From 86cf54be0b3626b3a3930df04c18c9767b68f2be Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Thu, 8 Feb 2024 22:38:15 +0100 Subject: [PATCH 1/6] build: add "remove" to manage builders page Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/build/builders/manage.md | 24 +++++++++++++++++++++++- content/build/cloud/faq.md | 12 ------------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/content/build/builders/manage.md b/content/build/builders/manage.md index dece019f8a..2cfe13e93d 100644 --- a/content/build/builders/manage.md +++ b/content/build/builders/manage.md @@ -97,6 +97,28 @@ Reclaimable: 2.01GB Total: 2.01GB ``` +## Remove a builder + +Use the +[`docker buildx remove`](../../engine/reference/commandline/buildx_create.md) +command to remove a builder. + +```console +$ docker buildx rm +``` + +If you remove your currently selected builder, +the default `docker` builder is automatically selected. +You can't remove the default builder. + +Local build cache for the builder is also removed. + +### Removing remote builders + +Removing a remote builder doesn't affect the remote build cache. +It also doesn't stop the remote BuildKit daemon. +It only removes your connection to the builder. + ## Manage builders with Docker Desktop If you have turned on the @@ -105,4 +127,4 @@ you can inspect builders in Docker Desktop settings. See: - [Change settings, Windows](../../desktop/settings/windows.md#builders) - [Change settings, Mac](../../desktop/settings/mac.md#builders) -- [Change settings, Linux](../../desktop/settings/linux.md#builders) \ No newline at end of file +- [Change settings, Linux](../../desktop/settings/linux.md#builders) diff --git a/content/build/cloud/faq.md b/content/build/cloud/faq.md index 5e8add3011..6a41c2d388 100644 --- a/content/build/cloud/faq.md +++ b/content/build/cloud/faq.md @@ -15,18 +15,6 @@ aliases: - [Can I use Docker Build Cloud with a registry behind a VPN?](#can-i-use-docker-build-cloud-with-a-registry-behind-a-vpn) -### How do I remove Docker Build Cloud from my system? - -If you want to stop using Docker Build Cloud, remove the cloud builder using -the `docker buildx rm` command. - -```console -$ docker buildx rm cloud--default -``` - -This doesn't deprovision the builder backend, it only removes the builder from -your local Docker client. - ### Are builders shared between organizations? No. Each cloud builder provisioned to an organization is completely From 312584c2d9818728a3e8755944bbaf3f4f5ae9ca Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Thu, 8 Feb 2024 22:39:06 +0100 Subject: [PATCH 2/6] build(cloud): describe builder isolation on index page Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/build/cloud/_index.md | 4 ++++ content/build/cloud/faq.md | 7 ------- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/content/build/cloud/_index.md b/content/build/cloud/_index.md index b6be1a12ca..73102266a1 100644 --- a/content/build/cloud/_index.md +++ b/content/build/cloud/_index.md @@ -34,6 +34,10 @@ Docker Build Cloud provides several benefits over local builds: And the best part: you don't need to worry about managing builders or infrastructure. Just connect to your builders, and start building. +Each cloud builder provisioned to an organization is completely +isolated to a single Amazon EC2 instance, with a dedicated EBS volume for build +cache, and end-to-end encryption. That means there are no shared processes or +data between cloud builders. > **Note** > diff --git a/content/build/cloud/faq.md b/content/build/cloud/faq.md index 6a41c2d388..0930a40e86 100644 --- a/content/build/cloud/faq.md +++ b/content/build/cloud/faq.md @@ -15,13 +15,6 @@ aliases: - [Can I use Docker Build Cloud with a registry behind a VPN?](#can-i-use-docker-build-cloud-with-a-registry-behind-a-vpn) -### Are builders shared between organizations? - -No. Each cloud builder provisioned to an organization is completely -isolated to a single Amazon EC2 instance, with a dedicated EBS volume for build -cache, and end-to-end encryption. That means there are no shared processes or -data between cloud builders. - ### Do I need to add my secrets to the builder to access private resources? No. Your interface to Docker Build Cloud is Buildx, and you can use the existing From 993fb4ea9476d447ec417866b7fdf1505f1a6732 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Thu, 8 Feb 2024 22:41:44 +0100 Subject: [PATCH 3/6] build(cloud): move unset default builder to usage Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/build/cloud/faq.md | 9 --------- content/build/cloud/usage.md | 13 +++++++++++++ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/content/build/cloud/faq.md b/content/build/cloud/faq.md index 0930a40e86..31a402a945 100644 --- a/content/build/cloud/faq.md +++ b/content/build/cloud/faq.md @@ -25,15 +25,6 @@ For more information, refer to: - [`docker buildx build --secret`](/engine/reference/commandline/buildx_build/#secret) - [`docker buildx build --ssh`](/engine/reference/commandline/buildx_build/#ssh) -### How do I unset Docker Build Cloud as the default builder? - -If you've set a cloud