From ca1e0717c4a6e93c0addee41be95c691f12ed47a Mon Sep 17 00:00:00 2001 From: Keith Scheiwiller Date: Wed, 15 Sep 2021 20:24:57 -0500 Subject: [PATCH 1/8] Update Dockerize repo URL from jwilder/dockerize->powerman/dockerize --- compose/startup-order.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose/startup-order.md b/compose/startup-order.md index a9b1a5e081..a628f5b3e8 100644 --- a/compose/startup-order.md +++ b/compose/startup-order.md @@ -29,7 +29,7 @@ need this level of resilience, you can work around the problem with a wrapper script: - Use a tool such as [wait-for-it](https://github.com/vishnubob/wait-for-it), - [dockerize](https://github.com/jwilder/dockerize), sh-compatible + [dockerize](https://github.com/powerman/dockerize), sh-compatible [wait-for](https://github.com/Eficode/wait-for), or [RelayAndContainers](https://github.com/jasonsychau/RelayAndContainers) template. These are small wrapper scripts which you can include in your application's image to poll a given host and port until it's accepting TCP connections. From 4803bef6cc821bbcaa7a8c2dfc1e40359a1ca116 Mon Sep 17 00:00:00 2001 From: Adam Stankiewicz Date: Fri, 24 Sep 2021 04:18:42 +0200 Subject: [PATCH 2/8] Simplify wrapper script --- config/containers/multi-service_container.md | 41 +++++--------------- 1 file changed, 9 insertions(+), 32 deletions(-) diff --git a/config/containers/multi-service_container.md b/config/containers/multi-service_container.md index 38396f01e0..566d879b5a 100644 --- a/config/containers/multi-service_container.md +++ b/config/containers/multi-service_container.md @@ -38,39 +38,16 @@ this in a few different ways. #!/bin/bash # Start the first process - ./my_first_process -D - status=$? - if [ $status -ne 0 ]; then - echo "Failed to start my_first_process: $status" - exit $status - fi - + ./my_first_process & + # Start the second process - ./my_second_process -D - status=$? - if [ $status -ne 0 ]; then - echo "Failed to start my_second_process: $status" - exit $status - fi - - # Naive check runs checks once a minute to see if either of the processes exited. - # This illustrates part of the heavy lifting you need to do if you want to run - # more than one service in a container. The container exits with an error - # if it detects that either of the processes has exited. - # Otherwise it loops forever, waking up every 60 seconds - - while sleep 60; do - ps aux |grep my_first_process |grep -q -v grep - PROCESS_1_STATUS=$? - ps aux |grep my_second_process |grep -q -v grep - PROCESS_2_STATUS=$? - # If the greps above find anything, they exit with 0 status - # If they are not both 0, then something is wrong - if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then - echo "One of the processes has already exited." - exit 1 - fi - done + ./my_second_process & + + # Wait for any process to exit + wait -n + + # Exit with status of process that exited first + exit $? ``` Next, the Dockerfile: From eca254b456af468757a9f201a2f07fc784476469 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Longo?= Date: Fri, 1 Oct 2021 17:19:49 +0200 Subject: [PATCH 3/8] Fix. docker compose test installation command --- compose/cli-command.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose/cli-command.md b/compose/cli-command.md index 95704b7172..87c03338b6 100644 --- a/compose/cli-command.md +++ b/compose/cli-command.md @@ -93,7 +93,7 @@ from the [project release page](https://github.com/docker/compose/releases){:tar 3. Test your installation ```console - $ docker compose --version + $ docker compose version Docker Compose version 2.0.0 ``` From 81bed3bf9eaa259923b6abc9e038f92c72b9b049 Mon Sep 17 00:00:00 2001 From: Michael J Feher Date: Tue, 5 Oct 2021 21:11:24 -0500 Subject: [PATCH 4/8] ECS Cloud: Include port for SSL Without including the port, the ELB is configured to HTTPS on port 80. --- cloud/ecs-integration.md | 1 + 1 file changed, 1 insertion(+) diff --git a/cloud/ecs-integration.md b/cloud/ecs-integration.md index dba8338251..d31479de79 100644 --- a/cloud/ecs-integration.md +++ b/cloud/ecs-integration.md @@ -489,6 +489,7 @@ x-aws-cloudformation: Certificates: - CertificateArn: "arn:aws:acm:certificate/123abc" Protocol: HTTPS + Port: 443 ``` ## Using existing AWS network resources From e396d7aa867e094fbcdf938c39ac68109b887ca7 Mon Sep 17 00:00:00 2001 From: Milos Gajdos Date: Fri, 8 Oct 2021 11:30:31 +0100 Subject: [PATCH 5/8] Change distribution URL to distribution/distribution (#13484) * Change distribution URL to distribution/distribution * Indent code Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com> --- _scripts/fetch-upstream-resources.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/_scripts/fetch-upstream-resources.sh b/_scripts/fetch-upstream-resources.sh index d90ff6e862..50b7e45303 100755 --- a/_scripts/fetch-upstream-resources.sh +++ b/_scripts/fetch-upstream-resources.sh @@ -1,11 +1,11 @@ #!