180,6 @@ To add Wasmtime as a container runtime, follow these steps: 1. Turn on the [containerd image store](/manuals/engine/storage/containerd.md) feature in the daemon configuration file. - > [!NOTE] - > - > This is an experimental feature. - ```json { "features": { diff --git a/content/manuals/engine/storage/containerd.md b/content/manuals/engine/storage/containerd.md index e228227809a9..00ceed979dd8 100644 --- a/content/manuals/engine/storage/containerd.md +++ b/content/manuals/engine/storage/containerd.md @@ -8,11 +8,7 @@ aliases: - /storage/containerd/ --- -> [!NOTE] -> -> The containerd image store is an experimental feature of Docker Engine. -> If you're using Docker Desktop, refer to the instructions on the -> [containerd image store with Docker Desktop page](/manuals/desktop/features/containerd.md). +{{< summary-bar feature_name="containerd" >}} containerd, the industry-standard container runtime, uses snapshotters instead of the classic storage drivers for storing image and container data. diff --git a/content/manuals/extensions/private-marketplace.md b/content/manuals/extensions/private-marketplace.md index 661e0dbf82e8..f75cb862a756 100644 --- a/content/manuals/extensions/private-marketplace.md +++ b/content/manuals/extensions/private-marketplace.md @@ -5,18 +5,14 @@ title: Configure a private marketplace for extensions tags: [admin] linkTitle: Configure a private marketplace weight: 30 -aliases: +aliases: - /desktop/extensions/private-marketplace/ --- -{{% experimental title="Beta" %}} -This feature is currently in [Beta](/manuals/release-lifecycle.md#beta). It is available to Docker Business customers only. -{{% /experimental %}} +{{< summary-bar feature_name="Private marketplace" >}} Learn how to configure and set up a private marketplace with a curated list of extensions for your Docker Desktop users. -It is designed specifically - Docker Extensions' private marketplace is designed specifically for organizations who don’t give developers root access to their machines. It makes use of [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) so administrators have complete control over the private marketplace. ## Prerequisites @@ -85,7 +81,7 @@ Each setting has a `value` that you can set, including a `locked` field that let To find out more information about the `admin-settings.json` file, see [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md). -## Step three: List allowed extensions +## Step three: List allowed extensions The generated `extensions.txt` file defines the list of extensions that are available in your private marketplace. @@ -99,14 +95,14 @@ docker/disk-usage-extension:0.2.8 If no tag is provided, the latest tag available for the image is used. You can also comment out lines with `#` so the extension is ignored. -This list can include different types of extension images: - +This list can include different types of extension images: + - Extensions from the public marketplace or any public image stored in Docker Hub. - Extension images stored in Docker Hub as private images. Developers need to be signed in and have pull access to these images. - Extension images stored in a private registry. Developers need to be signed in and have pull access to these images. - + > [!IMPORTANT] -> +> > Your developers can only install the version of the extension that you’ve listed. ## Step four: Generate the private marketplace @@ -139,7 +135,7 @@ $ /opt/docker-desktop/extension-admin generate This creates an `extension-marketplace` directory and downloads the marketplace metadata for all the allowed extensions. -The marketplace content is generated from extension image information as image labels, which is the [same format as public extensions](extensions-sdk/extensions/labels.md). It includes the extension title, description, screenshots, links, etc. +The marketplace content is generated from extension image information as image labels, which is the [same format as public extensions](extensions-sdk/extensions/labels.md). It includes the extension title, description, screenshots, links, etc. ## Step five: Test the private marketplace setup @@ -186,7 +182,7 @@ When you select the **Extensions** tab, you should see the private marketplace l Once you’ve confirmed that the private marketplace configuration works, the final step is to distribute the files to the developers’ machines with the MDM software your organization uses. For example, [Jamf](https://www.jamf.com/). -The files to distribute are: +The files to distribute are: * `admin-settings.json` * the entire `extension-marketplace` folder and its subfolders diff --git a/content/manuals/scout/explore/exceptions.md b/content/manuals/scout/explore/exceptions.md index