docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

admin-settings: add note regarding KinD + ECI config. (#22435) 

<!--Delete sections as needed -->

## Description

In the admin-settings docs, in the section that describes settings for
Docker Desktop Kubernetes, add a note indicating that if a custom
repository is used for Kubernetes node images, and if Enhanced Container
Isolation (ECI) is enabled, the custom repository images must also be
added to the ECI Docker Socket image list setting.

## Related issues or tickets

https://docker.atlassian.net/browse/POS-2924
https://docker.atlassian.net/browse/SEG-1102

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [X] Editorial review
- [ ] Product review

---------

Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
Co-authored-by: Sarah Sanders <sarah.sanders@docker.com>
This commit is contained in:
Cesar Talledo 2025-04-16 06:13:36 -07:00 committed by GitHub
parent ced10b917e
commit 3da3b16a61
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
View File

@ -182,7 +182,7 @@ The following `admin-settings.json` code and table provides an example of the re
}
```
### General
### General
|Parameter|OS|Description|Version|
|:-------------------------------|---|:-------------------------------|---|
@ -195,7 +195,7 @@ The following `admin-settings.json` code and table provides an example of the re
| `desktopTerminalEnabled` | | If `value` is set to `false`, developers cannot use the Docker terminal to interact with the host machine and execute commands directly from Docker Desktop. | |
|`exposeDockerAPIOnTCP2375`| Windows only| Exposes the Docker API on a specified port. If `value` is set to true, the Docker API is exposed on port 2375. Note: This is unauthenticated and should only be enabled if protected by suitable firewall rules.| |
### File sharing and emulation
### File sharing and emulation
|Parameter|OS|Description|Version|
|:-------------------------------|---|:-------------------------------|---|
@ -241,7 +241,7 @@ The following `admin-settings.json` code and table provides an example of the re
| &nbsp; &nbsp; &nbsp; &nbsp;`dockerDaemonOptions` | | Overrides the options in the Linux daemon config file. See the [Docker Engine reference](/reference/cli/dockerd/#daemon-configuration-file).| |
> [!NOTE]
>
>
> This setting is not available to configure via the Docker Admin Console.
### Kubernetes
@ -250,7 +250,16 @@ The following `admin-settings.json` code and table provides an example of the re
|:-------------------------------|---|:-------------------------------|---|
|`kubernetes`| | If `enabled` is set to true, a Kubernetes single-node cluster is started when Docker Desktop starts. If `showSystemContainers` is set to true, Kubernetes containers are displayed in the Docker Desktop Dashboard and when you run `docker ps`. `imagesRepository` lets you specify which repository Docker Desktop pulls the Kubernetes images from. For example, `"imagesRepository": "registry-1.docker.io/docker"`. | |
### Features in development
> [!NOTE]
>
> When using the `imagesRepository` setting and Enhanced Container Isolation (ECI), add the following images to the [ECI Docker socket mount image list](#enhanced-container-isolation):
>
> `<custom-image-repo>/desktop-cloud-provider-kind:*`
> `<custom-image-repo>/desktop-containerd-registry-mirror:*`
>
> These containers mount the Docker socket, so you must add the images to the ECI images list. If not, ECI will block the mount and Kubernetes won't start.
### Features in development
|Parameter|OS|Description|Version|
|:-------------------------------|---|:-------------------------------|---|
@ -258,7 +267,7 @@ The following `admin-settings.json` code and table provides an example of the re
| `allowBetaFeatures`| | If `value` is set to `false`, beta features are disabled.| |
| `enableDockerAI` | | If `value` is set to `false`, Docker AI (Ask Gordon) features are disabled. | |
### Enhanced Container Isolation
### Enhanced Container Isolation
|Parameter|OS|Description|Version|
|:-------------------------------|---|:-------------------------------|---|
@ -282,4 +291,4 @@ For settings to take effect:
So as not to disrupt your developers' workflow, Docker doesn't automatically mandate that developers re-launch and re-authenticate once a change has been made.
In Docker Desktop, developers see the relevant settings grayed out.
In Docker Desktop, developers see the relevant settings grayed out.