docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

desktop freshness (#17887) 

* first batch

* second batch

* final batch

* fix build

* review edits

* review edits

---------

Co-authored-by: aevesdocker <alliesadler@f693mt7fh6.home>
This commit is contained in:
Allie Sadler 2023-08-11 10:02:52 +01:00 committed by GitHub
parent 4899ffee3e
commit 798eeafff1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
39 changed files with 266 additions and 270 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
desktop/backup-and-restore.md
View File

@ -9,6 +9,7 @@ computer, for example.
> Should I back up my containers?
>
> If you use volumes or bind-mounts to store your container data, backing up your containers may not be needed, but make sure to remember the options that were used when creating the container or use a [Docker Compose file](../compose/compose-file/index.md) if you want to re-create your containers with the same configuration after re-installation.
{: .tip}
## Save your data

24
desktop/containerd/index.md
View File

@ -15,6 +15,7 @@ image and file system management in the Docker Engine.
> [Beta](../../release-lifecycle.md/#beta). We recommend that you do not use
> this feature in production environments as this feature may change or be
> removed from future releases.
{: .experimental}
## What is the containerd image store?
@ -43,27 +44,26 @@ Docker Engine, including:
The image store integration is still at an early stage, so not all features are
yet supported.
## Enabling the containerd image store feature
## Turn on the containerd image store feature
> **Note**
>
> After switching to the containerd image store, images and containers from the
> default image store won't be visible. All of those containers and images
> still exist. To see them again, turn off the containerd image store feature.
The containerd image store beta feature is off by default.
The containerd image store beta feature is turned off by default.
To start using the feature:
1. Navigate to **Settings**.
2. Select the **Experimental** features tab.
2. Select the **Beta** features tab.
3. Next to **Use containerd for pulling and storing images**, select the
checkbox.
To turn off this feature, clear the **Use containerd for pulling and storing
To turn off this feature, clear the **Use containerd for pulling and storing
images** checkbox.
![containerd feature](../images/containerd_feature_activation.png){:width="750px"}
> **Tip**
>
> After switching to the containerd image store, images and containers from the
> default image store won't be visible. All of those containers and images
> still exist. To see them again, turn off the containerd image store feature.
{: .tip}
## Building multi-platform images
@ -97,7 +97,7 @@ $ docker buildx build --quiet \
ERROR: docker exporter does not currently support exporting manifest lists
```
Enabling the containerd image store lets you build, and load, multi-platform images
Turning on the containerd image store lets you build, and load, multi-platform images
to your local image store, all while using the default builder.
{% raw %}

4
desktop/dev-environments/create-dev-env.md
View File

@ -10,7 +10,7 @@ redirect_from:
You can launch a dev environment from a:
- Git repository
- Branch or tag of a Git repository
- Subfolder of a Git repository
- Sub-folder of a Git repository
- Local folder
This does not conflict with any of the local files or local tooling set up on your host.
@ -22,7 +22,7 @@ This does not conflict with any of the local files or local tooling set up on yo
## Prerequisites
Dev Environments is available as part of Docker Desktop 3.5.0 release. Download and install **Docker Desktop 3.5.0** or higher:
Dev Environments is available as part of Docker Desktop 3.5.0 release. Download and install **Docker Desktop 3.5.0** or later:
- [Docker Desktop](../release-notes.md)

2
desktop/dev-environments/dev-cli.md
View File

@ -7,7 +7,7 @@ title: Use the docker dev CLI plugin
Use the new `docker dev` CLI plugin to get the full Dev Environments experience from the terminal in addition to the Dashboard.
It is available with [Docker Desktop 4.13.0 or later](../release-notes.md).
It is available with [Docker Desktop 4.13.0 and later](../release-notes.md).
### Usage

3
desktop/dev-environments/index.md
View File

@ -1,13 +1,14 @@
---
description: Dev Environments
keywords: Dev Environments, share, local, Compose
title: Overview
title: Overview of Dev Environments
---
{% include dev-envs-changing.md %}
> **Beta**
>
> The Dev Environments feature is currently in [Beta](../../release-lifecycle.md#beta). We recommend that you do not use this in production environments.
{: .experimental}
Dev Environments let you create a configurable developer environment with all the code and tools you need to quickly get up and running.

2
desktop/feedback.md
View File

@ -8,7 +8,7 @@ There are many ways you can provide feedback on Docker Desktop or Docker Desktop
