docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'docker:master' into master

This commit is contained in:
Giuseppe De Gaetano 2022-03-27 23:24:03 +02:00 committed by GitHub
parent a66ba4d030 290f0cfbac
commit 60bd96d506
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 1415 additions and 322 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
_data/buildx/docker_buildx.yaml
View File

@ -35,6 +35,7 @@ options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

140
_data/buildx/docker_buildx_bake.yaml
View File

@ -22,6 +22,7 @@ options:
description: Build definition file
details_url: '#file'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -31,6 +32,7 @@ options:
default_value: "false"
description: Shorthand for `--set=*.output=type=docker`
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -39,6 +41,7 @@ options:
value_type: string
description: Write build result metadata to the file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -49,6 +52,7 @@ options:
description: Do not use cache when building the image
details_url: '#no-cache'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -59,6 +63,7 @@ options:
description: Print the options without building
details_url: '#print'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -70,6 +75,7 @@ options:
Set type of progress output (`auto`, `plain`, `tty`). Use plain to show container output
details_url: '#progress'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -77,9 +83,10 @@ options:
- option: pull
value_type: bool
default_value: "false"
description: Always attempt to pull a newer version of the image
description: Always attempt to pull all referenced images
details_url: '#pull'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -89,6 +96,7 @@ options:
default_value: "false"
description: Shorthand for `--set=*.output=type=registry`
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -99,6 +107,7 @@ options:
description: Override target value (e.g., `targetpattern.key=value`)
details_url: '#set'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -109,6 +118,7 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -170,10 +180,10 @@ examples: |-
You can also use a remote `git` bake definition:
```console
$ docker buildx bake "git://github.com/docker/cli#v20.10.11" --print
#1 [internal] load git source git://github.com/docker/cli#v20.10.11
$ docker buildx bake "https://github.com/docker/cli.git#v20.10.11" --print
#1 [internal] load git source https://github.com/docker/cli.git#v20.10.11
#1 0.745 e8f1871b077b64bcb4a13334b7146492773769f7 refs/tags/v20.10.11
#1 2.022 From git://github.com/docker/cli
#1 2.022 From https://github.com/docker/cli
#1 2.022 * [new tag] v20.10.11 -> v20.10.11
#1 DONE 2.9s
{
@ -186,7 +196,7 @@ examples: |-
},
"target": {
"binary": {
"context": "git://github.com/docker/cli#v20.10.11",
"context": "https://github.com/docker/cli.git#v20.10.11",
"dockerfile": "Dockerfile",
"args": {
"BASE_VARIANT": "alpine",
@ -205,7 +215,7 @@ examples: |-
}
```
As you can see the context is fixed to `git://github.com/docker/cli` even if
As you can see the context is fixed to `https://github.com/docker/cli.git` even if
[no context is actually defined](https://github.com/docker/cli/blob/2776a6d694f988c0c1df61cad4bfac0f54e481c8/docker-bake.hcl#L17-L26)
in the definition.
@ -226,7 +236,7 @@ examples: |-
```
```console
$ docker buildx bake "git://github.com/tonistiigi/buildx#remote-test" --print
$ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" --print
{
"target": {
"default": {
@ -240,7 +250,7 @@ examples: |-
```console
$ touch foo bar
$ docker buildx bake "git://github.com/tonistiigi/buildx#remote-test"
$ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test"
...
> [4/4] RUN ls -l && stop:
#8 0.101 total 0
@ -250,14 +260,14 @@ examples: |-
```
```console
$ docker buildx bake "git://github.com/tonistiigi/buildx#remote-test" "git://github.com/docker/cli#v20.10.11" --print
#1 [internal] load git source git://github.com/tonistiigi/buildx#remote-test
$ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" "https://github.com/docker/cli.git#v20.10.11" --print
#1 [internal] load git source https://github.com/tonistiigi/buildx.git#remote-test
#1 0.429 577303add004dd7efeb13434d69ea030d35f7888 refs/heads/remote-test
#1 CACHED
{
"target": {
"default": {
"context": "git://github.com/docker/cli#v20.10.11",
"context": "https://github.com/docker/cli.git#v20.10.11",
"dockerfile": "Dockerfile",
"dockerfile-inline": "FROM alpine\nWORKDIR /src\nCOPY . .\nRUN ls -l \u0026\u0026 stop\n"
}
@ -266,7 +276,7 @@ examples: |-
```
```console
$ docker buildx bake "git://github.com/tonistiigi/buildx#remote-test" "git://github.com/docker/cli#v20.10.11"
$ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" "https://github.com/docker/cli.git#v20.10.11"
...
> [4/4] RUN ls -l && stop:
#8 0.136 drwxrwxrwx 5 root root 4096 Jul 27 18:31 kubernetes
@ -335,7 +345,6 @@ examples: |-
...
```
### Always attempt to pull a newer version of the image (--pull) {#pull}
Same as `build --pull`.
@ -349,9 +358,6 @@ examples: |-
Override target configurations from command line. The pattern matching syntax
is defined in https://golang.org/pkg/path/#Match.
**Examples**
```console
$ docker buildx bake --set target.args.mybuildarg=value
$ docker buildx bake --set target.platform=linux/arm64
@ -384,8 +390,7 @@ examples: |-
Note: Design of bake command is work in progress, the user experience may change
based on feedback.
**Example HCL definition**
HCL definition example:
```hcl
group "default" {
@ -410,8 +415,8 @@ examples: |-
Complete list of valid target fields:
`args`, `cache-from`, `cache-to`, `context`, `dockerfile`, `inherits`, `labels`,
`no-cache`, `output`, `platform`, `pull`, `secrets`, `ssh`, `tags`, `target`
`args`, `cache-from`, `cache-to`, `context`, `contexts`, `dockerfile`, `inherits`, `labels`,
`no-cache`, `no-cache-filter`, `output`, `platform`, `pull`, `secrets`, `ssh`, `tags`, `target`
### Global scope attributes
@ -521,6 +526,28 @@ examples: |-
}
```
alternatively, in json format:
```json
{
"variable": {
"TAG": {
"default": "latest"
}
}
"group": {
"default": {
"targets": ["webapp"]
}
},
"target": {
"webapp": {
"tags": ["docker.io/username/webapp:${TAG}"]
}
}
}
```
```console
$ docker buildx bake --print webapp
{
@ -848,6 +875,77 @@ examples: |-
}
```
### Defining additional build contexts and linking targets
In addition to the main `context` key that defines the build context each target can also define additional named contexts with a map defined with key `contexts`. These values map to the `--build-context` flag in the [build command](buildx_build.md#build-context).
Inside the Dockerfile these contexts can be used with the `FROM` instruction or `--from` flag.
The value can be a local source directory, container image (with docker-image:// prefix), Git URL, HTTP URL or a name of another target in the Bake file (with target: prefix).
#### Pinning alpine image
```Dockerfile
# Dockerfile
FROM alpine
RUN echo "Hello world"
```
```hcl
# docker-bake.hcl
target "app" {
contexts = {
alpine = "docker-image://alpine:3.13"
}
}
```
#### Using a secondary source directory
```Dockerfile
# Dockerfile
FROM scratch AS src
FROM golang
COPY --from=src . .
```
```hcl
# docker-bake.hcl
target "app" {
contexts = {
src = "../path/to/source"
}
}
```
#### Using a result of one target as a base image in another target
To use a result of one target as a build context of another, specity the target name with `target:` prefix.
```Dockerfile
# Dockerfile
FROM baseapp
RUN echo "Hello world"
```
```hcl
# docker-bake.hcl
target "base" {
dockerfile = "baseapp.Dockerfile"
}
target "app" {
contexts = {
baseapp = "target:base"
}
}
```
Please note that in most cases you should just use a single multi-stage Dockerfile with multiple targets for similar behavior. This case is recommended when you have multiple Dockerfiles that can't be easily merged into one.
### Extension field with Compose
[Special extension](https://github.com/compose-spec/compose-spec/blob/master/spec.md#extension)
@ -959,7 +1057,7 @@ examples: |-
Complete list of valid fields for `x-bake`:
`tags`, `cache-from`, `cache-to`, `secret`, `ssh`, `platforms`, `output`,
`pull`, `no-cache`
`pull`, `no-cache`, `no-cache-filter`
### Built-in variables

510
_data/buildx/docker_buildx_build.yaml
View File

@ -7,7 +7,7 @@ long: |-
For documentation on most of these flags, refer to the [`docker build`
documentation](/engine/reference/commandline/build/). In
here well document a subset of the new flags.
here we'll document a subset of the new flags.
usage: docker buildx build [OPTIONS] PATH | URL | -
pname: docker buildx
plink: docker_buildx.yaml
@ -18,6 +18,7 @@ options:
description: 'Add a custom host-to-IP mapping (format: `host:ip`)'
details_url: /engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -29,6 +30,7 @@ options:
Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`)
details_url: '#allow'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -37,8 +39,20 @@ options:
value_type: stringArray
default_value: '[]'
description: Set build-time variables
details_url: /engine/reference/commandline/build/#set-build-time-variables---build-arg
details_url: '#build-arg'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: build-context
value_type: stringArray
default_value: '[]'
description: Additional build contexts (e.g., name=path)
details_url: '#build-context'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -50,6 +64,7 @@ options:
External cache sources (e.g., `user/app:cache`, `type=local,src=path/to/dir`)
details_url: '#cache-from'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -61,6 +76,7 @@ options:
Cache export destinations (e.g., `user/app:cache`, `type=local,dest=path/to/dir`)
details_url: '#cache-to'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -70,6 +86,7 @@ options:
description: Optional parent cgroup for the container
details_url: /engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -79,6 +96,7 @@ options:
default_value: "false"
description: Compress the build context using gzip
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -88,6 +106,7 @@ options:
default_value: "0"
description: Limit the CPU CFS (Completely Fair Scheduler) period
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -97,6 +116,7 @@ options:
default_value: "0"
description: Limit the CPU CFS (Completely Fair Scheduler) quota
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -107,6 +127,7 @@ options:
default_value: "0"
description: CPU shares (relative weight)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -115,6 +136,7 @@ options:
value_type: string
description: CPUs in which to allow execution (`0-3`, `0,1`)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -123,6 +145,7 @@ options:
value_type: string
description: MEMs in which to allow execution (`0-3`, `0,1`)
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -133,6 +156,7 @@ options:
description: 'Name of the Dockerfile (default: `PATH/Dockerfile`)'
details_url: /engine/reference/commandline/build/#specify-a-dockerfile--f
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -142,6 +166,7 @@ options:
default_value: "false"
description: Always remove intermediate containers
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -150,6 +175,7 @@ options:
value_type: string
description: Write the image ID to the file
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -158,6 +184,7 @@ options:
value_type: string
description: Container isolation technology
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -167,6 +194,7 @@ options:
default_value: '[]'
description: Set metadata for an image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -177,6 +205,7 @@ options:
description: Shorthand for `--output=type=docker`
details_url: '#load'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -186,6 +215,7 @@ options:
value_type: string
description: Memory limit
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -195,6 +225,7 @@ options:
description: |
Swap limit equal to memory plus swap: `-1` to enable unlimited swap
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -202,7 +233,9 @@ options:
- option: metadata-file
value_type: string
description: Write build result metadata to the file
details_url: '#metadata-file'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -210,8 +243,9 @@ options:
- option: network
value_type: string
default_value: default
description: Set the networking mode for the RUN instructions during build
description: Set the networking mode for the `RUN` instructions during build
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -221,6 +255,17 @@ options:
default_value: "false"
description: Do not use cache when building the image
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: no-cache-filter
value_type: stringArray
default_value: '[]'
description: Do not cache specified stages
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -232,6 +277,7 @@ options:
description: 'Output destination (format: `type=local,dest=path`)'
details_url: '#output'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -242,6 +288,7 @@ options:
description: Set target platform for build
details_url: '#platform'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -253,6 +300,7 @@ options:
Set type of progress output (`auto`, `plain`, `tty`). Use plain to show container output
details_url: '#progress'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -260,8 +308,9 @@ options:
- option: pull
value_type: bool
default_value: "false"
description: Always attempt to pull a newer version of the image
description: Always attempt to pull all referenced images
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -272,6 +321,7 @@ options:
description: Shorthand for `--output=type=registry`
details_url: '#push'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -282,6 +332,7 @@ options:
default_value: "false"
description: Suppress the build output and print image ID on success
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -291,6 +342,7 @@ options:
default_value: "true"
description: Remove intermediate containers after a successful build
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -299,8 +351,10 @@ options:
value_type: stringArray
default_value: '[]'
description: |
Secret file to expose to the build (format: `id=mysecret,src=/local/secret`)
Secret to expose to the build (format: `id=mysecret[,src=/local/secret]`)
details_url: '#secret'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -310,6 +364,7 @@ options:
default_value: '[]'
description: Security options
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -320,6 +375,7 @@ options:
description: Size of `/dev/shm`
details_url: '#shm-size'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -329,6 +385,7 @@ options:
default_value: "false"
description: Squash newly built layers into a single new layer
deprecated: false
hidden: true
experimental: false
experimentalcli: false
kubernetes: false
@ -338,7 +395,9 @@ options:
default_value: '[]'
description: |
SSH agent socket or keys to expose to the build (format: `default|<id>[=<socket>|<key>[,<key>]]`)
details_url: '#ssh'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -350,15 +409,17 @@ options:
description: 'Name and optionally a tag (format: `name:tag`)'
details_url: /engine/reference/commandline/build/#tag-an-image--t
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: target
value_type: string
description: Set the target build stage to build.
