docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

implement summary bars for feature attributes (#21667) 

## Description
- Create `summary-bar.html` shortcode
- Inline styling

## Related issues or tickets
- [ENGDOCS-2334](https://docker.atlassian.net/browse/ENGDOCS-2334)

## Reviews
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

[ENGDOCS-2333]:
https://docker.atlassian.net/browse/ENGDOCS-2333?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

Preview:
https://deploy-preview-21667--docsdocker.netlify.app/security/for-admins/hardened-desktop/settings-management/configure-admin-console/

[ENGDOCS-2334]:
https://docker.atlassian.net/browse/ENGDOCS-2334?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
This commit is contained in:
Sarah Sanders 2025-01-21 09:19:16 -08:00 committed by GitHub
parent cd6b6e66f0
commit 3de8201822
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
76 changed files with 334 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/manuals/admin/company/_index.md
View File

@ -42,6 +42,8 @@ aliases:
- /docker-hub/creating-companies/
---
{{< summary-bar feature_name="Company" >}}
{{< include "admin-company-overview.md" >}}
Learn how to administer a company in the following sections.

2
content/manuals/admin/company/new-company.md
View File

@ -6,6 +6,8 @@ aliases:
- /docker-hub/new-company/
---
{{< summary-bar feature_name="Company" >}}
You can create a new company in the Docker Admin Console. Before you begin, you must:
- Be the owner of the organization you want to add to your company
- Have a Docker Business subscription

2
content/manuals/admin/company/organizations.md
View File

@ -4,6 +4,8 @@ keywords: company, multiple organizations, manage organizations
title: Manage company organizations
---
{{< summary-bar feature_name="Company" >}}
You can manage the organizations in a company in the Docker Admin Console.
{{< include "admin-early-access.md" >}}

2
content/manuals/admin/company/owners.md
View File

@ -6,6 +6,8 @@ aliases:
- /docker-hub/company-owner/
---
{{< summary-bar feature_name="Company" >}}
A company can have multiple owners. Company owners have company-wide
observability and can manage company-wide settings that apply to all associated
organizations. In addition, company owners have the same access as organization

2
content/manuals/admin/company/users.md
View File

@ -4,6 +4,8 @@ keywords: company, company users, users, admin, Admin Console
title: Manage company users
---
{{< summary-bar feature_name="Company" >}}
You can manage users at the company-level in the Docker Admin Console.
{{% admin-users product="admin" layer="company" %}}

2
content/manuals/admin/deactivate-account.md
View File

@ -6,6 +6,8 @@ aliases:
- /docker-hub/deactivate-account/
---
{{< summary-bar feature_name="General admin" >}}
You can deactivate an account at any time. This section describes the prerequisites and steps to deactivate an organization account. For information on deactivating a user account, see [Deactivate a user account](../accounts/deactivate-user-account.md).
> [!WARNING]

6
content/manuals/admin/organization/activity-logs.md
View File

@ -7,6 +7,8 @@ aliases:
- /docker-hub/audit-log/
---
{{< summary-bar feature_name="Activity logs" >}}
Activity logs display a chronological list of activities that occur at organization and repository levels. It provides a report to owners on all their member activities.
With activity logs, owners can view and track:
@ -18,10 +20,6 @@ For example, activity logs display activities such as the date when a repository
Owners can also see the activity logs for their repository if the repository is part of the organization subscribed to a Docker Business or Team plan.
> [!NOTE]
>
> Activity logs requires a [Docker Team or Business subscription](/manuals/subscription/_index.md).
## Manage activity logs
{{< tabs >}}

2
content/manuals/admin/organization/convert-account.md
View File

@ -7,6 +7,8 @@ aliases:
- /docker-hub/convert-account/
---
{{< summary-bar feature_name="Admin orgs" >}}
You can convert an existing user account to an organization. This is useful if you need multiple users to access your account and the repositories that its connected to. Converting it to an organization gives you better control over permissions for these users through [teams](manage-a-team.md) and [roles](roles-and-permissions.md).
When you convert a user account to an organization, the account is migrated to a Docker Team plan.

10
content/manuals/admin/organization/insights.md
View File

@ -4,9 +4,7 @@ keywords: organization, insights
title: Insights
---
> [!NOTE]
>
> Insights requires a [Docker Business subscription](../../subscription/details.md#docker-business) and administrators must [enforce sign-in](/security/for-admins/enforce-sign-in/). This ensures users sign in with an account associated with their organization.
{{< summary-bar feature_name="Insights" >}}
Insights helps administrators visualize and understand how Docker is used within
their organizations. With Insights, administrators can ensure their teams are
@ -24,6 +22,12 @@ Key benefits include:
- Optimized license use. Ensure that developers have access to advanced
features provided by a Docker subscription.
## Prerequisites
- [Docker Business subscription](../../subscription/details.md#docker-business)
- Administrators must [enforce sign-in](/security/for-admins/enforce-sign-in/) for users
- Insights enabled by your Customer Success Manager
## View Insights for organization users
{{< include "admin-early-access.md" >}}

2
content/manuals/admin/organization/manage-a-team.md
View File

@ -8,6 +8,8 @@ aliases:
- /docker-hub/manage-a-team/
---
{{< summary-bar feature_name="Admin orgs" >}}
You can create teams for your organization in Docker Hub and the Docker Admin Console. You can [configure repository access for a team](#configure-repository-permissions-for-a-team) in Docker Hub.
A team is a group of Docker users that belong to an organization. An organization can have multiple teams. An organization owner can then create new teams and add members to an existing team using their Docker ID or email address and by selecting a team the user should be part of. Members aren't required to be part of a team to be associated with an organization.

