diff --git a/content/build/builders/manage.md b/content/build/builders/manage.md index dece019f8a..2cfe13e93d 100644 --- a/content/build/builders/manage.md +++ b/content/build/builders/manage.md @@ -97,6 +97,28 @@ Reclaimable: 2.01GB Total: 2.01GB ``` +## Remove a builder + +Use the +[`docker buildx remove`](../../engine/reference/commandline/buildx_create.md) +command to remove a builder. + +```console +$ docker buildx rm +``` + +If you remove your currently selected builder, +the default `docker` builder is automatically selected. +You can't remove the default builder. + +Local build cache for the builder is also removed. + +### Removing remote builders + +Removing a remote builder doesn't affect the remote build cache. +It also doesn't stop the remote BuildKit daemon. +It only removes your connection to the builder. + ## Manage builders with Docker Desktop If you have turned on the @@ -105,4 +127,4 @@ you can inspect builders in Docker Desktop settings. See: - [Change settings, Windows](../../desktop/settings/windows.md#builders) - [Change settings, Mac](../../desktop/settings/mac.md#builders) -- [Change settings, Linux](../../desktop/settings/linux.md#builders) \ No newline at end of file +- [Change settings, Linux](../../desktop/settings/linux.md#builders) diff --git a/content/build/cloud/_index.md b/content/build/cloud/_index.md index b6be1a12ca..54c54b5274 100644 --- a/content/build/cloud/_index.md +++ b/content/build/cloud/_index.md @@ -4,6 +4,7 @@ description: Get started with Docker Build Cloud keywords: build, cloud, cloud build, remote builder aliases: - /build/hydrobuild/ + - /build/cloud/faq/ --- Docker Build Cloud is a service that lets you build your container images @@ -34,6 +35,10 @@ Docker Build Cloud provides several benefits over local builds: And the best part: you don't need to worry about managing builders or infrastructure. Just connect to your builders, and start building. +Each cloud builder provisioned to an organization is completely +isolated to a single Amazon EC2 instance, with a dedicated EBS volume for build +cache, and end-to-end encryption. That means there are no shared processes or +data between cloud builders. > **Note** > @@ -61,8 +66,3 @@ builder in your local environment](./setup.md). For more information about the available subscription plans, see [Docker Build Cloud subscriptions and features](../../subscription/build-details.md). - -## Frequently asked questions - -The [Docker Build Cloud FAQ](./faq.md) page lists common questions and answers about -Docker Build Cloud. diff --git a/content/build/cloud/faq.md b/content/build/cloud/faq.md deleted file mode 100644 index 5e8add3011..0000000000 --- a/content/build/cloud/faq.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: Docker Build Cloud FAQ -description: Frequently asked questions about Docker Build Cloud -keywords: build, cloud build, faq, troubleshooting -aliases: - - /hydrobuild/faq/ ---- - - -- [How do I remove Docker Build Cloud from my system?](#how-do-i-remove-docker-build-cloud-from-my-system) -- [Are builders shared between organizations?](#are-builders-shared-between-organizations) -- [Do I need to add my secrets to the builder to access private resources?](#do-i-need-to-add-my-secrets-to-the-builder-to-access-private-resources) -- [How do I unset Docker Build Cloud as the default builder?](#how-do-i-unset-docker-build-cloud-as-the-default-builder) -- [How do I manage the build cache with Docker Build Cloud?](#how-do-i-manage-the-build-cache-with-docker-build-cloud) -- [Can I use Docker Build Cloud with a registry behind a VPN?](#can-i-use-docker-build-cloud-with-a-registry-behind-a-vpn) - - -### How do I remove Docker Build Cloud from my system? - -If you want to stop using Docker Build Cloud, remove the cloud builder using -the `docker buildx rm` command. - -```console -$ docker buildx rm cloud--default -``` - -This doesn't deprovision the builder backend, it only removes the builder from -your local Docker client. - -### Are builders shared between organizations? - -No. Each cloud builder provisioned to an organization is completely -isolated to a single Amazon EC2 instance, with a dedicated EBS volume for build -cache, and end-to-end encryption. That means there are no shared processes or -data between cloud builders. - -### Do I need to add my secrets to the builder to access private resources? - -No. Your interface to Docker Build Cloud is Buildx, and you can use the existing -`--secret` and `--ssh` CLI flags for managing build secrets. - -For more