docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

4.11 doc additions (#15200) 

* 4.11 doc additions

* add theme settings

* nested virtualization changes

* tweaks

* toc update and support note

* fix broken links

* user flag

* further review changes

* review changes

* update toc

* toc update

* capital fix

* review changes
This commit is contained in:
Allie Sadler 2022-07-28 16:10:22 +01:00 committed by GitHub
parent 885c3dc039
commit 4d3915ea54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 47 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_data/toc.yaml
View File

@ -1197,10 +1197,12 @@ manuals:
title: Back up and restore data
- path: /desktop/networking/
title: Explore networking features
- path: /desktop/mac/privileged-helper/
title: Privileged Helper on Mac
- path: /desktop/mac/permission-requirements/
title: Docker Desktop permission requirements for Mac
- path: /desktop/windows/wsl/
title: Docker Desktop WSL 2 backend on Windows
- path: /desktop/vm-vdi/
title: Run Docker Desktop in a VM or VDI environment
- sectiontitle: Dev Environments (Beta)
section:
- path: /desktop/dev-environments/

6
desktop/extensions.md
View File

@ -34,6 +34,7 @@ To add Docker Extensions:
2. From the Dashboard, select **Add Extensions** in the menu bar.
The Extensions Marketplace opens.
3. Browse the available extensions.
You can sort the list of extensions by **Recently added** or alphabetically.
4. Click **Install**.
From here, you can click **Open** to access the extension or install additional extensions. The extension also appears in the menu bar.
@ -84,10 +85,9 @@ Feedback can be given to an extension author through a dedicated Slack channel o
extension, select:
- Support
- Slack
- Issues
You'll be sent to a page outside of Docker Desktop to submit your feedback.
- Issues. You'll be sent to a page outside of Docker Desktop to submit your feedback.
If an extension does not provide a way for you to give feedback, contact us and we'll pass on the feedback for you.
If an extension does not provide a way for you to give feedback, contact us and we'll pass on the feedback for you. To provide feedback, select the **Give feedback** to the right of **Extensions Marketplace**
## Uninstall an extension
You can uninstall an extension at any time.

6
desktop/faqs/general.md
View File

@ -106,11 +106,7 @@ serial port) to a container as it requires support at the hypervisor level.
### Can I run Docker Desktop in nested virtualization scenarios?
Docker Desktop can run inside a Windows 10 VM running on apps like Parallels or
VMware Fusion on a Mac provided that the VM is properly configured. However,
problems and intermittent failures may still occur due to the way these apps
virtualize the hardware. For these reasons, **Docker Desktop is not supported in
nested virtualization scenarios**. It might work in some cases and not in others.
In general, Docker recommends running Docker Desktop natively on either Mac, Linux, or Windows. However, Docker Desktop for Windows can run inside a virtual desktop provided the virtual desktop is properly configured. For more information, see [Run Docker Desktop in a VM or VDI environment](../vm-vdi.md)
### Docker Desktop's UI appears green, distorted, or has visual artifacts. How do I fix this?

2
desktop/feedback.md
View File

@ -27,6 +27,6 @@ GitHub](https://github.com/docker/desktop-linux/issues){:target="_blank" rel="no
### ... Dev Environments
To report bugs or problems, visit [Dev Environments issues on Github](https://github.com/docker/dev-environments/issues){:target="_blank" rel="noopener" class="_"}.
To report bugs or problems, visit [Dev Environments issues on Github](https://github.com/docker/dev-environments/issues){:target="_blank" rel="noopener" class="_"}.
Alternatively, get in touch with us on the **#docker-dev-environments** channel in the [Docker Community Slack](https://dockercommunity.slack.com/messages){:target="_blank" rel="noopener" class="_"}.