2
content/manuals/admin/organization/manage-products.md
View File

@ -5,6 +5,8 @@ description: Learn how to manage Docker products for your organization
keywords: organization, tools, products
---
{{< summary-bar feature_name="Admin orgs" >}}
In this section, learn how to manage access and view usage of the Docker
products for your organization. For more detailed information about each
product, including how to set up and configure them, see the following manuals:

2
content/manuals/admin/organization/members.md
View File

@ -197,6 +197,8 @@ To update a member role:
## Export members CSV file
{{< summary-bar feature_name="Admin orgs" >}}
Owners can export a CSV file containing all members. The CSV file for a company contains the following fields:
- Name: The user's name
- Username: The user's Docker ID

2
content/manuals/admin/organization/onboard.md
View File

@ -11,6 +11,8 @@ aliases:
- /docker-hub/onboard-business/
---
{{< summary-bar feature_name="Admin orgs" >}}
{{< include "admin-early-access.md" >}}
Learn how to onboard your organization using Docker Hub or the Docker Admin Console.

2
content/manuals/admin/organization/orgs.md
View File

@ -8,6 +8,8 @@ aliases:
- /docker-hub/orgs/
---
{{< summary-bar feature_name="Admin orgs" >}}
This section describes how to create an organization. Before you begin:
- You need a [Docker ID](/accounts/create-account/)

2
content/manuals/build-cloud/_index.md
View File

@ -11,6 +11,8 @@ aliases:
- /build/cloud/
---
{{< summary-bar feature_name="Docker Build Cloud" >}}
Docker Build Cloud is a service that lets you build your container images
faster, both locally and in CI. Builds run on cloud infrastructure optimally
dimensioned for your workloads, no configuration required. The service uses a

2
content/manuals/build/bake/_index.md
View File

@ -6,6 +6,8 @@ aliases:
- /build/customize/bake/
---
{{< summary-bar feature_name="Build bake" >}}
Bake is a feature of Docker Buildx that lets you define your build configuration
using a declarative file, as opposed to specifying a complex CLI expression. It
also lets you run multiple builds concurrently with a single invocation.

5
content/manuals/build/cache/backends/azblob.md vendored
View File

@ -6,10 +6,7 @@ aliases:
- /build/building/cache/backends/azblob/
---
{{% experimental %}}
This is an experimental feature. The interface and behavior are unstable and
may change in future releases.
{{% /experimental %}}
{{< summary-bar feature_name="Azure blob" >}}
The `azblob` cache store uploads your resulting build cache to
[Azure's blob storage service](https://azure.microsoft.com/en-us/services/storage/blobs/).

5
content/manuals/build/cache/backends/gha.md vendored
View File

@ -6,10 +6,7 @@ aliases:
- /build/building/cache/backends/gha/
---
{{% restricted %}}
This is an experimental feature. The interface and behavior are unstable and
may change in future releases.
{{% /restricted %}}
{{< summary-bar feature_name="GitHub Actions cache" >}}
The GitHub Actions cache utilizes the
[GitHub-provided Action's cache](https://github.com/actions/cache) or other

5
content/manuals/build/cache/backends/s3.md vendored
View File

@ -6,10 +6,7 @@ aliases:
- /build/building/cache/backends/s3/
---
{{% restricted %}}
This is an experimental feature. The interface and behavior are unstable and
may change in future releases.
{{% /restricted %}}
{{< summary-bar feature_name="Amazon S3 cache" >}}
The `s3` cache storage uploads your resulting build cache to
[Amazon S3 file storage service](https://aws.amazon.com/s3/)

2
content/manuals/build/checks.md
View File

@ -11,7 +11,7 @@ description: Learn how to use build checks to validate your build configuration.
keywords: build, buildx, buildkit, checks, validate, configuration, lint
---
{{< introduced buildx 0.15.0 >}}
{{< summary-bar feature_name="Build checks" >}}
Build checks are a feature introduced in Dockerfile 1.8. It lets you validate
your build configuration and conduct a series of checks prior to executing your

6
content/manuals/build/ci/github-actions/build-summary.md
View File

@ -31,11 +31,7 @@ message that caused the build to fail:
## Import build records to Docker Desktop
{{< introduced desktop 4.31 >}}
{{% experimental title="Beta feature" %}}
Import builds is currently in [Beta](../../../release-lifecycle.md#Beta).
{{% /experimental %}}
{{< summary-bar feature_name="Import builds" >}}
The job summary includes a link for downloading a build record archive for the
run. The build record archive is a ZIP file containing the details about a build

6
content/manuals/build/ci/github-actions/cache.md
View File

@ -84,11 +84,7 @@ jobs:
### Cache backend API
{{% experimental %}}
This cache exporter is experimental. Please provide feedback on the
[BuildKit repository](https://github.com/moby/buildkit)
if you experience any issues.
{{% /experimental %}}
{{< summary-bar feature_name="Cache backend API" >}}
The [GitHub Actions cache exporter](../../cache/backends/gha.md)
backend uses the [GitHub Cache API](https://github.com/tonistiigi/go-actions-cache/blob/master/api.md)

2
content/manuals/compose/bridge/_index.md
View File

@ -6,7 +6,7 @@ linkTitle: Compose Bridge
weight: 50
---
{{< include "compose-bridge-experimental.md" >}}
{{< summary-bar feature_name="Compose bridge" >}}
Compose Bridge lets you transform your Compose configuration file into configuration files for different platforms, primarily focusing on Kubernetes. The default transformation generates Kubernetes manifests and a Kustomize overlay which are designed for deployment on Docker Desktop with Kubernetes enabled.

2
content/manuals/compose/bridge/advanced-integration.md
View File

@ -6,7 +6,7 @@ description: Learn about how Compose Bridge can function a kubectl plugin
keywords: kubernetes, compose, compose bridge, plugin, advanced
---
{{< include "compose-bridge-experimental.md" >}}
{{< summary-bar feature_name="Compose bridge" >}}
Compose Bridge can also function as a `kubectl` plugin, allowing you to integrate its capabilities directly into your Kubernetes command-line operations. This integration simplifies the process of converting and deploying applications from Docker Compose to Kubernetes.

2
content/manuals/compose/bridge/customize.md
View File

@ -6,7 +6,7 @@ description: Learn about the Compose Bridge templates syntax
keywords: compose, bridge, templates
---
{{< include "compose-bridge-experimental.md" >}}
{{< summary-bar feature_name="Compose bridge" >}}
This page explains how Compose Bridge utilizes templating to efficiently translate Docker Compose files into Kubernetes manifests. It also explain how you can customize these templates for your specific requirements and needs, or how you can build your own transformation.