#### In-product feedback
On each Docker Dashboard view, there is a **Give feedback** link. This sends you to a Google Feedback form where you can share your feedback and ideas.
On each Docker Dashboard view, there is a **Give feedback** link. This sends you to a Google feedback form where you can share your feedback and ideas.
#### Feedback via Docker Community forums

23
desktop/get-started.md
View File

@ -1,7 +1,7 @@
---
description: Explore the Learning center and understand the benefits of signing in to Docker Desktop
keywords: Docker Dashboard, manage, containers, gui, dashboard, images, user manual, learning center, guide, sign in
title: Learning Center and sign in
title: Explore the Learning center and sign in to Docker Desktop
redirect_from:
- /desktop/linux/
- /desktop/linux/index/
@ -27,11 +27,11 @@ redirect_from:
- /winkit/getting-started/
---
## Learning Center
## Learning center
The Learning Center helps you get started with quick in-app walkthroughs and other resources for learning about Docker.
The Learning center helps you get started with quick in-app walkthroughs and other resources for learning about Docker.
To access the Learning Center, select the **Learning Center** tab in Docker
To access the Learning center, select the **Learning center** view in Docker
Desktop.
![Learning Center](images/learning-center.png)
@ -43,9 +43,9 @@ For a more detailed guide about getting started, see
Docker recommends that you authenticate using the **Sign in** option in the top-right corner of the Docker Dashboard.
Once logged in, you can access your Docker Hub repositories directly from Docker Desktop.
Once signed in, you can access your Docker Hub repositories directly from Docker Desktop.
Authenticated users get a higher pull rate limit compared to anonymous users. For example, if you are authenticated, you get 200 pulls per 6 hour period, compared to 100 pulls per 6 hour period per IP address for anonymous users. For more information, see [Download rate limit](../docker-hub/download-rate-limit.md).
Authenticated users also get a higher pull rate limit compared to anonymous users. For example, if you are authenticated, you get 200 pulls per 6 hour period, compared to 100 pulls per 6 hour period per IP address for anonymous users. For more information, see [Download rate limit](../docker-hub/download-rate-limit.md).
In large enterprises where admin access is restricted, administrators can [Configure registry.json to enforce sign-in](../docker-hub/configure-sign-in.md). Enforcing developers to authenticate through Docker Desktop also allows administrators to improve their organizations security posture for containerized development by taking advantage of [Hardened Desktop](hardened-desktop/index.md).
@ -74,14 +74,14 @@ GnuPG needs to construct a user ID to identify your key.
Real name: Molly
Email address: molly@example.com
You selected this USER-ID:
"Molly <molly@example.com>"
"Molly <molly@example.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
...
pub rsa3072 2022-03-31 [SC] [expires: 2024-03-30]
<generated gpg-id public key>
uid Molly <molly@example.com>
sub rsa3072 2022-03-31 [E] [expires: 2024-03-30]
pubrsa3072 2022-03-31 [SC] [expires: 2024-03-30]
<generated gpg-id public key>
uid Molly <molly@example.com>
subrsa3072 2022-03-31 [E] [expires: 2024-03-30]
```
To initialize `pass`, run the following command using the public key generated from the previous command:
@ -108,6 +108,7 @@ Digest: sha256:3c6b73ce467f04d4897d7a7439782721fd28ec9bf62ea2ad9e81a5fb7fb3ff96
Status: Downloaded newer image for molly/privateimage:latest
docker.io/molly/privateimage:latest
```
## What's next?
- [Explore Docker Desktop](use-desktop/index.md) and its features.

4
desktop/hardened-desktop/enhanced-container-isolation/faq.md
View File

@ -52,12 +52,12 @@ as configured via Docker Desktop's **Settings** > **Resources** > **File Sharing
It protects all containers launched by users via `docker create` and `docker run`. It does not yet protect Docker Desktop Kubernetes pods, ExtensioncContainers, and Dev Environments.
### Does Enhanced Container Isolation protect container launched prior to enabling ECI?
### Does Enhanced Container Isolation protect containers launched prior to enabling ECI?
No. Containers created prior to switching on ECI are not protected. Therefore, we
recommend removing all containers prior to switching on ECI.
### Does Enhanced Container Isolation affect performance of containers?
### Does Enhanced Container Isolation affect the performance of containers?
Enhanced Container Isolation has very little impact on the performance of
containers. The exception is for containers that perform lots of `mount` and

10
desktop/hardened-desktop/enhanced-container-isolation/features-benefits.md
View File

@ -4,7 +4,7 @@ title: Key features and benefits
keywords: set up, enhanced container isolation, rootless, security, features, Docker Desktop
---
