From ee35407538ceb88b0a455dde0b98bc33f79edece Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Mon, 12 May 2025 15:39:15 +0200 Subject: [PATCH 1/4] Merge pull request #22617 from crazy-max/bake-fix-syntax bake: fix hcl syntax --- content/manuals/build/bake/expressions.md | 2 +- content/manuals/build/bake/targets.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/manuals/build/bake/expressions.md b/content/manuals/build/bake/expressions.md index 71e7ef7de72e..05620f0866cc 100644 --- a/content/manuals/build/bake/expressions.md +++ b/content/manuals/build/bake/expressions.md @@ -62,7 +62,7 @@ target "default" { dockerfile="Dockerfile" tags = [ "my-image:latest", - notequal("",TAG) ? "my-image:${TAG}": "", + notequal("",TAG) ? "my-image:${TAG}": "" ] } ``` diff --git a/content/manuals/build/bake/targets.md b/content/manuals/build/bake/targets.md index 29c6a1d376b6..183eb939e92f 100644 --- a/content/manuals/build/bake/targets.md +++ b/content/manuals/build/bake/targets.md @@ -81,8 +81,8 @@ target "api" { target "tests" { dockerfile = "tests.Dockerfile" contexts = { - webapp = "target:webapp", - api = "target:api", + webapp = "target:webapp" + api = "target:api" } output = ["type=local,dest=build/tests"] context = "." From 71109d5f42b7c5fdbbc78c4528fefcdc36104e5a Mon Sep 17 00:00:00 2001 From: Pradumna Saraf Date: Mon, 12 May 2025 22:18:17 +0530 Subject: [PATCH 2/4] docs: Update incorrect port in Docker Compose the go-prometheus-monitoring guide (#22614) ## Description The app service port is `8000`, and I mistakenly mentioned `8080` for health check while creating this guide. So, it will give an error. - [ ] Technical review - [x] Editorial review - [ ] Product review --- content/guides/go-prometheus-monitoring/compose.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/guides/go-prometheus-monitoring/compose.md b/content/guides/go-prometheus-monitoring/compose.md index dd9763bcd117..499e065759f4 100644 --- a/content/guides/go-prometheus-monitoring/compose.md +++ b/content/guides/go-prometheus-monitoring/compose.md @@ -27,7 +27,7 @@ services: networks: - go-network healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8080/health"] + test: ["CMD", "curl", "-f", "http://localhost:8000/health"] interval: 30s timeout: 10s retries: 5 @@ -163,4 +163,4 @@ Next, you will learn how to develop the Golang application with Docker Compose a ## Next steps -In the next section, you will learn how to develop the Golang application with Docker. You will also learn how to use Docker Compose Watch to rebuild the image whenever you make changes to the code. Lastly, you will test the application and visualize the metrics in Grafana using Prometheus as the data source. \ No newline at end of file +In the next section, you will learn how to develop the Golang application with Docker. You will also learn how to use Docker Compose Watch to rebuild the image whenever you make changes to the code. Lastly, you will test the application and visualize the metrics in Grafana using Prometheus as the data source. From 9b93eb9f3e898a5cb2334ddbeca9609256d968b8 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Mon, 12 May 2025 13:47:02 -0400 Subject: [PATCH 3/4] iam: multiple-idp (#21675) ## Description - Updated SSO configuration/management docs for multiple IdP support - Updated FAQs to clarify that Docker now supports it - Fixed some typos ## Related issues or tickets [ENGDOCS-2358](https://docker.atlassian.net/browse/ENGDOCS-2358) ## Reviews - [ ] Technical review @gurleensethi-docker @ivan-californias @technicallyjosh - [ ] Editorial review - [ ] Product review [ENGDOCS-2358]: https://docker.atlassian.net/browse/ENGDOCS-2358?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --- content/manuals/admin/faqs/general-faqs.md | 4 ++-- content/manuals/security/faqs/single-sign-on/idp-faqs.md | 4 ++-- .../security/for-admins/single-sign-on/configure.md | 4 ++++ .../security/for-admins/single-sign-on/connect.md | 9 +++++++-- layouts/shortcodes/admin-sso-management.md | 4 ++++ 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/content/manuals/admin/faqs/general-faqs.md b/content/manuals/admin/faqs/general-faqs.md index 2bd3216269c9..d672c868aa10 100644 --- a/content/manuals/admin/faqs/general-faqs.md +++ b/content/manuals/admin/faqs/general-faqs.md @@ -27,7 +27,7 @@ Additionally, you can't reuse a Docker ID in the future if you deactivate your a ### What if my Docker ID is taken? -All Docker IDs are first-come, first-served except for companies that have a US Trademark on a username. If you have a trademark for your namespace, [Docker