From 4819584bc1774083ee192c79c990dfdb7b6d505f Mon Sep 17 00:00:00 2001 From: Jerae Duffin Date: Mon, 23 May 2022 13:29:25 -0500 Subject: [PATCH 1/7] updated RAM --- _data/toc.yaml | 2 ++ docker-hub/registry-access-management.md | 6 +----- network/host.md | 4 +++- registry/deploying.md | 1 + 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index 14a9359633..16b5e1cafb 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1519,6 +1519,8 @@ manuals: title: FAQs - path: /docker-hub/image-access-management/ title: Image Access Management + - path: /docker-hub/registry-access-management/ + title: Registry Access Management - path: /docker-hub/onboarding-faqs/ title: Onboarding FAQs diff --git a/docker-hub/registry-access-management.md b/docker-hub/registry-access-management.md index 0d93e8131f..960e3fee4d 100644 --- a/docker-hub/registry-access-management.md +++ b/docker-hub/registry-access-management.md @@ -6,10 +6,6 @@ title: Registry Access Management Registry Access Management is a feature available to organizations with a Docker Business subscription. This feature lets organization owners manage the registries that their developers can access while using Docker Desktop. When using this feature, organization owners can ensure that their developers can only access their trusted registries, such as a secure private registry on Artifactory, thereby reducing the security risks that can occur when developers interact with public registries. -> **Note** -> -> Registry Access Management is currently offered as a closed beta to a closed group of Docker Business customers. -{: .important} ## Configure Registry Access Management permissions @@ -39,7 +35,7 @@ To ensure that each org member uses Registry Access Management on their local ma 1. Download the latest version of Docker Desktop, and then 2. Create a `registry.json` file. -Download Docker Desktop 4.5 or a later release. +Download Docker Desktop 4.8 or a later release. - [Download and install for Windows](/desktop/windows/install/) - [Download and install for Mac](/desktop/mac/install/) diff --git a/network/host.md b/network/host.md index d7ed3706c3..e5bb02820c 100644 --- a/network/host.md +++ b/network/host.md @@ -11,7 +11,9 @@ For instance, if you run a container which binds to port 80 and you use `host` networking, the container's application is available on port 80 on the host's IP address. -> **Note**: Given that the container does not have its own IP-address when using +> **Note** +> +> Given that the container does not have its own IP-address when using > `host` mode networking, [port-mapping](overlay.md#publish-ports) does not > take effect, and the `-p`, `--publish`, `-P`, and `--publish-all` option are > ignored, producing a warning instead: diff --git a/registry/deploying.md b/registry/deploying.md index f9e77d4f9b..5bf2ca5cc2 100644 --- a/registry/deploying.md +++ b/registry/deploying.md @@ -31,6 +31,7 @@ The registry is now ready to use. > TLS and should ideally use an access-control mechanism. Keep reading and then > continue to the [configuration guide](configuration.md) to deploy a > production-ready registry. +{: .important} ## Copy an image from Docker Hub to your registry From 6e2f117b559a76f8a52804886307cbac793c39c2 Mon Sep 17 00:00:00 2001 From: Jerae Duffin Date: Tue, 24 May 2022 08:19:50 -0500 Subject: [PATCH 2/7] updated verify restrictions --- docker-hub/registry-access-management.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-hub/registry-access-management.md b/docker-hub/registry-access-management.md index 960e3fee4d..2063b03cf6 100644 --- a/docker-hub/registry-access-management.md +++ b/docker-hub/registry-access-management.md @@ -40,13 +40,13 @@ Download Docker Desktop 4.8 or a later release. - [Download and install for Windows](/desktop/windows/install/) - [Download and install for Mac](/desktop/mac/install/) -{% include configure-registry-json.md %} +## Creating a registry.json file -## Verify the restrictions +When creating a registry.json file, ensure that the developer is a member of at least one organization in Docker Hub. If the registry.json file matches at least one organization the developer is a member of, they can sign in to Docker Desktop and access all their organizations. Learn more on how to create a registry.json file on [Windows](/docker-hub/configure-sign-in/#windows) or [Mac](docker-hub/configure-sign-in/#mac). - After you’ve created the registry.json file and deployed it onto the