From 6fbd921eedf9abc67799e536856003b12e9606b8 Mon Sep 17 00:00:00 2001 From: Cesar Talledo Date: Tue, 8 Jul 2025 00:04:02 -0700 Subject: [PATCH] Merge pull request #23021 from ctalledo/eci-k8s-custom-registry-note Adjust a note regarding Kubernetes custom registry images with ECI. --- content/manuals/desktop/features/kubernetes.md | 12 +++++++----- .../settings-management/configure-json-file.md | 13 +++++++++---- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/content/manuals/desktop/features/kubernetes.md b/content/manuals/desktop/features/kubernetes.md index 74e0867d0a..057e91ae76 100644 --- a/content/manuals/desktop/features/kubernetes.md +++ b/content/manuals/desktop/features/kubernetes.md @@ -214,14 +214,16 @@ The recommended approach to set this up is the following: > [!NOTE] > -> When using `KubernetesImagesRepository` and [Enhanced Container Isolation (ECI)](../../security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) +> In Docker Desktop versions 4.43 or earlier: when using `KubernetesImagesRepository` and [Enhanced Container Isolation (ECI)](../../security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) > is enabled, add the following images to the [ECI Docker socket mount image list](../../security/for-admins/hardened-desktop/settings-management/configure-json-file.md#enhanced-container-isolation): > -> * [imagesRepository]/desktop-cloud-provider-kind:* -> * [imagesRepository]/desktop-containerd-registry-mirror:* +> `[imagesRepository]/desktop-cloud-provider-kind:*` +> `[imagesRepository]/desktop-containerd-registry-mirror:*` > -> These containers mount the Docker socket, so you must add the images to the ECI images list. If not, -> ECI will block the mount and Kubernetes won't start. +> These containers mount the Docker socket, so you must add the images to the +> ECI images list. If not, ECI will block the mount and Kubernetes won't +> start. This does not apply to Docker Desktop 4.44 or later because it +> automatically allows these images to mount the Docker socket. ## Troubleshooting diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md index 532585c455..843d77b500 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md @@ -290,12 +290,17 @@ quit and reopened. > [!NOTE] > -> When using the `imagesRepository` setting and Enhanced Container Isolation (ECI), add the following images to the [ECI Docker socket mount image list](#enhanced-container-isolation): +> In Docker Desktop versions 4.43 or earlier: when using the `imagesRepository` +> setting and Enhanced Container Isolation (ECI), add the following images to +> the [ECI Docker socket mount image list](#enhanced-container-isolation): > -> * [imagesRepository]/desktop-cloud-provider-kind:* -> * [imagesRepository]/desktop-containerd-registry-mirror:* +> `[imagesRepository]/desktop-cloud-provider-kind:*` +> `[imagesRepository]/desktop-containerd-registry-mirror:*` > -> These containers mount the Docker socket, so you must add the images to the ECI images list. If not, ECI will block the mount and Kubernetes won't start. +> These containers mount the Docker socket, so you must add the images to the +> ECI images list. If not, ECI will block the mount and Kubernetes won't start. +> This does not apply to Docker Desktop 4.44 or later because it automatically +> allows these images to mount the Docker socket. ### Networking