2
content/manuals/compose/bridge/usage.md
View File

@ -6,7 +6,7 @@ description: Learn about and use the Compose Bridge default transformation
keywords: compose, bridge, kubernetes
---
{{< include "compose-bridge-experimental.md" >}}
{{< summary-bar feature_name="Compose bridge" >}}
Compose Bridge supplies an out-of-the box transformation for your Compose configuration file. Based on an arbitrary `compose.yaml` file, Compose Bridge produces:

4
content/manuals/copilot/_index.md
View File

@ -15,9 +15,7 @@ description: |
keywords: Docker, GitHub Copilot, extension, Visual Studio Code, chat, ai, containerization
---
{{% restricted title="Early Access" %}}
The Docker for GitHub Copilot extension is an [early access](/release-lifecycle#early-access-ea) product.
{{% /restricted %}}
{{< summary-bar feature_name="Docker GitHub Copilot" >}}
The [Docker for GitHub Copilot](https://github.com/marketplace/docker-for-github-copilot)
extension integrates Docker's capabilities with GitHub Copilot, providing

4
content/manuals/copilot/examples.md
View File

@ -7,9 +7,7 @@ description: |
weight: 30
---
{{% restricted title="Early Access" %}}
The Docker for GitHub Copilot extension is an [early access](/release-lifecycle#early-access-ea) product.
{{% /restricted %}}
{{< summary-bar feature_name="Docker GitHub Copilot" >}}
## Use cases

4
content/manuals/copilot/install.md
View File

@ -7,9 +7,7 @@ description: |
weight: 10
---
{{% restricted title="Early Access" %}}
The Docker for GitHub Copilot extension is an [early access](/release-lifecycle#early-access-ea) product.
{{% /restricted %}}
{{< summary-bar feature_name="Docker GitHub Copilot" >}}
To use the Docker for GitHub copilot extension, you first need to
[install](#install) the extension for your organization, and

4
content/manuals/copilot/usage.md
View File

@ -8,9 +8,7 @@ description: |
weight: 20
---
{{% restricted title="Early Access" %}}
The Docker for GitHub Copilot extension is an [early access](/release-lifecycle#early-access-ea) product.
{{% /restricted %}}
{{< summary-bar feature_name="Docker GitHub Copilot" >}}
The Docker Extension for GitHub Copilot provides a chat interface that you can
use to interact with the Docker agent. You can ask questions and get help

4
content/manuals/desktop/features/desktop-cli.md
View File

@ -11,9 +11,7 @@ params:
text: New
---
{{% experimental title="Beta" %}}
Docker Desktop CLI is currently in [Beta](../../release-lifecycle.md#beta).
{{% /experimental %}}
{{< summary-bar feature_name="Docker Desktop CLI" >}}
The Docker Desktop CLI lets you perform key operations such as starting, stopping, restarting, and checking the status of Docker Desktop directly from the command line. It is available with Docker Desktop version 4.37 and later.

4
content/manuals/desktop/features/dev-environments/_index.md
View File

@ -10,9 +10,7 @@ aliases:
{{< include "dev-envs-changing.md" >}}
{{% experimental title="Beta" %}}
The Dev Environments feature is currently in [Beta](/manuals/release-lifecycle.md#beta).
{{% /experimental %}}
{{< summary-bar feature_name="Dev Environments" >}}
Dev Environments let you create a configurable developer environment with all the code and tools you need to quickly get up and running.

4
content/manuals/desktop/features/synchronized-file-sharing.md
View File

@ -7,9 +7,7 @@ aliases:
- /desktop/synchronized-file-sharing/
---
> [!NOTE]
>
> Synchronized file shares is available with Docker Desktop version 4.27 and later. It is available for customers with a Docker Pro, Team, or Business subscription.
{{< summary-bar feature_name="Synchronized file sharing" >}}
Synchronized file shares is an alternative file sharing mechanism that provides fast and flexible host-to-VM file sharing, enhancing bind mount performance through the use of synchronized filesystem caches.

2
content/manuals/desktop/features/usbip.md
View File

@ -14,7 +14,7 @@ params:
text: New
---
{{< introduced desktop 4.35.0 "../../desktop/release-notes.md#4350" >}}
{{< summary-bar feature_name="USB/IP support" >}}
> [!NOTE]
>

12
content/manuals/desktop/features/vmm.md
View File

@ -13,13 +13,15 @@ aliases:
- /desktop/vmm/
---
{{< summary-bar feature_name="VMM" >}}
The Virtual Machine Manager (VMM) in Docker Desktop for Mac is responsible for creating and managing the virtual machine used to run containers. Depending on your system architecture and performance needs, you can choose from multiple VMM options in Docker Desktop's [settings](/manuals/desktop/settings-and-maintenance/settings.md#general). This page provides an overview of the available options.
## Docker VMM (Beta)
## Docker VMM
Docker VMM is a new, container-optimized hypervisor introduced in Docker Desktop 4.35 and available on Apple Silicon Macs only. Its enhanced speed and resource efficiency makes it an ideal choice for optimizing your workflow.
Docker VMM is a new, container-optimized hypervisor introduced in Docker Desktop 4.35 and available on Apple Silicon Macs only. Its enhanced speed and resource efficiency makes it an ideal choice for optimizing your workflow.
Docker VMM brings exciting advancements specifically tailored for Apple Silicon machines. By optimizing both the Linux kernel and hypervisor layers, Docker VMM delivers significant performance enhancements across common developer tasks.
Docker VMM brings exciting advancements specifically tailored for Apple Silicon machines. By optimizing both the Linux kernel and hypervisor layers, Docker VMM delivers significant performance enhancements across common developer tasks.
Some key performance enhancements provided by Docker VMM include:
- Faster I/O operations: With a cold cache, iterating over a large shared filesystem with `find` is 2x faster than when the Apple Virtualization Framework is used.
@ -31,9 +33,7 @@ These improvements directly impact developers who rely on frequent file access a
>
> Docker VMM requires a minimum of 4GB of memory to be allocated to the Docker Linux VM. The memory needs to be increased before Docker VMM is enabled, and this can be done from the **Resources** tab in **Settings**.
Docker VMM is based on [libkrun](https://github.com/containers/libkrun).
### Known issues
### Known issues
As Docker VMM is still in Beta, there are a few known limitations:

6
content/manuals/desktop/features/wasm.md
View File

@ -8,11 +8,7 @@ aliases:
- /desktop/wasm/
---
{{% experimental title="Beta" %}}
The Wasm feature is currently in [Beta](/manuals/release-lifecycle.md#beta).
We recommend that you do not use this feature in production environments as
this feature may change or be removed from future releases.
{{% /experimental %}}
{{< summary-bar feature_name="Wasm workloads" >}}
Wasm (short for WebAssembly) is a fast, light alternative to the Linux and
Windows containers youre using in Docker today (with

2
content/manuals/desktop/setup/allow-list.md
View File

@ -9,6 +9,8 @@ aliases:
- /desktop/allow-list/
---
{{< summary-bar feature_name="Allow list" >}}
This page contains the domain URLs that you need to add to a firewall allowlist to ensure Docker Desktop works properly within your organization.
## Domain URLs to allow

4
content/manuals/desktop/setup/install/enterprise-deployment/pkg-install-and-configure.md
View File

@ -11,9 +11,7 @@ params:
text: EA
---
{{% restricted title="Early Access" %}}
The PKG installer is currently an [Early Access](/manuals/release-lifecycle.md) feature and is available to all company and organization owners with a Business subscription and Docker Desktop version 4.36 and later.
{{% /restricted %}}
{{< summary-bar feature_name="PKG installer" >}}
The PKG package supports various MDM (Mobile Device Management) solutions, making it ideal for bulk installations and eliminating the need for manual setups by individual users. With this package, IT administrators can ensure standardized, policy-driven installations of Docker Desktop, enhancing efficiency and software management across their organizations.

2
content/manuals/desktop/setup/install/enterprise-deployment/use-intune.md
View File

@ -9,6 +9,8 @@ aliases:
- /desktop/setup/install/msi/use-intune/
---
{{< summary-bar feature_name="Intune" >}}
Learn how to deploy Docker Desktop for Windows and Mac using Intune, Microsoft's cloud-based device management tool.
{{< tabs >}}

4
content/manuals/desktop/setup/install/linux/archlinux.md
View File

@ -19,9 +19,7 @@ aliases:
This page contains information on how to install, launch and upgrade Docker Desktop on an Arch-based distribution.
> [!IMPORTANT]
>
> This is an experimental installation package. Docker has not tested or verified the installation.
{{< summary-bar feature_name="Docker Desktop Archlinux" >}}
## Prerequisites

4
content/manuals/desktop/use-desktop/builds.md
View File

@ -42,9 +42,7 @@ Docker Desktop settings.
### Import builds
{{% experimental title="Beta feature" %}}
Import builds is currently in [Beta](../../release-lifecycle.md#Beta).
{{% /experimental %}}
{{< summary-bar feature_name="Import builds" >}}
The **Import builds** button lets you import build records for builds by other
people, or builds in a CI environment. When you've imported a build record, it

5
content/manuals/docker-hub/repos/manage/builds/_index.md
View File

@ -7,10 +7,7 @@ aliases:
- /docker-hub/builds/how-builds-work/
---
> [!NOTE]
>
> Automated builds require a
> Docker Pro, Team, or Business subscription.
{{< summary-bar feature_name="Automated builds" >}}
Docker Hub can automatically build images from source code in an external
repository and automatically push the built image to your Docker repositories.