/bin/sh -# Fetches upstream resources from docker/docker and docker/distribution +# Fetches upstream resources from docker/docker and distribution/distribution # before handing off the site to Jekyll to build # Relies on the "ENGINE_BRANCH" and "DISTRIBUTION_BRANCH" environment variables, # which are usually set by the Dockerfile. : "${ENGINE_BRANCH?No release branch set for docker/docker and docker/cli}" -: "${DISTRIBUTION_BRANCH?No release branch set for docker/distribution}" +: "${DISTRIBUTION_BRANCH?No release branch set for distribution/distribution}" : "${COMPOSE_CLI_BRANCH?No release branch set for docker/compose-cli}" # Translate branches for use by svn @@ -23,10 +23,10 @@ if [ "${compose_cli_svn_branch}" = "branches/main" ]; then fi # Directories to get via SVN. We use this because you can't use git to clone just a portion of a repository -svn co "https://github.com/docker/cli/${engine_svn_branch}/docs/extend" ./engine/extend || (echo "Failed engine/extend download" && exit 1) -svn co "https://github.com/docker/docker/${engine_svn_branch}/docs/api" ./engine/api || (echo "Failed engine/api download" && exit 1) -svn co "https://github.com/docker/compose-cli/${compose_cli_svn_branch}/docs" ./cloud || (echo "Failed compose-cli/docs download" && exit 1) -svn co "https://github.com/docker/distribution/${distribution_svn_branch}/docs/spec" ./registry/spec || (echo "Failed registry/spec download" && exit 1) +svn co "https://github.com/docker/cli/${engine_svn_branch}/docs/extend" ./engine/extend || (echo "Failed engine/extend download" && exit 1) +svn co "https://github.com/docker/docker/${engine_svn_branch}/docs/api" ./engine/api || (echo "Failed engine/api download" && exit 1) +svn co "https://github.com/docker/compose-cli/${compose_cli_svn_branch}/docs" ./cloud || (echo "Failed compose-cli/docs download" && exit 1) +svn co "https://github.com/distribution/distribution/${distribution_svn_branch}/docs/spec" ./registry/spec || (echo "Failed registry/spec download" && exit 1) # Fix up URls in swagger files find ./engine/api -type f -name '*.yaml' | while read i; do sed -i 's#https://docs.docker.com/#/#g' "$i"; done; @@ -35,12 +35,12 @@ find ./engine/api -type f -name '*.yaml' | while read i; do sed -i 's#https://do find . -name ".svn" -print0 | xargs -0 /bin/rm -rf # Get a few one-off files that we use directly from upstream -wget --quiet --directory-prefix=./engine/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/deprecated.md" || (echo "Failed engine/deprecated.md download" && exit 1) -wget --quiet --directory-prefix=./engine/reference/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/reference/builder.md" || (echo "Failed engine/reference/builder.md download" && exit 1) -wget --quiet --directory-prefix=./engine/reference/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/reference/run.md" || (echo "Failed engine/reference/run.md download" && exit 1) -wget --quiet --directory-prefix=./engine/reference/commandline/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/reference/commandline/cli.md" || (echo "Failed engine/reference/commandline/cli.md download" && exit 1) -wget --quiet --directory-prefix=./engine/reference/commandline/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/reference/commandline/dockerd.md" || (echo "Failed engine/reference/commandline/dockerd.md download" && exit 1) -wget --quiet --directory-prefix=./registry/ "https://raw.githubusercontent.com/docker/distribution/${DISTRIBUTION_BRANCH}/docs/configuration.md" || (echo "Failed registry/configuration.md download" && exit 1) +wget --quiet --directory-prefix=./engine/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/deprecated.md" || (echo "Failed engine/deprecated.md download" && exit 1) +wget --quiet --directory-prefix=./engine/reference/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/reference/builder.md" || (echo "Failed engine/reference/builder.md download" && exit 1) +wget --quiet --directory-prefix=./engine/reference/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/reference/run.md" || (echo "Failed engine/reference/run.md download" && exit 1) +wget --quiet --directory-prefix=./engine/reference/commandline/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/reference/commandline/cli.md" || (echo "Failed engine/reference/commandline/cli.md download" && exit 1) +wget --quiet --directory-prefix=./engine/reference/commandline/ "https://raw.githubusercontent.com/docker/cli/${ENGINE_BRANCH}/docs/reference/commandline/dockerd.md" || (echo "Failed engine/reference/commandline/dockerd.md download" && exit 1) +wget --quiet --directory-prefix=./registry/ "https://raw.githubusercontent.com/distribution/distribution/${DISTRIBUTION_BRANCH}/docs/configuration.md" || (echo "Failed registry/configuration.md download" && exit 1) # Remove things we don't want in the build rm -f ./engine/extend/cli_plugins.md # the cli plugins api is not a stable API, and not included in the TOC for that reason. From 8b618a6795ddc8775e7280e4a4e08044edf23a6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolaj=20Gr=C3=A6sholt?