BIN
desktop/images/extensions-marketplace.PNG
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 62 KiB

After

Width:  |  Height:  |  Size: 60 KiB

1
desktop/install/mac-install.md
View File

@ -104,6 +104,7 @@ $ sudo hdiutil detach /Volumes/Docker
The `install` command accepts the following flags:
- `--accept-license`: accepts the [Docker Subscription Service Agreement](https://www.docker.com/legal/docker-subscription-service-agreement){: target="_blank" rel="noopener" class="_"} now, rather than requiring it to be accepted when the application is first run
- `--allowed-org=<org name>`: requires the user to sign in and be part of the specified Docker Hub organization when running the application
- `--user=<username>`: Runs the privileged helper service once during installation, then disables it at runtime. This removes the need for the user to grant root privileges on first run. For more information, see [Privileged helper permission requirements](../mac/permission-requirements.md#permission-requirements){: target="_blank" rel="noopener" class="_"}. To find the username, enter `ls /Users` in the CLI.
## Updates

2
desktop/install/windows-install.md
View File

@ -89,7 +89,7 @@ accounts use the same VM to build and run containers. Note that it is not possib
Nested virtualization scenarios, such as running Docker Desktop on a
VMWare or Parallels instance might work, but there are no guarantees. For
more information, see [Running Docker Desktop in nested virtualization scenarios](../troubleshoot/topics.md#running-docker-desktop-in-nested-virtualization-scenarios).
more information, see [Running Docker Desktop in a VM or VDI environment](../vm-vdi.md).
### About Windows containers

23
desktop/mac/privileged-helper.md → desktop/mac/permission-requirements.md
View File

@ -1,28 +1,29 @@
---
description: Docker Desktop Privileged Helper on Mac
description: Permission requirements for Docker Desktop for Mac
keywords: Docker Desktop, mac, security, install
title: Docker Desktop Privileged Helper on Mac
title: Docker Desktop permission requirements for Mac
redirect_from:
- /docker-for-mac/privileged-helper/
- /desktop/mac/privileged-helper/
---
This page contains information about the permission requirements for running and installing Docker Desktop on Mac, the functionality of the privileged helper process `com.docker.vmnetd` and the reasoning behind this approach, as well as clarification about running containers as `root` as opposed to having `root` access on the host.
## Permission requirements
While Docker Desktop does not generally require the user running or installing it to have `root` privileges, in the default use case it needs `root` access to be granted on the first run. The first time Docker Desktop is launched the user gets an admin prompt to grant permissions for a privileged helper service to be installed. For subsequent runs, no `root` privileges are required.
In the default set up flow, Docker Desktop for Mac does not require root privileges for installation but does require `root` access to be granted on the first run. The first time that Docker Desktop is launched the user receives an admin prompt to grant permissions for a privileged helper service to be installed. For subsequent runs, no `root` privileges are required.
The reason for this is that Docker Desktop needs to perform a limited set of privileged operations using the privileged helper process `com.docker.vmnetd`. This approach allows, following the principle of least privilege, `root` access to be used only for the operations for which it is absolutely necessary, while still being able to use Docker Desktop as an unprivileged user.
From version 4.11, it will be possible to avoid running a privileged service in the background by using `com.docker.vmnetd` for setup during installation and disabling it at runtime. In this case the user will not be prompted on the first run. Administrators would be able to do that by using the `-user` flag on the [install command](../install/mac-install.md#install-from-the-command-line) which would:
- Uninstall the previous `com.docker.vmnetd` if present
- Set up symlinks for the user
- Ensure that `localhost` and `kubernetes.docker.internal` are present in `/etc/hosts`
In version 4.11 and above of Docker Desktop for Mac you can avoid running the privileged helper service in the background by using the `--user` flag on the [install command](../install/mac-install.md#install-from-the-command-line). This will result in `com.docker.vmnetd` being used for set up during installation and then disabled at runtime. In this case, the user will not be prompted to grant root privileges on the first run of Docker Desktop. Specifically, the `--user` flag:
- Uninstalls the previous `com.docker.vmnetd` if present
- Sets up symlinks for the user
- Ensures that `localhost` and `kubernetes.docker.internal` are present in `/etc/hosts`
This approach will have certain limitations:
- Docker Desktop would only be able to be run by one user account per machine, namely the one specified in the `-user` flag.
- Ports 1-79 would be blocked - the containers would run but the port wont be exposed on the host.
- Spindump diagnostics for fine grained CPU utilization would not be gathered.
This approach has the following limitations:
- Docker Desktop can only be run by one user account per machine, namely the one specified in the `-user` flag.
- Ports 1-79 are blocked. The containers will run but the port wont be exposed on the host.
- Spindump diagnostics for fine grained CPU utilization are not gathered.
## Privileged Helper