developers’ machines, you can verify whether the changes have taken effect by asking the developers to start Docker Desktop. +{## Verify the restrictions - If the configuration is successful, Docker Desktop prompts the developer to authenticate using the organization credentials on start. If the developer fails to authenticate, or authenticates as a developer in the wrong organization they will see an error message, and they will be denied access to Docker Desktop. + The new Registry Access Management policy should be in place after the developer successfully authenticates to Docker Desktop using their organization credentials. The developer can attempt to pull an image from a disallowed registry via the Docker CLI. They will then receive an error message that your organization disallows this container registry. ### Caveats From 3cf9e5ba1dd8a6f7204f7e071c19e62d3235932b Mon Sep 17 00:00:00 2001 From: Jerae Duffin Date: Tue, 24 May 2022 10:03:22 -0500 Subject: [PATCH 3/7] updated link --- docker-hub/registry-access-management.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-hub/registry-access-management.md b/docker-hub/registry-access-management.md index 2063b03cf6..2b4e74c9d6 100644 --- a/docker-hub/registry-access-management.md +++ b/docker-hub/registry-access-management.md @@ -42,9 +42,10 @@ Download Docker Desktop 4.8 or a later release. ## Creating a registry.json file -When creating a registry.json file, ensure that the developer is a member of at least one organization in Docker Hub. If the registry.json file matches at least one organization the developer is a member of, they can sign in to Docker Desktop and access all their organizations. Learn more on how to create a registry.json file on [Windows](/docker-hub/configure-sign-in/#windows) or [Mac](docker-hub/configure-sign-in/#mac). +When creating a `registry.json` file, ensure that the developer is a member of at least one organization in Docker Hub. If the `registry.json` file matches at least one organization the developer is a member of, they can sign in to Docker Desktop and access all their organizations. Learn more on how to create a registry.json file on [Windows](/configure-sign-in/#windows) or [Mac] +(/configure-sign-in/#mac). -{## Verify the restrictions +## Verify the restrictions The new Registry Access Management policy should be in place after the developer successfully authenticates to Docker Desktop using their organization credentials. The developer can attempt to pull an image from a disallowed registry via the Docker CLI. They will then receive an error message that your organization disallows this container registry. From cfaff3a266ccabf00a5fd4e2ee3828726b835af4 Mon Sep 17 00:00:00 2001 From: Jerae Duffin Date: Tue, 24 May 2022 10:05:29 -0500 Subject: [PATCH 4/7] updated mac link --- docker-hub/registry-access-management.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-hub/registry-access-management.md b/docker-hub/registry-access-management.md index 2b4e74c9d6..e445cbe92c 100644 --- a/docker-hub/registry-access-management.md +++ b/docker-hub/registry-access-management.md @@ -42,8 +42,7 @@ Download Docker Desktop 4.8 or a later release. ## Creating a registry.json file -When creating a `registry.json` file, ensure that the developer is a member of at least one organization in Docker Hub. If the `registry.json` file matches at least one organization the developer is a member of, they can sign in to Docker Desktop and access all their organizations. Learn more on how to create a registry.json file on [Windows](/configure-sign-in/#windows) or [Mac] -(/configure-sign-in/#mac). +When creating a `registry.json` file, ensure that the developer is a member of at least one organization in Docker Hub. If the `registry.json` file matches at least one organization the developer is a member of, they can sign in to Docker Desktop and access all their organizations. Learn more on how to create a registry.json file on [Windows](/configure-sign-in/#windows) or [Mac](/configure-sign-in/#mac). ## Verify the restrictions From a7449969b0beaff8467d09a40d57a960eca9a169 Mon Sep 17 00:00:00 2001 From: Jerae Duffin Date: Tue, 24 May 2022 10:15:43 -0500 Subject: [PATCH 5/7] updated introduction --- docker-hub/registry-access-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-hub/registry-access-management.md b/docker-hub/registry-access-management.md index e445cbe92c..90e52fc508 100644 --- a/docker-hub/registry-access-management.md +++ b/docker-hub/registry-access-management.md @@ -4,7 +4,7 @@ keywords: registry, access, managment title: Registry Access Management --- -Registry Access Management is a feature available to organizations with a Docker Business subscription. This feature lets organization owners manage the registries that their developers can access while using Docker Desktop. When using this feature, organization owners can ensure that their developers can only access their trusted registries, such as a secure private registry on Artifactory, thereby reducing the security risks that can occur when developers interact with public registries. +Registry Access Management is a feature available to organizations with a Docker Business subscription. With Registry Access Management, organization owners can ensure that their developers using Docker Desktop can only access registries that have been allow-listed via the Registry Access Management dashboard on Docker Hub (for example, a private Artifactory registry). ## Configure Registry Access Management permissions From aacc3e28b68a3f995d0b71a6a835c754c8e7ebc7 Mon Sep 17 00:00:00 2001 From: Jerae Duffin Date: Tue, 24 May 2022 10:37:54 -0500 Subject: [PATCH 6/7] updated registry.json --- docker-hub/registry-access-management.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docker-hub/registry-access-management.md b/docker-hub/registry-access-management.md index 90e52fc508..fc81953771 100644 --- a/docker-hub/registry-access-management.md +++ b/docker-hub/registry-access-management.md @@ -6,6 +6,12 @@ title: Registry Access Management Registry Access Management is a feature available to organizations with a Docker Business subscription. With Registry Access Management, organization owners can ensure that their developers using Docker Desktop can only access registries that have been allow-listed via the Registry Access Management dashboard on Docker Hub (for example, a private Artifactory registry). +## Requirements: + +Download Docker Desktop v4.8 or a later release. + +- [Download and install for Windows](/desktop/windows/install/) +- [Download and install for Mac](/desktop/mac/install/) ## Configure Registry Access Management permissions @@ -35,14 +41,9 @@ To ensure that each org member uses Registry Access Management on their local ma 1. Download the latest version of Docker Desktop, and then 2. Create a `registry.json` file. -Download Docker Desktop 4.8 or a later release. - -- [Download and install for Windows](/desktop/windows/install/) -- [Download and install for Mac](/desktop/mac/install/) - ## Creating a registry.json file -When creating a `registry.json` file, ensure that the developer is a member of at least one organization in Docker Hub. If the `registry.json` file matches at least one organization the developer is a member of, they can sign in to Docker Desktop and access all their organizations. Learn more on how to create a registry.json file on [Windows](/configure-sign-in/#windows) or [Mac](/configure-sign-in/#mac). +Create a `registry.json` file, by following the instructions for [Windows and Mac](/docker-hub/configure-sign-in/). ## Verify the restrictions From b368b8eb398f4328c149045691e9273f055a13e9 Mon Sep 17 00:00:00 2001 From: Jerae Duffin Date: Tue, 24 May 2022 10:39:25 -0500 Subject: [PATCH 7/7] updated content --- docker-hub/registry-access-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-hub/registry-access-management.md b/docker-hub/registry-access-management.md index fc81953771..e3747c1740 100644 --- a/docker-hub/registry-access-management.md +++ b/docker-hub/registry-access-management.md @@ -47,7 +47,7 @@ Create a `registry.json` file, by following the instructions for [Windows and Ma ## Verify the restrictions - The new Registry Access Management policy should be in place after the developer successfully authenticates to Docker Desktop using their organization credentials. The developer can attempt to pull an image from a disallowed registry via the Docker CLI. They will then receive an error message that your organization disallows this container registry. + The new Registry Access Management policy should be in place after the developer successfully authenticates to Docker Desktop using their organization credentials. The developer can attempt to pull an image from a disallowed registry via the Docker CLI. They will then receive an error message that your organization has disallowed this registry. ### Caveats