description: Set the target build stage to build
details_url: /engine/reference/commandline/build/#specifying-target-build-stage---target
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -369,6 +430,7 @@ options:
description: Ulimit options
details_url: '#ulimit'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -379,81 +441,202 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Override the configured builder instance (--builder) {#builder}
Same as [`buildx --builder`](buildx.md#builder).
### Set the target platforms for the build (--platform) {#platform}
### Allow extra privileged entitlement (--allow) {#allow}
```
--platform=value[,value]
--allow=ENTITLEMENT
```
Set the target platform for the build. All `FROM` commands inside the Dockerfile
without their own `--platform` flag will pull base images for this platform and
this value will also be the platform of the resulting image. The default value
will be the current platform of the buildkit daemon.
Allow extra privileged entitlement. List of entitlements:
When using `docker-container` driver with `buildx`, this flag can accept multiple
values as an input separated by a comma. With multiple values the result will be
built for all of the specified platforms and joined together into a single manifest
list.
- `network.host` - Allows executions with host networking.
- `security.insecure` - Allows executions without sandbox. See
[related Dockerfile extensions](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/experimental.md#run---securityinsecuresandbox).
If the `Dockerfile` needs to invoke the `RUN` command, the builder needs runtime
support for the specified platform. In a clean setup, you can only execute `RUN`
commands for your system architecture.
If your kernel supports [`binfmt_misc`](https://en.wikipedia.org/wiki/Binfmt_misc)
launchers for secondary architectures, buildx will pick them up automatically.
Docker desktop releases come with `binfmt_misc` automatically configured for `arm64`
and `arm` architectures. You can see what runtime platforms your current builder
instance supports by running `docker buildx inspect --bootstrap`.
Inside a `Dockerfile`, you can access the current platform value through
`TARGETPLATFORM` build argument. Please refer to the [`docker build`
documentation](/engine/reference/builder/#automatic-platform-args-in-the-global-scope)
for the full description of automatic platform argument variants .
The formatting for the platform specifier is defined in the [containerd source
code](https://github.com/containerd/containerd/blob/v1.4.3/platforms/platforms.go#L63).
For entitlements to be enabled, the `buildkitd` daemon also needs to allow them
with `--allow-insecure-entitlement` (see [`create --buildkitd-flags`](buildx_create.md#buildkitd-flags))
**Examples**
```console
$ docker buildx build --platform=linux/arm64 .
$ docker buildx build --platform=linux/amd64,linux/arm64,linux/arm/v7 .
$ docker buildx build --platform=darwin .
$ docker buildx create --use --name insecure-builder --buildkitd-flags '--allow-insecure-entitlement security.insecure'
$ docker buildx build --allow security.insecure .
```
### Set type of progress output (--progress) {#progress}
### Set build-time variables (--build-arg) {#build-arg}
```
--progress=VALUE
```
Same as [`docker build` command](/engine/reference/commandline/build/#set-build-time-variables---build-arg).
Set type of progress output (auto, plain, tty). Use plain to show container
output (default "auto").
There are also useful built-in build args like:
> You can also use the `BUILDKIT_PROGRESS` environment variable to set
> its value.
The following example uses `plain` output during the build:
* `BUILDKIT_CONTEXT_KEEP_GIT_DIR=<bool>` trigger git context to keep the `.git` directory
* `BUILDKIT_INLINE_BUILDINFO_ATTRS=<bool>` inline build info attributes in image config or not
* `BUILDKIT_INLINE_CACHE=<bool>` inline cache metadata to image config or not
* `BUILDKIT_MULTI_PLATFORM=<bool>` opt into determnistic output regardless of multi-platform output or not
```console
$ docker buildx build --load --progress=plain .
$ docker buildx build --build-arg BUILDKIT_MULTI_PLATFORM=1 .
```
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 227B 0.0s done
#1 DONE 0.1s
More built-in build args can be found in [dockerfile frontend docs](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#built-in-build-args).
#2 [internal] load .dockerignore
#2 transferring context: 129B 0.0s done
#2 DONE 0.0s
...
### Additional build contexts (--build-context) {#build-context}
```
--build-context=name=VALUE
```
Define additional build context with specified contents. In Dockerfile the context can be accessed when `FROM name` or `--from=name` is used.
When Dockerfile defines a stage with the same name it is overwritten.
The value can be a local source directory, container image (with docker-image:// prefix), Git or HTTP URL.
Replace `alpine:latest` with a pinned one:
```console
$ docker buildx build --build-context alpine=docker-image://alpine@sha256:0123456789 .
```
Expose a secondary local source directory:
```console
$ docker buildx build --build-context project=path/to/project/source .
# docker buildx build --build-context project=https://github.com/myuser/project.git .
```
```Dockerfile
FROM alpine
COPY --from=project myfile /
```
### Override the configured builder instance (--builder) {#builder}
Same as [`buildx --builder`](buildx.md#builder).
### Use an external cache source for a build (--cache-from) {#cache-from}
```
--cache-from=[NAME|type=TYPE[,KEY=VALUE]]
```
Use an external cache source for a build. Supported types are `registry`,
`local` and `gha`.
- [`registry` source](https://github.com/moby/buildkit#registry-push-image-and-cache-separately)
can import cache from a cache manifest or (special) image configuration on the
registry.
- [`local` source](https://github.com/moby/buildkit#local-directory-1) can
import cache from local files previously exported with `--cache-to`.
- [`gha` source](https://github.com/moby/buildkit#github-actions-cache-experimental)
can import cache from a previously exported cache with `--cache-to` in your
GitHub repository
If no type is specified, `registry` exporter is used with a specified reference.
`docker` driver currently only supports importing build cache from the registry.
```console
$ docker buildx build --cache-from=user/app:cache .
$ docker buildx build --cache-from=user/app .
$ docker buildx build --cache-from=type=registry,ref=user/app .
$ docker buildx build --cache-from=type=local,src=path/to/cache .
$ docker buildx build --cache-from=type=gha .
```
More info about cache exporters and available attributes: https://github.com/moby/buildkit#export-cache
### Export build cache to an external cache destination (--cache-to) {#cache-to}
```
--cache-to=[NAME|type=TYPE[,KEY=VALUE]]
```
Export build cache to an external cache destination. Supported types are
`registry`, `local`, `inline` and `gha`.
- [`registry` type](https://github.com/moby/buildkit#registry-push-image-and-cache-separately) exports build cache to a cache manifest in the registry.
- [`local` type](https://github.com/moby/buildkit#local-directory-1) type
exports cache to a local directory on the client.
- [`inline` type](https://github.com/moby/buildkit#inline-push-image-and-cache-together)
type writes the cache metadata into the image configuration.
- [`gha` type](https://github.com/moby/buildkit#github-actions-cache-experimental)
type exports cache through the [Github Actions Cache service API](https://github.com/tonistiigi/go-actions-cache/blob/master/api.md#authentication).
`docker` driver currently only supports exporting inline cache metadata to image
configuration. Alternatively, `--build-arg BUILDKIT_INLINE_CACHE=1` can be used
to trigger inline cache exporter.
Attribute key:
- `mode` - Specifies how many layers are exported with the cache. `min` on only
exports layers already in the final build stage, `max` exports layers for
all stages. Metadata is always exported for the whole build.
```console
$ docker buildx build --cache-to=user/app:cache .
$ docker buildx build --cache-to=type=inline .
$ docker buildx build --cache-to=type=registry,ref=user/app .
$ docker buildx build --cache-to=type=local,dest=path/to/cache .
$ docker buildx build --cache-to=type=gha .
```
More info about cache exporters and available attributes: https://github.com/moby/buildkit#export-cache
### Load the single-platform build result to `docker images` (--load) {#load}
Shorthand for [`--output=type=docker`](#docker). Will automatically load the
single-platform build result to `docker images`.
### Write build result metadata to the file (--metadata-file) {#metadata-file}
To output build metadata such as the image digest, pass the `--metadata-file` flag.
The metadata will be written as a JSON object to the specified file. The
directory of the specified file must already exist and be writable.
```console
$ docker buildx build --load --metadata-file metadata.json .
$ cat metadata.json
```
```json
{
"containerimage.buildinfo": {
"frontend": "dockerfile.v0",
"attrs": {
"context": "https://github.com/crazy-max/buildkit-buildsources-test.git#master",
"filename": "Dockerfile",
"source": "docker/dockerfile:master"
},
"sources": [
{
"type": "docker-image",
"ref": "docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0",
"pin": "sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0"
},
{
"type": "docker-image",
"ref": "docker.io/library/alpine:3.13",
"pin": "sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c"
}
]
},
"containerimage.config.digest": "sha256:2937f66a9722f7f4a2df583de2f8cb97fc9196059a410e7f00072fc918930e66",
"containerimage.descriptor": {
"annotations": {
"config.digest": "sha256:2937f66a9722f7f4a2df583de2f8cb97fc9196059a410e7f00072fc918930e66",
"org.opencontainers.image.created": "2022-02-08T21:28:03Z"
},
"digest": "sha256:19ffeab6f8bc9293ac2c3fdf94ebe28396254c993aea0b5a542cfb02e0883fa3",
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 506
},
"containerimage.digest": "sha256:19ffeab6f8bc9293ac2c3fdf94ebe28396254c993aea0b5a542cfb02e0883fa3"
}
```
### Set the export action for the build result (-o, --output) {#output}
@ -474,8 +657,6 @@ examples: |-
with this path as the destination. If the value is "-", `buildx` will use `tar`
exporter and write to `stdout`.
**Examples**
```console
$ docker buildx build -o . .
$ docker buildx build -o outdir .
@ -529,7 +710,7 @@ examples: |-
Attribute keys:
- `dest` - destination path where tarball will be written. If not specified the
tar will be loaded automatically to the current docker instance.
tar will be loaded automatically to the current docker instance.
- `context` - name for the docker context where to import the result
#### `image`
@ -547,118 +728,163 @@ examples: |-
The `registry` exporter is a shortcut for `type=image,push=true`.
### Set the target platforms for the build (--platform) {#platform}
```
--platform=value[,value]
```
Set the target platform for the build. All `FROM` commands inside the Dockerfile
without their own `--platform` flag will pull base images for this platform and
this value will also be the platform of the resulting image. The default value
will be the current platform of the buildkit daemon.
When using `docker-container` driver with `buildx`, this flag can accept multiple
values as an input separated by a comma. With multiple values the result will be
built for all of the specified platforms and joined together into a single manifest
list.