builder as the default builder and want to revert to using the -default `docker` builder, run the following command: - -```console -$ docker context use default -``` - ### How do I manage the build cache with Docker Build Cloud? You don't need to manage the builder's cache manually. The system manages it diff --git a/content/build/cloud/usage.md b/content/build/cloud/usage.md index 1b93f83138..cbabeb97ea 100644 --- a/content/build/cloud/usage.md +++ b/content/build/cloud/usage.md @@ -130,3 +130,16 @@ Teams using a shared builder get access to information such as: This lets you and your team work collaboratively on troubleshooting and improving build speeds, without having to send build logs and benchmarks back and forth between each other. + +## Unset Docker Build Cloud as the default builder + +If you've set a cloud builder as the default builder +and want to revert to the default `docker` builder, +run the following command: + +```console +$ docker context use default +``` + +This doesn't remove the builder from your system. +It only changes the builder that's automatically selected to run your builds. From 8cb196a8cbb362fa0143c158c78e1aa2ab5a6358 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Thu, 8 Feb 2024 22:48:06 +0100 Subject: [PATCH 4/6] build(cloud): move build secrets from faq to usage Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/build/cloud/faq.md | 10 ---------- content/build/cloud/usage.md | 22 ++++++++++++++++++++++ 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/content/build/cloud/faq.md b/content/build/cloud/faq.md index 31a402a945..41eb7fc49a 100644 --- a/content/build/cloud/faq.md +++ b/content/build/cloud/faq.md @@ -15,16 +15,6 @@ aliases: - [Can I use Docker Build Cloud with a registry behind a VPN?](#can-i-use-docker-build-cloud-with-a-registry-behind-a-vpn) -### Do I need to add my secrets to the builder to access private resources? - -No. Your interface to Docker Build Cloud is Buildx, and you can use the existing -`--secret` and `--ssh` CLI flags for managing build secrets. - -For more information, refer to: - -- [`docker buildx build --secret`](/engine/reference/commandline/buildx_build/#secret) -- [`docker buildx build --ssh`](/engine/reference/commandline/buildx_build/#ssh) - ### How do I manage the build cache with Docker Build Cloud? You don't need to manage the builder's cache manually. The system manages it diff --git a/content/build/cloud/usage.md b/content/build/cloud/usage.md index cbabeb97ea..a27636e88a 100644 --- a/content/build/cloud/usage.md +++ b/content/build/cloud/usage.md @@ -131,6 +131,28 @@ This lets you and your team work collaboratively on troubleshooting and improving build speeds, without having to send build logs and benchmarks back and forth between each other. +## Use secrets with Docker Build Cloud + +To use build secrets with Docker Build Cloud, +such as authentication credentials or tokens, +use the `--secret` and `--ssh` CLI flags for the `docker buildx` command. +The traffic is end-to-end encrypted and secrets are never stored in the build cache. + +> **Warning** +> +> If you're misusing build arguments to pass credentials, authentication +> tokens, or other secrets, you should refactor your build to pass the secrets using +> [secret mounts](../../engine/reference/commandline/buildx_build.md#secret) instead. +> Build arguments are stored in the cache and their values are exposed through attestations. +> Secret mounts don't leak outside of the build and are never included in attestations. +{.warning} + +For more information, refer to: + +- [`docker buildx build --secret`](/engine/reference/commandline/buildx_build/#secret) +- [`docker buildx build --ssh`](/engine/reference/commandline/buildx_build/#ssh) + + ## Unset Docker Build Cloud as the default builder If you've set a cloud builder as the default builder From 526e361298eb376ce72d250c4145cec5eb43368f Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Thu, 8 Feb 2024 22:50:30 +0100 Subject: [PATCH 5/6] build(cloud): move build cloud cache description from faq to usage Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/build/cloud/faq.md | 18 ------------------ content/build/cloud/usage.md | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/content/build/cloud/faq.md b/content/build/cloud/faq.md index 41eb7fc49a..ee42ef84ee 100644 --- a/content/build/cloud/faq.md +++ b/content/build/cloud/faq.md @@ -15,24 +15,6 @@ aliases: - [Can I use Docker Build Cloud with a registry behind a VPN?](#can-i-use-docker-build-cloud-with-a-registry-behind-a-vpn) -### How do I manage the build cache with Docker Build Cloud? - -You don't need to manage the builder's cache manually. The system manages it -for you through [garbage collection](/build/cache/garbage-collection/). - -Old cache is automatically removed if you hit your storage limit. You can check -your current cache state using the -[`docker buildx du` command](/engine/reference/commandline/buildx_du/). - -To clear the builder's cache manually, you can use the -[`docker buildx prune` command](/engine/reference/commandline/buildx_prune/) -command. This