6
content/manuals/engine/daemon/alternative-runtimes.md
View File

@ -166,6 +166,8 @@ $ docker run --rm --runtime youki hello-world
### Wasmtime
{{< summary-bar feature_name="Wasmtime" >}}
Wasmtime is a
[Bytecode Alliance](https://bytecodealliance.org/)
project, and a Wasm runtime that lets you run Wasm containers.
@ -178,10 +180,6 @@ To add Wasmtime as a container runtime, follow these steps:
1. Turn on the [containerd image store](/manuals/engine/storage/containerd.md)
feature in the daemon configuration file.
> [!NOTE]
>
> This is an experimental feature.
```json
{
"features": {

6
content/manuals/engine/storage/containerd.md
View File

@ -8,11 +8,7 @@ aliases:
- /storage/containerd/
---
> [!NOTE]
>
> The containerd image store is an experimental feature of Docker Engine.
> If you're using Docker Desktop, refer to the instructions on the
> [containerd image store with Docker Desktop page](/manuals/desktop/features/containerd.md).
{{< summary-bar feature_name="containerd" >}}
containerd, the industry-standard container runtime, uses snapshotters instead
of the classic storage drivers for storing image and container data.

22
content/manuals/extensions/private-marketplace.md
View File

@ -5,18 +5,14 @@ title: Configure a private marketplace for extensions
tags: [admin]
linkTitle: Configure a private marketplace
weight: 30
aliases:
aliases:
- /desktop/extensions/private-marketplace/
---
{{% experimental title="Beta" %}}
This feature is currently in [Beta](/manuals/release-lifecycle.md#beta). It is available to Docker Business customers only.
{{% /experimental %}}
{{< summary-bar feature_name="Private marketplace" >}}
Learn how to configure and set up a private marketplace with a curated list of extensions for your Docker Desktop users.
It is designed specifically
Docker Extensions' private marketplace is designed specifically for organizations who dont give developers root access to their machines. It makes use of [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) so administrators have complete control over the private marketplace.
## Prerequisites
@ -85,7 +81,7 @@ Each setting has a `value` that you can set, including a `locked` field that let
To find out more information about the `admin-settings.json` file, see [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md).
## Step three: List allowed extensions
## Step three: List allowed extensions
The generated `extensions.txt` file defines the list of extensions that are available in your private marketplace.
@ -99,14 +95,14 @@ docker/disk-usage-extension:0.2.8
If no tag is provided, the latest tag available for the image is used. You can also comment out lines with `#` so the extension is ignored.
This list can include different types of extension images:
This list can include different types of extension images:
- Extensions from the public marketplace or any public image stored in Docker Hub.
- Extension images stored in Docker Hub as private images. Developers need to be signed in and have pull access to these images.
- Extension images stored in a private registry. Developers need to be signed in and have pull access to these images.
> [!IMPORTANT]
>
>
> Your developers can only install the version of the extension that youve listed.
## Step four: Generate the private marketplace
@ -139,7 +135,7 @@ $ /opt/docker-desktop/extension-admin generate
This creates an `extension-marketplace` directory and downloads the marketplace metadata for all the allowed extensions.
The marketplace content is generated from extension image information as image labels, which is the [same format as public extensions](extensions-sdk/extensions/labels.md). It includes the extension title, description, screenshots, links, etc.
The marketplace content is generated from extension image information as image labels, which is the [same format as public extensions](extensions-sdk/extensions/labels.md). It includes the extension title, description, screenshots, links, etc.
## Step five: Test the private marketplace setup
@ -186,7 +182,7 @@ When you select the **Extensions** tab, you should see the private marketplace l
Once youve confirmed that the private marketplace configuration works, the final step is to distribute the files to the developers machines with the MDM software your organization uses. For example, [Jamf](https://www.jamf.com/).
The files to distribute are:
The files to distribute are:
* `admin-settings.json`
* the entire `extension-marketplace` folder and its subfolders

6
content/manuals/scout/explore/exceptions.md
View File

@ -78,11 +78,7 @@ To view all exceptions for a specific image tag:
### View exceptions in the CLI
{{% experimental %}}
Viewing exceptions in the CLI is an experimental feature.
It requires the latest version of the Docker Scout CLI plugin.
Some exceptions may not appear correctly in the CLI.
{{% /experimental %}}
{{< summary-bar feature_name="Docker Scout exceptions" >}}
Vulnerability exceptions are highlighted in the CLI when you run `docker scout
cves <image>`. If a CVE is suppressed by an exception, a `SUPPRESSED` label

4
content/manuals/scout/integrations/source-code-management/github.md
View File

@ -5,9 +5,7 @@ description: Integrate Docker Scout using the GitHub app to get remediation advi
keywords: scout, github, integration, image analysis, supply chain, remediation, source code
---
{{% experimental title="Beta feature" %}}
The GitHub integration is currently in [Beta](../../../release-lifecycle.md#Beta).
{{% /experimental %}}
{{< summary-bar feature_name="Docker Scout GitHub" >}}
The GitHub app integration for Docker Scout grants Docker Scout access to your
source code repository on GitHub. This improved visibility into how your image

4
content/manuals/scout/policy/remediation.md
View File

@ -4,9 +4,7 @@ description: Learn how Docker Scout can help you improve your software quality a
keywords: scout, supply chain, security, remediation, automation
---
{{% experimental title="Beta feature" %}}
Remediation with Docker Scout is currently in [Beta](../../release-lifecycle.md#Beta).
{{% /experimental %}}
{{< summary-bar feature_name="Remediation with Docker Scout" >}}
Docker Scout helps you remediate supply chain or security issues by providing
recommendations based on policy evaluation results. Recommendations are

6
content/manuals/scout/policy/scores.md
View File

@ -6,11 +6,7 @@ description: |
keywords: scout, health scores, evaluation, checks, grades, docker hub
---
{{% restricted title="Beta" %}}
Health scores is a [Beta](/release-lifecycle/#beta) feature of Docker Scout.
The feature is only available to organizations selected to participate in the
early access program.
{{% /restricted %}}
{{< summary-bar feature_name="Docker Scout health scores" >}}
Docker Scout health scores provide a security assessment, and overall supply
chain health, of images on Docker Hub, helping you determine whether an image

4
content/manuals/security/for-admins/access-tokens.md
View File

@ -6,9 +6,7 @@ keywords: docker hub, security, OAT, organization access token
linkTitle: Organization access tokens (Beta)
---
{{% experimental title="Beta" %}}
The organization access tokens feature is currently in [Beta](../../release-lifecycle.md#beta).
{{% /experimental %}}
{{< summary-bar feature_name="OATs" >}}