If the `Dockerfile` needs to invoke the `RUN` command, the builder needs runtime
support for the specified platform. In a clean setup, you can only execute `RUN`
commands for your system architecture.
If your kernel supports [`binfmt_misc`](https://en.wikipedia.org/wiki/Binfmt_misc)
launchers for secondary architectures, buildx will pick them up automatically.
Docker desktop releases come with `binfmt_misc` automatically configured for `arm64`
and `arm` architectures. You can see what runtime platforms your current builder
instance supports by running `docker buildx inspect --bootstrap`.
Inside a `Dockerfile`, you can access the current platform value through
`TARGETPLATFORM` build argument. Please refer to the [`docker build`
documentation](/engine/reference/builder/#automatic-platform-args-in-the-global-scope)
for the full description of automatic platform argument variants .
The formatting for the platform specifier is defined in the [containerd source
code](https://github.com/containerd/containerd/blob/v1.4.3/platforms/platforms.go#L63).
```console
$ docker buildx build --platform=linux/arm64 .
$ docker buildx build --platform=linux/amd64,linux/arm64,linux/arm/v7 .
$ docker buildx build --platform=darwin .
```
### Set type of progress output (--progress) {#progress}
```
--progress=VALUE
```
Set type of progress output (auto, plain, tty). Use plain to show container
output (default "auto").
> You can also use the `BUILDKIT_PROGRESS` environment variable to set
> its value.
The following example uses `plain` output during the build:
```console
$ docker buildx build --load --progress=plain .
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 227B 0.0s done
#1 DONE 0.1s
#2 [internal] load .dockerignore
#2 transferring context: 129B 0.0s done
#2 DONE 0.0s
...
```
### Push the build result to a registry (--push) {#push}
Shorthand for [`--output=type=registry`](#registry). Will automatically push the
build result to registry.
### Load the single-platform build result to `docker images` (--load) {#load}
Shorthand for [`--output=type=docker`](#docker). Will automatically load the
single-platform build result to `docker images`.
### Use an external cache source for a build (--cache-from) {#cache-from}
### Secret to expose to the build (--secret) {#secret}
```
--cache-from=[NAME|type=TYPE[,KEY=VALUE]]
--secret=[type=TYPE[,KEY=VALUE]
```
Use an external cache source for a build. Supported types are `registry`,
`local` and `gha`.
Exposes secret to the build. The secret can be used by the build using
[`RUN --mount=type=secret` mount](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#run---mounttypesecret).
- [`registry` source](https://github.com/moby/buildkit#registry-push-image-and-cache-separately)
can import cache from a cache manifest or (special) image configuration on the
registry.
- [`local` source](https://github.com/moby/buildkit#local-directory-1) can
import cache from local files previously exported with `--cache-to`.
- [`gha` source](https://github.com/moby/buildkit#github-actions-cache-experimental)
can import cache from a previously exported cache with `--cache-to` in your
GitHub repository
If `type` is unset it will be detected. Supported types are:
If no type is specified, `registry` exporter is used with a specified reference.
#### `file`
`docker` driver currently only supports importing build cache from the registry.
Attribute keys:
**Examples**
- `id` - ID of the secret. Defaults to basename of the `src` path.
- `src`, `source` - Secret filename. `id` used if unset.
```dockerfile
# syntax=docker/dockerfile:1.3
FROM python:3
RUN pip install awscli
RUN --mount=type=secret,id=aws,target=/root/.aws/credentials \
aws s3 cp s3://... ...
```
```console
$ docker buildx build --cache-from=user/app:cache .
$ docker buildx build --cache-from=user/app .
$ docker buildx build --cache-from=type=registry,ref=user/app .
$ docker buildx build --cache-from=type=local,src=path/to/cache .
$ docker buildx build --cache-from=type=gha .
$ docker buildx build --secret id=aws,src=$HOME/.aws/credentials .
```
More info about cache exporters and available attributes: https://github.com/moby/buildkit#export-cache
#### `env`
### Export build cache to an external cache destination (--cache-to) {#cache-to}
Attribute keys:
- `id` - ID of the secret. Defaults to `env` name.
- `env` - Secret environment variable. `id` used if unset, otherwise will look for `src`, `source` if `id` unset.
```dockerfile
# syntax=docker/dockerfile:1.3
FROM node:alpine
RUN --mount=type=bind,target=. \
--mount=type=secret,id=SECRET_TOKEN \
SECRET_TOKEN=$(cat /run/secrets/SECRET_TOKEN) yarn run test
```
--cache-to=[NAME|type=TYPE[,KEY=VALUE]]
```
Export build cache to an external cache destination. Supported types are
`registry`, `local`, `inline` and `gha`.
- [`registry` type](https://github.com/moby/buildkit#registry-push-image-and-cache-separately) exports build cache to a cache manifest in the registry.
- [`local` type](https://github.com/moby/buildkit#local-directory-1) type
exports cache to a local directory on the client.
- [`inline` type](https://github.com/moby/buildkit#inline-push-image-and-cache-together)
type writes the cache metadata into the image configuration.
- [`gha` type](https://github.com/moby/buildkit#github-actions-cache-experimental)
type exports cache through the [Github Actions Cache service API](https://github.com/tonistiigi/go-actions-cache/blob/master/api.md#authentication).
`docker` driver currently only supports exporting inline cache metadata to image
configuration. Alternatively, `--build-arg BUILDKIT_INLINE_CACHE=1` can be used
to trigger inline cache exporter.
Attribute key:
- `mode` - Specifies how many layers are exported with the cache. `min` on only
exports layers already in the final build stage, `max` exports layers for
all stages. Metadata is always exported for the whole build.
**Examples**
```console
$ docker buildx build --cache-to=user/app:cache .
$ docker buildx build --cache-to=type=inline .
$ docker buildx build --cache-to=type=registry,ref=user/app .
$ docker buildx build --cache-to=type=local,dest=path/to/cache .
$ docker buildx build --cache-to=type=gha .
$ SECRET_TOKEN=token docker buildx build --secret id=SECRET_TOKEN .
```
More info about cache exporters and available attributes: https://github.com/moby/buildkit#export-cache
### Allow extra privileged entitlement (--allow) {#allow}
```
--allow=ENTITLEMENT
```
Allow extra privileged entitlement. List of entitlements:
- `network.host` - Allows executions with host networking.
- `security.insecure` - Allows executions without sandbox. See
[related Dockerfile extensions](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/experimental.md#run---securityinsecuresandbox).
For entitlements to be enabled, the `buildkitd` daemon also needs to allow them
with `--allow-insecure-entitlement` (see [`create --buildkitd-flags`](buildx_create.md#buildkitd-flags))
**Examples**
```console
$ docker buildx create --use --name insecure-builder --buildkitd-flags '--allow-insecure-entitlement security.insecure'
$ docker buildx build --allow security.insecure .
```
### Size of `/dev/shm` (--shm-size) {#shm-size}
### Size of /dev/shm (--shm-size) {#shm-size}
The format is `<number><unit>`. `number` must be greater than `0`. Unit is
optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g`
(gigabytes). If you omit the unit, the system uses bytes.
### SSH agent socket or keys to expose to the build (--ssh) {#ssh}
```
--ssh=default|<id>[=<socket>|<key>[,<key>]]
```
This can be useful when some commands in your Dockerfile need specific SSH
authentication (e.g., cloning a private repository).
`--ssh` exposes SSH agent socket or keys to the build and can be used with the
[`RUN --mount=type=ssh` mount](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#run---mounttypessh).
Example to access Gitlab using an SSH agent socket:
```dockerfile
# syntax=docker/dockerfile:1.3
FROM alpine
RUN apk add --no-cache openssh-client
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
RUN --mount=type=ssh ssh -q -T git@gitlab.com 2>&1 | tee /hello
# "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here
# with the type of build progress is defined as `plain`.
```
```console
$ eval $(ssh-agent)
$ ssh-add ~/.ssh/id_rsa
(Input your passphrase here)
$ docker buildx build --ssh default=$SSH_AUTH_SOCK .
```
### Set ulimits (--ulimit) {#ulimit}
`--ulimit` is specified with a soft and hard limit as such:

78
_data/buildx/docker_buildx_create.yaml
View File

@ -20,6 +20,7 @@ options:
description: Append a node to builder instead of changing it
details_url: '#append'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -29,6 +30,7 @@ options:
default_value: "false"
description: Boot builder after creation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -38,6 +40,7 @@ options:
description: Flags for buildkitd daemon
details_url: '#buildkitd-flags'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -47,6 +50,7 @@ options:
description: BuildKit config file
details_url: '#config'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -57,6 +61,7 @@ options:
Driver to use (available: `docker`, `docker-container`, `kubernetes`)
details_url: '#driver'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -67,6 +72,7 @@ options:
description: Options for the driver
details_url: '#driver-opt'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -77,6 +83,7 @@ options:
description: Remove a node from builder instead of changing it
details_url: '#leave'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -86,6 +93,7 @@ options:
description: Builder instance name
details_url: '#name'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -95,6 +103,7 @@ options:
description: Create/modify node with given name
details_url: '#node'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -105,6 +114,7 @@ options:
description: Fixed platforms for current node
details_url: '#platform'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -115,6 +125,7 @@ options:
description: Set the current builder instance
details_url: '#use'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -124,6 +135,7 @@ inherited_options:
value_type: string
description: Override the configured builder instance
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -135,8 +147,6 @@ examples: |-
existing builder specified by `--name`. Buildx will choose an appropriate node
for a build based on the platforms it supports.
**Examples**
```console
$ docker buildx create mycontext1
eager_beaver
@ -155,8 +165,6 @@ examples: |-
configuration file specified by [`--config`](#config). See `buildkitd --help`
for the available flags.
**Example**
```
--buildkitd-flags '--debug --debugaddr 0.0.0.0:6666'
```
@ -220,46 +228,22 @@ examples: |-
- `docker` - No driver options
- `docker-container`
- `image=IMAGE` - Sets the container image to be used for running buildkit.
- `network=NETMODE` - Sets the network mode for running the buildkit container.
- `cgroup-parent=CGROUP` - Sets the cgroup parent of the buildkit container if docker is using the "cgroupfs" driver. Defaults to `/docker/buildx`.
- `image=IMAGE` - Sets the container image to be used for running buildkit.
- `network=NETMODE` - Sets the network mode for running the buildkit container.
- `cgroup-parent=CGROUP` - Sets the cgroup parent of the buildkit container if docker is using the "cgroupfs" driver. Defaults to `/docker/buildx`.
- `kubernetes`
- `image=IMAGE` - Sets the container image to be used for running buildkit.
- `namespace=NS` - Sets the Kubernetes namespace. Defaults to the current namespace.
- `replicas=N` - Sets the number of `Pod` replicas. Defaults to 1.
- `requests.cpu` - Sets the request CPU value specified in units of Kubernetes CPU. Example `requests.cpu=100m`, `requests.cpu=2`
- `requests.memory` - Sets the request memory value specified in bytes or with a valid suffix. Example `requests.memory=500Mi`, `requests.memory=4G`
- `limits.cpu` - Sets the limit CPU value specified in units of Kubernetes CPU. Example `limits.cpu=100m`, `limits.cpu=2`
- `limits.memory` - Sets the limit memory value specified in bytes or with a valid suffix. Example `limits.memory=500Mi`, `limits.memory=4G`
- `nodeselector="label1=value1,label2=value2"` - Sets the kv of `Pod` nodeSelector. No Defaults. Example `nodeselector=kubernetes.io/arch=arm64`
- `rootless=(true|false)` - Run the container as a non-root user without `securityContext.privileged`. [Using Ubuntu host kernel is recommended](https://github.com/moby/buildkit/blob/master/docs/rootless.md). Defaults to false.
- `loadbalance=(sticky|random)` - Load-balancing strategy. If set to "sticky", the pod is chosen using the hash of the context path. Defaults to "sticky"
- `qemu.install=(true|false)` - Install QEMU emulation for multi platforms support.