### Linux User Namespace on all Containers
### Linux User Namespace on all containers
With Enhanced Container Isolation, all user containers leverage the [Linux user-namespace](https://man7.org/linux/man-pages/man7/user_namespaces.7.html){:target="_blank" rel="noopener" class="_"}
for extra isolation. This means that the root user in the container maps to an unprivileged
@ -12,7 +12,7 @@ user in the Docker Desktop Linux VM.
For example:
```
```console
$ docker run -it --rm --name=first alpine
/ # cat /proc/self/uid_map
0 100000 65536
@ -26,7 +26,7 @@ range of 64K user IDs. The same applies to group IDs.
Each container gets an exclusive range of mappings, managed by Sysbox. For
example, if a second container is launched the mapping range is different:
```
```console
$ docker run -it --rm --name=second alpine
/ # cat /proc/self/uid_map
0 165536 65536
@ -35,7 +35,7 @@ $ docker run -it --rm --name=second alpine
In contrast, without Enhanced Container Isolation, the container's root user is
in fact root on the host (aka "true root") and this applies to all containers:
```
```console
$ docker run -it --rm alpine
/ # cat /proc/self/uid_map
0 0 4294967295
@ -48,7 +48,7 @@ Linux capabilities are constrained to resources within the container only,
increasing isolation significantly compared to regular containers, both
container-to-host and cross-container isolation.
### Privileged Containers Are Also Secured
### Privileged containers are also secured
Privileged containers `docker run --privileged ...` are insecure because they
give the container full access to the Linux kernel. That is, the container runs

2
desktop/hardened-desktop/enhanced-container-isolation/how-eci-works.md
View File

@ -6,7 +6,7 @@ keywords: set up, enhanced container isolation, rootless, security
>**Note**
>
>Enhance Container Isolation is available to Docker Business customers only.
> Enhanced Container Isolation is available to Docker Business customers only.
Enhanced Container Isolation hardens container isolation using the [Sysbox
container runtime](https://github.com/nestybox/sysbox){:target="_blank" rel="noopener" class="_"}. Sysbox is a fork of the

4
desktop/hardened-desktop/enhanced-container-isolation/index.md
View File

@ -10,7 +10,7 @@ title: What is Enhanced Container Isolation?
Enhanced Container Isolation provides an additional layer of security to prevent malicious workloads running in containers from compromising Docker Desktop or the host.
It uses a variety of advanced techniques to harden container isolation, but without impacting developer productivity. It is available with [Docker Desktop 4.13.0 or later](../../release-notes.md).
It uses a variety of advanced techniques to harden container isolation, but without impacting developer productivity. It is available with [Docker Desktop 4.13.0 and later](../../release-notes.md).
These techniques include:
- Running all containers unprivileged through the Linux user-namespace, even those launched with the `--privileged` flag. This makes it harder for malicious container workloads to escape the container and infect the Docker Desktop VM and host.
@ -31,7 +31,7 @@ Enhanced Container Isolation ensures stronger container isolation and also locks
- For organizations and developers that want to prevent container attacks and reduce vulnerabilities in developer environments.
- For organizations that want to ensure stronger container isolation that is easy and intuitive to implement on developers' machines.
### What happens when Enhanced Container Isolation is enabled?
### What happens when Enhanced Container Isolation is turned on?
When Enhanced Container Isolation is turned on, the following features are enabled:

4
desktop/hardened-desktop/index.md
View File

@ -1,5 +1,5 @@
---
title: Hardened Docker Desktop
title: Overview of Hardened Docker Desktop
description: Overview of what Hardened Docker Desktop is and its key features
keywords: security, hardened desktop, enhanced container isolation, registry access management, settings management root access, admins, docker desktop, image access management
---
@ -7,7 +7,7 @@ keywords: security, hardened desktop, enhanced container isolation, registry acc
>
>Hardened Docker Desktop is available to Docker Business customers only.
Hardened Docker Desktop is a group of security features for Docker Desktop, designed to improve security of developer environments without impacting developer experience or productivity.
Hardened Docker Desktop is a group of security features for Docker Desktop, designed to improve the security of developer environments without impacting developer experience or productivity.
It is for security conscious organizations who dont give their users root or admin access on their machines, and who would like Docker Desktop to be within their organizations centralized control.

4
desktop/hardened-desktop/settings-management/configure.md
View File

@ -117,7 +117,7 @@ The following `admin-settings.json` code and table provides an example of the re