> [!WARNING]
>

2
content/manuals/security/for-admins/domain-audit.md
View File

@ -9,6 +9,8 @@ aliases:
weight: 50
---
{{< summary-bar feature_name="Domain audit" >}}
Domain audit identifies uncaptured users in an organization. Uncaptured users are Docker users who have authenticated to Docker using an email address associated with one of your verified domains, but they're not a member of your organization in Docker. You can audit domains on organizations that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/).
Uncaptured users who access Docker Desktop in your environment may pose a security risk because your organization's security settings, like Image Access Management and Registry Access Management, aren't applied to a user's session. In addition, you won't have visibility into the activity of uncaptured users. You can add uncaptured users to your organization to gain visibility into their activity and apply your organization's security settings.

2
content/manuals/security/for-admins/enforce-sign-in/_index.md
View File

@ -11,6 +11,8 @@ aliases:
weight: 30
---
{{< summary-bar feature_name="Enforce sign-in" >}}
By default, members of your organization can use Docker Desktop without signing
in. When users dont sign in as a member of your organization, they dont
receive the [benefits of your organizations

2
content/manuals/security/for-admins/enforce-sign-in/methods.md
View File

@ -6,6 +6,8 @@ tags: [admin]
linkTitle: Methods
---
{{< summary-bar feature_name="Enforce sign-in" >}}
This page outlines the different methods for enforcing sign-in for Docker Desktop.
## Registry key method (Windows only)

4
content/manuals/security/for-admins/hardened-desktop/_index.md
View File

@ -32,9 +32,7 @@ grid:
weight: 60
---
> [!NOTE]
>
> Hardened Docker Desktop is available to Docker Business customers only.
{{< summary-bar feature_name="Hardened Docker Desktop" >}}
Hardened Docker Desktop is a group of security features, designed to improve the security of developer environments with minimal impact on developer experience or productivity.

2
content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md
View File

@ -7,7 +7,7 @@ aliases:
- /desktop/hardened-desktop/air-gapped-containers/
---
{{< introduced desktop 4.29.0 "/manuals/desktop/release-notes.md#4290" >}}
{{< summary-bar feature_name="Air-gapped containers" >}}
Air-gapped containers let you restrict containers from accessing network resources, limiting where data can be uploaded to or downloaded from.

6
content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md
View File

@ -9,13 +9,11 @@ aliases:
weight: 20
---
> [!NOTE]
>
> Enhanced Container Isolation is available to Docker Business customers only.
{{< summary-bar feature_name="Hardened Docker Desktop" >}}
Enhanced Container Isolation (ECI) provides an additional layer of security to prevent malicious workloads running in containers from compromising Docker Desktop or the host.
It uses a variety of advanced techniques to harden container isolation, but without impacting developer productivity.
It uses a variety of advanced techniques to harden container isolation, but without impacting developer productivity.
Enhanced Container Isolation ensures stronger container isolation and also locks in any security configurations that have been created by administrators, for instance through [Registry Access Management policies](/manuals/security/for-admins/hardened-desktop/registry-access-management.md) or with [Settings Management](../settings-management/_index.md).

2
content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/config.md
View File

@ -8,6 +8,8 @@ aliases:
weight: 30
---
{{< summary-bar feature_name="Hardened Docker Desktop" >}}
## Docker socket mount permissions
By default, when Enhanced Container Isolation (ECI) is enabled, Docker Desktop does not allow bind-mounting the

4
content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md
View File

@ -2,11 +2,13 @@
description: The benefits of enhanced container isolation
title: Key features and benefits
keywords: set up, enhanced container isolation, rootless, security, features, Docker Desktop
aliases:
aliases:
- /desktop/hardened-desktop/enhanced-container-isolation/features-benefits/
weight: 20
---
{{< summary-bar feature_name="Hardened Docker Desktop" >}}
## Linux user namespace on all containers
With Enhanced Container Isolation, all user containers leverage the [Linux user namespace](https://man7.org/linux/man-pages/man7/user_namespaces.7.html)

4
content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/how-eci-works.md
View File

@ -2,11 +2,13 @@
description: How Enhanced Container Isolation works
title: How does it work?
keywords: set up, enhanced container isolation, rootless, security
aliases:
aliases:
- /desktop/hardened-desktop/enhanced-container-isolation/how-eci-works/
weight: 10
---
{{< summary-bar feature_name="Hardened Docker Desktop" >}}
Docker implements Enhanced Container Isolation by using the [Sysbox
container runtime](https://github.com/nestybox/sysbox). Sysbox is a fork of the
standard OCI runc runtime that was modified to enhance standard container isolation and

4
content/manuals/security/for-admins/hardened-desktop/image-access-management.md
View File

@ -11,9 +11,7 @@ aliases:
weight: 40
---
> [!NOTE]
>
> Image Access Management is available to [Docker Business](/manuals/subscription/details.md#docker-business) customers only.
{{< summary-bar feature_name="Hardened Docker Desktop" >}}
Image Access Management gives you control over which types of images, such as Docker Official Images, Docker Verified Publisher Images, or community images, your developers can pull from Docker Hub.

4
content/manuals/security/for-admins/hardened-desktop/registry-access-management.md
View File

@ -11,9 +11,7 @@ aliases:
weight: 30
---
> [!NOTE]
>
> Registry Access Management is available to [Docker Business](/manuals/subscription/details.md) customers only.
{{< summary-bar feature_name="Registry access management" >}}
With Registry Access Management (RAM), administrators can ensure that their developers using Docker Desktop only access allowed registries. This is done through the Registry Access Management dashboard in Docker Hub or the Docker Admin Console.

4
content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md
View File

@ -10,9 +10,7 @@ aliases:
weight: 10
---
> [!NOTE]
>
> Settings Management is available to Docker Business customers only.
{{< summary-bar feature_name="Hardened Docker Desktop" >}}
Settings Management helps you control key Docker Desktop settings, like proxies and network configurations, on your developers' machines within your organization.

28
content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md
View File

@ -11,9 +11,7 @@ params:
text: EA
---
{{% restricted title="Early Access" %}}
Settings Management in the Docker Admin Console is an [early access](/release-lifecycle#early-access-ea) feature and is available to Docker Business customers only.
{{% /restricted %}}
{{< summary-bar feature_name="Admin Console" >}}
This page contains information for administrators on how to configure Settings Management with the Docker Admin Console. You can specify and lock configuration parameters to create a standardized Docker Desktop environment across your Docker company or organization.
