diff --git a/Dockerfile b/Dockerfile index c7e22db80cc7..0fbed160d309 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ # check=skip=InvalidBaseImagePlatform ARG ALPINE_VERSION=3.21 -ARG GO_VERSION=1.23.8 +ARG GO_VERSION=1.24 ARG HTMLTEST_VERSION=0.17.0 ARG HUGO_VERSION=0.141.0 ARG NODE_VERSION=22 diff --git a/content/manuals/build/metadata/annotations.md b/content/manuals/build/metadata/annotations.md index 910ce96f9d31..330deb818137 100644 --- a/content/manuals/build/metadata/annotations.md +++ b/content/manuals/build/metadata/annotations.md @@ -11,7 +11,7 @@ arbitrary information and attach it to your image, which helps consumers and tools understand the origin, contents, and how to use the image. Annotations are similar to, and in some sense overlap with, [labels]. Both -serve the same purpose: attach metadata to a resource. As a general principle, +serve the same purpose: to attach metadata to a resource. As a general principle, you can think of the difference between annotations and labels as follows: - Annotations describe OCI image components, such as [manifests], [indexes], @@ -68,7 +68,7 @@ For examples on how to add annotations to images built with GitHub Actions, see You can also add annotations to an image created using `docker buildx imagetools create`. This command only supports adding annotations to an index or manifest descriptors, see -[CLI reference](/reference/cli/docker/buildx/imagetools/create.md#annotations). +[CLI reference](/reference/cli/docker/buildx/imagetools/create.md#annotation). ## Inspect annotations diff --git a/content/manuals/desktop/setup/install/enterprise-deployment/faq.md b/content/manuals/desktop/setup/install/enterprise-deployment/faq.md index 71e689bab4d2..d2b7cacbcb8e 100644 --- a/content/manuals/desktop/setup/install/enterprise-deployment/faq.md +++ b/content/manuals/desktop/setup/install/enterprise-deployment/faq.md @@ -83,4 +83,18 @@ Add-LocalGroupMember -Group $Group -Member $CurrentUser > [!NOTE] > -> After adding a new user to the `docker-users` group, the user must sign out and then sign back in for the changes to take effect. \ No newline at end of file +> After adding a new user to the `docker-users` group, the user must sign out and then sign back in for the changes to take effect. + +## MDM + +Common questions about deploying Docker Desktop using mobile device management +(MDM) tools such as Jamf, Intune, or Workspace ONE. + +### Why doesn't my MDM tool apply all Docker Desktop configuration settings at once? + +Some MDM tools, such as Workspace ONE, may not support applying multiple +configuration settings in a single XML file. In these cases, you may need to +deploy each setting in a separate XML file. + +Refer to your MDM provider's documentation for specific deployment +requirements or limitations. \ No newline at end of file diff --git a/content/manuals/docker-hub/repos/manage/access.md b/content/manuals/docker-hub/repos/manage/access.md index 4dbf8f2d88d5..0adac4195c49 100644 --- a/content/manuals/docker-hub/repos/manage/access.md +++ b/content/manuals/docker-hub/repos/manage/access.md @@ -132,3 +132,42 @@ To configure team repository permissions: Organizations can use OATs. OATs let you assign fine-grained repository access permissions to tokens. For more details, see [Organization access tokens](/manuals/security/for-admins/access-tokens.md). + +## Gated distribution + +{{< summary-bar feature_name="Gated distribution" >}} + +Gated distribution allows publishers to securely share private container images with external customers or partners, without giving them full organization access or visibility into your teams, collaborators, or other repositories. + +This feature is ideal for commercial software publishers who want to control who can pull specific images while preserving a clean separation between internal users and external consumers. + +### Key features + +- **Private repository distribution**: Content is stored in private repositories and only accessible to explicitly invited users. + +- **External access without organization membership**: External users don't need to be added to your internal organization to pull images. + +- **Pull-only permissions**: External users receive pull-only access and cannot push or modify repository content. + +- **Invite-only access**: Access is granted through authenticated email invites, managed via API. + +### Invite distributor members via API + +> [!NOTE] +> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for details about the access permissions for each role. + +Distributor members (used for gated distribution) can only be invited using the Docker Hub API. UI-based invitations are not currently supported for this role. To invite distributor members, use the Bulk create invites API endpoint. + +To invite distributor members: + +1. Use the [Authentication API](https://docs.docker.com/reference/api/hub/latest/#tag/authentication-api/operation/AuthCreateAccessToken) to generate a bearer token for your Docker Hub account. + +2. Create a team in the Hub UI or use the [Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/groups/paths/~1v2~1orgs~1%7Borg_name%7D~1groups/post). + +3. Grant repository access to the team: + - In the Hub UI: Navigate to your repository settings and add the team with "Read-only" permissions + - Using the [Repository Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/repositories/paths/~1v2~1repositories~1%7Bnamespace%7D~1%7Brepository%7D~1groups/post): Assign the team to your repositories with "read-only" access level + +4. Use the [Bulk create invites endpoint](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1bulk/post) to send email invites with the distributor member role. In the request body, set the "role" field to "distributor_member". + +5. The invited user will receive an email with a link to accept the invite. After signing in with their Docker ID, they'll be granted pull-only access to the specified private repository as a distributor member. diff --git a/content/manuals/engine/install/debian.md b/content/manuals/engine/install/debian.md index 1ed65408d891..0ca59c2490a8 100644 --- a/content/manuals/engine/install/debian.md +++ b/content/manuals/engine/install/debian.md @@ -42,6 +42,7 @@ To get started with Docker Engine on Debian, make sure you To install Docker Engine, you need the 64-bit version of one of these Debian versions: +- Debian Trixie 13 (testing) - Debian Bookworm 12 (stable) - Debian Bullseye 11 (oldstable) @@ -144,7 +145,7 @@ Docker from the repository. ```console $ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin ``` - + {{< /tab >}} {{< tab name="Specific version" >}} diff --git a/content/manuals/engine/install/fedora.md b/content/manuals/engine/install/fedora.md index 71a795db6ab0..ac936854c18d 100644 --- a/content/manuals/engine/install/fedora.md +++ b/content/manuals/engine/install/fedora.md @@ -26,8 +26,9 @@ To get started with Docker Engine on Fedora, make sure you To install Docker Engine, you need a maintained version of one of the following Fedora versions: -- Fedora 40 +- Fedora 42 - Fedora 41 +- Fedora 40 ### Uninstall old versions diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md index 48fc13100a01..4c7ab56f2623 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md @@ -12,70 +12,73 @@ weight: 10 {{< summary-bar feature_name="Hardened Docker Desktop" >}} -Settings Management helps you control key Docker Desktop settings, like proxies and network configurations, on your developers' machines within your organization. - -For an extra layer of security, you can also use Settings Management to enable and lock in [Enhanced Container Isolation](../enhanced-container-isolation/_index.md), which prevents containers from modifying any Settings Management configurations. +Settings Management lets administrators configure and enforce Docker Desktop +settings across ennd-user machines. It helps maintain consistent configurations +and enhances security within your organization. ## Who is it for? -- For organizations that want to configure Docker Desktop to be within their organization's centralized control. -- For organizations that want to create a standardized Docker Desktop environment at scale. -- For Docker Business customers who want to confidently manage their use of Docker Desktop within tightly regulated environments. +Settings Management is designed for organizations that: + +- Require centralized control over Docker Desktop configurations. +- Aim to standardize Docker Desktop environments across teams. +- Operate in regulated environments and need to enforce compliance. -## How does it work? +This feature is available with a Docker Business subscription. -You can configure several Docker Desktop settings using either: +## How it works - - An `admin-settings.json` file. This file is located on the Docker Desktop host and can only be accessed by developers with root or administrator