a654c20d3ac8..8a6eadea0a21 100644 --- a/content/manuals/scout/explore/exceptions.md +++ b/content/manuals/scout/explore/exceptions.md @@ -78,11 +78,7 @@ To view all exceptions for a specific image tag: ### View exceptions in the CLI -{{% experimental %}} -Viewing exceptions in the CLI is an experimental feature. -It requires the latest version of the Docker Scout CLI plugin. -Some exceptions may not appear correctly in the CLI. -{{% /experimental %}} +{{< summary-bar feature_name="Docker Scout exceptions" >}} Vulnerability exceptions are highlighted in the CLI when you run `docker scout cves `. If a CVE is suppressed by an exception, a `SUPPRESSED` label diff --git a/content/manuals/scout/integrations/source-code-management/github.md b/content/manuals/scout/integrations/source-code-management/github.md index a62cc72c8659..cb9350ec2d22 100644 --- a/content/manuals/scout/integrations/source-code-management/github.md +++ b/content/manuals/scout/integrations/source-code-management/github.md @@ -5,9 +5,7 @@ description: Integrate Docker Scout using the GitHub app to get remediation advi keywords: scout, github, integration, image analysis, supply chain, remediation, source code --- -{{% experimental title="Beta feature" %}} -The GitHub integration is currently in [Beta](../../../release-lifecycle.md#Beta). -{{% /experimental %}} +{{< summary-bar feature_name="Docker Scout GitHub" >}} The GitHub app integration for Docker Scout grants Docker Scout access to your source code repository on GitHub. This improved visibility into how your image diff --git a/content/manuals/scout/policy/remediation.md b/content/manuals/scout/policy/remediation.md index f2d645d33793..48701160381f 100644 --- a/content/manuals/scout/policy/remediation.md +++ b/content/manuals/scout/policy/remediation.md @@ -4,9 +4,7 @@ description: Learn how Docker Scout can help you improve your software quality a keywords: scout, supply chain, security, remediation, automation --- -{{% experimental title="Beta feature" %}} -Remediation with Docker Scout is currently in [Beta](../../release-lifecycle.md#Beta). -{{% /experimental %}} +{{< summary-bar feature_name="Remediation with Docker Scout" >}} Docker Scout helps you remediate supply chain or security issues by providing recommendations based on policy evaluation results. Recommendations are diff --git a/content/manuals/scout/policy/scores.md b/content/manuals/scout/policy/scores.md index cb6de2a4cb75..e6b2d7af80c1 100644 --- a/content/manuals/scout/policy/scores.md +++ b/content/manuals/scout/policy/scores.md @@ -6,11 +6,7 @@ description: | keywords: scout, health scores, evaluation, checks, grades, docker hub --- -{{% restricted title="Beta" %}} -Health scores is a [Beta](/release-lifecycle/#beta) feature of Docker Scout. -The feature is only available to organizations selected to participate in the -early access program. -{{% /restricted %}} +{{< summary-bar feature_name="Docker Scout health scores" >}} Docker Scout health scores provide a security assessment, and overall supply chain health, of images on Docker Hub, helping you determine whether an image diff --git a/content/manuals/security/for-admins/access-tokens.md b/content/manuals/security/for-admins/access-tokens.md index afdc5eef8eca..470a0cb96885 100644 --- a/content/manuals/security/for-admins/access-tokens.md +++ b/content/manuals/security/for-admins/access-tokens.md @@ -6,9 +6,7 @@ keywords: docker hub, security, OAT, organization access token linkTitle: Organization access tokens (Beta) --- -{{% experimental title="Beta" %}} -The organization access tokens feature is currently in [Beta](../../release-lifecycle.md#beta). -{{% /experimental %}} +{{< summary-bar feature_name="OATs" >}} > [!WARNING] > diff --git a/content/manuals/security/for-admins/domain-audit.md b/content/manuals/security/for-admins/domain-audit.md index fb107c896b7f..412a002a52a2 100644 --- a/content/manuals/security/for-admins/domain-audit.md +++ b/content/manuals/security/for-admins/domain-audit.md @@ -9,6 +9,8 @@ aliases: weight: 50 --- +{{< summary-bar feature_name="Domain audit" >}} + Domain audit identifies uncaptured users in an organization. Uncaptured users are Docker users who have authenticated to Docker using an email address associated with one of your verified domains, but they're not a member of your organization in Docker. You can audit domains on organizations that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/). Uncaptured users who access Docker Desktop in your environment may pose a security risk because your organization's security settings, like Image Access Management and Registry Access Management, aren't applied to a user's session. In addition, you won't have visibility