= Date: Fri, 8 Oct 2021 13:07:29 +0200 Subject: [PATCH 6/8] Add anonymous volumes autoremove info (#13471) * Add anonymous volumes autoremove info Anonymous volumes aren't removed if another container adopts them with `--volumes-from`, see: https://github.com/docker/docker.github.io/issues/13435 * Format Note Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com> --- storage/volumes.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/storage/volumes.md b/storage/volumes.md index 163b9e5079..61ea2088c8 100644 --- a/storage/volumes.md +++ b/storage/volumes.md @@ -578,6 +578,12 @@ the Docker Engine removes the `/foo` volume but not the `awesome` volume. $ docker run --rm -v /foo -v awesome:/bar busybox top ``` +> **Note**: +> +> If another container binds the volumes with +> `--volumes-from`, the volume definitions are _copied_ and the +> anonymous volume also stays after the first container is removed. + ### Remove all volumes To remove all unused volumes and free up space: From 96efcf5feb79bb5d7d80c5e39b558f73cd2312e7 Mon Sep 17 00:00:00 2001 From: Usha Mandya Date: Fri, 8 Oct 2021 15:51:44 +0100 Subject: [PATCH 7/8] Add Docker Desktop for linux cta Signed-off-by: Usha Mandya --- engine/install/ubuntu.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/engine/install/ubuntu.md b/engine/install/ubuntu.md index 57cfcc5473..fd9c59ee93 100644 --- a/engine/install/ubuntu.md +++ b/engine/install/ubuntu.md @@ -16,9 +16,9 @@ title: Install Docker Engine on Ubuntu toc_max: 4 --- -> **Scan your images for vulnerabilities** +> **Docker Desktop for Linux** > -> Using open source components in your container images can introduce vulnerabilities. Run `docker scan` to start securing your images using Snyk. If you have a Docker Pro, Team, or a Business subscription, you can automatically scan images when you push an image to Docker Hub. See [Hub Vulnerability Scanning](../../docker-hub/vulnerability-scanning.md) for more information. +> Docker Desktop helps you build, share, and run containers easily on Mac and Windows as you do on Linux. Docker handles the complex setup and allows you to focus on writing the code. Thanks to the positive support we received on the [subscription updates](https://www.docker.com/blog/updating-product-subscriptions/){: target="_blank" rel="noopener" class="_" id="dkr_docs_cta"}, we've started working on [Docker Desktop for Linux](https://www.docker.com/blog/accelerating-new-features-in-docker-desktop/){: target="_blank" rel="noopener" class="_" id="dkr_docs_cta"} which is the second-most popular feature request in our public roadmap. If you are interested in early access, sign up for our [Developer Preview program](https://www.docker.com/community/get-involved/developer-preview){: target="_blank" rel="noopener" class="_" id="dkr_docs_cta"}. {: .important} To get started with Docker Engine on Ubuntu, make sure you From 590ada8015338298d5caab693818e0570fc86708 Mon Sep 17 00:00:00 2001 From: Usha Mandya Date: Thu, 7 Oct 2021 12:07:41 +0100 Subject: [PATCH 8/8] Add video on image access management configuration Signed-off-by: Usha Mandya --- docker-hub/image-access-management.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docker-hub/image-access-management.md b/docker-hub/image-access-management.md index 23fb3e3a5d..441f58d9de 100644 --- a/docker-hub/image-access-management.md +++ b/docker-hub/image-access-management.md @@ -2,15 +2,25 @@ description: Image Access Management keywords: image, access, management title: Image Access Management +toc_max: 2 --- Image Access Management is a new feature that is a part of the Docker Business subscription. This feature allows Organization owners to control which types of images (Docker Official Images, Docker Verified Publisher Images, Community images) their developers can pull from Docker Hub. For example, a developer, who is part of an organization, building a new containerized application could accidentally use an untrusted, community image as a component of their application. This image could be malicious and pose a security risk to the company. Using Image Access Management, the Organization owner could ensure that the developer can only access trusted content like Docker Official Images, Docker Verified Publisher Images, or the Organization’s own images, preventing such a risk. - ## Configure Image Access Management permissions +The following video walks you through the process of configuring Image Access Management permissions. + + + +
+ +### Detailed instructions + +To configure Image Access Management permissions, perform the following steps: + 1. Log into your [Docker Hub](https://hub.docker.com) account as an organization administrator. 2. Select an organization, and navigate to the **Settings** tab on the **Organizations** page and click Org Permissions.