- `qemu.image=IMAGE` - Sets the QEMU emulation image. Defaults to `tonistiigi/binfmt:latest`
**Examples**
#### Use a custom network
```console
$ docker network create foonet
$ docker buildx create --name builder --driver docker-container --driver-opt network=foonet --use
$ docker buildx inspect --bootstrap
$ docker inspect buildx_buildkit_builder0 --format={{.NetworkSettings.Networks}}
map[foonet:0xc00018c0c0]
```
#### OpenTelemetry support
To capture the trace to [Jaeger](https://github.com/jaegertracing/jaeger), set
`JAEGER_TRACE` environment variable to the collection address using the `driver-opt`:
```console
$ docker run -d --name jaeger -p 6831:6831/udp -p 16686:16686 jaegertracing/all-in-one
$ docker buildx create --name builder --driver docker-container --driver-opt network=host --driver-opt env.JAEGER_TRACE=localhost:6831 --use
$ docker buildx inspect --bootstrap
# buildx command should be traced at http://127.0.0.1:16686/
```
- `image=IMAGE` - Sets the container image to be used for running buildkit.
- `namespace=NS` - Sets the Kubernetes namespace. Defaults to the current namespace.
- `replicas=N` - Sets the number of `Pod` replicas. Defaults to 1.
- `requests.cpu` - Sets the request CPU value specified in units of Kubernetes CPU. Example `requests.cpu=100m`, `requests.cpu=2`
- `requests.memory` - Sets the request memory value specified in bytes or with a valid suffix. Example `requests.memory=500Mi`, `requests.memory=4G`
- `limits.cpu` - Sets the limit CPU value specified in units of Kubernetes CPU. Example `limits.cpu=100m`, `limits.cpu=2`
- `limits.memory` - Sets the limit memory value specified in bytes or with a valid suffix. Example `limits.memory=500Mi`, `limits.memory=4G`
- `nodeselector="label1=value1,label2=value2"` - Sets the kv of `Pod` nodeSelector. No Defaults. Example `nodeselector=kubernetes.io/arch=arm64`
- `rootless=(true|false)` - Run the container as a non-root user without `securityContext.privileged`. [Using Ubuntu host kernel is recommended](https://github.com/moby/buildkit/blob/master/docs/rootless.md). Defaults to false.
- `loadbalance=(sticky|random)` - Load-balancing strategy. If set to "sticky", the pod is chosen using the hash of the context path. Defaults to "sticky"
- `qemu.install=(true|false)` - Install QEMU emulation for multi platforms support.
- `qemu.image=IMAGE` - Sets the QEMU emulation image. Defaults to `tonistiigi/binfmt:latest`
### Remove a node from a builder (--leave) {#leave}
@ -267,8 +251,6 @@ examples: |-
builder. The builder needs to be specified with `--name` and node that is removed
is set with `--node`.
**Examples**
```console
$ docker buildx create --name mybuilder --node mybuilder0 --leave
```
@ -292,7 +274,7 @@ examples: |-
none is specified, it is the name of the builder it belongs to, with an index
number suffix.
### Set the platforms supported by the node {#platform}
### Set the platforms supported by the node (--platform) {#platform}
```
--platform PLATFORMS
@ -304,14 +286,12 @@ examples: |-
priority over the detected ones and can be used when multiple nodes support
building for the same platform.
**Examples**
```console
$ docker buildx create --platform linux/amd64
$ docker buildx create --platform linux/arm64,linux/arm/v8
```
### Automatically switch to the newly created builder {#use}
### Automatically switch to the newly created builder (--use) {#use}
The `--use` flag automatically switches the current builder to the newly created
one. Equivalent to running `docker buildx use $(docker buildx create ...)`.

3
_data/buildx/docker_buildx_du.yaml
View File

@ -9,6 +9,7 @@ options:
value_type: filter
description: Provide filter values
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -18,6 +19,7 @@ options:
default_value: "false"
description: Provide a more verbose output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -28,6 +30,7 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

1
_data/buildx/docker_buildx_imagetools.yaml
View File

@ -17,6 +17,7 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

18
_data/buildx/docker_buildx_imagetools_create.yaml
View File

@ -1,9 +1,6 @@
command: docker buildx imagetools create
short: Create a new image based on source images
long: |-
Imagetools contains commands for working with manifest lists in the registry.
These commands are useful for inspecting multi-platform build results.
Create a new manifest list based on source manifests. The source manifests can
be manifest lists or single platform distribution manifests and must already
exist in the registry where the new manifest is created. If only one source is
@ -18,6 +15,7 @@ options:
description: Append to existing manifest
details_url: '#append'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -28,6 +26,7 @@ options:
description: Show final image instead of pushing
details_url: '#dry-run'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -39,6 +38,7 @@ options:
description: Read source descriptor from file
details_url: '#file'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -50,6 +50,7 @@ options:
description: Set reference for new image
details_url: '#tag'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -60,6 +61,7 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -90,16 +92,15 @@ examples: |-
In order to define annotations or additional platform properties like `os.version` and
`os.features` you need to add them in the OCI descriptor object encoded in JSON.
```
docker buildx imagetools inspect --raw alpine | jq '.manifests[0] | .platform."os.version"="10.1"' > descr.json
docker buildx imagetools create -f descr.json myuser/image
```console
$ docker buildx imagetools inspect --raw alpine | jq '.manifests[0] | .platform."os.version"="10.1"' > descr.json
$ docker buildx imagetools create -f descr.json myuser/image
```
The descriptor in the file is merged with existing descriptor in the registry if it exists.
The supported fields for the descriptor are defined in [OCI spec](https://github.com/opencontainers/image-spec/blob/master/descriptor.md#properties) .
### Set reference for new image (-t, --tag) {#tag}
```
@ -108,11 +109,8 @@ examples: |-
Use the `-t` or `--tag` flag to set the name of the image to be created.
**Examples**
```console
$ docker buildx imagetools create --dry-run alpine@sha256:5c40b3c27b9f13c873fefb2139765c56ce97fd50230f1f2d5c91e55dec171907 sha256:c4ba6347b0e4258ce6a6de2401619316f982b7bcc529f73d2a410d0097730204
$ docker buildx imagetools create -t tonistiigi/myapp -f image1 -f image2
```
deprecated: false

615
_data/buildx/docker_buildx_imagetools_inspect.yaml
View File

@ -1,37 +1,65 @@
command: docker buildx imagetools inspect
short: Show details of image in the registry
short: Show details of an image in the registry
long: |-
Show details of image in the registry.
Example:
Show details of an image in the registry.
```console
$ docker buildx imagetools inspect alpine
Name: docker.io/library/alpine:latest
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest: sha256:28ef97b8686a0b5399129e9b763d5b7e5ff03576aa5580d6f4182a49c5fe1913
Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300
Manifests:
Name: docker.io/library/alpine:latest@sha256:5c40b3c27b9f13c873fefb2139765c56ce97fd50230f1f2d5c91e55dec171907
Name: docker.io/library/alpine:latest@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/amd64
Name: docker.io/library/alpine:latest@sha256:c4ba6347b0e4258ce6a6de2401619316f982b7bcc529f73d2a410d0097730204
Name: docker.io/library/alpine:latest@sha256:e047bc2af17934d38c5a7fa9f46d443f1de3a7675546402592ef805cfa929f9d
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm/v6
...
Name: docker.io/library/alpine:latest@sha256:8483ecd016885d8dba70426fda133c30466f661bb041490d525658f1aac73822
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm/v7
Name: docker.io/library/alpine:latest@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm64/v8
Name: docker.io/library/alpine:latest@sha256:2689e157117d2da668ad4699549e55eba1ceb79cb7862368b30919f0488213f4
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/386
Name: docker.io/library/alpine:latest@sha256:2042a492bcdd847a01cd7f119cd48caa180da696ed2aedd085001a78664407d6
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/ppc64le
Name: docker.io/library/alpine:latest@sha256:49e322ab6690e73a4909f787bcbdb873631264ff4a108cddfd9f9c249ba1d58e
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/s390x
```
usage: docker buildx imagetools inspect [OPTIONS] NAME
pname: docker buildx imagetools
plink: docker_buildx_imagetools.yaml
options:
- option: format
value_type: string
default_value: '`{{.Manifest}}`'
description: Format the output using the given Go template
details_url: '#format'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: raw
value_type: bool
default_value: "false"
description: Show original JSON manifest
description: Show original, unformatted JSON manifest
details_url: '#raw'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -42,6 +70,7 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -51,10 +80,572 @@ examples: |-
Same as [`buildx --builder`](buildx.md#builder).