privileges. - - Creating a settings policy in the Docker Admin Console. +Administrators can define settings using one of the following methods: -Settings that are defined by an administrator override any previous values set by developers and ensure that these cannot be modified. +- [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md): Create and assign settings policies through the +Docker Admin Console. +- [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md): Place a configuration file on the +user's machine to enforce settings. -## What features can I configure with Settings Management? +Enforced settings override user-defined configurations and can't be modified +by developers. -Using the `admin-settings.json` file, you can: +## Configurable settings -- Turn on and lock in [Enhanced Container Isolation](../enhanced-container-isolation/_index.md) -- Configure HTTP proxies -- Configure network settings -- Configure Kubernetes settings -- Enforce the use of WSL 2 based engine or Hyper-V -- Enforce the use of Rosetta for x86_64/amd64 emulation on Apple Silicon -- Configure Docker Engine -- Turn off Docker Desktop's ability to checks for updates -- Turn off Docker Extensions -- Turn off Docker Scout SBOM indexing -- Turn off beta and experimental features -- Turn off Docker AI ([Ask Gordon](/manuals/ai/gordon/_index.md)) -- Turn off Docker Desktop's onboarding survey -- Control whether developers can use the Docker terminal -- Control the file sharing implementation for your developers on macOS -- Specify which paths your developers can add file shares to -- Configure Air-gapped containers +Settings Management supports a broad range of Docker Desktop features, +including proxies, network configurations, and container isolation. -For more details on the syntax and options, see [Configure Settings Management](configure-json-file.md). +For a full list of settings you can enforce, see the [Settings reference](/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md). -## How do I set up and enforce Settings Management? +## Set up Settings Management -You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since the Settings Management feature requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in. +1. [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to +ensure all developers authenticate with your organization. +2. Choose a configuration method: + - Use the `--admin-settings` installer flag on [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) or [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json`. + - Manually create and configure the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md). + - Create a settings policy in the [Docker Admin Console](configure-admin-console.md). -Next, you must either: - - Manually [create and configure the `admin-settings.json` file](configure-json-file.md), or use the `--admin-settings` installer flag on [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) or [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location. - - Fill out the **Settings policy** creation form in the [Docker Admin Console](configure-admin-console.md). +After configuration, developers receive the enforced setting when they: -Once this is done, Docker Desktop developers receive the changed settings when they either: -- Quit, re-launch, and sign in to Docker Desktop -- Launch and sign in to Docker Desktop for the first time +- Quit and relaunch Docker Desktop, then sign in. +- Launch and sign in to Docker Desktop for the first time. -To avoid disrupting your developers' workflows, Docker doesn't automatically require that developers re-launch and re-authenticate once a change has been made. +> [!NOTE] +> +> Docker Desktop does not automatically prompt users to restart or re-authenticate +after a settings change. -## What do developers see when the settings are enforced? +## Developer experience -Enforced settings appear grayed out in Docker Desktop. They can't be edited via the Docker Desktop Dashboard, CLI, or `settings-store.json` (or `settings.json` for Docker Desktop 4.34 and earlier). +When settings are enforced: -In addition, if Enhanced Container Isolation is enforced, developers can't use privileged containers or similar techniques to modify enforced settings within the Docker Desktop Linux VM. For example, they can't reconfigure proxy and networking, or Docker Engine. +- Options appear grayed out in Docker Desktop and can't be modified via the +Dashboard, CLI, or configuration files. +- If Enhanced Container Isolation is enabled, developers can't use privileged +containers or similar methods to alter enforced settings within the Docker +Desktop Linux VM. ## What's next? -- [Configure Settings Management with a `.json` file](configure-json-file.md) +- [Configure Settings Management with the `admin-settings.json` file](configure-json-file.md) - [Configure Settings Management with the Docker Admin Console](configure-admin-console.md) + +## Learn more + +To see how each Docker Desktop setting maps across the Docker Dashboard, `admin-settings.json` file, and Admin Console, see the [Settings reference](settings-reference.md). \ No newline at end of file diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md index 646685fc950a..fc9b4f1e0095 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md @@ -8,68 +8,78 @@ weight: 20 {{< summary-bar feature_name="Admin Console" >}} -This page contains information for administrators on how to configure Settings Management with the Docker Admin Console. You can specify and lock configuration parameters to create a standardized Docker Desktop environment across your Docker company or organization. +This page explains how administrators can use the Docker Admin Console to create +and apply settings policies for Docker Desktop. These policies help standardize +and secure Docker Desktop environments across your organization. ## Prerequisites -- [Download and install Docker Desktop 4.36.0 or later](/manuals/desktop/release-notes.md). +- [Install Docker Desktop 4.36.0 or later](/manuals/desktop/release-notes.md). - [Verify your domain](/manuals/security/for-admins/single-sign-on/configure.md#step-one-add-and-verify-your-domain). -- [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md). The Settings Management feature requires a Docker Business -subscription, therefore your Docker Desktop users must authenticate to your -organization for configurations to take effect. +- [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to +ensure users authenticate to your organization. +- A Docker Business subscription is required. + +> [!IMPORTANT] +> +> You must add users to your verified domain for settings to take effect. ## Create a settings policy -1. Within the [Docker Admin Console](https://app.docker.com/admin) navigate to the company or organization you want to define a settings policy for. -2. Under the **Docker Desktop** section, select **Settings Management**. +1. Go to the [Docker Admin Console](https://app.docker.com/admin) and select +your organization. +2. Under **Docker Desktop**, select **Settings Management**. 3. Select **Create a settings policy**. -4. Give your settings policy a name and an optional description. +4. Provide a name and optional description. - > [!TIP] - > - > If you have already configured Settings Management with an `admin-settings.json` file for an organization, you can upload it using the **Upload existing settings** button which then automatically populates the form for you. - > - > Settings policies deployed via the Docker Admin Console take precedence over manually deployed `admin-settings.json` files. + > [!TIP] + > + > You can upload an existing `admin-settings.json` file to pre-fill the form. + Admin Console policies override local `admin-settings.json` files. -5. Assign the setting policy to all your users within the company or organization, or specific users. +5. Choose who the policy applies to: + - All users + - Specific users - > [!NOTE] - > - > If a settings policy is assigned to all users, it sets the policy as the global default policy. You can only have one global settings policy at a time. - > If a user already has a user-specific settings policy assigned, the user-specific policy takes precedence over a global policy. + > [!NOTE] + > + > User-specific policies override the global default. Test your policy with + a few users before rolling it out globally. - > [!TIP] - > - > Before setting a global settings policy, it is recommended that you first test it as a user-specific policy to make sure you're happy with the changes before proceeding. +6. Configure the state for each setting: + - **User-defined**: Users can change the setting. + - **Always enabled**: Setting is on and locked. + - **Enabled**: Setting is on but can be changed. + - **Always disabled**: Setting is off and locked. + - **Disabled**: Setting is off but can be