into the activity of uncaptured users. You can add uncaptured users to your organization to gain visibility into their activity and apply your organization's security settings. diff --git a/content/manuals/security/for-admins/enforce-sign-in/_index.md b/content/manuals/security/for-admins/enforce-sign-in/_index.md index 20b39724a0ee..44f6e32994ba 100644 --- a/content/manuals/security/for-admins/enforce-sign-in/_index.md +++ b/content/manuals/security/for-admins/enforce-sign-in/_index.md @@ -11,6 +11,8 @@ aliases: weight: 30 --- +{{< summary-bar feature_name="Enforce sign-in" >}} + By default, members of your organization can use Docker Desktop without signing in. When users don’t sign in as a member of your organization, they don’t receive the [benefits of your organization’s diff --git a/content/manuals/security/for-admins/enforce-sign-in/methods.md b/content/manuals/security/for-admins/enforce-sign-in/methods.md index 4c862c9621db..863af9571ccb 100644 --- a/content/manuals/security/for-admins/enforce-sign-in/methods.md +++ b/content/manuals/security/for-admins/enforce-sign-in/methods.md @@ -6,6 +6,8 @@ tags: [admin] linkTitle: Methods --- +{{< summary-bar feature_name="Enforce sign-in" >}} + This page outlines the different methods for enforcing sign-in for Docker Desktop. ## Registry key method (Windows only) diff --git a/content/manuals/security/for-admins/hardened-desktop/_index.md b/content/manuals/security/for-admins/hardened-desktop/_index.md index 529873f1e46c..bdbbe71c02d9 100644 --- a/content/manuals/security/for-admins/hardened-desktop/_index.md +++ b/content/manuals/security/for-admins/hardened-desktop/_index.md @@ -32,9 +32,7 @@ grid: weight: 60 --- -> [!NOTE] -> -> Hardened Docker Desktop is available to Docker Business customers only. +{{< summary-bar feature_name="Hardened Docker Desktop" >}} Hardened Docker Desktop is a group of security features, designed to improve the security of developer environments with minimal impact on developer experience or productivity. diff --git a/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md b/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md index 107de3643290..49e0ea8a93fc 100644 --- a/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md +++ b/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md @@ -7,7 +7,7 @@ aliases: - /desktop/hardened-desktop/air-gapped-containers/ --- -{{< introduced desktop 4.29.0 "/manuals/desktop/release-notes.md#4290" >}} +{{< summary-bar feature_name="Air-gapped containers" >}} Air-gapped containers let you restrict containers from accessing network resources, limiting where data can be uploaded to or downloaded from. diff --git a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md index f08fd5383b2c..3f6453610b83 100644 --- a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md +++ b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md @@ -9,13 +9,11 @@ aliases: weight: 20 --- -> [!NOTE] -> -> Enhanced Container Isolation is available to Docker Business customers only. +{{< summary-bar feature_name="Hardened Docker Desktop" >}} Enhanced Container Isolation (ECI) provides an additional layer of security to prevent malicious workloads running in containers from compromising Docker Desktop or the host. -It uses a variety of advanced techniques to harden container isolation, but without impacting developer productivity. +It uses a variety of advanced techniques to harden container isolation, but without impacting developer productivity. Enhanced Container Isolation ensures stronger container isolation and also locks in any security configurations that have been created by administrators, for instance through [Registry Access Management policies](/manuals/security/for-admins/hardened-desktop/registry-access-management.md) or with [Settings Management](../settings-management/_index.md). diff --git a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md index f4a64cd38bbf..146b7362681a 100644 --- a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md +++ b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md @@ -8,6 +8,8 @@ aliases: weight: 30 --- +{{< summary-bar feature_name="Hardened Docker Desktop" >}} + ## Docker socket mount permissions By default, when Enhanced Container Isolation (ECI) is enabled, Docker Desktop does not allow bind-mounting the diff --git a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md index 87e58442a36e..832b5ee30841 100644 --- a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md +++ b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md @@ -2,11 +2,13 @@ description: The benefits of enhanced container isolation title: Key features and benefits keywords: set up, enhanced container