Support](https://hub.docker.com/support/contact/) can retrieve the Docker ID for you. +All Docker IDs are first-come, first-served except for companies that have a U.S. Trademark on a username. If you have a trademark for your namespace, [Docker Support](https://hub.docker.com/support/contact/) can retrieve the Docker ID for you. ### What’s an organization? @@ -66,7 +66,7 @@ The organization owner can also add additional owners to help them manage users, ### Can I configure multiple SSO identity providers (IdPs) to authenticate users to a single org? -Docker SSO allows only one IdP configuration per organization. For more +Yes. Docker SSO supports multiple IdP configurations. For more information, see [Configure SSO](../../security/for-admins/single-sign-on/configure/_index.md) and [SSO FAQs](../../security/faqs/single-sign-on/faqs.md). ### What is a service account? diff --git a/content/manuals/security/faqs/single-sign-on/idp-faqs.md b/content/manuals/security/faqs/single-sign-on/idp-faqs.md index 2b456e005540..c5d6416ffa07 100644 --- a/content/manuals/security/faqs/single-sign-on/idp-faqs.md +++ b/content/manuals/security/faqs/single-sign-on/idp-faqs.md @@ -11,7 +11,7 @@ aliases: ### Is it possible to use more than one IdP with Docker SSO? -No. You can only configure Docker SSO to work with a single IdP. A domain can only be associated with a single IdP. Docker supports Entra ID (formerly Azure AD) and identity providers that support SAML 2.0. +Yes. Docker supports multiple IdP configurations. A domain can be associated with multiple IdPs. Docker supports Entra ID (formerly Azure AD) and identity providers that support SAML 2.0. ### Is it possible to change my identity provider after configuring SSO? @@ -57,4 +57,4 @@ Yes, Entra ID (formerly Azure AD) is supported with SSO for Docker Business, bot ### My SSO connection with Entra ID isn't working and I receive an error that the application is misconfigured. How can I troubleshoot this? -Confirm that you've configured the necessary API permissions in Entra ID (formerly Azure AD) for your SSO connection. You need to grant admin consent within your Entra ID (formerly Azure AD) tenant. See [Entra ID (formerly Azure AD) documentation](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent?pivots=portal#grant-admin-consent-in-app-registrations). +Confirm that you've configured the necessary API permissions in Entra ID (formerly Azure AD) for your SSO connection. You need to grant administrator consent within your Entra ID (formerly Azure AD) tenant. See [Entra ID (formerly Azure AD) documentation](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent?pivots=portal#grant-admin-consent-in-app-registrations). diff --git a/content/manuals/security/for-admins/single-sign-on/configure.md b/content/manuals/security/for-admins/single-sign-on/configure.md index b0304d8b6f9b..920f321a6ccd 100644 --- a/content/manuals/security/for-admins/single-sign-on/configure.md +++ b/content/manuals/security/for-admins/single-sign-on/configure.md @@ -18,6 +18,10 @@ Get started creating a single sign-on (SSO) connection for your organization or ## Step one: Add your domain +> [!NOTE] +> +> Docker supports multiple identity provider (IdP) configurations. With a multiple IdP configuration, one domain can be associated with more than one SSO identity provider. + {{< tabs >}} {{< tab name="Admin Console" >}} diff --git a/content/manuals/security/for-admins/single-sign-on/connect.md b/content/manuals/security/for-admins/single-sign-on/connect.md index a5aaf812f76e..04041c66d0e3 100644 --- a/content/manuals/security/for-admins/single-sign-on/connect.md +++ b/content/manuals/security/for-admins/single-sign-on/connect.md @@ -202,15 +202,20 @@ After you've completed the SSO connection process in Docker, we recommend testin 1. Open an incognito browser. 2. Sign in to the Admin Console using your **domain email address**. -3. The browser will redirect to your IdP's login page to authenticate. +3. The browser will redirect to your identity provider's sign in page to authenticate. If you have [multiple IdPs](#optional-configure-multiple-idps), choose the sign sign-in option **Continue with SSO**. 