DD 4.14: POS and Hardened Desktop additions and Dev Velocity addition (#16050)

* DD 4.14: POS and Hardened Desktop additions

* additions

* fix typo

* readd content

desktop/hardened-desktop/enhanced-container-isolation/index.md

@@ -26,7 +26,7 @@ Enhanced Container Isolation helps ensure strong container isolation and also lo
 
 ### Who is it for?
 
-- For organizations that want to prevent container attacks and reduce vulnerabilities.
+- For organizations and developers that want to prevent container attacks and reduce vulnerabilities.
 - For organizations that want to ensure stronger container isolation that is easy and intuitive to implement on developers' machines.
 
 ### What happens when Enhanced Container Isolation is enabled?
@@ -51,7 +51,16 @@ For more information on how Enhanced Container Isolation work, see [How does it
 
 ### How do I enable Enhanced Container Isolation?
 
-As an admin, you first need to [configure a `registry.json` file to enforce sign-in](../../../docker-hub/configure-sign-in.md). This is because the Enhanced Container Isolation feature requires a Docker Business subscription and therefore your Docker Desktop users must authenticate to your organization for this configuration to take effect.
+#### As a developer
+
+To enable Enhanced Container Isolation as a developer:
+1. Navigate to **Settings** > **General** in Docker Desktop.
+2. Next to **Use Enhanced Container Isolation**, select the checkbox. 
+3. Select **Apply and restart** to save your settings. 
+
+#### As an admin 
+
+To enable Enhanced Container Isolation as an admin, you first need to [configure a `registry.json` file to enforce sign-in](../../../docker-hub/configure-sign-in.md). This is because the Enhanced Container Isolation feature requires a Docker Business subscription and therefore your Docker Desktop users must authenticate to your organization for this configuration to take effect.
 
 Next, you must [create and configure the `admin-settings.json` file](../settings-management/configure.md) and specify:
 
@@ -75,9 +84,11 @@ For this to take effect:
   >Selecting **Restart** from the Docker menu isn't enough as it only restarts some components of Docker Desktop.
   {: .important}
 
-### What do users see when this setting is enforced?
+### What do users see when this setting is enforced by an admin?
 
-When Enhanced Container Isolation is enabled, users see that containers run within a Linux user namespace. 
+When Enhanced Container Isolation is enabled, users see:
+- **Use Enhanced Container Isolation** toggled on in **Settings** > **General**.
+- Containers run within a Linux user namespace. 
 
 To check, run:
 

desktop/hardened-desktop/settings-management/configure.md

@@ -84,6 +84,12 @@ The following `admin-settings.json` code and table provides an example of the re
       "value":"192.168.65.0/24"
     }
   },
+  "kubernetes": {
+     "locked": false,
+     "enabled": false,
+     "showSystemContainers": false,
+     "imagesRepository": ""
+  },
   "windowsContainers": {
     "dockerDaemonOptions": {
       "locked": false,
@@ -111,6 +117,7 @@ The following `admin-settings.json` code and table provides an example of the re
 | &nbsp; &nbsp; &nbsp; &nbsp;`wslEngineEnabled`  | <span class="badge badge-info">Windows only</span> | If `value` is set to true, Docker Desktop uses the WSL 2 based engine. This overrides anything that may have been set at installation using the `--backend=<backend name>` flag. It is also incompatible with Enhanced Container Isolation. See [Known issues](../enhanced-container-isolation/faq.md) for more information.| 
 | &nbsp;&nbsp; &nbsp; &nbsp;`dockerDaemonOptions`|  |If `value` is set to true, it overrides the options in the Docker Engine config file. See the [Docker Engine reference](/engine/reference/commandline/dockerd/#daemon-configuration-file). Note that for added security, a few of the config attributes may be overridden when Enhanced Container Isolation is enabled. |
 | &nbsp;&nbsp; &nbsp; &nbsp;`vpnkitCIDR` |  |Overrides the network range used for vpnkit DHCP/DNS for `*.docker.internal`  |
+|`kubernetes`|  | If `enabled` is set to true, a Kubernetes single-node cluster is started when Docker Desktop starts. If `showSystemContainers` is set to true, Kubernetes containers are displayed in the UI and when you run `docker ps`.  `imagesRepository` allows you to specify which repository Docker Desktop pulls the Kubernetes images from. For example, `"imagesRepository": "registry-1.docker.io/docker"`.  |
 | `windowsContainers` |  | Parameters and settings related to `windowsContainers` options - grouped together here for convenience.                  |
 | &nbsp; &nbsp; &nbsp; &nbsp;`dockerDaemonOptions` |  | Overrides the options in the linux daemon config file. See the [Docker Engine reference](/engine/reference/commandline/dockerd/#daemon-configuration-file).|                                |
 |`disableUpdate`|  |If `value` is set to true, checking for and notifications about Docker Desktop updates is disabled.|

desktop/settings/linux.md

@@ -33,6 +33,8 @@ On the **General** tab, you can configure when to start Docker and specify other
 - **Open Docker Desktop dashboard at startup**. Select to automatically open the
   dashboard when starting Docker Desktop.
 
+- **Use Enhanced Container Isolation**. Select to enhance security by preventing containers from breaching the Linux VM. For more information, see [Enhanced Container Isolation](../hardened-desktop/enhanced-container-isolation/index.md)
+
 - **Use Docker Compose V2**. Select to enable the `docker-compose` command to
   use Docker Compose V2. For more information, see [Docker Compose V2](../../compose/compose-v2/index.md).
 
@@ -134,7 +136,11 @@ Click **Apply & Restart** to save your settings and restart Docker Desktop.
 