isolation, rootless, security, features, Docker Desktop -aliases: +aliases: - /desktop/hardened-desktop/enhanced-container-isolation/features-benefits/ weight: 20 --- +{{< summary-bar feature_name="Hardened Docker Desktop" >}} + ## Linux user namespace on all containers With Enhanced Container Isolation, all user containers leverage the [Linux user namespace](https://man7.org/linux/man-pages/man7/user_namespaces.7.html) diff --git a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/how-eci-works.md b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/how-eci-works.md index 9b8c3b65fdcd..2a1c6c8b86e7 100644 --- a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/how-eci-works.md +++ b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/how-eci-works.md @@ -2,11 +2,13 @@ description: How Enhanced Container Isolation works title: How does it work? keywords: set up, enhanced container isolation, rootless, security -aliases: +aliases: - /desktop/hardened-desktop/enhanced-container-isolation/how-eci-works/ weight: 10 --- +{{< summary-bar feature_name="Hardened Docker Desktop" >}} + Docker implements Enhanced Container Isolation by using the [Sysbox container runtime](https://github.com/nestybox/sysbox). Sysbox is a fork of the standard OCI runc runtime that was modified to enhance standard container isolation and diff --git a/content/manuals/security/for-admins/hardened-desktop/image-access-management.md b/content/manuals/security/for-admins/hardened-desktop/image-access-management.md index ed85752ff505..6c5fd3a2745e 100644 --- a/content/manuals/security/for-admins/hardened-desktop/image-access-management.md +++ b/content/manuals/security/for-admins/hardened-desktop/image-access-management.md @@ -11,9 +11,7 @@ aliases: weight: 40 --- -> [!NOTE] -> -> Image Access Management is available to [Docker Business](/manuals/subscription/details.md#docker-business) customers only. +{{< summary-bar feature_name="Hardened Docker Desktop" >}} Image Access Management gives you control over which types of images, such as Docker Official Images, Docker Verified Publisher Images, or community images, your developers can pull from Docker Hub. diff --git a/content/manuals/security/for-admins/hardened-desktop/registry-access-management.md b/content/manuals/security/for-admins/hardened-desktop/registry-access-management.md index 80aaad26d3b8..2c12977816b1 100644 --- a/content/manuals/security/for-admins/hardened-desktop/registry-access-management.md +++ b/content/manuals/security/for-admins/hardened-desktop/registry-access-management.md @@ -11,9 +11,7 @@ aliases: weight: 30 --- -> [!NOTE] -> -> Registry Access Management is available to [Docker Business](/manuals/subscription/details.md) customers only. +{{< summary-bar feature_name="Registry access management" >}} With Registry Access Management (RAM), administrators can ensure that their developers using Docker Desktop only access allowed registries. This is done through the Registry Access Management dashboard in Docker Hub or the Docker Admin Console. diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md index 27989e0c4062..f0524e819138 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md @@ -10,9 +10,7 @@ aliases: weight: 10 --- -> [!NOTE] -> -> Settings Management is available to Docker Business customers only. +{{< summary-bar feature_name="Hardened Docker Desktop" >}} Settings Management helps you control key Docker Desktop settings, like proxies and network configurations, on your developers' machines within your organization. diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md index 11a6f052970f..1c6f44d371a1 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md @@ -11,9 +11,7 @@ params: text: EA --- -{{% restricted title="Early Access" %}} -Settings Management in the Docker Admin Console is an [early access](/release-lifecycle#early-access-ea) feature and is available to Docker Business customers only. -{{% /restricted %}} +{{< summary-bar feature_name="Admin Console" >}} This page contains information for administrators on how to configure Settings Management with the Docker Admin Console. You can specify and lock configuration parameters to create a standardized Docker Desktop environment across your Docker company or organization. @@ -23,18 +21,18 @@ This page contains information for administrators on how to configure Settings M - [Verify your domain](/manuals/security/for-admins/single-sign-on/configure.md#step-one-add-and-verify-your-domain). - [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md). The Settings Management feature requires a Docker Business subscription, therefore your Docker Desktop users must authenticate to your -organization for configurations to take effect. +organization for configurations to take effect. ## Create a settings policy -1. Within the [Docker Admin Console](https://admin.docker.com/) navigate to the company or organization you want to define a settings policy for. -2. Under the **Security and access** section, select **Desktop Settings Management**. +1. Within the [Docker Admin Console](https://admin.docker.com/) navigate to the company or organization you want to define a settings policy for. +2. Under the **Security and access** section, select **Desktop Settings Management**. 