### Format the output (--format) {#format}
Format the output using the given Go template. Defaults to `{{.Manifest}}` if
unset. Following fields are available:
* `.Name`: provides the reference of the image
* `.Manifest`: provides the manifest or manifest list
* `.Image`: provides the image config
* `.BuildInfo`: provides [build info from image config](https://github.com/moby/buildkit/blob/master/docs/build-repro.md#image-config)
#### `.Name`
```console
$ docker buildx imagetools inspect alpine --format "{{.Name}}"
Name: docker.io/library/alpine:latest
```
#### `.Manifest`
```console
$ docker buildx imagetools inspect crazymax/loop --format "{{.Manifest}}"
Name: docker.io/crazymax/loop:latest
MediaType: application/vnd.docker.distribution.manifest.v2+json
Digest: sha256:08602e7340970e92bde5e0a2e887c1fde4d9ae753d1e05efb4c8ef3b609f97f1
```
```console
$ docker buildx imagetools inspect moby/buildkit:master --format "{{.Manifest}}"
Name: docker.io/moby/buildkit:master
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest: sha256:3183f7ce54d1efb44c34b84f428ae10aaf141e553c6b52a7ff44cc7083a05a66
Manifests:
Name: docker.io/moby/buildkit:master@sha256:667d28c9fb33820ce686887a717a148e89fa77f9097f9352996bbcce99d352b1
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/amd64
Name: docker.io/moby/buildkit:master@sha256:71789527b64ab3d7b3de01d364b449cd7f7a3da758218fbf73b9c9aae05a6775
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm/v7
Name: docker.io/moby/buildkit:master@sha256:fb64667e1ce6ab0d05478f3a8402af07b27737598dcf9a510fb1d792b13a66be
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/arm64
Name: docker.io/moby/buildkit:master@sha256:1c3ddf95a0788e23f72f25800c05abc4458946685e2b66788c3d978cde6da92b
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/s390x
Name: docker.io/moby/buildkit:master@sha256:05bcde6d460a284e5bc88026cd070277e8380355de3126cbc8fe8a452708c6b1
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/ppc64le
Name: docker.io/moby/buildkit:master@sha256:c04c57765304ab84f4f9807fff3e11605c3a60e16435c734b02c723680f6bd6e
MediaType: application/vnd.docker.distribution.manifest.v2+json
Platform: linux/riscv64
```
#### `.BuildInfo`
```console
$ docker buildx imagetools inspect crazymax/buildx:buildinfo --format "{{.BuildInfo}}"
Name: docker.io/crazymax/buildx:buildinfo
Frontend: dockerfile.v0
Attrs:
filename: Dockerfile
source: docker/dockerfile-upstream:master-labs
build-arg:bar: foo
build-arg:foo: bar
Sources:
Type: docker-image
Ref: docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0
Pin: sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0
Type: docker-image
Ref: docker.io/library/alpine:3.13
Pin: sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c
Type: docker-image
Ref: docker.io/moby/buildkit:v0.9.0
Pin: sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab
Type: docker-image
Ref: docker.io/tonistiigi/xx@sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04
Pin: sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04
Type: http
Ref: https://raw.githubusercontent.com/moby/moby/master/README.md
Pin: sha256:419455202b0ef97e480d7f8199b26a721a417818bc0e2d106975f74323f25e6c
```
#### JSON output
A `json` go template func is also available if you want to render fields as
JSON bytes:
```console
$ docker buildx imagetools inspect crazymax/loop --format "{{json .Manifest}}"
```
```json
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:08602e7340970e92bde5e0a2e887c1fde4d9ae753d1e05efb4c8ef3b609f97f1",
"size": 949
}
```
```console
$ docker buildx imagetools inspect moby/buildkit:master --format "{{json .Manifest}}"
```
```json
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:79d97f205e2799d99a3a8ae2a1ef17acb331e11784262c3faada847dc6972c52",
"size": 2010,
"manifests": [
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:bd1e78f06de26610fadf4eb9d04b1a45a545799d6342701726e952cc0c11c912",
"size": 1158,
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:d37dcced63ec0965824fca644f0ac9efad8569434ec15b4c83adfcb3dcfc743b",
"size": 1158,
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v7"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:ce142eb2255e6af46f2809e159fd03081697c7605a3de03b9cbe9a52ddb244bf",
"size": 1158,
"platform": {
"architecture": "arm64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:f59bfb5062fff76ce464bfa4e25ebaaaac887d6818238e119d68613c456d360c",
"size": 1158,
"platform": {
"architecture": "s390x",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:cc96426e0c50a78105d5637d31356db5dd6ec594f21b24276e534a32da09645c",
"size": 1159,
"platform": {
"architecture": "ppc64le",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:39f9c1e2878e6c333acb23187d6b205ce82ed934c60da326cb2c698192631478",
"size": 1158,
"platform": {
"architecture": "riscv64",
"os": "linux"
}
}
]
}
```
```console
$ docker buildx imagetools inspect crazymax/buildx:buildinfo --format "{{json .BuildInfo}}"
```
```json
{
"frontend": "dockerfile.v0",
"attrs": {
"build-arg:bar": "foo",
"build-arg:foo": "bar",
"filename": "Dockerfile",
"source": "crazymax/dockerfile:buildattrs"
},
"sources": [
{
"type": "docker-image",
"ref": "docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0",
"pin": "sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0"
},
{
"type": "docker-image",
"ref": "docker.io/library/alpine:3.13@sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c",
"pin": "sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c"
},
{
"type": "docker-image",
"ref": "docker.io/moby/buildkit:v0.9.0@sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab",
"pin": "sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab"
},
{
"type": "docker-image",
"ref": "docker.io/tonistiigi/xx@sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04",
"pin": "sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04"
},
{
"type": "http",
"ref": "https://raw.githubusercontent.com/moby/moby/master/README.md",
"pin": "sha256:419455202b0ef97e480d7f8199b26a721a417818bc0e2d106975f74323f25e6c"
}
]
}
```
```console
$ docker buildx imagetools inspect crazymax/buildx:buildinfo --format "{{json .}}"
```
```json
{
"name": "crazymax/buildx:buildinfo",
"manifest": {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:899d2c7acbc124d406820857bb51d9089717bbe4e22b97eb4bc5789e99f09f83",
"size": 2628
},
"image": {
"created": "2022-02-24T12:27:43.627154558Z",
"architecture": "amd64",
"os": "linux",
"config": {
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"DOCKER_TLS_CERTDIR=/certs",
"DOCKER_CLI_EXPERIMENTAL=enabled"
],
"Entrypoint": [
"docker-entrypoint.sh"
],
"Cmd": [
"sh"
]
},
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:7fcb75871b2101082203959c83514ac8a9f4ecfee77a0fe9aa73bbe56afdf1b4",
"sha256:d3c0b963ff5684160641f936d6a4aa14efc8ff27b6edac255c07f2d03ff92e82",
"sha256:3f8d78f13fa9b1f35d3bc3f1351d03a027c38018c37baca73f93eecdea17f244",
"sha256:8e6eb1137b182ae0c3f5d40ca46341fda2eaeeeb5fa516a9a2bf96171238e2e0",
"sha256:fde4c869a56b54dd76d7352ddaa813fd96202bda30b9dceb2c2f2ad22fa2e6ce",
"sha256:52025823edb284321af7846419899234b3c66219bf06061692b709875ed0760f",
"sha256:50adb5982dbf6126c7cf279ac3181d1e39fc9116b610b947a3dadae6f7e7c5bc",
"sha256:9801c319e1c66c5d295e78b2d3e80547e73c7e3c63a4b71e97c8ca357224af24",
"sha256:dfbfac44d5d228c49b42194c8a2f470abd6916d072f612a6fb14318e94fde8ae",
"sha256:3dfb74e19dedf61568b917c19b0fd3ee4580870027ca0b6054baf239855d1322",
"sha256:b182e707c23e4f19be73f9022a99d2d1ca7bf1ca8f280d40e4d1c10a6f51550e"
]
},
"history": [
{
"created": "2021-11-12T17:19:58.698676655Z",
"created_by": "/bin/sh -c #(nop) ADD file:5a707b9d6cb5fff532e4c2141bc35707593f21da5528c9e71ae2ddb6ba4a4eb6 in / "
},
{
"created": "2021-11-12T17:19:58.948920855Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]",
"empty_layer": true
},
{
"created": "2022-02-24T12:27:38.285594601Z",
"created_by": "RUN /bin/sh -c apk --update --no-cache add bash ca-certificates openssh-client \u0026\u0026 rm -rf /tmp/* /var/cache/apk/* # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:41.061874167Z",
"created_by": "COPY /opt/docker/ /usr/local/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:41.174098947Z",
"created_by": "COPY /usr/bin/buildctl /usr/local/bin/buildctl # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:41.320343683Z",
"created_by": "COPY /usr/bin/buildkit* /usr/local/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:41.447149933Z",
"created_by": "COPY /buildx /usr/libexec/docker/cli-plugins/docker-buildx # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.057722191Z",
"created_by": "COPY /opt/docker-compose /usr/libexec/docker/cli-plugins/docker-compose # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.145224134Z",
"created_by": "ADD https://raw.githubusercontent.com/moby/moby/master/README.md / # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.422212427Z",
"created_by": "ENV DOCKER_TLS_CERTDIR=/certs",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2022-02-24T12:27:43.422212427Z",
"created_by": "ENV DOCKER_CLI_EXPERIMENTAL=enabled",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2022-02-24T12:27:43.422212427Z",
"created_by": "RUN /bin/sh -c docker --version \u0026\u0026 buildkitd --version \u0026\u0026 buildctl --version \u0026\u0026 docker buildx version \u0026\u0026 docker compose version \u0026\u0026 mkdir /certs /certs/client \u0026\u0026 chmod 1777 /certs /certs/client # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.514320155Z",
"created_by": "COPY rootfs/modprobe.sh /usr/local/bin/modprobe # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.627154558Z",
"created_by": "COPY rootfs/docker-entrypoint.sh /usr/local/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T12:27:43.627154558Z",
"created_by": "ENTRYPOINT [\"docker-entrypoint.sh\"]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2022-02-24T12:27:43.627154558Z",
"created_by": "CMD [\"sh\"]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
}
]
},
"buildinfo": {
"frontend": "dockerfile.v0",
"attrs": {
"build-arg:bar": "foo",
"build-arg:foo": "bar",
"filename": "Dockerfile",
"source": "docker/dockerfile-upstream:master-labs"
},
"sources": [
{
"type": "docker-image",
"ref": "docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0",
"pin": "sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0"
},
{
"type": "docker-image",
"ref": "docker.io/library/alpine:3.13",
"pin": "sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c"
},
{
"type": "docker-image",
"ref": "docker.io/moby/buildkit:v0.9.0",
"pin": "sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab"
},
{
"type": "docker-image",
"ref": "docker.io/tonistiigi/xx@sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04",
"pin": "sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04"
},
{
"type": "http",
"ref": "https://raw.githubusercontent.com/moby/moby/master/README.md",
"pin": "sha256:419455202b0ef97e480d7f8199b26a721a417818bc0e2d106975f74323f25e6c"
}
]
}
}
```
#### Multi-platform
Multi-platform images are supported for `.Image` and `.BuildInfo` fields. If
you want to pick up a specific platform, you can specify it using the `index`
go template function:
```console
$ docker buildx imagetools inspect --format '{{json (index .Image "linux/s390x")}}' moby/buildkit:master
```
```json
{
"created": "2022-02-25T17:13:27.89891722Z",
"architecture": "s390x",
"os": "linux",
"config": {
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Entrypoint": [
"buildkitd"
],
"Volumes": {
"/var/lib/buildkit": {}
}
},
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:41048e32d0684349141cf05f629c5fc3c5915d1f3426b66dbb8953a540e01e1e",
"sha256:2651209b9208fff6c053bc3c17353cb07874e50f1a9bc96d6afd03aef63de76a",
"sha256:6741ed7e73039d853fa8902246a4c7e8bf9dd09652fd1b08251bc5f9e8876a7f",
"sha256:92ac046adeeb65c86ae3f0b458dee04ad4a462e417661c04d77642c66494f69b"
]
},
"history": [
{
"created": "2021-11-24T20:41:23.709681315Z",
"created_by": "/bin/sh -c #(nop) ADD file:cd24c711a2ef431b3ff94f9a02bfc42f159bc60de1d0eceecafea4e8af02441d in / "
},
{
"created": "2021-11-24T20:41:23.94211262Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]",
"empty_layer": true
},
{
"created": "2022-01-26T18:15:21.449825391Z",
"created_by": "RUN /bin/sh -c apk add --no-cache fuse3 git openssh pigz xz \u0026\u0026 ln -s fusermount3 /usr/bin/fusermount # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-24T00:34:00.924540012Z",
"created_by": "COPY examples/buildctl-daemonless/buildctl-daemonless.sh /usr/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-25T17:13:27.89891722Z",
"created_by": "VOLUME [/var/lib/buildkit]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2022-02-25T17:13:27.89891722Z",
"created_by": "COPY / /usr/bin/ # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2022-02-25T17:13:27.89891722Z",
"created_by": "ENTRYPOINT [\"buildkitd\"]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
}
]
}
```
### Show original, unformatted JSON manifest (--raw) {#raw}
Use the `--raw` option to print the original JSON bytes instead of the formatted
output.
Use the `--raw` option to print the unformatted JSON manifest bytes.
> `jq` is used here to get a better rendering of the output result.
