Merge pull request #13703 from docker/master

Publish updates from master

config/containers/runmetrics.md

@@ -62,10 +62,10 @@ If `/sys/fs/cgroup/cgroup.controllers` is present on your system, you are using
 otherwise you are using v1.
 Refer to the subsection that corresponds to your cgroup version.
 
-> **Note**
+cgroup v2 is used by default on the following distributions:
->
+- Fedora (since 31)
-> As of 2020, Fedora is the only well-known Linux distributon that uses cgroup v2 by default.
+- Debian GNU/Linux (since 11)
-> Fedora uses cgroup v2 by default since Fedora 31.
+- Ubuntu (since 21.10)
 
 #### cgroup v1
 You can look into `/proc/cgroups` to see the different control group subsystems

desktop/windows/install.md

@@ -111,7 +111,7 @@ Looking for information on using Windows containers?
 
 4. When the installation is successful, click **Close** to complete the installation process.
 
-5. If your admin account is different to your user account, you must add the user to the **docker-users** group. Run **Computer Management** as an administrator and navigate to **Local Users and Groups** > **Groups** > **docker-users**. Right-click to add the user to the group.
+5. If your admin account is different to your user account, you must add the user to the **docker-users** group. Run **Computer Management** as an **administrator** and navigate to **Local Users and Groups** > **Groups** > **docker-users**. Right-click to add the user to the group.
 Log out and log back in for the changes to take effect.
 
 ## Start Docker Desktop

docker-hub/access-tokens.md

@@ -4,8 +4,8 @@ description: Learn how to create and manage your personal Docker Hub access toke
 keywords: docker hub, hub, security, PAT, personal access token
 ---
 
-Docker Hub lets you create personal access tokens as alternatives to your password.
+Docker Hub lets you create personal access tokens as alternatives to your password. You can use tokens to 
-You can use tokens to access Hub images from the Docker CLI.
+access Hub images from the Docker CLI.
 
 Using personal access tokens provides some advantages over a password:
 
@@ -14,6 +14,10 @@ Using personal access tokens provides some advantages over a password:
 * When using an access token, you can't perform any admin activity on the account,
   including changing the password. It protects your account if your computer is compromised.
   
+Docker provides a [Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"}
+tool (currently experimental) and an API that allows you to interact with Docker Hub. Browse 
+through the [Docker Hub API](/docker-hub/api/latest/){: target="_blank" rel="noopener" class="_"} documentation to explore the supported endpoints.
+
 > **Important**
 >
 > Treat access tokens like your password and keep them secret. Store your
@@ -47,15 +51,21 @@ You can create as many tokens as you need.
 
       ![PAT Menu](images/hub-create-token.png){:width="700px"}
 
+The access permissions are scopes that set restrictions in your
+repositories. For example, for Read & Write permissions, an automation
+pipeline can build an image and then push it to a repository. However, it
+can not delete the repository.
+
 5. The table below lists the tokens available in each subscription:
 
+
     | Feature   | Personal | Pro | Team | Business |
     | --------------------- | ---- | ----- | ----- |----- |
-    | Personal Access Tokens (read, write, delete scope only)*    |  x |   x  |   x  |   x  |
+    | Personal Access Tokens (read, write, delete scope only)*    |![yes](/images/green-check.svg)| ![yes](/images/green-check.svg) |![yes](/images/green-check.svg) |![yes](/images/green-check.svg)|
-    | Scoped Personal Access Tokens  |      | x   |   x   |   x  |
+    | Scoped Personal Access Tokens  | |![yes](/images/green-check.svg)|   ![yes](/images/green-check.svg)|![yes](/images/green-check.svg)|
-    | Unlimited Personal Access Tokens   |      |       |   x   |   x  |
+    | Unlimited Personal Access Tokens   |      |       |  ![yes](/images/green-check.svg)|![yes](/images/green-check.svg)|
 
-      >*You can create 1 access token as part of the Docker Personal tier, 5 tokens as part of Docker Pro, and Unlimited tokens as part of Docker Team and Business tier.
+      *You can create 1 access token as part of the Docker Personal subscription, 5 tokens as part of Docker Pro, and Unlimited tokens as part of Docker Team and Business subscriptions.
       For more information, see [Docker Pricing](https://www.docker.com/pricing?utm_source=docker&utm_medium=webreferral&utm_campaign=docs_driven_upgrade){: target="_blank" rel="noopener" class="_"}.
 