3. In the top-right corner, select **Create a settings policy**. 4. Give your settings policy a name and an optional description. > [!TIP] > - > If you have already configured Settings Management with an `admin-settings.json` file for an organization, you can upload it using the **Upload existing settings** button which then automatically populates the form for you. + > If you have already configured Settings Management with an `admin-settings.json` file for an organization, you can upload it using the **Upload existing settings** button which then automatically populates the form for you. > > Settings policies deployed via the Docker Admin Console take precedence over manually deployed `admin-settings.json` files. @@ -42,19 +40,19 @@ organization for configurations to take effect. > [!NOTE] > - > If a settings policy is assigned to all users, it sets the policy as the global default policy. You can only have one global settings policy at a time. - > If a user already has a user-specific settings policy assigned, the user-specific policy takes precedence over a global policy. + > If a settings policy is assigned to all users, it sets the policy as the global default policy. You can only have one global settings policy at a time. + > If a user already has a user-specific settings policy assigned, the user-specific policy takes precedence over a global policy. > [!TIP] > - > Before setting a global settings policy, it is recommended that you first test it as a user-specific policy to make sure you're happy with the changes before proceeding. + > Before setting a global settings policy, it is recommended that you first test it as a user-specific policy to make sure you're happy with the changes before proceeding. 6. Configure the settings for the policy. Go through each setting and select your chosen setting state. You can choose: - - **User-defined**. Your developers are able to control and change this setting. + - **User-defined**. Your developers are able to control and change this setting. - **Always enabled**. This means the setting is turned on and your users won't be able to edit this setting from Docker Desktop or the CLI. - **Enabled**. The setting is turned on and users can edit this setting from Docker Desktop or the CLI. - **Always disabled**. This means the setting is turned off and your users won't be able to edit this setting from Docker Desktop or the CLI. - - **Disabled**. The setting is turned off and users can edit this setting from Docker Desktop or the CLI. + - **Disabled**. The setting is turned off and users can edit this setting from Docker Desktop or the CLI. 7. Select **Create** For the settings policy to take effect: @@ -69,13 +67,13 @@ To avoid disrupting your users' workflows, Docker doesn't automatically require > [!NOTE] > -> Settings are synced to Docker Desktop and the CLI when a user is signed in and starts Docker Desktop, and then every 60 minutes. +> Settings are synced to Docker Desktop and the CLI when a user is signed in and starts Docker Desktop, and then every 60 minutes. If your settings policy needs to be rolled back, either delete the policy or edit the policy to set individual settings to **User-defined**. ## Settings policy actions From the **Actions** menu on the **Desktop Settings Management** page in the Docker Admin Console, you can: -- Edit or delete an existing settings policy. +- Edit or delete an existing settings policy. - Export a settings policy as an `admin-settings.json` file. -- Promote a policy that is applied to a select group of users, to be the new global default policy for all users. \ No newline at end of file +- Promote a policy that is applied to a select group of users, to be the new global default policy for all users. \ No newline at end of file diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md index b59e1293881f..009b21e0b9f7 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md @@ -9,9 +9,7 @@ aliases: - /security/for-admins/hardened-desktop/settings-management/configure/ --- -> [!NOTE] -> -> Settings Management is available to Docker Business customers only. +{{< summary-bar feature_name="Hardened Docker Desktop" >}} This