```console
$ docker buildx imagetools inspect --raw crazymax/loop | jq
```
```json
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"schemaVersion": 2,
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"digest": "sha256:7ace7d324e79b360b2db8b820d83081863d96d22e734cdf297a8e7fd83f6ceb3",
"size": 2298
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:5843afab387455b37944e709ee8c78d7520df80f8d01cf7f861aae63beeddb6b",
"size": 2811478
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:726d3732a87e1c430d67e8969de6b222a889d45e045ebae1a008a37ba38f3b1f",
"size": 1776812
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:5d7cf9b33148a8f220c84f27dd2cfae46aca019a3ea3fbf7274f6d6dbfae8f3b",
"size": 382855
}
]
}
```
```console
$ docker buildx imagetools inspect --raw moby/buildkit:master | jq
```
```json
{
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"schemaVersion": 2,
"manifests": [
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:667d28c9fb33820ce686887a717a148e89fa77f9097f9352996bbcce99d352b1",
"size": 1158,
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:71789527b64ab3d7b3de01d364b449cd7f7a3da758218fbf73b9c9aae05a6775",
"size": 1158,
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v7"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:fb64667e1ce6ab0d05478f3a8402af07b27737598dcf9a510fb1d792b13a66be",
"size": 1158,
"platform": {
"architecture": "arm64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:1c3ddf95a0788e23f72f25800c05abc4458946685e2b66788c3d978cde6da92b",
"size": 1158,
"platform": {
"architecture": "s390x",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:05bcde6d460a284e5bc88026cd070277e8380355de3126cbc8fe8a452708c6b1",
"size": 1159,
"platform": {
"architecture": "ppc64le",
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:c04c57765304ab84f4f9807fff3e11605c3a60e16435c734b02c723680f6bd6e",
"size": 1158,
"platform": {
"architecture": "riscv64",
"os": "linux"
}
}
]
}
```
deprecated: false
experimental: false
experimentalcli: false

2
_data/buildx/docker_buildx_inspect.yaml
View File

@ -11,6 +11,7 @@ options:
description: Ensure builder has booted before inspecting
details_url: '#bootstrap'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -21,6 +22,7 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

1
_data/buildx/docker_buildx_install.yaml
View File

@ -9,6 +9,7 @@ inherited_options:
value_type: string
description: Override the configured builder instance
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

8
_data/buildx/docker_buildx_ls.yaml
View File

@ -3,21 +3,20 @@ short: List builder instances
long: |-
Lists all builder instances and the nodes for each instance
**Example**
```console
$ docker buildx ls
NAME/NODE DRIVER/ENDPOINT STATUS PLATFORMS
elated_tesla * docker-container
elated_tesla0 unix:///var/run/docker.sock running linux/amd64
elated_tesla1 ssh://ubuntu@1.2.3.4 running linux/arm64, linux/arm/v7, linux/arm/v6
elated_tesla1 ssh://ubuntu@1.2.3.4 running linux/arm64*, linux/arm/v7, linux/arm/v6
default docker
default default running linux/amd64
```
Each builder has one or more nodes associated with it. The current builder's
name is marked with a `*`.
name is marked with a `*` in `NAME/NODE` and explicit node to build against for
the target platform marked with a `*` in the `PLATFORMS` column.
usage: docker buildx ls
pname: docker buildx
plink: docker_buildx.yaml
@ -26,6 +25,7 @@ inherited_options:
value_type: string
description: Override the configured builder instance
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

6
_data/buildx/docker_buildx_prune.yaml
View File

@ -11,6 +11,7 @@ options:
default_value: "false"
description: Remove all unused images, not just dangling ones
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -19,6 +20,7 @@ options:
value_type: filter
description: Provide filter values (e.g., `until=24h`)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -29,6 +31,7 @@ options:
default_value: "false"
description: Do not prompt for confirmation
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -38,6 +41,7 @@ options:
default_value: "0"
description: Amount of disk space to keep for cache
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -47,6 +51,7 @@ options:
default_value: "false"
description: Provide a more verbose output
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -57,6 +62,7 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

58
_data/buildx/docker_buildx_rm.yaml
View File

@ -7,12 +7,47 @@ usage: docker buildx rm [NAME]
pname: docker buildx
plink: docker_buildx.yaml
options:
- option: all-inactive
value_type: bool
default_value: "false"
description: Remove all inactive builders
details_url: '#all-inactive'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: force
shorthand: f
value_type: bool
default_value: "false"
description: Do not prompt for confirmation
details_url: '#force'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: keep-daemon
value_type: bool
default_value: "false"
description: Keep the buildkitd daemon running
details_url: '#keep-daemon'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: keep-state
value_type: bool
default_value: "false"
description: Keep BuildKit state
details_url: '#keep-state'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -23,15 +58,38 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### Remove all inactive builders (--all-inactive) {#all-inactive}
Remove builders that are not in running state.
```console
$ docker buildx rm --all-inactive
WARNING! This will remove all builders that are not in running state. Are you sure you want to continue? [y/N] y
```
### Override the configured builder instance (--builder) {#builder}
Same as [`buildx --builder`](buildx.md#builder).
### Do not prompt for confirmation (--force) {#force}
Do not prompt for confirmation before removing inactive builders.
```console
$ docker buildx rm --all-inactive --force
```
### Keep the buildkitd daemon running (--keep-daemon) {#keep-daemon}
Keep the buildkitd daemon running after the buildx context is removed. This is useful when you manage buildkitd daemons and buildx contexts independently.
Currently, only supported by the [`docker-container` and `kubernetes` drivers](buildx_create.md#driver).
### Keep BuildKit state (--keep-state) {#keep-state}
Keep BuildKit state, so it can be reused by a new builder with the same name.

1
_data/buildx/docker_buildx_stop.yaml
View File

@ -12,6 +12,7 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

1
_data/buildx/docker_buildx_uninstall.yaml
View File

@ -9,6 +9,7 @@ inherited_options:
value_type: string
description: Override the configured builder instance
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

3
_data/buildx/docker_buildx_use.yaml
View File

@ -13,6 +13,7 @@ options:
default_value: "false"
description: Set builder as default for current context
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -22,6 +23,7 @@ options:
default_value: "false"
description: Builder persists context changes
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
@ -32,6 +34,7 @@ inherited_options:
description: Override the configured builder instance
details_url: '#builder'
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false

17
_data/buildx/docker_buildx_version.yaml
View File

@ -1,6 +1,12 @@
command: docker buildx version
short: Show buildx version information
long: Show buildx version information
long: |-
View version information
```console
$ docker buildx version
github.com/docker/buildx v0.5.1-docker 11057da37336192bfc57d81e02359ba7ba848e4a
```
usage: docker buildx version
pname: docker buildx
plink: docker_buildx.yaml
@ -9,18 +15,11 @@ inherited_options:
value_type: string
description: Override the configured builder instance
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
examples: |-
### View version information
```console
$ docker buildx version
github.com/docker/buildx v0.5.1-docker 11057da37336192bfc57d81e02359ba7ba848e4a
```
deprecated: false
experimental: false
experimentalcli: false

BIN
desktop/mac/images/whale-x.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 568 B

After

Width:  |  Height:  |  Size: 33 KiB

64
desktop/mac/index.md
View File

@ -93,6 +93,8 @@ File share settings are:
- **Add a Directory**: Click `+` and navigate to the directory you want to add.
- **Remove a Directory**: Click `-` next to the directory you want to remove
- **Apply & Restart** makes the directory available to containers using Docker's
bind mount (`-v`) feature.
@ -132,6 +134,8 @@ propagates these to Docker. For example, if you set your
proxy settings to `http://proxy.example.com`, Docker uses this proxy when
pulling containers.
If you want to configure proxies manually, turn on the **Manual proxy configuration** setting.
Your proxy settings, however, will not be propagated into the containers you start.
If you wish to set the proxy settings for your containers, you need to define
environment variables for them, just like you would do on Linux, for example:
@ -162,56 +166,40 @@ Type a JSON configuration file in the box to configure the daemon settings. For
Click **Apply & Restart** to save your settings and restart Docker Desktop.
### Command Line
### Experimental Features
On the Command Line page, you can specify whether or not to enable experimental features.
On the **Experimental Features** page, you can specify whether or not to enable experimental features.
{% include experimental.md %}
Experimental features provide early access to future product functionality. These features are intended for testing and feedback only as they may change between releases without warning or can be removed entirely from a future release. Experimental features must not be used in production environments. Docker does not offer support for experimental features.
You can toggle the experimental features on and off in Docker Desktop. If you toggle the experimental features off, Docker Desktop uses the current generally available release of Docker Engine.
#### Enable the new Apple Virtualization framework
You can see whether you are running experimental mode at the command line. If
`Experimental` is `true`, then Docker is running in experimental mode, as shown
here. (If `false`, Experimental mode is off.)
Select **Use the new Virtualization framework** to allow Docker Desktop to use the new `virtualization.framework` instead of the hypervisor.framework. Ensure to reset your Kubernetes cluster when you enable the new Virtualization framework for the first time.
```console
$ docker version
#### Enable VirtioFS
Client: Docker Engine - Community
Version: 19.03.1
API version: 1.40
Go version: go1.12.5
Git commit: 74b1e89
Built: Thu Jul 25 21:18:17 2019
OS/Arch: darwin/amd64
Experimental: true
Docker Desktop for Mac lets developers use a new experimental file-sharing implementation called [virtiofS](https://virtio-fs.gitlab.io/){: target='_blank' rel='noopener' class='_'}; the current default is gRPC-FUSE. virtiofs has been found to significantly improve file sharing performance on macOS. For more details, see our blog post [Speed boost achievement unlocked on Docker Desktop 4.6 for Mac](https://www.docker.com/blog/speed-boost-achievement-unlocked-on-docker-desktop-4-6-for-mac/){:target="_blank" rel="noopener" class="_"}.
Server: Docker Engine - Community
Engine:
Version: 19.03.1
API version: 1.40 (minimum version 1.12)
Go version: go1.12.5
Git commit: 74b1e89
Built: Thu Jul 25 21:17:52 2019
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: v1.2.6
GitCommit: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc:
Version: 1.0.0-rc8
GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f
docker-init:
Version: 0.18.0
GitCommit: fec3683
```
To enable virtioFS:
1. Verify that you are on the following macOS version:
- macOS 12.2 or later (for Apple Silicon)
- macOS 12.3 or later (for Intel)
2. Select **Enable VirtioFS accelerated directory sharing** to enable virtioFS.
3. Click **Apply & Restart**.
### Kubernetes
Docker Desktop includes a standalone Kubernetes server that runs on your Mac, so
that you can test deploying your Docker workloads on Kubernetes. To enable Kubernetes support and install a standalone instance of Kubernetes running as a Docker container, select **Enable Kubernetes**.
For more information about using the Kubernetes integration with Docker Desktop, see [Deploy on Kubernetes](../kubernetes.md){:target="_blank" rel="noopener" class="_"}.
- Select **Show system containers (advanced)** to view internal containers when using Docker commands.
- Select **Reset Kubernetes cluster** to delete all stacks and Kubernetes resources. For more information, see [Kubernetes](../kubernetes.md){:target="_blank" rel="noopener" class="_"}.
- Click **Apply & Restart** for your changes to take effect.
### Reset
@ -230,7 +218,7 @@ The **Software Updates** section notifies you of any updates available to Docker
> Starting with Docker Desktop 4.2.0, the option to turn off the automatic check for updates is available for users on all Docker subscriptions, including Docker Personal and Docker Pro. Update to [Docker Desktop 4.2.0](../mac/release-notes/index.md) to start using this feature.
{: .important}
Turn off the check for updates by clearing the **Automatically Check for Updates** check box. This disables notifications in the Docker menu and also the notification badge that appears on the Docker Dashboard. To check for updates manually, select the **Check for updates** option in the Docker menu.
Turn off the check for updates by clearing the **Automatically check for updates** check box. This disables notifications in the Docker menu and also the notification badge that appears on the Docker Dashboard. To check for updates manually, select the **Check for updates** option in the Docker menu.
To allow Docker Desktop to automatically download new updates in the background, select **Always download updates**. This downloads newer versions of Docker Desktop when an update becomes available. After downloading the update, click **Apply and Restart** to install the update. You can do this either through the Docker menu or in the **Updates** section in the Docker Dashboard.

66
desktop/mac/release-notes/index.md
View File

@ -23,8 +23,8 @@ This page contains information about the new features, improvements, known issue
Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/projects/1){: target="_blank" rel="noopener" class="_"} to see what's coming next.
## Docker Desktop 4.5.0
2022-02-10
## Docker Desktop 4.6.1
2022-03-22
> Download Docker Desktop
>
@ -33,6 +33,67 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro
> chip](https://desktop.docker.com/mac/main/arm64/Docker.dmg?utm_source=docker&utm_medium=webreferral&utm_campaign=docs-driven-download-mac-arm64){:
> .button .primary-btn }
### Upgrades
- [Buildx 0.8.1](https://github.com/docker/buildx/releases/tag/v0.8.1)
### Bug fixes and minor changes
- Fixed diagnostics upload when there is no HTTP proxy set. Fixes [docker/for-mac#6234](https://github.com/docker/for-mac/issues/6234).
- Removed a false positive "vm is not running" error from self-diagnose. Fixes [docker/for-mac#6233](https://github.com/docker/for-mac/issues/6233).
- Prevented spinning in vpnkit-forwarder filling the logs with error messages.