works like pruning the cache for any other builder. - -> **Note** -> -> Pruning a cloud builder's cache also removes the cache for other team members -> using the same builder. - ### Can I use Docker Build Cloud with a registry behind a VPN? No, you can't use Docker Build Cloud with a private registry or registry mirror diff --git a/content/build/cloud/usage.md b/content/build/cloud/usage.md index a27636e88a..d851ea75c2 100644 --- a/content/build/cloud/usage.md +++ b/content/build/cloud/usage.md @@ -152,6 +152,24 @@ For more information, refer to: - [`docker buildx build --secret`](/engine/reference/commandline/buildx_build/#secret) - [`docker buildx build --ssh`](/engine/reference/commandline/buildx_build/#ssh) +## Managing build cache + +You don't need to manage Docker Build Cloud cache manually. +The system manages it for you through [garbage collection](/build/cache/garbage-collection/). + +Old cache is automatically removed if you hit your storage limit. +You can check your current cache state using the +[`docker buildx du` command](/engine/reference/commandline/buildx_du/). + +To clear the builder's cache manually, +use the [`docker buildx prune` command](/engine/reference/commandline/buildx_prune/). +This works like pruning the cache for any other builder. + +> **Warning** +> +> Pruning a cloud builder's cache also removes the cache for other team members +> using the same builder. +{ .warning } ## Unset Docker Build Cloud as the default builder From e981ddb2f85425c4baa136b9ee5271f53e41c803 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Thu, 8 Feb 2024 22:53:21 +0100 Subject: [PATCH 6/6] build(cloud): move internal/vpn registry info from faq to usage Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/build/cloud/_index.md | 6 +----- content/build/cloud/faq.md | 22 ---------------------- content/build/cloud/usage.md | 7 +++++++ data/toc.yaml | 2 -- 4 files changed, 8 insertions(+), 29 deletions(-) delete mode 100644 content/build/cloud/faq.md diff --git a/content/build/cloud/_index.md b/content/build/cloud/_index.md index 73102266a1..54c54b5274 100644 --- a/content/build/cloud/_index.md +++ b/content/build/cloud/_index.md @@ -4,6 +4,7 @@ description: Get started with Docker Build Cloud keywords: build, cloud, cloud build, remote builder aliases: - /build/hydrobuild/ + - /build/cloud/faq/ --- Docker Build Cloud is a service that lets you build your container images @@ -65,8 +66,3 @@ builder in your local environment](./setup.md). For more information about the available subscription plans, see [Docker Build Cloud subscriptions and features](../../subscription/build-details.md). - -## Frequently asked questions - -The [Docker Build Cloud FAQ](./faq.md) page lists common questions and answers about -Docker Build Cloud. diff --git a/content/build/cloud/faq.md b/content/build/cloud/faq.md deleted file mode 100644 index ee42ef84ee..0000000000 --- a/content/build/cloud/faq.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -title: Docker Build Cloud FAQ -description: Frequently asked questions about Docker Build Cloud -keywords: build, cloud build, faq, troubleshooting -aliases: - - /hydrobuild/faq/ ---- - - -- [How do I remove Docker Build Cloud from my system?](#how-do-i-remove-docker-build-cloud-from-my-system) -- [Are builders shared between organizations?](#are-builders-shared-between-organizations) -- [Do I need to add my secrets to the builder to access private resources?](#do-i-need-to-add-my-secrets-to-the-builder-to-access-private-resources) -- [How do I unset Docker Build Cloud as the default builder?](#how-do-i-unset-docker-build-cloud-as-the-default-builder) -- [How do I manage the build cache with Docker Build Cloud?](#how-do-i-manage-the-build-cache-with-docker-build-cloud) -- [Can I use Docker Build Cloud with a registry behind a VPN?](#can-i-use-docker-build-cloud-with-a-registry-behind-a-vpn) - - -### Can I use Docker Build Cloud with a registry behind a VPN? - -No, you can't use Docker Build Cloud with a private registry or registry mirror -behind a VPN. All endpoints invoked with Docker Build Cloud, including OCI -registries, must be accessible over the internet. diff --git a/content/build/cloud/usage.md b/content/build/cloud/usage.md index d851ea75c2..1619300e17 100644 --- a/content/build/cloud/usage.md +++ b/content/build/cloud/usage.md @@ -183,3 +183,10 @@ $ docker context use default This doesn't remove the builder from your system. It only changes the builder that's automatically selected to run your builds. + +## Registries on internal networks + +It isn't possible to use Docker Build Cloud with a private registry +or registry mirror on an internal network behind a VPN. +All endpoints that a cloud builder interacts with, +including OCI registries, must be accessible over the internet. diff --git a/data/toc.yaml b/data/toc.yaml index b9cd142270..dd02d3e58e 100644 --- a/data/toc.yaml +++ b/data/toc.yaml @@ -2175,8 +2175,6 @@ FAQ: title: Overview - path: /billing/faqs/ title: Billing - - path: /build/cloud/faq/ - title: Build Cloud - path: /compose/faq/ title: Compose - sectiontitle: Desktop