@ -23,18 +21,18 @@ This page contains information for administrators on how to configure Settings M
- [Verify your domain](/manuals/security/for-admins/single-sign-on/configure.md#step-one-add-and-verify-your-domain).
- [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md). The Settings Management feature requires a Docker Business
subscription, therefore your Docker Desktop users must authenticate to your
organization for configurations to take effect.
organization for configurations to take effect.
## Create a settings policy
1. Within the [Docker Admin Console](https://admin.docker.com/) navigate to the company or organization you want to define a settings policy for.
2. Under the **Security and access** section, select **Desktop Settings Management**.
1. Within the [Docker Admin Console](https://admin.docker.com/) navigate to the company or organization you want to define a settings policy for.
2. Under the **Security and access** section, select **Desktop Settings Management**.
3. In the top-right corner, select **Create a settings policy**.
4. Give your settings policy a name and an optional description.
> [!TIP]
>
> If you have already configured Settings Management with an `admin-settings.json` file for an organization, you can upload it using the **Upload existing settings** button which then automatically populates the form for you.
> If you have already configured Settings Management with an `admin-settings.json` file for an organization, you can upload it using the **Upload existing settings** button which then automatically populates the form for you.
>
> Settings policies deployed via the Docker Admin Console take precedence over manually deployed `admin-settings.json` files.
@ -42,19 +40,19 @@ organization for configurations to take effect.
> [!NOTE]
>
> If a settings policy is assigned to all users, it sets the policy as the global default policy. You can only have one global settings policy at a time.
> If a user already has a user-specific settings policy assigned, the user-specific policy takes precedence over a global policy.
> If a settings policy is assigned to all users, it sets the policy as the global default policy. You can only have one global settings policy at a time.
> If a user already has a user-specific settings policy assigned, the user-specific policy takes precedence over a global policy.
> [!TIP]
>
> Before setting a global settings policy, it is recommended that you first test it as a user-specific policy to make sure you're happy with the changes before proceeding.
> Before setting a global settings policy, it is recommended that you first test it as a user-specific policy to make sure you're happy with the changes before proceeding.
6. Configure the settings for the policy. Go through each setting and select your chosen setting state. You can choose:
- **User-defined**. Your developers are able to control and change this setting.
- **User-defined**. Your developers are able to control and change this setting.
- **Always enabled**. This means the setting is turned on and your users won't be able to edit this setting from Docker Desktop or the CLI.
- **Enabled**. The setting is turned on and users can edit this setting from Docker Desktop or the CLI.
- **Always disabled**. This means the setting is turned off and your users won't be able to edit this setting from Docker Desktop or the CLI.
- **Disabled**. The setting is turned off and users can edit this setting from Docker Desktop or the CLI.
- **Disabled**. The setting is turned off and users can edit this setting from Docker Desktop or the CLI.
7. Select **Create**
For the settings policy to take effect:
@ -69,13 +67,13 @@ To avoid disrupting your users' workflows, Docker doesn't automatically require
> [!NOTE]
>
> Settings are synced to Docker Desktop and the CLI when a user is signed in and starts Docker Desktop, and then every 60 minutes.
> Settings are synced to Docker Desktop and the CLI when a user is signed in and starts Docker Desktop, and then every 60 minutes.
If your settings policy needs to be rolled back, either delete the policy or edit the policy to set individual settings to **User-defined**.
## Settings policy actions
From the **Actions** menu on the **Desktop Settings Management** page in the Docker Admin Console, you can:
- Edit or delete an existing settings policy.
- Edit or delete an existing settings policy.
- Export a settings policy as an `admin-settings.json` file.
- Promote a policy that is applied to a select group of users, to be the new global default policy for all users.
- Promote a policy that is applied to a select group of users, to be the new global default policy for all users.

4
content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
View File

@ -9,9 +9,7 @@ aliases:
- /security/for-admins/hardened-desktop/settings-management/configure/
---
> [!NOTE]
>
> Settings Management is available to Docker Business customers only.
{{< summary-bar feature_name="Hardened Docker Desktop" >}}
This page contains information on how to configure Settings Management with an `admin-settings.json` file. You can specify and lock configuration parameters to create a standardized Docker Desktop environment across your company or organization.

2
content/manuals/security/for-admins/provisioning/_index.md
View File

@ -6,6 +6,8 @@ linkTitle: Provision
weight: 20
---
{{< summary-bar feature_name="SSO" >}}
Once you've configured your SSO connection, the next step is to provision users. This process ensures that users can access your organization.
This guide provides an overview of user provisioning and supported provisioning methods.

2
content/manuals/security/for-admins/provisioning/group-mapping.md
View File

@ -10,6 +10,8 @@ aliases:
weight: 40
---
{{< summary-bar feature_name="SSO" >}}
Group mapping lets you sync user groups from your identity provider (IdP) with teams in your Docker organization. This automates team membership management, keeping your Docker teams up to date based on changes in your IdP. You can use group mapping once you have configured [single sign-on (SSO)](../single-sign-on/_index.md).
> [!TIP]

2
content/manuals/security/for-admins/provisioning/just-in-time.md
View File

@ -5,6 +5,8 @@ title: Just-in-Time provisioning
linkTitle: Just-in-Time
---
{{< summary-bar feature_name="SSO" >}}
Just-in-Time (JIT) provisioning automatically creates and updates user accounts after every successful single sign-on (SSO) authentication. JIT verifies that the user signing in belongs to the organization and the teams assigned to them in your identity provider (IdP). When you [create your SSO connection](../single-sign-on/_index.md), JIT provisioning is turned on by default.
## SSO authentication with JIT provisioning enabled

2
content/manuals/security/for-admins/provisioning/scim.md
View File

@ -9,6 +9,8 @@ aliases:
weight: 30
---
{{< summary-bar feature_name="SSO" >}}
System for Cross-domain Identity Management (SCIM) is available for Docker Business customers. This guide provides an overview of SCIM provisioning.
## How SCIM works

4
content/manuals/security/for-admins/roles-and-permissions.md
View File

@ -2,13 +2,15 @@
description: >
Use roles in your organization to control who has access to content,