changed. -6. Configure the settings for the policy. Go through each setting and select your chosen setting state. You can choose: - - **User-defined**. Your developers are able to control and change this setting. - - **Always enabled**. This means the setting is turned on and your users won't be able to edit this setting from Docker Desktop or the CLI. - - **Enabled**. The setting is turned on and users can edit this setting from Docker Desktop or the CLI. - - **Always disabled**. This means the setting is turned off and your users won't be able to edit this setting from Docker Desktop or the CLI. - - **Disabled**. The setting is turned off and users can edit this setting from Docker Desktop or the CLI. -7. Select **Create** + > [!TIP] + > + > For a complete list of available settings, their supported platforms, and which configuration methods they work with, see the [Settings reference](settings-reference.md). -For the settings policy to take effect: -- On a new install, users need to launch Docker Desktop and authenticate to their organization. -- On an existing install, users need to quit Docker Desktop through the Docker menu, and then re-launch Docker Desktop. If they are already signed in, they don't need to sign in again for the changes to take effect. +7. Select **Create**. - > [!IMPORTANT] - > - > Selecting **Restart** from the Docker menu isn't enough as it only restarts some components of Docker Desktop. +To apply the policy: -To avoid disrupting your users' workflows, Docker doesn't automatically require that users re-launch once a change has been made. +- New installs: Launch Docker Desktop and sign in. +- Existing installs: Fully quit and relaunch Docker Desktop. -> [!NOTE] +> [!IMPORTANT] > -> Settings are synced to Docker Desktop and the CLI when a user is signed in and starts Docker Desktop, and then every 60 minutes. +> Restarting from the Docker Desktop menu isn't enough. Users must fully quit +and relaunch Docker Desktop. + +Docker Desktop checks for policy updates at launch and every 60 minutes. To roll +back a policy, either delete it or set individual settings to **User-defined**. + +## Manage policies -If your settings policy needs to be rolled back, either delete the policy or edit the policy to set individual settings to **User-defined**. +From the **Actions** menu on the **Settings Management** page, you can: -## Settings policy actions +- Edit or delete an existing settings policy +- Export a settings policy as an `admin-settings.json` file +- Promote a user-specific policy to be the new global default -From the **Actions** menu on the **Settings Management** page in the Docker Admin Console, you can: +## Learn more -- Edit or delete an existing settings policy. -- Export a settings policy as an `admin-settings.json` file. -- Promote a policy that is applied to a select group of users, to be the new global default policy for all users. \ No newline at end of file +To see how each Docker Desktop setting maps across the Docker Dashboard, `admin-settings.json` file, and Admin Console, see the [Settings reference](settings-reference.md). \ No newline at end of file diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md index f6856d85c66e..28758eca5db1 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md @@ -11,63 +11,75 @@ aliases: {{< summary-bar feature_name="Hardened Docker Desktop" >}} -This page contains information on how to configure Settings Management with an `admin-settings.json` file. You can specify and lock configuration parameters to create a standardized Docker Desktop environment across your company or organization. - -Settings Management is designed specifically for organizations who don’t give developers root access to their machines. +This page explains how to use an `admin-settings.json` file to configure and +enforce Docker Desktop settings. Use this method to standardize Docker +Desktop environments in your organization. ## Prerequisites -You must [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop users authenticate with your organization. +- [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to +ensure all users authenticate with your organization. +- A Docker Business subscription is required. -Settings management requires a Docker Business subscription. Docker Desktop verifies the user's authentication and licensing before applying any settings from the `admin-settings.json` file. The settings file will not take effect unless both authentication and license checks pass. These checks ensure that only licensed users receive managed settings. +Docker Desktop only applies settings from the `admin-settings.json` file if both +authentication and Docker Business license checks succeed. > [!IMPORTANT] > -> If a user is not signed in, or their Docker ID does not belong to an organization with a Docker Business subscription, Docker Desktop ignores the `admin-settings.json` file. +> If a user isn't signed in or isn't part of a Docker Business organization, +the settings file is ignored. +## Limitation -## Known limitations +- The `admin-settings.json` file doesn't work in air-gapped or offline +environments. +- The file is not compatible with environments that restrict authentication +with Docker Hub. -The `admin-settings.json` file requires users to authenticate with Docker Hub and be a member -of an organization with a Docker Business subscription. This means the file does not work in: +## Step one: Create the settings file -- Air-grapped or offline environments where Docker Desktop can't authenticate with Docker Hub. -- Restricted environments where SSO and cloud-based authentication are not permitted. +You can: +- Use the `--admin-settings` installer flag to auto-generate the file. See: + - [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) install guide + - [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) install guide +- Or create it manually and place it in the following locations: + - Mac: `/Library/Application\ Support/com.docker.docker/admin-settings.json` + - Windows: `C:\ProgramData\DockerDesktop\admin-settings.json` + - Linux: `/usr/share/docker-desktop/admin-settings.json` -## Step one: Create the `admin-settings.json` file and save it in the correct location +> [!IMPORTANT] +> +> Place the file in a protected directory to prevent modification. Use MDM tools +like [Jamf](https://www.jamf.com/lp/en-gb/apple-mobile-device-management-mdm-jamf-shared/?attr=google_ads-brand-search-shared&gclid=CjwKCAjw1ICZBhAzEiwAFfvFhEXjayUAi8FHHv1JJitFPb47C_q_RCySTmF86twF1qJc_6GST-YDmhoCuJsQAvD_BwE) to distribute it at scale. -You can either use the `--admin-settings` installer flag on [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) or [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location, or set it up manually. +## Step two: Define settings -To set it up manually: -1. Create a new, empty JSON file and name it `admin-settings.json`. -2. Save the `admin-settings.json` file on your developers' machines in the following locations: - - Mac: `/Library/Application\ Support/com.docker.docker/admin-settings.json` - - Windows: `C:\ProgramData\DockerDesktop\admin-settings.json` - - Linux: `/usr/share/docker-desktop/admin-settings.json` +> [!TIP] +> +> For a complete list of available settings, their supported platforms, and which configuration methods they work with, see the [Settings reference](settings-reference.md). - By placing this file in a protected directory, developers are unable to modify it. +The `admin-settings.json` file uses structured keys to define what can +be configured and whether the values are enforced. - > [!IMPORTANT] - > - > It is assumed that you have the ability to push the `admin-settings.json` settings file to the locations specified through a device management software such as [Jamf](https://www.jamf.com/lp/en-gb/apple-mobile-device-management-mdm-jamf-shared/?attr=google_ads-brand-search-shared&gclid=CjwKCAjw1ICZBhAzEiwAFfvFhEXjayUAi8FHHv1JJitFPb47C_q_RCySTmF86twF1qJc_6GST-YDmhoCuJsQAvD_BwE). +Each setting supports the `locked` field. When `locked` is set to `true`, users +can't change that value in Docker Desktop, the CLI, or config files. When +`locked` is set to `false`, the value acts like a default suggestion and users +can still update it. -## Step two: Configure the settings you want to lock in +Settings where `locked` is set to `false` are ignored on existing installs if +a user has already customized that value in `settings-store.json`, +`settings.json`, or `daemon.json`. > [!NOTE] > -> Some of the configuration parameters only apply to certain platforms or to specific Docker Desktop versions. This is highlighted in the following table. - -The `admin-settings.json` file requires a nested list of configuration parameters, each of which must contain the `locked` parameter. You can add or remove configuration parameters as per your requirements. - -If `locked: true`, users