page contains information on how to configure Settings Management with an `admin-settings.json` file. You can specify and lock configuration parameters to create a standardized Docker Desktop environment across your company or organization. diff --git a/content/manuals/security/for-admins/provisioning/_index.md b/content/manuals/security/for-admins/provisioning/_index.md index bed820562fd9..1668e9d1b9e4 100644 --- a/content/manuals/security/for-admins/provisioning/_index.md +++ b/content/manuals/security/for-admins/provisioning/_index.md @@ -6,6 +6,8 @@ linkTitle: Provision weight: 20 --- +{{< summary-bar feature_name="SSO" >}} + Once you've configured your SSO connection, the next step is to provision users. This process ensures that users can access your organization. This guide provides an overview of user provisioning and supported provisioning methods. diff --git a/content/manuals/security/for-admins/provisioning/group-mapping.md b/content/manuals/security/for-admins/provisioning/group-mapping.md index a1434ea56161..595087318200 100644 --- a/content/manuals/security/for-admins/provisioning/group-mapping.md +++ b/content/manuals/security/for-admins/provisioning/group-mapping.md @@ -10,6 +10,8 @@ aliases: weight: 40 --- +{{< summary-bar feature_name="SSO" >}} + Group mapping lets you sync user groups from your identity provider (IdP) with teams in your Docker organization. This automates team membership management, keeping your Docker teams up to date based on changes in your IdP. You can use group mapping once you have configured [single sign-on (SSO)](../single-sign-on/_index.md). > [!TIP] diff --git a/content/manuals/security/for-admins/provisioning/just-in-time.md b/content/manuals/security/for-admins/provisioning/just-in-time.md index dc006697753c..597a636ae80a 100644 --- a/content/manuals/security/for-admins/provisioning/just-in-time.md +++ b/content/manuals/security/for-admins/provisioning/just-in-time.md @@ -5,6 +5,8 @@ title: Just-in-Time provisioning linkTitle: Just-in-Time --- +{{< summary-bar feature_name="SSO" >}} + Just-in-Time (JIT) provisioning automatically creates and updates user accounts after every successful single sign-on (SSO) authentication. JIT verifies that the user signing in belongs to the organization and the teams assigned to them in your identity provider (IdP). When you [create your SSO connection](../single-sign-on/_index.md), JIT provisioning is turned on by default. ## SSO authentication with JIT provisioning enabled diff --git a/content/manuals/security/for-admins/provisioning/scim.md b/content/manuals/security/for-admins/provisioning/scim.md index c7500ec5c8d6..2a0b57b834f3 100644 --- a/content/manuals/security/for-admins/provisioning/scim.md +++ b/content/manuals/security/for-admins/provisioning/scim.md @@ -9,6 +9,8 @@ aliases: weight: 30 --- +{{< summary-bar feature_name="SSO" >}} + System for Cross-domain Identity Management (SCIM) is available for Docker Business customers. This guide provides an overview of SCIM provisioning. ## How SCIM works diff --git a/content/manuals/security/for-admins/roles-and-permissions.md b/content/manuals/security/for-admins/roles-and-permissions.md index 5165ee39d2bc..7b5295b52597 100644 --- a/content/manuals/security/for-admins/roles-and-permissions.md +++ b/content/manuals/security/for-admins/roles-and-permissions.md @@ -2,13 +2,15 @@ description: > Use roles in your organization to control who has access to content, registry, and organization management permissions. -keywords: members, teams, organization, company, roles, access, docker hub, admin console, security +keywords: members, teams, organization, company, roles, access, docker hub, admin console, security title: Roles and permissions aliases: - /docker-hub/roles-and-permissions/ weight: 40 --- +{{< summary-bar feature_name="General admin" >}} + Organization and company owners can assign roles to individuals giving them different permissions in the organization. This guide outlines Docker's organization roles and their permission scopes. ## Roles diff --git a/content/manuals/security/for-admins/single-sign-on/_index.md b/content/manuals/security/for-admins/single-sign-on/_index.md index 7df4a430d33d..5977b7990a31 100644 --- a/content/manuals/security/for-admins/single-sign-on/_index.md +++ b/content/manuals/security/for-admins/single-sign-on/_index.md @@ -10,6 +10,8 @@ aliases: weight: 10 --- +{{< summary-bar feature_name="SSO" >}} + Single sign-on (SSO) lets users access Docker by authenticating using their identity providers (IdPs). SSO is available for a whole company, and all associated organizations within that company, or an individual organization that has a Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/). ## How