 6. Copy the token that appears on the screen and save it. You will not be able
@@ -95,10 +105,3 @@ You can rename, activate, deactivate, or delete a token as needed.
       ![Modify Token](images/hub-edit-token.png){:width="700px"}
 
 3. After modifying the token, click the **Save** button to save your changes.
-
-> **Tip: Docker Hub CLI and API**
->
-> Docker provides a [Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"}
-> tool (currently experimental) and an API that allows you to interact with Docker
-> Hub. Browse through the [Docker Hub API](/docker-hub/api/latest/){: target="_blank" rel="noopener" class="_"}
-> documentation to explore the supported endpoints.

docker-hub/builds/advanced.md

@@ -30,6 +30,7 @@ If you are using these build environment variables in a
 service's environment as shown below.
 
 ```none
+services:
   sut:
     build: .
     command: run_tests.sh

docker-hub/builds/automated-testing.md

@@ -25,6 +25,7 @@ contains the Dockerfile used to build the image.
 For example:
 
 ```none
+services:
   sut:
     build: .
     command: run_tests.sh
@@ -37,10 +38,8 @@ You can define any number of linked services in this file. The only requirement
 is that `sut` is defined. Its return code determines if tests passed or not.
 Tests **pass** if the `sut` service returns `0`, and **fail** otherwise.
 
-> **Note**: Only the `sut` service and all other services listed in `depends_on`
+> **Note**: Only the `sut` service and all other services listed in [`depends_on`](https://docs.docker.com/compose/compose-file/compose-file-v2/#depends_on) are started. For instance, if you have services that poll for changes in other services, be sure to include the polling services in the [`depends_on`](https://docs.docker.com/compose/compose-file/compose-file-v2/#depends_on) list to make sure all of your services start.
-are started. For instance, if you have services that poll for changes in other
+Also make sure to include a compose file version from 2.0 upward as `depends_on` was added in [version 2.0](https://docs.docker.com/compose/compose-file/compose-versioning/#version-2) file format.
-services, be sure to include the polling services in the `depends_on` list to
-make sure all of your services start.
 
 You can define more than one `docker-compose.test.yml` file if needed. Any file
 that ends in `.test.yml` is used for testing, and the tests run sequentially.

docker-hub/image-access-management.md

@@ -100,3 +100,9 @@ To ensure that each org member uses images in a safe and secure environment, you
         `Documents/registry.json /Library/Application\ Support/com.docker.docker/registry.json`
 
         Congratulations, you have just created the registry.json file.
+
+3. To confirm that the restrictions are successful, have each org member pull an image onto their local computer after signing into Docker Desktop. If they are unable to sign in, they will receive an error message.
+
+    For example, if you enable Image Access Management, your members can pull an Organization Image, Docker Official Image, or Verified Publisher Image onto their local machine. If you disable the restrictions, your members can pull any image, including Community Images.
+
+     ![Image Access Management](images/image-access-management-error.png){:width="700px"}

engine/install/binaries.md

@@ -9,23 +9,43 @@ redirect_from:
 - /installation/binaries/
 ---
 
-> **Note**: You may have been redirected to this page because there is no longer
+> **Important**
-> a dynamically-linked Docker package for your Linux distribution.
+>
+> This page contains information on how to install Docker using binaries. These
+> instructions are mostly suitable for testing purposes. We do not recommend
+> installing Docker using binaries in production environments as they will not be
+> updated automatically with security updates. The Linux binaries described on this
+> page are statically linked, which means that vulnerabilities in build-time
+> dependencies are not automatically patched by security updates of your Linux
+> distribution.
+>
+> Updating binaries is also slightly more involved when compared to Docker packages
+> installed using a package manager or through Docker Desktop, as it requires
+> (manually) updating the installed version whenever there is a new release of
+> Docker.
+>
+> Also, static binaries may not include all functionalities provided by the dynamic
+> packages.
+>
+> On Windows and Mac, we recommend that you install [Docker Desktop](../../desktop/index.md)
+> instead. For Linux, we recommend that you follow the instructions specific for
+> your distribution.
+{: .important}
 
 If you want to try Docker or use it in a testing environment, but you're not on
 a supported platform, you can try installing from static binaries. If possible,
 you should use packages built for your operating system, and use your operating
 system's package management system to manage Docker installation and upgrades.
-Be aware that 32-bit static binary archives do not include the Docker daemon.
 
 Static binaries for the Docker daemon binary are only available for Linux (as
-`dockerd`). 
+`dockerd`) and Windows (as `dockerd.exe`).
-Static binaries for the Docker client are available for Linux and macOS (as `docker`).
+Static binaries for the Docker client are available for Linux, Windows, and macOS (as `docker`).
 