4. Authenticate through your domain email instead of using your Docker ID. You can also test your SSO connection through the command-line interface (CLI). If you want to test through the CLI, your users must have a personal access token (PAT). +## Optional: Configure multiple IdPs + +Docker supports multiple IdP configurations. With multiple IdPs configured, one domain can be associated with multiple SSO identity providers. To configure multiple IdPs, repeat steps 1-4 in this guide for each IdP. Ensure each IdP configuration uses the same domain. + +When a user signs in to a Docker organization that has multiple IdPs, on the sign-in page, they must choose the option **Continue with SSO**. This prompts them to choose their identity provider and authenticate through their domain email. ## Optional: Enforce SSO ->[!IMPORTANT] +> [!IMPORTANT] > > If SSO isn't enforced, users can choose to sign in with either their Docker username and password or SSO. diff --git a/layouts/shortcodes/admin-sso-management.md b/layouts/shortcodes/admin-sso-management.md index 9a02a6360317..9d04bebfea8c 100644 --- a/layouts/shortcodes/admin-sso-management.md +++ b/layouts/shortcodes/admin-sso-management.md @@ -8,6 +8,10 @@ ### Remove a domain from an SSO connection +> [!IMPORTANT] +> +> Docker supports multiple IdP configurations, where a single domain is used for multiple SSO identity providers. If you want to remove a domain from multiple SSO connections, you must remove it from each connection individually. + 1. Sign in to {{ $product_link }}. 2. {{ $sso_navigation }} 3. In the SSO connections table, select the **Action** icon and then **Edit connection**. From 3514b18fc96c1c8855c8b8f03c4678cf7bedec0d Mon Sep 17 00:00:00 2001 From: sheltongraves <148902861+sheltongraves@users.noreply.github.com> Date: Mon, 12 May 2025 14:38:30 -0400 Subject: [PATCH 4/4] Create immutable-tags.md (#22608) Adding a new page for immutable tags feature. I was thinking it would go in Docker Hub -> Repositories -> Images. But open to your discretion of the best place for it. ## Description ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --------- Signed-off-by: Craig Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com> Co-authored-by: Craig --- .../repos/manage/hub-images/immutable-tags.md | 50 +++++++++++++++++++ data/summary.yaml | 2 + 2 files changed, 52 insertions(+) create mode 100644 content/manuals/docker-hub/repos/manage/hub-images/immutable-tags.md diff --git a/content/manuals/docker-hub/repos/manage/hub-images/immutable-tags.md b/content/manuals/docker-hub/repos/manage/hub-images/immutable-tags.md new file mode 100644 index 000000000000..b0ae4abee53d --- /dev/null +++ b/content/manuals/docker-hub/repos/manage/hub-images/immutable-tags.md @@ -0,0 +1,50 @@ +--- +description: Learn about immutable tags and how they help maintain image version consistency on Docker Hub. +keywords: Docker Hub, Hub, repository content, tags, immutable tags, version control +title: Immutable tags on Docker Hub +linkTitle: Immutable tags +weight: 11 +--- +{{< summary-bar feature_name="Immutable tags" >}} + +Immutable tags provide a way to ensure that specific image versions remain unchanged once they are published to Docker Hub. This feature helps maintain consistency and reliability in your container deployments by preventing accidental overwrites of important image versions. + +## What are immutable tags? + +Immutable tags are image tags that, once pushed to Docker Hub, cannot be overwritten or deleted. This ensures that a specific version of an image remains exactly the same throughout its lifecycle, providing: + +- Version consistency +- Reproducible builds +- Protection against accidental overwrites +- Better security and compliance + +## Enable immutable tags + +To enable immutable tags for your repository: + +1. Sign in to [Docker Hub](https://hub.docker.com). +2. Select **My Hub** > **Repositories**. +3. Select the repository where you want to enable immutable tags. +4. Select the **Settings** tab +5. Under **Tag mutability settings**, select **Immutable**. +6. Select **Save**. + +Once enabled, all tags are locked to their specific images, ensuring that each tag always points to the same image version and cannot be modified. + + > [!NOTE] +> +> All tags in the repository become immutable, including the `latest` tag. + +## Working with immutable tags + +When immutable tags are enabled: + +- You cannot push a new image with the same tag name +- You must use a new tag name for each new image version + +To push an image, create a new tag for your updated image and push it to the repository. + + + + + diff --git a/data/summary.yaml b/data/summary.yaml index 5246f3899d9f..e18714146d70 100644 --- a/data/summary.yaml +++ b/data/summary.yaml @@ -182,6 +182,8 @@ Hardened Docker Desktop: for: Administrators Image management: availability: Beta +Immutable tags: + availability: Beta Import builds: availability: Beta requires: Docker Desktop [4.31](/manuals/desktop/release-notes.md#4310) and later