SSO works diff --git a/content/manuals/security/for-admins/single-sign-on/configure.md b/content/manuals/security/for-admins/single-sign-on/configure.md index ee2905fbc064..7a42d24c4269 100644 --- a/content/manuals/security/for-admins/single-sign-on/configure.md +++ b/content/manuals/security/for-admins/single-sign-on/configure.md @@ -1,6 +1,6 @@ --- description: Learn how to configure single sign-on for your organization or company. -keywords: configure, sso, docker hub, hub, docker admin, admin, security +keywords: configure, sso, docker hub, hub, docker admin, admin, security title: Configure single sign-on linkTitle: Configure aliases: @@ -12,6 +12,8 @@ aliases: - /admin/organization/security-settings/sso-configuration/ --- +{{< summary-bar feature_name="SSO" >}} + Get started creating a single sign-on (SSO) connection for your organization or company. This guide walks through the steps to add and verify the domains your members use to sign in to Docker. ## Step one: Add your domain diff --git a/content/manuals/security/for-admins/single-sign-on/connect.md b/content/manuals/security/for-admins/single-sign-on/connect.md index 0a698b9653a9..3ac1bd14db7b 100644 --- a/content/manuals/security/for-admins/single-sign-on/connect.md +++ b/content/manuals/security/for-admins/single-sign-on/connect.md @@ -5,6 +5,8 @@ title: Create an SSO connection linkTitle: Connect --- +{{< summary-bar feature_name="SSO" >}} + Creating a single sign-on (SSO) connection requires setting up the connection in Docker first, followed by setting up the connection in your identity provider (IdP). This guide provides steps for setting up your SSO connection in Docker and your IdP. > [!TIP] diff --git a/content/manuals/security/for-admins/single-sign-on/manage.md b/content/manuals/security/for-admins/single-sign-on/manage.md index 70b4af79abe0..a15d7c24f116 100644 --- a/content/manuals/security/for-admins/single-sign-on/manage.md +++ b/content/manuals/security/for-admins/single-sign-on/manage.md @@ -8,6 +8,8 @@ aliases: - /single-sign-on/manage/ --- +{{< summary-bar feature_name="SSO" >}} + ## Manage organizations > [!NOTE] diff --git a/content/manuals/subscription/details.md b/content/manuals/subscription/details.md index 27952d45c13d..b4158c92bf09 100644 --- a/content/manuals/subscription/details.md +++ b/content/manuals/subscription/details.md @@ -183,7 +183,7 @@ Legacy Docker Pro includes: - Unlimited [collaborators](/docker-hub/repos/manage/access/#collaborators) for public repositories at no cost per month. - Access to [Legacy Docker Scout Free](#legacy-docker-scout-free) to get started with software supply chain security. - Unlimited private repositories -- 5000 image [pulls per day](/docker-hub/download-rate-limit/) +- 5000 image [pulls per day](/manuals/docker-hub/usage/pulls.md) - [Auto Builds](/docker-hub/builds/) with 5 concurrent builds - 300 [Vulnerability Scans](/docker-hub/vulnerability-scanning/) @@ -215,7 +215,7 @@ Legacy Docker Team includes: - Unlimited teams - [Auto Builds](/docker-hub/builds/) with 15 concurrent builds - Unlimited [Vulnerability Scanning](/docker-hub/vulnerability-scanning/) -- 5000 image [pulls per day](/docker-hub/download-rate-limit/) for each team member +- 5000 image [pulls per day](/manuals/docker-hub/usage/pulls.md) for each team member There are also advanced collaboration and management tools, including organization and team management with [Role Based Access Control (RBAC)](/security/for-admins/roles-and-permissions/), [activity logs](/admin/organization/activity-logs/), and more. diff --git a/content/reference/api/hub/latest.yaml b/content/reference/api/hub/latest.yaml index 7d0099ab8a62..86d2f3b30dc7 100644 --- a/content/reference/api/hub/latest.yaml +++ b/content/reference/api/hub/latest.yaml @@ -39,7 +39,7 @@ tags: The `X-Retry-After` header is a unix timestamp of when you can call the API again. **Note**: These rate limits are separate from anti-abuse and Docker Hub download, or pull rate limiting. - To learn more about Docker Hub pull rate limiting, see [Docker Hub download rate limit](https://docs.docker.com/docker-hub/download-rate-limit/). + To learn more about Docker Hub pull rate limiting, see [Usage and limits](https://docs.docker.com/docker-hub/usage/). - name: authentication x-displayName: Authentication description: | diff --git a/content/reference/cli/docker/desktop/_index.md b/content/reference/cli/docker/desktop/_index.md index be7ff711b129..785fd1b3a354 100644 --- a/content/reference/cli/docker/desktop/_index.md +++ b/content/reference/cli/docker/desktop/_index.md @@ -5,6 +5,4 @@ title: docker desktop (Beta) layout: cli --- -{{% experimental title="Beta" %}} -Docker Desktop