## Docker Desktop 4.6.0
2022-03-14
> Download Docker Desktop
>
> [Mac with Intel chip](https://desktop.docker.com/mac/main/amd64/75818/Docker.dmg) |
> [Mac with Apple chip](https://desktop.docker.com/mac/main/arm64/75818/Docker.dmg)
### Security
- Fixed [CVE-2022-0847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847){: target="_blank" rel="noopener" class="_"}, aka “Dirty Pipe”, an issue that could enable attackers to modify files in container images on the host, from inside a container.
### New
- Docker Desktop 4.6.0 gives macOS users the option of enabling a new experimental file sharing technology called VirtioFS. During testing VirtioFS has been shown to drastically reduce the time taken to sync changes between the host and VM, leading to substantial performance improvements. For more information, see [VirtioFS](../index.md#experimental-features).
- The Docker Dashboard Volume Management feature now offers the ability to efficiently clean up volumes using multi-select checkboxes.
### Upgrades
- [Docker Engine v20.10.13](https://docs.docker.com/engine/release-notes/#201013)
- [Compose v2.3.3](https://github.com/docker/compose/releases/tag/v2.3.3)
- [Buildx 0.8.0](https://github.com/docker/buildx/releases/tag/v0.8.0)
- [containerd v1.4.13](https://github.com/containerd/containerd/releases/tag/v1.4.13)
- [runc v1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3)
- [Go 1.17.8](https://golang.org/doc/go1.17)
- [Linux kernel 5.10.104](https://hub.docker.com/layers/docker/for-desktop-kernel/5.10.104-379cadd2e08e8b25f932380e9fdaab97755357b3/images/sha256-7753b60f4544e5c5eed629d12151a49c8a4b48d98b4fb30e4e65cecc20da484d?context=explore)
- [Qemu 6.2.0](https://wiki.qemu.org/ChangeLog/6.2)
### Bug fixes and minor changes
- Fixed uploading diagnostics when an HTTPS proxy is set.
- Fixed the systray menu not displaying all menu items after starting Docker Desktop. Fixes [docker/for-mac#6192](https://github.com/docker/for-mac/issues/6192).
- Fixed a regression about Docker Desktop not starting in background anymore. Fixes [docker/for-mac#6167](https://github.com/docker/for-mac/issues/6167).
- Fixed missing Docker Desktop Dock icon. Fixes [docker/for-mac#6173](https://github.com/docker/for-mac/issues/6173).
- Made checking for updates from the systray menu open the Software updates settings section.
- Used speed up block device access when using the experimental `virtualization.framework`. See [benchmarks](https://github.com/docker/roadmap/issues/7#issuecomment-1050626886).
- Increased default VM memory allocation to half of physical memory (min 2 GB, max 8 GB) for better out-of-the-box performances.
- Fixed copying text from terminal in Quick Start Guide. Fixes [docker/for-win#12444](https://github.com/docker/for-win/issues/12444).
### Known issues
- After enabling VirtioFS, containers with processes running with different Unix user IDs may experience caching issues. For example if a process running as `root` queries a file and another process running as user `nginx` tries to access the same file immediately, the `nginx` process will get a "Permission Denied" error.
## Docker Desktop 4.5.0
2022-02-10
> Download Docker Desktop
>
> [Mac with Intel chip](https://desktop.docker.com/mac/main/amd64/74594/Docker.dmg) |
> [Mac with Apple chip](https://desktop.docker.com/mac/main/arm64/74594/Docker.dmg)
### Security
- Fixed [CVE-2021-44719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44719){: target="_blank" rel="noopener" class="_"} where Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders.
@ -63,7 +124,6 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro
> [Mac with Intel chip](https://desktop.docker.com/mac/main/amd64/73305/Docker.dmg) |
> [Mac with Apple chip](https://desktop.docker.com/mac/main/arm64/73305/Docker.dmg)
### Security
- Fixed [CVE-2021-45449](https://docs.docker.com/security/#cve-2021-45449) that affects users currently on Docker Desktop version 4.3.0 or 4.3.1.

5
desktop/windows/index.md
View File

@ -192,12 +192,11 @@ Updating these settings requires a reconfiguration and reboot of the Linux VM.
In WSL 2 mode, you can configure which WSL 2 distributions will have the Docker
WSL integration.
By default, the integration will be enabled on your default WSL distribution.
By default, the integration will be enabled on your default WSL distribution.
To change your default WSL distro, run `wsl --set-default <distro name>`. (For example,
to set Ubuntu as your default WSL distro, run `wsl --set-default ubuntu`).
You can also select any additional distributions you would like to enable the WSL 2
integration on.
You can also select any additional distributions you would like to enable the WSL 2 integration on.
For more details on configuring Docker Desktop to use WSL 2, see
[Docker Desktop WSL 2 backend](wsl.md).

57
desktop/windows/release-notes/index.md
View File

@ -23,8 +23,8 @@ This page contains information about the new features, improvements, known issue
Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/projects/1){: target="_blank" rel="noopener" class="_"} to see what's coming next.
## Docker Desktop 4.5.1
2022-02-15
## Docker Desktop 4.6.1
2022-03-22
> Download Docker Desktop
>
@ -32,6 +32,59 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro
> Windows](https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe?utm_source=docker&utm_medium=webreferral&utm_campaign=docs-driven-download-win-amd64){:
> .button .primary-btn }
### Upgrades
- [Buildx 0.8.1](https://github.com/docker/buildx/releases/tag/v0.8.1)
### Bug fixes and minor changes
- Fixed diagnostics upload when there is no HTTP proxy set. Fixes [docker/for-mac#6234](https://github.com/docker/for-mac/issues/6234).
- Removed a false positive "vm is not running" error from self-diagnose. Fixes [docker/for-mac#6233](https://github.com/docker/for-mac/issues/6233).
- Prevented spinning in vpnkit-forwarder filling the logs with error messages.
## Docker Desktop 4.6.0
2022-03-14
> Download Docker Desktop
>
> [For Windows](https://desktop.docker.com/win/main/amd64/75818/Docker%20Desktop%20Installer.exe)
### Security
- Fixed [CVE-2022-0847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847){: target="_blank" rel="noopener" class="_"}, aka “Dirty Pipe”, an issue that could enable attackers to modify files in container images on the host, from inside a container.
- Fixed [CVE-2022-26659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26659){: target="_blank" rel="noopener" class="_"}, which could allow an attacker to overwrite any administrator writable file on the system during the installation or the update of Docker Desktop.
### New
- The Docker Dashboard Volume Management feature now offers the ability to efficiently clean up volumes using multi-select checkboxes.
### Upgrades
- [Docker Engine v20.10.13](https://docs.docker.com/engine/release-notes/#201013)
- [Compose v2.3.3](https://github.com/docker/compose/releases/tag/v2.3.3)
- [Buildx 0.8.0](https://github.com/docker/buildx/releases/tag/v0.8.0)
- [containerd v1.4.13](https://github.com/containerd/containerd/releases/tag/v1.4.13)
- [runc v1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3)
- [Go 1.17.8](https://golang.org/doc/go1.17)
- [Linux kernel 5.10.104](https://hub.docker.com/layers/docker/for-desktop-kernel/5.10.104-379cadd2e08e8b25f932380e9fdaab97755357b3/images/sha256-7753b60f4544e5c5eed629d12151a49c8a4b48d98b4fb30e4e65cecc20da484d?context=explore)
### Bug fixes and minor changes
- Fixed uploading diagnostics when an HTTPS proxy is set.
- Fixed the UI stuck in `starting` state forever although Docker Desktop is working fine from the command line.
- Fixed missing Docker Desktop systray icon [docker/for-win#12573](https://github.com/docker/for-win/issues/12573)
- Made checking for updates from the systray menu open the Software updates settings section.
- Fixed Registry Access Management under WSL 2 with latest 5.10.60.1 kernel.
- Fixed a UI crash when selecting the containers of a Compose application started from a WSL 2 environment. Fixes [docker/for-win#12567](https://github.com/docker/for-win/issues/12567).
- Fixed copying text from terminal in Quick Start Guide. Fixes [docker/for-win#12444](https://github.com/docker/for-win/issues/12444).
## Docker Desktop 4.5.1
2022-02-15
> Download Docker Desktop
>
> [For Windows](https://desktop.docker.com/win/main/amd64/74721/Docker%20Desktop%20Installer.exe)
### Bug fixes and minor changes
- Fixed an issue that caused new installations to default to the Hyper-V backend instead of WSL 2.

3
docker-hub/registry-access-management.md
View File

@ -8,7 +8,7 @@ Registry Access Management is a feature available to organizations with a Docker
> **Note**
>
> Registry Access Management is currently offered as a Tech Preview to a closed group of Docker Business customers.
> Registry Access Management is currently offered as a closed beta to a closed group of Docker Business customers.
{: .important}
## Configure Registry Access Management permissions
@ -60,7 +60,6 @@ Download Docker Desktop 4.5 or a later release.
* Builds such as `docker buildx` using a Kubernetes driver are not restricted
* Builds such as `docker buildx` using a custom docker-container driver are not restricted
* Blocking is DNS-based; you must use a registry's access control mechanisms to distinguish between “push” and “pull”
* You must disable HTTP proxy or use a corporate proxy which also blocks the registries
* WSL 2 requires at least a 5.4 series Linux kernel (this does not apply to earlier Linux kernel series)
* Under the WSL 2 network, traffic from all Linux distributions is restricted (this will be resolved in the updated 5.15 series Linux kernel)

21
engine/release-notes/index.md
View File

@ -22,6 +22,27 @@ for Docker Engine.
# Version 20.10
## 20.10.14
2022-03-23
This release of Docker Engine updates the default inheritable capabilities for
containers to address [CVE-2022-24769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769),
a new version of the `containerd.io` runtime is also included to address the same
issue.
### Daemon
- Update the default inheritable capabilities.
### Builder
- Update the default inheritable capabilities for containers used during build.
### Packaging
- Update containerd (`containerd.io` package) to [v1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11).
- Update `docker buildx` to [v0.8.1](https://github.com/docker/buildx/releases/tag/v0.8.1).
## 20.10.13
2022-03-10

6
go/storage-driver.md Normal file
View File

@ -0,0 +1,6 @@
---
title: Information on how configure storage drivers
description: Instructions for configuring (or switching between) storage-drivers.
keywords: Docker, Engine, Daemon, storage-driver
redirect_to: /storage/storagedriver/select-storage-driver/
---

2
language/java/run-containers.md
View File

@ -143,7 +143,7 @@ $ docker stop trusting_beaver
trusting_beaver
```
Now that our container is stopped, lets remove it. When you remove a container, the process inside the container will be stopped and the metadata for the container will been removed.
Now that our container is stopped, lets remove it. When you remove a container, the process inside the container will be stopped and the metadata for the container will be removed.
To remove a container, simple run the `docker rm` command passing the container name. You can pass multiple container names to the command using a single command. Again, replace the container names in the following command with the container names from your system.

2
language/nodejs/develop.md
View File

@ -86,7 +86,7 @@ $ docker run \
node-docker
```
The `yoda_notes` at the end of the connection string is the desired name for our database.
The `notes` at the end of the connection string is the desired name for our database.
Lets test that our application is connected to the database and is able to add a note.

6
language/nodejs/run-containers.md
View File

@ -14,7 +14,7 @@ Work through the steps to build a Node JS image in [Build your Node image](build
## Overview
In the previous module we created our sample application and then we created a Dockerfile that we used to create an image. We created our image using the command `docker build`. Now that we have an image, we can run that image and see if our application is running correctly.
In the previous module we created our sample application and then we created a Dockerfile that we used to create an image. We created our image using the command `docker build`. Now that we have an image, we can run that image and see if our application is running correctly.
A container is a normal operating system process except that this process is isolated and has its own file system, its own networking, and its own isolated process tree separate from the host.
@ -162,7 +162,7 @@ ec45285c456d node-docker "docker-entrypoint.s…" 31 minutes ag
fb7a41809e5d node-docker "docker-entrypoint.s…" 40 minutes ago Exited (0) 39 minutes ago goofy_khayyam
```
To remove a container, simple run the `docker rm` command passing the container name. You can pass multiple container names to the command in one command.