information, refer to: - -- [`docker buildx build --secret`](/engine/reference/commandline/buildx_build/#secret) -- [`docker buildx build --ssh`](/engine/reference/commandline/buildx_build/#ssh) - -### How do I unset Docker Build Cloud as the default builder? - -If you've set a cloud builder as the default builder and want to revert to using the -default `docker` builder, run the following command: - -```console -$ docker context use default -``` - -### How do I manage the build cache with Docker Build Cloud? - -You don't need to manage the builder's cache manually. The system manages it -for you through [garbage collection](/build/cache/garbage-collection/). - -Old cache is automatically removed if you hit your storage limit. You can check -your current cache state using the -[`docker buildx du` command](/engine/reference/commandline/buildx_du/). - -To clear the builder's cache manually, you can use the -[`docker buildx prune` command](/engine/reference/commandline/buildx_prune/) -command. This works like pruning the cache for any other builder. - -> **Note** -> -> Pruning a cloud builder's cache also removes the cache for other team members -> using the same builder. - -### Can I use Docker Build Cloud with a registry behind a VPN? - -No, you can't use Docker Build Cloud with a private registry or registry mirror -behind a VPN. All endpoints invoked with Docker Build Cloud, including OCI -registries, must be accessible over the internet. diff --git a/content/build/cloud/usage.md b/content/build/cloud/usage.md index 1b93f83138..1619300e17 100644 --- a/content/build/cloud/usage.md +++ b/content/build/cloud/usage.md @@ -130,3 +130,63 @@ Teams using a shared builder get access to information such as: This lets you and your team work collaboratively on troubleshooting and improving build speeds, without having to send build logs and benchmarks back and forth between each other. + +## Use secrets with Docker Build Cloud + +To use build secrets with Docker Build Cloud, +such as authentication credentials or tokens, +use the `--secret` and `--ssh` CLI flags for the `docker buildx` command. +The traffic is end-to-end encrypted and secrets are never stored in the build cache. + +> **Warning** +> +> If you're misusing build arguments to pass credentials, authentication +> tokens, or other secrets, you should refactor your build to pass the secrets using +> [secret mounts](../../engine/reference/commandline/buildx_build.md#secret) instead. +> Build arguments are stored in the cache and their values are exposed through attestations. +> Secret mounts don't leak outside of the build and are never included in attestations. +{.warning} + +For more information, refer to: + +- [`docker buildx build --secret`](/engine/reference/commandline/buildx_build/#secret) +- [`docker buildx build --ssh`](/engine/reference/commandline/buildx_build/#ssh) + +## Managing build cache + +You don't need to manage Docker Build Cloud cache manually. +The system manages it for you through [garbage collection](/build/cache/garbage-collection/). + +Old cache is automatically removed if you hit your storage limit. +You can check your current cache state using the +[`docker buildx du` command](/engine/reference/commandline/buildx_du/). + +To clear the builder's cache manually, +use the [`docker buildx prune` command](/engine/reference/commandline/buildx_prune/). +This works like pruning the cache for any other builder. + +> **Warning** +> +> Pruning a cloud builder's cache also removes the cache for other team members +> using the same builder. +{ .warning } + +## Unset Docker Build Cloud as the default builder + +If you've set a cloud builder as the default builder +and want to revert to the default `docker` builder, +run the following command: + +```console +$ docker context use default +``` + +This doesn't remove the builder from your system. +It only changes the builder that's automatically selected to run your builds. + +## Registries on internal networks + +It isn't possible to use Docker Build Cloud with a private registry +or registry mirror on an internal network behind a VPN. +All endpoints that a cloud builder interacts with, +including OCI registries, must be accessible over the internet. diff --git a/data/toc.yaml b/data/toc.yaml index 8c57d899ce..adc05a6721 100644 --- a/data/toc.yaml +++ b/data/toc.yaml @@ -2177,8 +2177,6 @@ FAQ: title: Overview - path: /billing/faqs/ title: Billing - - path: /build/cloud/faq/ - title: Build Cloud - path: /compose/faq/ title: Compose - sectiontitle: Desktop