-This topic discusses binary installation for both Linux and macOS:
+This topic discusses binary installation for Linux, Windows, and macOS:
 
 - [Install daemon and client binaries on Linux](#install-daemon-and-client-binaries-on-linux)
 - [Install client binaries on macOS](#install-client-binaries-on-macos)
+- [Install server and client binaries on Windows](#install-server-and-client-binaries-on-windows)
 
 ## Install daemon and client binaries on Linux
 
@@ -78,8 +98,7 @@ instructions for enabling and configuring AppArmor or SELinux.
 ### Install static binaries
 
 1.  Download the static binary archive. Go to
-    [https://download.docker.com/linux/static/stable/](https://download.docker.com/linux/static/stable/)
+    [https://download.docker.com/linux/static/stable/](https://download.docker.com/linux/static/stable/),
-    (or change `stable` to `nightly` or `test`),
     choose your hardware platform, and download the `.tgz` file relating to the
     version of Docker Engine you want to install.
 
@@ -120,13 +139,23 @@ instructions for enabling and configuring AppArmor or SELinux.
 
 ## Install client binaries on macOS
 
-The macOS binary includes the Docker client only. It does not include the
+> **Note**
-`dockerd` daemon.
+>
+> The following instructions are mostly suitable for testing purposes. The macOS
+> binary includes the Docker client only. It does not include the `dockerd` daemon
+> which is required to run containers. Therefore, we recommend that you install
+> [Docker Desktop](../../desktop/index.md) instead.
+
+The binaries for Mac also do not contain:
+
+- A runtime environment. You must set up a functional engine either in a Virtual Machine, or on a remote Linux machine.
+- Docker components such as `buildx`, `docker scan`, and `docker compose`.
+
+To install client binaries, perform the following steps:
 
 1.  Download the static binary archive. Go to
-    [https://download.docker.com/mac/static/stable/x86_64/](https://download.docker.com/mac/static/stable/x86_64/),
+    [https://download.docker.com/mac/static/stable/](https://download.docker.com/mac/static/stable/) and select `x86_64` (for Mac on Intel chip) or `aarch64` (for Mac on Apple silicon),
-    (or change `stable` to `nightly` or `test`),
+    and then download the `.tgz` file relating to the version of Docker Engine you want
-    and download the `.tgz` file relating to the version of Docker Engine you want
     to install.
 
 2.  Extract the archive using the `tar` utility. The `docker` binary is
@@ -138,12 +167,6 @@ The macOS binary includes the Docker client only. It does not include the
 
 3.  Clear the extended attributes to allow it run.
 
-    In case executing `docker/docker` you get the error message: *'docker' is*
-    *damaged and cannot be opened. You should move it to the bin.*
-    
-    Apple takes care about our security. Hence, we need to remove the security 
-    mechanism preventing us running the executable.
-    
     ```console
     $ sudo xattr -rc docker
     ```
@@ -173,6 +196,48 @@ The macOS binary includes the Docker client only. It does not include the
     This command downloads a test image and runs it in a container. When the
     container runs, it prints a message and exits.
 
+## Install server and client binaries on Windows
+
+> **Note**
+>
+> The following section describes how to install the Docker daemon on Windows
+> Server which allows you to run Windows containers only. The binaries for
+> Windows do not contain Docker components such as `buildx`, `docker scan`, and
+> `docker compose`. If you are running Windows 10 or 11, we recommend that you
+> install [Docker Desktop](../../desktop/index.md) instead.
+
+Binary packages on Windows include both `dockerd.exe` and `docker.exe`. On Windows,
+these binaries only provide the ability to run native Windows containers (not
+Linux containers).
+
+To install server and client binaries, perform the following steps:
+
+1. Download the static binary archive. Go to
+    [https://download.docker.com/win/static/stable/x86_64](https://download.docker.com/win/static/stable/x86_64) and select the latest version from the list.
+
+2. Run the following PowerShell commands to install and extract the archive to your program files:
+
+    ```powershell
+    PS C:\> Expand-Archive /path/to/<FILE>.zip -DestinationPath $Env:ProgramFiles
+    ```
+
+3. Register the service and start the Docker Engine:
+
+    ```powershell
+    PS C:\> $Env:ProgramFiles\Docker\dockerd --register-service
+    PS C:\> Start-Service docker
+    ```
+
+4.  Verify that Docker is installed correctly by running the `hello-world`
+    image.
+
+    ```powershell
+    PS C:\> $Env:ProgramFiles\Docker\docker run hello-world:nanoserver
+    ```
+
+    This command downloads a test image and runs it in a container. When the
+    container runs, it prints a message and exits.
+
 ## Upgrade static binaries
 
 To upgrade your manual installation of Docker Engine, first stop any