CLI is currently in [Beta](/manuals/release-lifecycle.md#beta). -{{% /experimental %}} \ No newline at end of file +{{< summary-bar feature_name="Docker Desktop CLI" >}} \ No newline at end of file diff --git a/data/summary.yaml b/data/summary.yaml new file mode 100644 index 000000000000..225227f8ac83 --- /dev/null +++ b/data/summary.yaml @@ -0,0 +1,114 @@ +Activity logs: + subscription: [Team, Business] + for: Administrators +Admin Console: + subscription: [Business] + availability: Early access + for: Administrators +Admin orgs: + subscription: [Team, Business] + for: Administrators +Air-gapped containers: + requires: Docker Desktop 4.29.0 and later +Allow list: + for: Administrators +Amazon S3 cache: + availability: Experimental +Ask Gordon: + availability: Beta +Automated builds: + subscription: [Pro, Team, Business] +Azure blob: + availability: Experimental +Build bake: + availability: Experimental +Build checks: + availability: Beta + requires: Buildx v0.15.0 and later +Cache backend API: + availability: Experimental +Company: + subscription: [Business] + for: Administrators +Compose bridge: + availability: Experimental +containerd: + availability: Experimental +Dev Environments: + availability: Beta +Docker Build Cloud: + subscription: [Pro, Team, Business] +docker compose alpha: + availability: Experimental +Docker Desktop Archlinux: + availability: Experimental +Docker Desktop CLI: + availability: Beta + requires: Docker Desktop 4.37 and later +Docker GitHub Copilot: + availability: Early access +Docker Scout exceptions: + availability: Experimental + requires: Docker Scout CLI 1.15.0 and later +Docker Scout GitHub: + availability: Beta +Docker Scout health scores: + subscription: [Pro, Team, Business] + availability: Beta +Domain audit: + subscription: [Business] + for: Administrators +Enforce sign-in: + subscription: [Business] + for: Administrators +General admin: + for: Administrators +GitHub Actions cache: + availability: Experimental +Hardened Docker Desktop: + subscription: [Business] + for: Administrators +Import builds: + availability: Beta + requires: Docker Desktop 4.31 and later +Insights: + subscription: [Business] + for: Administrators +Intune: + for: Administrators +Jamf Pro: + for: Administrators +MSI Installer: + availability: Docker Desktop 4.32 and later + for: Administrators +OATs: + subscription: [Team, Business] + availability: Beta +PKG installer: + subscription: [Business] + availability: Early access + requires: Docker Desktop 4.36 and later + for: Administrators +Private marketplace: + availability: Beta + for: Administrators +Remediation with Docker Scout: + availability: Beta +Registry access management: + subscription: [Business] + for: Administrators +SSO: + subscription: [Business] + for: Administrators +Synchronized file sharing: + subscription: [Pro, Team, Business] + requires: Docker Desktop 4.27 and later +USB/IP support: + requires: Docker Desktop 4.35.0 and later +VMM: + availability: Beta + requires: Docker Desktop 4.35.0 and later +Wasm workloads: + availability: Beta +Wasmtime: + availability: Experimental \ No newline at end of file diff --git a/layouts/shortcodes/summary-bar.html b/layouts/shortcodes/summary-bar.html new file mode 100644 index 000000000000..a36cb0463ef6 --- /dev/null +++ b/layouts/shortcodes/summary-bar.html @@ -0,0 +1,77 @@ +{{ $featureName := .Get "feature_name" }} +{{ $feature := index site.Data.summary $featureName }} +{{ if not $feature }} + {{ errorf "[summary-bar] invalid feature: %s %v" $featureName .Position }} +{{ end }} +{{ if $feature }} +{{ $subscriptionIcons := dict + "Business" "domain" + "Team" "groups" + "Pro" "person_add" + "Personal" "person" + "Available to all" "public" +}} +{{ $availabilityIcons := dict + "Experimental" "science" + "Beta" "bolt" + "Early access" "rocket_launch" + "GA" "check_circle" + "Retired" "package_2" +}} +{{ $requiresIcon := "browser_updated" }} +{{ $forIcon := "admin_panel_settings" }} + +
+ {{ with $feature.subscription }} +
+ Subscription: + {{ range . }} + {{ . }} + + {{ $icon := index $subscriptionIcons . }} + {{ if $icon }} + {{ partial "icon" $icon }} + {{ else }} + {{ partial "icon" "default_icon" }} + {{ end }} + + {{ end }} +
+ {{ end }} + + {{ with $feature.availability }} +
+ Availability: + {{ . }} + + {{ $icon := index $availabilityIcons . }} + {{ if $icon }} + {{ partial "icon" $icon }} + {{ else }} + {{ partial "icon" "default_icon" }} + {{ end }} + +
+ {{ end }} + + {{ with $feature.requires }} +
+ Requires: + {{ . }} + + {{ partial "icon" $requiresIcon }} + +
+ {{ end }} + + {{ with $feature.for }} +
+ For: + {{ . }} + + {{ partial "icon" $forIcon }} + +
+ {{ end }} +
+{{ end }} \ No newline at end of file