registry, and organization management permissions.
keywords: members, teams, organization, company, roles, access, docker hub, admin console, security
keywords: members, teams, organization, company, roles, access, docker hub, admin console, security
title: Roles and permissions
aliases:
- /docker-hub/roles-and-permissions/
weight: 40
---
{{< summary-bar feature_name="General admin" >}}
Organization and company owners can assign roles to individuals giving them different permissions in the organization. This guide outlines Docker's organization roles and their permission scopes.
## Roles

2
content/manuals/security/for-admins/single-sign-on/_index.md
View File

@ -10,6 +10,8 @@ aliases:
weight: 10
---
{{< summary-bar feature_name="SSO" >}}
Single sign-on (SSO) lets users access Docker by authenticating using their identity providers (IdPs). SSO is available for a whole company, and all associated organizations within that company, or an individual organization that has a Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/).
## How SSO works

4
content/manuals/security/for-admins/single-sign-on/configure.md
View File

@ -1,6 +1,6 @@
---
description: Learn how to configure single sign-on for your organization or company.
keywords: configure, sso, docker hub, hub, docker admin, admin, security
keywords: configure, sso, docker hub, hub, docker admin, admin, security
title: Configure single sign-on
linkTitle: Configure
aliases:
@ -12,6 +12,8 @@ aliases:
- /admin/organization/security-settings/sso-configuration/
---
{{< summary-bar feature_name="SSO" >}}
Get started creating a single sign-on (SSO) connection for your organization or company. This guide walks through the steps to add and verify the domains your members use to sign in to Docker.
## Step one: Add your domain

2
content/manuals/security/for-admins/single-sign-on/connect.md
View File

@ -5,6 +5,8 @@ title: Create an SSO connection
linkTitle: Connect
---
{{< summary-bar feature_name="SSO" >}}
Creating a single sign-on (SSO) connection requires setting up the connection in Docker first, followed by setting up the connection in your identity provider (IdP). This guide provides steps for setting up your SSO connection in Docker and your IdP.
> [!TIP]

2
content/manuals/security/for-admins/single-sign-on/manage.md
View File

@ -8,6 +8,8 @@ aliases:
- /single-sign-on/manage/
---
{{< summary-bar feature_name="SSO" >}}
## Manage organizations
> [!NOTE]

4
content/reference/cli/docker/desktop/_index.md
View File

@ -5,6 +5,4 @@ title: docker desktop (Beta)
layout: cli
---
{{% experimental title="Beta" %}}
Docker Desktop CLI is currently in [Beta](/manuals/release-lifecycle.md#beta).
{{% /experimental %}}
{{< summary-bar feature_name="Docker Desktop CLI" >}}

114
data/summary.yaml Normal file
View File

@ -0,0 +1,114 @@
Activity logs:
subscription: [Team, Business]
for: Administrators
Admin Console:
subscription: [Business]
availability: Early access
for: Administrators
Admin orgs:
subscription: [Team, Business]
for: Administrators
Air-gapped containers:
requires: Docker Desktop 4.29.0 and later
Allow list:
for: Administrators
Amazon S3 cache:
availability: Experimental
Ask Gordon:
availability: Beta
Automated builds:
subscription: [Pro, Team, Business]
Azure blob:
availability: Experimental
Build bake:
availability: Experimental
Build checks:
availability: Beta
requires: Buildx v0.15.0 and later
Cache backend API:
availability: Experimental
Company:
subscription: [Business]
for: Administrators
Compose bridge:
availability: Experimental
containerd:
availability: Experimental
Dev Environments:
availability: Beta
Docker Build Cloud:
subscription: [Pro, Team, Business]
docker compose alpha:
availability: Experimental
Docker Desktop Archlinux:
availability: Experimental
Docker Desktop CLI:
availability: Beta
requires: Docker Desktop 4.37 and later
Docker GitHub Copilot:
availability: Early access
Docker Scout exceptions:
availability: Experimental
requires: Docker Scout CLI 1.15.0 and later
Docker Scout GitHub:
availability: Beta
Docker Scout health scores:
subscription: [Pro, Team, Business]
availability: Beta
Domain audit:
subscription: [Business]
for: Administrators
Enforce sign-in:
subscription: [Business]
for: Administrators
General admin:
for: Administrators
GitHub Actions cache:
availability: Experimental
Hardened Docker Desktop:
subscription: [Business]
for: Administrators
Import builds:
availability: Beta
requires: Docker Desktop 4.31 and later
Insights:
subscription: [Business]
for: Administrators
Intune:
for: Administrators
Jamf Pro:
for: Administrators
MSI Installer:
availability: Docker Desktop 4.32 and later
for: Administrators
OATs:
subscription: [Team, Business]
availability: Beta
PKG installer:
subscription: [Business]
availability: Early access
requires: Docker Desktop 4.36 and later
for: Administrators
Private marketplace:
availability: Beta
for: Administrators
Remediation with Docker Scout:
availability: Beta
Registry access management:
subscription: [Business]
for: Administrators
SSO:
subscription: [Business]
for: Administrators
Synchronized file sharing:
subscription: [Pro, Team, Business]
requires: Docker Desktop 4.27 and later
USB/IP support:
requires: Docker Desktop 4.35.0 and later
VMM:
availability: Beta
requires: Docker Desktop 4.35.0 and later
Wasm workloads:
availability: Beta
Wasmtime:
availability: Experimental

77
layouts/shortcodes/summary-bar.html Normal file
View File

@ -0,0 +1,77 @@
{{ $featureName := .Get "feature_name" }}
{{ $feature := index site.Data.summary $featureName }}
{{ if not $feature }}
{{ errorf "[summary-bar] invalid feature: %s %v" $featureName .Position }}
{{ end }}
{{ if $feature }}
{{ $subscriptionIcons := dict
"Business" "domain"
"Team" "groups"
"Pro" "person_add"
"Personal" "person"
"Available to all" "public"
}}
{{ $availabilityIcons := dict
"Experimental" "science"
"Beta" "bolt"
"Early access" "rocket_launch"
"GA" "check_circle"
"Retired" "package_2"
}}
{{ $requiresIcon := "browser_updated" }}
{{ $forIcon := "admin_panel_settings" }}
<div class="flex flex-col bg-gray-light-200 bg-opacity-75 dark:bg-gray-dark-300 dark:bg-opacity-75 border-l-4 border-gray-light-200 px-4 py-1 my-1 not-prose">
{{ with $feature.subscription }}
<div class="flex items-center gap-1">
<span class="font-bold">Subscription:</span>
{{ range . }}
<span>{{ . }}</span>
<span class="icon-svg">
{{ $icon := index $subscriptionIcons . }}
{{ if $icon }}
{{ partial "icon" $icon }}
{{ else }}
{{ partial "icon" "default_icon" }}
{{ end }}
</span>
{{ end }}
</div>
{{ end }}
{{ with $feature.availability }}
<div class="flex items-center gap-1">
<span class="font-bold">Availability:</span>
<span>{{ . }}</span>
<span class="icon-svg">
{{ $icon := index $availabilityIcons . }}
{{ if $icon }}
{{ partial "icon" $icon }}
{{ else }}
{{ partial "icon" "default_icon" }}
{{ end }}
</span>
</div>
{{ end }}
{{ with $feature.requires }}
<div class="flex items-center gap-1">
<span class="font-bold">Requires:</span>
<span>{{ . }}</span>
<span class="icon-svg">
{{ partial "icon" $requiresIcon }}
</span>
</div>
{{ end }}
{{ with $feature.for }}
<div class="flex items-center gap-1">
<span class="font-bold">For:</span>
<span>{{ . }}</span>
<span class="icon-svg">
{{ partial "icon" $forIcon }}
</span>
</div>
{{ end }}
</div>
{{ end }}