 From the **Beta features** tab, you can sign up to the [Developer Preview program](https://www.docker.com/community/get-involved/developer-preview/){:target="_blank" rel="noopener" class="_"}.
 
-On the **Beta features** tab, you also have the option to allow version 4.13 feature flags, which are product features Docker is currently experimenting with. This is switched on by default. 
+On the **Beta features** tab, you also have the option to allow feature flags, which are product features Docker is currently experimenting with. This is switched on by default.
+
+### Enable containerd
+
+Turns on the experimental containerd image store. This brings new features like namespaces and faster container startup performance by lazy-pulling images.
 
 ## Kubernetes
 

desktop/settings/mac.md

@@ -30,6 +30,8 @@ On the **General** tab, you can configure when to start Docker and specify other
 - **Include VM in Time Machine backups**. Select to back up the Docker Desktop
   virtual machine. This option is disabled by default.
 
+- **Use Virtualization framework**. Select to allow Docker Desktop to use the `virtualization.framework` instead of the `hypervisor.framework`. 
+
 - **Use gRPC FUSE for file sharing**. Clear this check box to use the legacy
   osxfs file sharing instead.
 
@@ -44,6 +46,8 @@ On the **General** tab, you can configure when to start Docker and specify other
 - **Open Docker Desktop dashboard at startup**. Select to automatically open the
   dashboard when starting Docker Desktop.
 
+- **Use Enhanced Container Isolation**. Select to enhance security by preventing containers from breaching the Linux VM. For more information, see [Enhanced Container Isolation](../hardened-desktop/enhanced-container-isolation/index.md)
+
 - **Use Docker Compose V2**. Select to enable the `docker-compose` command to
   use Docker Compose V2. For more information, see [Docker Compose V2](../../compose/compose-v2/index.md).
 
@@ -163,11 +167,7 @@ Click **Apply & Restart** to save your settings and restart Docker Desktop.
 
 {% include beta.md %}
 
-On the **Beta features** tab, you also have the option to allow version 4.13 feature flags, which are product features Docker is currently experimenting with. This is switched on by default. 
-
-### Enable the new Apple Virtualization framework
-
-Select **Use the new Virtualization framework** to allow Docker Desktop to use the new `virtualization.framework` instead of the ‘hypervisor.framework’. Ensure to reset your Kubernetes cluster when you enable the new Virtualization framework for the first time.
+On the **Beta features** tab, you also have the option to allow feature flags, which are product features Docker is currently experimenting with. This is switched on by default.
 
 ### Enable VirtioFS
 
@@ -183,6 +183,10 @@ To enable virtioFS:
 
 3. Click **Apply & Restart**.
 
+### Enable containerd
+
+Turns on the experimental containerd image store. This brings new features like namespaces and faster container startup performance by lazy-pulling images.
+
 ## Kubernetes
 
 Docker Desktop includes a standalone Kubernetes server, so that you can test

desktop/settings/windows.md

@@ -41,6 +41,8 @@ On the **General** tab, you can configure when to start Docker and specify other
 - **Open Docker Desktop dashboard at startup**. Select to automatically open the
   dashboard when starting Docker Desktop.
 
+- **Use Enhanced Container Isolation**. Select to enhance security by preventing containers from breaching the Linux VM. For more information, see [Enhanced Container Isolation](../hardened-desktop/enhanced-container-isolation/index.md)
+
 - **Use Docker Compose V2**. Select to enable the `docker-compose` command to
   use Docker Compose V2. For more information, see [Docker Compose V2](../../compose/compose-v2/index.md).
 
@@ -205,9 +207,15 @@ Click **Apply & Restart** to save your settings and restart Docker Desktop.
 
 {% include beta.md %}
 
+
+On the **Beta features** tab, you also have the option to allow feature flags, which are product features Docker is currently experimenting with. This is switched on by default.
+
 From the **Beta features** tab, you can sign up to the [Developer Preview program](https://www.docker.com/community/get-involved/developer-preview/){:target="_blank" rel="noopener" class="_"}.
 
-On the **Beta features** tab, you also have the option to allow version 4.13 feature flags, which are product features Docker is currently experimenting with. This is switched on by default. 
+
+### Enable containerd
+
+Turns on the experimental containerd image store. This brings new features like namespaces and faster container startup performance by lazy-pulling images.
 
 ## Kubernetes
 

desktop/use-desktop/container.md

@@ -11,15 +11,12 @@ The **Containers** view lists all your running containers and applications. You
 Use the **Search** field to search for any specific container.
 
 From the **Containers** view you can perform the following actions on one or more containers at once:
-- Pause
-- Resume
-- Stop
-- Start
+- Pause/Resume
+- Stop/Start
 - Delete
-
-When you hover over individual containers, you can also:
-- Select **Open in Visual Studio Code** to open the application in VS Code.
-- Open the port exposed by the container in a browser.
+- Open the application in VS code
+- Open the port exposed by the container in a browser
+- Copy docker run. This allows you to easily share container run details or modify certain parameters
 
 ### Integrated terminal
 
@@ -49,7 +46,6 @@ The **container view** displays **Logs**, **Inspect**, and **Stats** tabs and pr
     - Use the **Clear terminal** icon in the top right-hand corner to clear the logs terminal. 
     - Select and view external links that may be in your logs. 
 
-
 - Select **Inspect** to view low-level information about the container. You can see the local path, version number of the image, SHA-256, port mapping, and other details.
 
 - Select **Stats** to view information about the container resource utilization. You can see the amount of CPU, disk I/O, memory, and network I/O used by the container.