2
desktop/settings/linux.md
View File

@ -18,6 +18,8 @@ On the **General** tab, you can configure when to start Docker and specify other
- **Start Docker Desktop when you log in**. Select to automatically start Docker
Desktop when you log into your machine.
- **Choose Theme for Docker Desktop**. Choose whether you want to apply a **Light** or **Dark** theme to Docker Desktop. Alternatively you can set Docker Desktop to **Use System Settings**.
- **Send usage statistics**. Select so Docker Desktop sends diagnostics,
crash reports, and usage data. This information helps Docker improve and
troubleshoot the application. Clear the check box to opt out. Docker may

2
desktop/settings/mac.md
View File

@ -23,6 +23,8 @@ On the **General** tab, you can configure when to start Docker and specify other
- **Start Docker Desktop when you log in**. Select to automatically start Docker
Desktop when you log into your machine.
- **Choose Theme for Docker Desktop**. Choose whether you want to apply a **Light** or **Dark** theme to Docker Desktop. Alternatively you can set Docker Desktop to **Use System Settings**.
- **Include VM in Time Machine backups**. Select to back up the Docker Desktop
virtual machine. This option is disabled by default.

2
desktop/settings/windows.md
View File

@ -18,6 +18,8 @@ On the **General** tab, you can configure when to start Docker and specify other
- **Start Docker Desktop when you log in**. Select to automatically start Docker
Desktop when you log into your machine.
- **Choose Theme for Docker Desktop**. Choose whether you want to apply a **Light** or **Dark** theme to Docker Desktop. Alternatively you can set Docker Desktop to **Use System Settings**.
- **Expose daemon on tcp://localhost:2375 without TLS**. Check this option to
enable legacy clients to connect to the Docker daemon. You must use this option
with caution as exposing the daemon without TLS can result in remote code

4
desktop/support.md
View File

@ -57,6 +57,10 @@ Docker Desktop excludes support for the following types of issues:
* Reimbursing and expenses spent for third-party services not provided by Docker
* Docker Support excludes training, customization, and integration
>Note
>
> Support for [running Docker Desktop in a VM or VDI environment](vm-vdi.md) is only available to Docker Business customers.
### What versions are supported?
We currently only offer support for the latest version of Docker Desktop. If you are running an older version, you may be asked to upgrade before we investigate your support request.