aren't able to edit this setting from Docker Desktop or the CLI. +> Some settings are platform-specific or require a minimum Docker Desktop +version. See the [Settings reference](/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md) for details. -If `locked: false`, it's similar to setting a factory default in that: - - For new installs, `locked: false` pre-populates the relevant settings in the Docker Desktop Dashboard, but users are able to modify it. +### Example settings file - - If Docker Desktop is already installed and being used, `locked: false` is ignored. This is because existing users of Docker Desktop may have already updated a setting, which in turn will have been written to the relevant config file, for example the `settings-store.json` (or `settings.json` for Docker Desktop versions 4.34 and earlier) or `daemon.json`. In these instances, the user's preferences are respected and the values aren't altered. These can be controlled by setting `locked: true`. - -The following `admin-settings.json` code and table provides an example of the required syntax and descriptions for parameters and values: +The following file is an example `admin-settings.json` file. For a full list +of configurable settings for the `admin-settings.json` file, see [`admin-settings.json` configurations](#admin-settingsjson-configurations). ```json {collapse=true} { @@ -198,6 +210,20 @@ The following `admin-settings.json` code and table provides an example of the re } ``` +## Step three: Restart and apply settings + +Settings apply after Docker Desktop is restarted and the user is signed in. + +- New installs: Launch Docker Desktop and sign in. +- Existing installs: Quit Docker Desktop fully and relaunch it. + +> [!IMPORTANT] +> +> Restarting Docker Desktop from the menu isn't enough. It must be fully +quit and reopened. + +## `admin-settings.json` configurations + ### General |Parameter|OS|Description|Version| @@ -291,20 +317,3 @@ The following `admin-settings.json` code and table provides an example of the re |        `dockerSocketMount` | | By default, enhanced container isolation blocks bind-mounting the Docker Engine socket into containers (e.g., `docker run -v /var/run/docker.sock:/var/run/docker.sock ...`). This lets you relax this in a controlled way. See [ECI Configuration](../enhanced-container-isolation/config.md) for more info. | | |               `imageList` | | Indicates which container images are allowed to bind-mount the Docker Engine socket. | | |               `commandList` | | Restricts the commands that containers can issue via the bind-mounted Docker Engine socket. | | - -## Step three: Re-launch Docker Desktop - -> [!NOTE] -> -> Test the changes made through the `admin-settings.json` file locally to see if the settings work as expected. - -For settings to take effect: -- On a new install, developers need to launch Docker Desktop and authenticate to their organization. -- On an existing install, developers need to quit Docker Desktop through the Docker menu, and then re-launch Docker Desktop. If they are already signed in, they don't need to sign in again for the changes to take effect. - > [!IMPORTANT] - > - > Selecting **Restart** from the Docker menu isn't enough as it only restarts some components of Docker Desktop. - -So as not to disrupt your developers' workflow, Docker doesn't automatically mandate that developers re-launch and re-authenticate once a change has been made. - -In Docker Desktop, developers see the relevant settings grayed out. diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md new file mode 100644 index 000000000000..a9ef45a70457 --- /dev/null +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md @@ -0,0 +1,1058 @@ +--- +description: Reference for all settings and features that are configured with Settings Management +keywords: admin, controls, settings management, reference +title: Settings reference +linkTitle: Settings reference +--- + +This reference lists all Docker Desktop settings, including where they are configured, which operating systems they apply to, and whether they're available in the Docker Desktop GUI, the Docker Admin Console, or the `admin-settings.json` file. Settings are grouped to match the structure of the Docker Desktop interface. + +Each setting includes: + +- The display name used in Docker Desktop +- A table of values, default values, and required format +- A description and use cases +- OS compatibility +- Configuration methods: via [Docker Desktop](/manuals/desktop/settings-and-maintenance/settings.md), the Admin Console, or the `admin-settings.json` file + +Use this reference to compare how settings behave across different configuration +methods and platforms. + +## General + +### Start Docker Desktop when you sign in to your computer + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Start Docker Desktop automatically when booting machine. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Ensure Docker Desktop is always running after boot. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Open Docker Dashboard when Docker Desktop starts + +| Default value | Accepted values | Format | +|---------------|----------------------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Open the Docker Dashboard automatically when Docker Desktop starts. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Quickly access containers, images, and volumes in the Docker Dashboard after starting Docker Desktop. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Choose theme for Docker Desktop + +| Default value | Accepted values | Format | +|---------------|----------------------------|--------| +| `system` | `light`, `dark`, `system` | Enum | + +- **Description:** Choose the Docker Desktop GUI theme. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Personalize Docker Desktop appearance. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Configure shell completions + +| Default value | Accepted values | Format | +|---------------|-------------------------|--------| +| `integrated` | `integrated`, `system` | String | + +- **Description:** If installed, automatically edits your shell configuration. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Customize developer experience with shell completions. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Choose container terminal + +| Default value | Accepted values | Format | +|---------------|-------------------------|--------| +| `integrated` | `integrated`, `system` | String | + +- **Description:** Select default terminal for launching Docker CLI from Docker +Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Customize developer experience with preferred terminal. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Enable Docker terminal + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable access to the Docker Desktop integrated terminal. If +the value is set to `false`, users can't use the Docker terminal to interact +with the host machine and execute commands directly from Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Allow or restrict developer access to the built-in terminal. +- **Configure this setting with:** + - **General** setting in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `desktopTerminalEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +### Enable Docker Debug by default + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable debug logging by default for Docker CLI commands. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Assist with debugging support issues. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Include VM in Time Machine backup + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Back up the Docker Desktop virtual machine. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Manage persistence of application data. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Use containerd for pulling and storing images + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Use containerd native snapshotter instead of legacy +snapshotters. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Improve image handling performance and compatibility. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Choose Virtual Machine Manager + +#### Docker VMM + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +#### Apple Virtualization framework + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Use Apple Virtualization Framework to run Docker containers. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Improve VM performance on Apple Silicon. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +#### Rosetta + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Use Rosetta to emulate `amd64` on Apple Silicon. If value +is set to `true`, Docker Desktop turns on Rosetta to accelerate +x86_64/amd64 binary emulation on Apple Silicon. +- **OS:** {{< badge color=blue text="Mac only" >}} 13+ +- **Use case:** Run Intel-based containers on Apple Silicon hosts. + +> [!NOTE] +> +> In hardened environments, disable and lock this setting so only ARM-native +images are permitted. + +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management:`useVirtualizationFrameworkRosetta` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Use Rosetta for x86_64/amd64 emulation on Apple Silicon** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +> [!NOTE] +> +> Rosetta requires enabling Apple Virtualization framework. + +#### QEMU + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +### Choose file sharing implementation + +#### VirtioFS + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Use VirtioFS for fast, native file sharing between host and +containers. If value is set to `true`, VirtioFS is set as the file sharing +mechanism. If both VirtioFS and gRPC are set to `true`, VirtioFS takes +precedence. +- **OS:** {{< badge color=blue text="Mac only" >}} 12.5+ +- **Use case:** Improve volume mount performance and compatibility. + +> [!NOTE] +> +> In hardened environments, enable and lock this setting for macOS 12.5 and +later. + +- **Configure this setting with:** + - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `useVirtualizationFrameworkVirtioFS` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Use VirtioFS for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +#### gRPC FUSE + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Enable gRPC FUSE for macOS file sharing. If value is set to +`true`, gRPC Fuse is set as the file sharing mechanism. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Improve performance and compatibility of file mounts. + +> [!NOTE] +> +> In hardened environments, disable and lock this setting. + +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `useGrpcfuse` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Use gRPC FUSE for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +#### osxfs + +| Default value | Accepted values | Format | +| ------------- | --------------- | ------- | +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable the legacy osxfs file sharing driver for macOS. When +set to true, Docker Desktop uses osxfs instead of VirtioFS or gRPC FUSE to mount +host directories into containers. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Use the original file sharing implementation when compatibility +with older tooling or specific workflows is required. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Send usage statistics + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Controls whether Docker Desktop collects and sends local +usage statistics and crash reports to Docker. This setting affects telemetry +gathered from the Docker Desktop application itself. It does not affect +server-side telemetry collected via Docker Hub or other backend services, such +as login timestamps, pulls, or builds. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable analytics to help Docker improve the product based on +usage data. + +> [!NOTE] +> +> In hardened environments, disable and lock this setting. This allows you +to control all your data flows and collect support logs via secure channels +if needed. + +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `analyticsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Send usage statistics** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +> [!NOTE] +> +> Organizations using the Insights Dashboard may need this setting enabled to +ensure that developer activity is fully visible. If users opt out and the +setting is not locked, their activity may be excluded from analytics +views. + +### Use Enhanced Container Isolation + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable Enhanced Container Isolation for secure container +execution. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Prevent containers from modifying configuration or sensitive +host areas. + +> [!NOTE] +> +> In hardened environments, disable and lock this setting. + +- **Configure this setting with:** + - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `enhancedContainerIsolation` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Enable enhanced container isolation** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +### Show CLI hints + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Display helpful CLI tips in the terminal when using Docker commands. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Help users discover and learn Docker CLI features through inline suggestions. +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Enable Scout image analysis + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Enable Docker Scout to generate and display SBOM data for container images. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Turn on Docker Scout analysis features to view vulnerabilities, packages, and metadata associated with images. + +> [!NOTE] +> +> In hardened environments, enable and lock this setting to ensure SBOMs are +always built to satisfy compliance scans. + +- **Configure this setting with:** + - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `sbomIndexing` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **SBOM indexing** settings in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +### Enable background Scout SBOM indexing + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Automatically index SBOM data for images in the background without requiring user interaction. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Keep image metadata up to date by allowing Docker to perform SBOM indexing during idle time or after image pull operations. + +> [!NOTE] +> +> In hardened environments, enable and lock this setting. + +- **Configure this setting with:** + - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Automatically check configuration + +| Default value | Accepted values | Format | +|-----------------------|-----------------|---------| +| `CurrentSettingsVersions` | Integer | Integer | + +- **Description:** Regularly checks your configuration to ensure no unexpected changes have been made by another application +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Track versions for compatibility +- **Configure this setting with:** + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `configurationFileVersion` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +## Resources + +### CPU limit + +| Default value | Accepted values | Format | +|-----------------------------------------------|-----------------|---------| +| Number of logical CPU cores available on host | Integer | Integer | + +- **Description:** Number of CPUs assigned to the Docker Desktop virtual machine. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Resource allocation control. +- **Configure this setting with:** + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Memory limit + +| Default value | Accepted values | Format | +|---------------------------|-----------------|---------| +| Based on system resources | Integer | Integer | + +- **Description:** Amount of RAM (in MiB) assigned to the Docker virtual machine. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Control how much memory Docker can use on the host. +- **Configure this setting with:** + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Swap + +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `1024` | Integer | Integer | + +- **Description:** Amount of swap space (in MiB) assigned to the Docker virtual machine +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Extend memory availability via swap +- **Configure this setting with:** + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Disk usage limit + +| Default value | Accepted values | Format | +|-------------------------------|-----------------|---------| +| Default disk size of machine. | Integer | Integer | + +- **Description:** Maximum disk size (in MiB) allocated for Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Constrain Docker's virtual disk size for storage management. +- **Configure this setting with:** + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Disk image location + +| Default value | Accepted values | Format | +|--------------------------------------------------|-----------------|--------| +| macOS: `~/Library/Containers/com.docker.docker/Data/vms/0`