To remove a container, simply run the `docker rm` command passing the container name. You can pass multiple container names to the command in one command.
Again, make sure you replace the containers names in the below command with the container names from your system.
@ -175,7 +175,7 @@ goofy_khayyam
Run the `docker ps --all` command again to see that all containers are gone.
Now lets address the pesky random name issue. Standard practice is to name your containers for the simple reason that it is easier to identify what is running in the container and what application or service it is associated with. Just like good naming conventions for variables in your code makes it simpler to read. So goes naming your containers.
Now lets address the pesky random name issue. Standard practice is to name your containers for the simple reason that it is easier to identify what is running in the container and what application or service it is associated with. Just like good naming conventions for variables in your code make it simpler to read, so does naming your containers.
To name a container, we just need to pass the `--name` flag to the run command.

24
single-sign-on/faqs.md
View File

@ -39,7 +39,7 @@ You can create a test organization. Companies can set up a new five-seat Busines
### Q: Does SAML authentication require additional attributes?
You must provide an email address as an attribute to authenticate via SAML. The Name attribute is currently optional.
You must provide an email address as an attribute to authenticate through SAML. The Name attribute is currently optional.
### Q: Does the application recognize the NameID/Unique Identifier in the SAMLResponse Subject?
@ -111,7 +111,7 @@ You can add a bot account to your IDP and create an access token for it to repla
### Q: Does Docker plan to release SAML just in time provisioning?
Our SSO implementation is already "just in time". Admins don't have to create users accounts on Hub, they can just enable it on the IdP and have the users log in via their domain email on Hub.
Our SSO implementation is already "just in time". Admins don't have to create users accounts on Hub, they can just enable it on the IdP and have the users log in through their domain email on Hub.
### Q: Will there be IdP initiated logins? Does Docker plan to support SSO logins outside of Hub and Desktop?
@ -123,7 +123,7 @@ Yes, generally bot accounts need to be a seat, similar to a regular end user, ha
### Q: Is it possible to connect Docker Hub directly with a Microsoft Azure Active Directory Group?
Yes, Azure AD is supported with SSO for Docker Business, both via a direct integration and via SAML.
Yes, Azure AD is supported with SSO for Docker Business, both through a direct integration and through SAML.
## Adding domain and domain verification
@ -138,7 +138,7 @@ They can do it one time to add it to a connection. If they ever change idPs and
### Q: Is adding Domain required to configure SSO? What domains should I be adding? And how do I add it?
Adding and verifying Domain is required to enable and enforce SSO. Click Add Domain and specify the email domains that are allowed to authenticate via your server. This should include all email domains users will use to access Docker. Public domains are not permitted, such as gmail.com, outlook.com, etc. Also, the email domain should be set as the primary email.
Adding and verifying Domain is required to enable and enforce SSO. Click Add Domain and specify the email domains that are allowed to authenticate through your server. This should include all email domains users will use to access Docker. Public domains are not permitted, such as gmail.com, outlook.com, etc. Also, the email domain should be set as the primary email.
### Q: If users are using their personal email, do they have to convert to using the Orgs domain before they can be invited to join an Org? Is this just a quick change in their Hub account?
@ -179,7 +179,7 @@ Yes. When SSO is enabled, you can access the Docker CLI through Personal Access
Before enforcing SSO, you must create PATs for automation systems and CI/CD pipelines and use the tokens instead of a password.
### Q: I have a user working on projects within Docker Desktop but authenticated with personal or no email. After they purchase Docker Business licenses, they will implement and enforce SSO via Okta to manage their users. When this user signs on SSO, is their work on DD compromised/impacted with the migration to the new account?
### Q: I have a user working on projects within Docker Desktop but authenticated with personal or no email. After they purchase Docker Business licenses, they will implement and enforce SSO through Okta to manage their users. When this user signs on SSO, is their work on DD compromised/impacted with the migration to the new account?
If they already have their organization email on their account, then it will be migrated to SSO.
@ -191,7 +191,7 @@ SSO enforcement will apply to any domain email user, and automatically add that
Yes, they can choose to not enforce, and users have the option to use either Docker ID (standard email/password) or email address (SSO) at the sign-in screen.
### Q: We have enforced SSO, but one of our users is connected to several organizations (and several email-addresses) and is able to bypass SSO and login via userid and password. Why is this happening?
### Q: We have enforced SSO, but one of our users is connected to several organizations (and several email-addresses) and is able to bypass SSO and login through userid and password. Why is this happening?
They can bypass SSO if the email they are using to log in doesn't match the organization email being used when SSO is enforced.
@ -206,21 +206,21 @@ However, if you **enforce** SSO:
* Service Account domain email addresses must be unaliased and enabled in their IdP
* Username/password and personal access token will still work (but only if they exist, which they won't for new accounts)
* Those who know the IdP credentials can sign in as that Service Account via SSO on Hub and create or change the personal access token for that service account.
* Those who know the IdP credentials can sign in as that Service Account through SSO on Hub and create or change the personal access token for that service account.
## Managing users
### Q: How do I manage users when using SSO?
Users are managed through organizations in Docker Hub. When you configure SSO in Docker, you need to make sure an account exists for each user in your IdP account. When a user signs into Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication.
Users are managed through organizations in Docker Hub. When you configure SSO in Docker, you need to make sure an account exists for each user in your IdP account. When a user signs in to Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication.
### Q: Do I need to manually add users to my organization?
No, you dont need to manually add users to your organization in Docker Hub. You just need to make sure an account for your users exists in your IdP and then invite them to your organization using the Invite Member option in Docker Hub.
No, you dont need to manually add users to your organization in Docker Hub. You just need to make sure an account for your users exists in your IdP. When users sign in to Docker Hub, they're automatically assigned to the organization using their domain email address.
When a user signs into Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication.
### Q: Can users in my organization use different email addresses to authenticate via SSO?
### Q: Can users in my organization use different email addresses to authenticate through SSO?
During the SSO setup, youll have to specify the company email domains that are allowed to authenticate. All users in your organization must authenticate using the email domain specified during SSO setup. Some of your users may want to maintain a different account for their personal projects.
@ -269,9 +269,9 @@ Additionally, you can use our APIs to complete this process.
Admins in the Owners group in the orgs can invite users through Docker Hub UI, by email address (for any user) or by Docker ID (assuming the user has created a user account on Hub already).
### Q: If we add a user manually for the first time, can I register in the dashboard and will the user get an invitation link via email? For example, max.mustermann@zeiss.com.
### Q: If we add a user manually for the first time, can I register in the dashboard and will the user get an invitation link through email?
Yes, if the user is added via email address to an org, they will receive an email invite. If invited via docker ID as an existing user instead, they'll be added to the organization automatically. We'll be adding a new invite flow in the near future that will require an email invite in this situation as well (so the user can choose to opt out). If the org later sets up SSO for [zeiss.com](https://www.zeiss.com/) domain, the user will automatically be added to the domain SSO org next sign in which requires SSO auth with the identity provider (Hub login will automatically redirect to the identity provider).
Yes, if the user is added through email address to an org, they will receive an email invite. If invited through docker ID as an existing user instead, they'll be added to the organization automatically. We'll be adding a new invite flow in the near future that will require an email invite in this situation as well (so the user can choose to opt out). If the org later sets up SSO for [zeiss.com](https://www.zeiss.com/) domain, the user will automatically be added to the domain SSO org next sign in which requires SSO auth with the identity provider (Hub login will automatically redirect to the identity provider).
### Q: Can someone join the organization without an invitation? Is it possible to put specific users to an organization with existing email accounts?

18
single-sign-on/index.md
View File

@ -3,11 +3,11 @@ description: Single Sign-on
keywords: Single Sign-on, SSO, sign-on
title: Configure Single Sign-on
---
This section is for administrators who want to enable Docker Single Sign-on (SSO) for their businesses. Docker SSO allows users to authenticate using their identity providers (IdPs) to access Docker. Docker currently supports SAML 2.0 and Azure AD IdPs through Auth0. You can enable SSO on organization's that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](../subscription/upgrade/){:target="blank" rel="noopener" class=""}.
This section is for administrators who want to enable Docker Single Sign-on (SSO) for their businesses. Docker SSO allows users to authenticate using their identity providers (IdPs) to access Docker. Docker currently supports SAML 2.0 and Azure AD authentication methods. You can enable SSO on organizations that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](../subscription/upgrade/){:target="blank" rel="noopener" class=""}.
When SSO is enabled, users are redirected to your providers authentication page to authenticate using SSO. They cannot authenticate using their personal login credentials (Docker ID and password). Docker currently supports Service Provider Initiated SSO flow. Your users must sign into Docker Hub or Docker Desktop to initiate the SSO authentication process.
When SSO is enabled, users are redirected to your providers authentication page to log in. They cannot authenticate using their Docker login credentials (Docker ID and password). Docker currently supports Service Provider Initiated SSO flow. Your users must sign into Docker Hub or Docker Desktop to initiate the SSO authentication process.
Before enabling SSO in Docker Hub, administrators must work with their identity provider to configure their IdP to work with Docker Hub. Docker provides the Assertion Consumer Service (ACS) URL and the Entity ID. Administrators use this information to establish a connection between their IdP server and Docker Hub.
Before enabling SSO in Docker Hub, administrators must configure their identity provider to configure their IdP to work with Docker Hub. Docker provides the Assertion Consumer Service (ACS) URL and the Entity ID. Administrators use this information to establish a connection between their IdP server and Docker Hub.
After establishing the connection between the IdP server and Docker Hub, administrators log into the organization in Docker Hub and complete the SSO enablement process. See the section **Enable SSO in Docker Hub** for detailed instructions.
@ -16,7 +16,7 @@ To enable SSO in Docker Hub, you need the following information from your identi
* **SAML 2.0**: Single Sign-On URL and the X.509 signing certificate
* **Azure AD**: Client ID (a unique identifier for your registered AD application), Client Secret (a string used to gain access to your registered Azure AD application), and AD Domain details
We currently support enabling SSO on a single organization. However, we do not support single logout. If you have any users in your organization with a different domain (including social domains), they will be added to the organization as guests.
We currently support enabling SSO on a single organization. However, we do not support single logout. If you have any users in your organization with a different domain (including social domains), they will be added to the organization as guests. Guests will continue to authenticate through Docker with their Docker login credentials (Docker ID and password).
## Prerequisites
@ -109,7 +109,7 @@ The following video walks you through the process of configuring SSO.
### Domain control
Click **Add Domain** and specify the corporate domain youd like to manage with SSO. Domains should be formatted without protocol or www information, for example, yourcompany.com. Docker currently supports one email domain for each organization.
Click **Add Domain** and specify the corporate domain youd like to manage with SSO. Domains should be formatted without protocol or www information, for example, yourcompany.com. Docker currently supports multiple domains that are part of your IdP.
> **Note**
>
@ -145,8 +145,8 @@ To verify ownership of a domain, add a TXT record to your Domain Name System (DN
After youve completed the SSO configuration process in Docker Hub, you can test the configuration when you log into Docker Hub using an incognito browser. Login using your domain email address and IdP password. You will then get redirected to your identity providers login page to authenticate.
1. Authenticate via email instead of using your Docker ID, and test the login process.
2. To authenticate via CLI, your users must have a PAT before you enforce SSO for CLI users.
1. Authenticate through email instead of using your Docker ID, and test the login process.
2. To authenticate through CLI, your users must have a PAT before you enforce SSO for CLI users.
## Enforce SSO in Docker Hub
@ -169,9 +169,7 @@ Admins can force users to authenticate with Docker Desktop by provisioning a reg
## Manage users when SSO is enabled
To add a member to your organization:
1. Create an account for your members in your IdP.
2. Add and invite your members to your organization.
You dont need to add users to your organization in Docker Hub manually. You just need to make sure an account for your users exists in your IdP. When users sign in to Docker Hub, they're automatically assigned to the organization using their domain email address.
> **Note:**
>