49
desktop/troubleshoot/topics.md
View File

@ -280,55 +280,6 @@ C:\Program Files\Docker\docker.exe:
See 'C:\Program Files\Docker\docker.exe run --help'.
```
### Running Docker Desktop in nested virtualization scenarios
Docker Desktop can run inside a Hyper-V VM, see
[Microsoft's nested virtualization user guide](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) for more information.
Docker Desktop can also run inside a Windows 10 VM running on apps like Parallels or VMware Fusion on a Mac provided that the VM is properly configured.
However, problems and intermittent failures may still occur due to the way these apps virtualize the hardware. For these reasons, _**Docker Desktop is not supported in nested virtualization scenarios**_. It might work
in some cases, and not in others.
For best results, we recommend you run Docker Desktop natively on a Windows system (to work with Windows or Linux containers), or on Mac or Linux to work with Linux containers.
#### If you still want to use nested virtualization
* If using Hyper-V, make sure nested virtualization support is enabled for the
Windows VM by running the following powershell as Administrator:
```none
Set-VMProcessor -VMName <Windows VM Name> -ExposeVirtualizationExtensions $true
```
* If using VMware or Parallels, make sure nested virtualization support is enabled.
Check the settings in **Hardware > CPU & Memory > Advanced Options > Enable
nested virtualization** (the exact menu sequence might vary slightly).
* Configure your Windows VM with at least 2 CPUs and sufficient memory to run your
workloads.
* Make sure your system is more or less idle.
* Make sure your Windows OS is up-to-date. There have been several issues with
some insider builds.
* The processor you have may also be relevant. For example, Westmere based Mac
Pros have some additional hardware virtualization features over Nehalem based
Mac Pros and so do newer generations of Intel processors. For Hyper-V, check
[Microsoft's nested virtualization user guide](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization)
to verify the host OS version is supported on your hardware.
#### Typical failures we see with nested virtualization
* Sometimes the VM fails to boot when Linux tries to calibrate the time stamp
counter (TSC). This process is quite timing sensitive and may fail when
executed inside a VM which itself runs inside a VM. CPU utilization is also
likely to be higher.
* Ensure "PMU Virtualization" is turned off in Parallels on Macs. Check the
settings in **Hardware > CPU & Memory > Advanced Settings > PMU
Virtualization**.
### Networking issues
IPv6 is not (yet) supported on Docker Desktop.

25
desktop/nested-virtualization.md → desktop/vm-vdi.md
View File

@ -1,15 +1,12 @@
---
description: Instructions on how to enable nested virtualization
keywords: nested virtualization, Docker Desktop
title: Enable nested virtualization
title: Run Docker Desktop in a VM or VDI environment
redirect_from:
- /desktop/nested-virtualization/
---
>Note
>
>This is work in progress. The steps havent been validated yet in our test environment.
{: .important}
In general, Docker recommends running Docker Desktop natively on either Mac, Linux, or Windows. However, Docker Desktop can run inside a virtual desktop provided the virtual desktop is properly configured.
In general, Docker recommends running Docker Desktop natively on either Mac, Linux, or Windows. However, Docker Desktop for Windows can run inside a virtual desktop provided the virtual desktop is properly configured.
To run Docker Desktop in a virtual desktop environment, it is essential nested virtualization is enabled on the virtual machine that provides the virtual desktop. This is because, under the hood, Docker Desktop is using a Linux VM in which it runs Docker Engine and the containers.
@ -27,15 +24,16 @@ For troubleshooting problems and intermittent failures that are outside of Docke
You must enable nested virtualization before you install Docker Desktop on a virtual machine.
### Enable nested virtualization on VMware ESXi
### Enable nested virtualization on VMware ESXi
Nested virtualization of other hypervisors like Hyper-V inside a vSphere VM [is not a supported scenario](https://kb.vmware.com/s/article/2009916). However, running Hyper-V VM in a VMware ESXi VM is technically possible and, depending on the version, ESXi includes hardware-assisted virtualization as a supported feature.
Nested virtualization of other hypervisors like Hyper-V inside a vSphere VM [is not a supported scenario](https://kb.vmware.com/s/article/2009916). However, running Hyper-V VM in a VMware ESXi VM is technically possible and, depending on the version, ESXi includes hardware-assisted virtualization as a supported feature. For internal testing, we used a VM that had 1 CPU with 4 cores and 12GB of memory.
For steps on how to expose hardware-assisted virtualization to the guest OS, [see VMware's documentation](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-2A98801C-68E8-47AF-99ED-00C63E4857F6.html).
For steps on how to expose hardware-assisted virtualization to the guest OS, [see VMware's documentation](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-2A98801C-68E8-47AF-99ED-00C63E4857F6.html).
You may also need to [configure some network settings](https://www.vembu.com/blog/nested-hyper-v-vms-on-a-vmware-esxi-server).
### Enable nested virtualization on Microsoft Hyper-V
### Enable nested virtualization on Microsoft Hyper-V
Nested virtualization is supported by Microsoft for running Hyper-V inside a VM running on a Hyper-V host, in Azure or on-prem (Hyper-V on Hyper-V).
@ -45,6 +43,11 @@ For on-prem virtual machines, check the constraints on the host VM operating sys
### Enable nested virtualization on Citrix Hypervisor
>Note
>
>This is work in progress. The steps havent been validated yet in our test environment.
{: .important}
Nested virtualization on Citrix Hypervisor is unsupported in production scenarios. However, running a VM inside a Citrix Hypervisor VM is possible. In fact, Docker Desktop is currently being used in Virtual Desktop Environments where Citrix is the host hypervisor.
Steps on enabling nested virtualization can be found in [Citrix's documentation](https://docs.citrix.com/en-us/citrix-hypervisor/vms/bromium.html#configuration). It contains instructions for the only scenario where nested virtualization is supported by Citrix which is to support Bromiums Secure Platform solution.