Windows: `%USERPROFILE%\AppData\Local\Docker\wsl\data` | File path | String | + +- **Description:** Path where Docker Desktop stores virtual machine data. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Redirect Docker data to a custom location. +- **Configure this setting with:** + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Enable Resource Saver + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Enable Docker Desktop to pause when idle. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Save system resources during periods of inactivity. +- **Configure this setting with:** + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### File sharing directories + +| Default value | Accepted values | Format | +|----------------------------------------|---------------------------------|--------------------------| +| Varies by OS | List of file paths as strings | Array list of strings | + +- **Description:** List of allowed directories shared between the host and +containers. When a path is added, its subdirectories are allowed. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Restrict or define what file paths are available to containers. + +> [!NOTE] +> +> In hardened environments, lock to an explicit whitelist and disable end-user +edits. + +- **Configure this setting with:** + - **File sharing** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `filesharingAllowedDirectories` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Allowed file sharing directories** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +### Proxy exclude + +| Default value | Accepted values | Format | +|---------------|--------------------|--------| +| `""` | List of addresses | String | + +- **Description:** Configure addresses that containers should bypass from proxy +settings. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Fine-tune proxy exceptions for container networking. + +> [!NOTE] +> +> In hardened environments, disable and lock this setting. + +- **Configure this setting with:** + - **Proxies** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `proxy` setting with `manual` and `exclude` modes in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +### Docker subnet + +| Default value | Accepted values | Format | +|-------------------|-----------------|--------| +| `192.168.65.0/24` | IP address | String | + +- **Description:** Overrides the network range used for vpnkit DHCP/DNS for +`*.docker.internal`. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Customize the subnet used for Docker container networking. +- **Configure this setting with:** + - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +### Use kernel networking for UDP + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Use the host’s kernel network stack for UDP traffic instead of Docker’s virtual network driver. This enables faster and more direct UDP communication, but may bypass some container isolation features. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Improve performance or compatibility for workloads that rely heavily on UDP traffic, such as real-time media, DNS, or game servers. +- **Configure this setting with:** + - **Network** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Enable host networking + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable experimental host networking support. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Allow containers to use the host network stack. +- **Configure this setting with:** + - **Network** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Enable WSL engine + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** If the value is set to `true`, Docker Desktop uses the WSL2 +based engine. This overrides anything that may have been set at installation +using the `--backend=` flag. +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL +- **Use case:** Enable Linux containers via WSL 2 backend. + +> [!NOTE] +> +> In hardened environments, enable and lock this setting. + +- **Configure this setting with:** + - **WSL Integration** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `wslEngineEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Windows Subsystem for Linux (WSL) Engine** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## Docker Engine + +The Docker Engine settings let you configure low-level daemon settings through a raw JSON object. These settings are passed directly to the dockerd process that powers container management in Docker Desktop. + +| Key | Example | Description | Accepted values / Format | Default | +| --------------------- | --------------------------- | -------------------------------------------------- | ------------------------------ | ------- | +| `debug` | `true` | Enable verbose logging in the Docker daemon | Boolean | `false` | +| `experimental` | `true` | Enable experimental Docker CLI and daemon features | Boolean | `false` | +| `insecure-registries` | `["myregistry.local:5000"]` | Allow pulling from HTTP registries without TLS | Array of strings (`host:port`) | `[]` | +| `registry-mirrors` | `["https://mirror.gcr.io"]` | Define alternative registry endpoints | Array of URLs | `[]` | + +- **Description:** Customize the behavior of the Docker daemon using a structured JSON config passed directly to dockerd. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Fine-tune registry access, enable debug mode, or opt into experimental features. +- **Configure this setting with:** + - **Docker Engine** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +> [!NOTE] +> +> Values for this setting are passed as-is to the Docker daemon. Invalid or unsupported fields may prevent Docker Desktop from starting. + +## Builders + +Builders settings lets you manage Buildx builder instances for advanced image-building scenarios, including multi-platform builds and custom backends. + +| Key | Example | Description | Accepted values / Format | Default | +| ----------- | -------------------------------- | -------------------------------------------------------------------------- | ------------------------- | --------- | +| `name` | `"my-builder"` | Name of the builder instance | String | — | +| `driver` | `"docker-container"` | Backend used by the builder (`docker`, `docker-container`, `remote`, etc.) | String | `docker` | +| `platforms` | `["linux/amd64", "linux/arm64"]` | Target platforms supported by the builder | Array of platform strings | Host arch | + +- **Description:** Configure custom Buildx builders for Docker Desktop, including driver type and supported platforms. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Set up advanced build configurations like cross-platform images or remote builders. +- **Configure this setting with:** + - **Builders** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +> [!NOTE] +> +> Builder definitions are structured as an array of objects, each describing a builder instance. Conflicting or unsupported configurations may cause build errors. + +## Kubernetes + +### Enable Kubernetes + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable the integrated Kubernetes cluster in Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or disable Kubernetes support for developers. + +> [!NOTE] +> +> In hardened environments, disable and lock this setting. + +- **Configure this setting with:** + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `kubernetes` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Allow Kubernetes** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +### Choose cluster provisioning method + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `kubeadm` | `kubeadm`, `kind` | String | + +- **Description:** Set the Kubernetes node mode (single-node or multi-node). +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Control the topology of the integrated Kubernetes cluster. +- **Configure this setting with:** + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Kubernetes node count (kind provisioning) + +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `1` | Integer | Integer | + +- **Description:** Number of nodes to create in a multi-node Kubernetes cluster. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Scale the number of Kubernetes nodes for development or testing. +- **Configure this setting with:** + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Kubernetes node version (kind provisioning) + +| Default value | Accepted values | Format | +|---------------|-------------------------------|--------| +| `1.31.1` | Semantic version (e.g., 1.29.1) | String | + +- **Description:** Version of Kubernetes used for cluster node creation. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Pin a specific Kubernetes version for consistency or +compatibility. +- **Configure this setting with:** + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Show system containers + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Show Kubernetes system containers in the Docker Dashboard container list +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Allow developers to view kube-system containers for debugging + +> [!NOTE] +> +> In hardened environments, disable and lock this setting. + +- **Configure this setting with:** + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +## Software updates + +### Automatically check for updates + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Disable automatic update polling for Docker Desktop. If the +value is set to `true`, checking for updates and notifications about Docker +Desktop updates are disabled. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Freeze the current version in enterprise environments. + +> [!NOTE] +> +> In hardened environments, enable this setting and lock. This guarantees that +only internally vetted versions are installed. + +- **Configure this setting with:** + - Settings Management: `disableUpdate` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Disable update** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +### Always download updates + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Automatically download Docker Desktop updates when available. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Manage auto update behavior. +- **Configure this setting with:** + - **Software updates** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: **Disable updates** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## Extensions + +### Enable Docker extensions + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Enable or disable Docker Extensions. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Control access to the Extensions Marketplace and installed +extensions. + +> [!NOTE] +> +> In hardened environments, disable and lock this setting. This prevents +third-party or unvetted plugins from being installed. + +- **Configure this setting with:** + - **Extensions** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `extensionsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Allow Extensions** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +### Allow only extensions distributed through the Docker Marketplace + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Restrict Docker Desktop to only run Marketplace extensions. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Prevent running third-party or local extensions. +- **Configure this setting with:** + - **Extensions** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Show Docker Extensions system containers + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Show system containers used by Docker Extensions in the container list +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Help developers troubleshoot or view extension system containers +- **Configure this setting with:** + - **Extensions** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +## Features in development + +### Enable Docker AI + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable Docker AI features in the Docker Desktop experience. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or disable AI features like "Ask Gordon". +- **Configure this setting with:** + - **Features in development** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +### Enable Docker Model Runner + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Enable Docker Model Runner features in Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or disable Docker Model Runner features. +- **Configure this setting with:** + - **Features in development** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Enable host-side TCP support + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable Docker Model Runner features in Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or disable Docker Model Runner features. +- **Configure this setting with:** + - **Features in development** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +> [!NOTE] +> +> This setting requires Docker Model Runner setting to be enabled first. + +## Notifications + +### Status updates on tasks and processes + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Display general informational messages inside Docker Desktop +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Customize in-app communication visibility +- **Configure this setting with:** + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Recommendations from Docker + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Display promotional announcements and banners inside Docker Desktop +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Control exposure to Docker news and feature promotion +- **Configure this setting with:** + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Docker announcements + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Display general announcements inside Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or suppress Docker-wide announcements in the GUI. +- **Configure this setting with:** + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Docker surveys + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Display notifications inviting users to participate in surveys +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or disable in-product survey prompts +- **Configure this setting with:** + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Docker Scout Notification pop-ups + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Enable Docker Scout popups inside Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Show or hide vulnerability scan notifications +- **Configure this setting with:** + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Docker Scout OS notifications + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable Docker Scout notifications through the operating system. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Push Scout updates via system notification center +- **Configure this setting with:** + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +## Advanced + +### Configure installation of Docker CLI + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `system` | File path | String | + +- **Description:** Install location for Docker CLI binaries. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Customize CLI install location for compliance or tooling. +- **Configure this setting with:** + - **Advanced** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +### Allow the default Docker socket to be used + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** By default, enhanced container isolation blocks bind-mounting +the Docker Engine socket into containers +(e.g., `docker run -v /var/run/docker.sock:/var/run/docker.sock ...`). This lets +you relax this in a controlled way. See ECI Configuration for more info. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Allow containers to access the Docker socket for scenarios like +Docker-in-Docker or containerized CI agents. +- **Configure this setting with:** + - **Advanced** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `dockerSocketMount` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +### Allow privileged port mapping + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Starts the privileged helper process which binds privileged ports that are between 1 and 1024 +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Enforce elevated privileges for networking support +- **Configure this setting with:** + - **Advanced** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +## Settings not available in the Docker Desktop GUI + +The following settings aren’t shown in the Docker Desktop GUI. You can only configure them using Settings Management with the Admin Console or the `admin-settings.json` file. + +### Block `docker load` + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Prevent users from loading local Docker images using the `docker load` command. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enforce image provenance by restricting local image imports. + +> [!NOTE] +> +> In hardened environments, enable and lock this setting. This forces all images +to come from your secure, scanned registry. + +- **Configure this setting with:** + - Settings Management: `blockDockerLoad` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +### Expose Docker API on TCP 2375 + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Exposes the Docker API over an unauthenticated TCP socket on port 2375. Only recommended for isolated and protected environments. +- **OS:** {{< badge color=blue text="Windows only" >}} +- **Use case:** Required for legacy integrations or environments without named pipe support. + +> [!NOTE] +> +> In hardened environments, disable and lock this setting. This ensures the +Docker API is only reachable via the secure internal socket. + +- **Configure this setting with:** + - Settings Management: `exposeDockerAPIOnTCP2375` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +### Air-gapped container proxy + +| Default value | Accepted values | Format | +| ------------- | --------------- | ----------- | +| See example | Object | JSON object | + +- **Description:** Configure a manual HTTP/HTTPS proxy for containers. Useful in air-gapped environments where containers need restricted access. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Redirect or block container networking to comply with offline or secured network environments. +- **Configure this setting with:** + - Settings Management: `containersProxy` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +#### Example + +```json +"containersProxy": { + "locked": true, + "mode": "manual", + "http": "", + "https": "", + "exclude": [], + "pac": "", + "transparentPorts": "" +} +``` + +Docker socket access control (ECI exceptions) + +| Default value | Accepted values | Format | +| ------------- | --------------- | ----------- | +| - | Object | JSON object | + +- **Description:** Allow specific images or commands to use the Docker socket when Enhanced Container Isolation is enabled. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Support tools like Testcontainers or LocalStack that need Docker socket access while maintaining secure defaults. +- Configure this setting with: + - Settings Management: `enhancedContainerIsolation` > `dockerSocketMount` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +#### Example + +```json +"enhancedContainerIsolation": { + "locked": true, + "value": true, + "dockerSocketMount": { + "imageList": { + "images": [ + "docker.io/localstack/localstack:*", + "docker.io/testcontainers/ryuk:*" + ] + }, + "commandList": { + "type": "deny", + "commands": ["push"] + } + } +} +``` + +### Allow beta features + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enable access to beta features in Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Give developers early access to features that are in public beta. + +> [!NOTE] +> +> In hardened environments, disable and lock this setting. + +- **Configure this setting with:** + - Settings Management: `allowBetaFeatures` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +### Docker daemon options (Linux or Windows) + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `{}` | JSON object | Stringified JSON | + +- **Description:** Override the Docker daemon configuration used in Linux or Windows containers. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Configure low-level Docker daemon options (e.g., logging, storage drivers) without editing the local config files. + +> [!NOTE] +> +> In hardened environments, provide a vetted JSON config and lock it so no +overrides are possible. + +- **Configure this setting with:** + - Settings Management: `linuxVM.dockerDaemonOptions` or `windowsContainers.dockerDaemonOptions` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +### VPNKit CIDR + +| Default value | Accepted values | Format | +|-------------------|-----------------|--------| +| `192.168.65.0/24` | CIDR notation | String | + +- **Description:** Set the subnet used for internal VPNKit DHCP/DNS services. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Prevent IP conflicts in environments with overlapping subnets. + +> [!NOTE] +> +> In hardened environments, lock to an approved, non-conflicting CIDR. + +- **Configure this setting with:** + - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +### Enable Kerberos and NTLM authentication + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Enables Kerberos and NTLM proxy authentication for enterprise environments. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Allow users to authenticate with enterprise proxy servers that require Kerberos or NTLM. +- **Configure this setting with:** + - Settings Management: `proxy.enableKerberosNtlm` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) \ No newline at end of file diff --git a/content/manuals/security/for-admins/roles-and-permissions.md b/content/manuals/security/for-admins/roles-and-permissions.md index f2464db71f09..5a8a96949368 100644 --- a/content/manuals/security/for-admins/roles-and-permissions.md +++ b/content/manuals/security/for-admins/roles-and-permissions.md @@ -20,6 +20,7 @@ When you invite users to your organization, you assign them a role. A role is a The following roles are available to assign: - Member: Non-administrative role. Members can view other members that are in the same organization. +- Distributor Member: Restricted-access role. Distributor Members can only view and pull from repositories they’ve been explicitly granted access to. They cannot view other members or teams. - Editor: Partial administrative access to the organization. Editors can create, edit, and delete repositories. They can also edit an existing team's access permissions. - Organization owner: Full organization administrative access. Organization owners can manage organization repositories, teams, members, settings, and billing. - Company owner: In addition to the permissions of an organization owner, company owners can configure settings for their associated organizations. diff --git a/content/manuals/subscription/change.md b/content/manuals/subscription/change.md index 5844598f1ba2..2660e25ae01e 100644 --- a/content/manuals/subscription/change.md +++ b/content/manuals/subscription/change.md @@ -12,6 +12,7 @@ aliases: - /docker-hub/cancel-downgrade/ - /docker-hub/billing/downgrade/ - /billing/scout-billing/ +- /billing/subscription-management/ weight: 30 --- diff --git a/data/summary.yaml b/data/summary.yaml index e18714146d70..e24ad0ca8f50 100644 --- a/data/summary.yaml +++ b/data/summary.yaml @@ -173,6 +173,8 @@ Domain management: Enforce sign-in: subscription: [Business] for: Administrators +Gated distribution: + availability: Early Access General admin: for: Administrators GitHub Actions cache: diff --git a/go.mod b/go.mod index 26a9c60f1984..ebea548b95ec 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/docker/docs -go 1.23.8 - -toolchain go1.24.1 +go 1.24.0 require ( github.com/docker/buildx v0.23.0 // indirect diff --git a/hack/releaser/Dockerfile b/hack/releaser/Dockerfile index 11c574d173a0..90687cf448b7 100644 --- a/hack/releaser/Dockerfile +++ b/hack/releaser/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.23 +ARG GO_VERSION=1.24 FROM scratch AS sitedir diff --git a/hack/releaser/go.mod b/hack/releaser/go.mod index d17c092280c4..0e1396febd74 100644 --- a/hack/releaser/go.mod +++ b/hack/releaser/go.mod @@ -1,6 +1,6 @@ module github.com/docker/docs/hack/releaser -go 1.22 +go 1.24.0 require ( github.com/alecthomas/kong v1.4.0 diff --git a/hugo.yaml b/hugo.yaml index fb1c962215aa..86f4f43246ee 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -145,7 +145,7 @@ params: buildkit_version: "0.21.0" # Example runtime/library/os versions - example_go_version: "1.23" + example_go_version: "1.24" example_alpine_version: "3.21" example_node_version: "20" diff --git a/hugo_stats.json b/hugo_stats.json index 0ba8fdcc0a2b..b1aeaa2a9792 100644 --- a/hugo_stats.json +++ b/hugo_stats.json @@ -115,7 +115,6 @@ "Using-the-GUI", "VS-Code", "Vue", - "WSL-2-backend-Arm-Beta", "WSL-2-backend-x86_64", "Web-browser", "What-are-the-key-features-of-Docker-Desktop", diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html index fd991c9923ea..734cc86513ca 100644 --- a/layouts/_default/baseof.html +++ b/layouts/_default/baseof.html @@ -29,7 +29,7 @@ class="md:h-[calc(100vh-64px)] fixed md:sticky top-0 md:top-16 z-40 hidden h-screen flex-none overflow-y-auto overflow-x-hidden bg-background-light dark:bg-gray-dark-100 w-full md:z-auto md:block md:w-[300px]" :class="{ 'hidden': ! $store.showSidebar }"> -
@@ -53,7 +53,7 @@
- + {{/* Load the YouTube player if the page embeds a YouTube video */}} {{ with .Store.Get "youtube" }} diff --git a/layouts/partials/footer.html b/layouts/partials/footer.html index d35b4ce95f72..aae737109963 100644 --- a/layouts/partials/footer.html +++ b/layouts/partials/footer.html @@ -1,4 +1,4 @@ -
+
{{ partialCached "components/support-button.html" . }}
diff --git a/layouts/shortcodes/admin-domain-audit.md b/layouts/shortcodes/admin-domain-audit.md index 09a693849550..01e8da1179d1 100644 --- a/layouts/shortcodes/admin-domain-audit.md +++ b/layouts/shortcodes/admin-domain-audit.md @@ -24,7 +24,6 @@ You can invite all the uncaptured users to your organization using the exported > [!NOTE] > -> Domain audit may identify accounts of users who are no longer a part of your organization. If you don't want to add a user to your organization and you don't want the user to appear in future domain audits, you must deactivate the account or update the associated email address. -> -> Only someone with access to the Docker account can deactivate the account or update the associated email address. For more details, see [Deactivating an account](/admin/organization/deactivate-account/). +> Domain audit may identify accounts of users who are no longer a part of your organization. If you don't want to add a user to your organization and you don't want the user to appear in future domain audits, the user must deactivate their account or update their associated email address. > +> You can't deactivate an account or update an associated email address on behalf of a user. For more details, see [Deactivating an account](/manuals/accounts/deactivate-user-account.md). \ No newline at end of file