| `configurationFileVersion` | |Specifies the version of the configuration file format. |
| `exposeDockerAPIOnTCP2375` | <span class="badge badge-info">Windows only</span>| Exposes the Docker API on a specified port. If `value` is set to true, the Docker API is exposed on port 2375. Note: This is unauthenticated and should only be enabled if protected by suitable firewall rules.|
| `proxy` | |If `mode` is set to `system` instead of `manual`, Docker Desktop gets the proxy values from the system and ignores and values set for `http`, `https` and `exclude`. Change `mode` to `manual` to manually configure proxy servers. If the proxy port is custom, specify it in the `http` or `https` property, for example `"https": "http://myotherproxy.com:4321"`. The `exclude` property specifies a comma-separated list of hosts and domains to bypass the proxy. |
&nbsp; &nbsp; &nbsp; &nbsp;`windowsDockerdPort` | <span class="badge badge-info">Windows only</span> | Exposes Docker Desktop's internal proxy locally on this port for the Windows Docker daemon to connect to. If it is set to 0, a random free port is chosen. If the value is greather than 0, use that exact value for the port. The default value is -1 which disables the option. Note: This is available for Windows containers only. |
&nbsp; &nbsp; &nbsp; &nbsp;`windowsDockerdPort` | <span class="badge badge-info">Windows only</span> | Exposes Docker Desktop's internal proxy locally on this port for the Windows Docker daemon to connect to. If it is set to 0, a random free port is chosen. If the value is greater than 0, use that exact value for the port. The default value is -1 which disables the option. Note: This is available for Windows containers only. |
| `enhancedContainerIsolation` | | If `value` is set to true, Docker Desktop runs all containers as unprivileged, via the Linux user-namespace, prevents them from modifying sensitive configurations inside the Docker Desktop VM, and uses other advanced techniques to isolate them. For more information, see [Enhanced Container Isolation](../enhanced-container-isolation/index.md).|
| `linuxVM` | |Parameters and settings related to Linux VM options - grouped together here for convenience. |
| &nbsp; &nbsp; &nbsp; &nbsp;`wslEngineEnabled` | <span class="badge badge-info">Windows only</span> | If `value` is set to true, Docker Desktop uses the WSL 2 based engine. This overrides anything that may have been set at installation using the `--backend=<backend name>` flag.
@ -125,7 +125,7 @@ The following `admin-settings.json` code and table provides an example of the re
| &nbsp;&nbsp; &nbsp; &nbsp;`vpnkitCIDR` | |Overrides the network range used for vpnkit DHCP/DNS for `*.docker.internal` |
|`kubernetes`| | If `enabled` is set to true, a Kubernetes single-node cluster is started when Docker Desktop starts. If `showSystemContainers` is set to true, Kubernetes containers are displayed in the UI and when you run `docker ps`. `imagesRepository` allows you to specify which repository Docker Desktop pulls the Kubernetes images from. For example, `"imagesRepository": "registry-1.docker.io/docker"`. |
| `windowsContainers` | | Parameters and settings related to `windowsContainers` options - grouped together here for convenience. |
| &nbsp; &nbsp; &nbsp; &nbsp;`dockerDaemonOptions` | | Overrides the options in the linux daemon config file. See the [Docker Engine reference](/engine/reference/commandline/dockerd/#daemon-configuration-file).| |
| &nbsp; &nbsp; &nbsp; &nbsp;`dockerDaemonOptions` | | Overrides the options in the Linux daemon config file. See the [Docker Engine reference](/engine/reference/commandline/dockerd/#daemon-configuration-file).| |
|`disableUpdate`| |If `value` is set to true, checking for and notifications about Docker Desktop updates is disabled.|
|`analyticsEnabled`| |If `value` is set to false, Docker Desktop doesn't send usage statistics to Docker. |
|`extensionsEnabled`| |If `value` is set to false, Docker extensions are disabled. |

4
desktop/hardened-desktop/settings-management/index.md
View File

@ -11,7 +11,7 @@ Settings Management is a feature that helps admins to control certain Docker Des
With a few lines of JSON, admins can configure controls for Docker Desktop settings such as proxies and network settings. For an extra layer of security, admins can also use Settings Management to enable and lock in [Enhanced Container Isolation](../enhanced-container-isolation/index.md) which ensures that any configurations set with Settings Management cannot be modified by containers.
It is available with [Docker Desktop 4.13.0 or later](../../release-notes.md).
It is available with [Docker Desktop 4.13.0 and later](../../release-notes.md).
### Who is it for?
@ -29,7 +29,7 @@ Values that are set to `locked: true` within the `admin-settings.json` override
Using the `admin-settings.json` file, admins can:
- Enable and lock in [Enhanced Container Isolation](../enhanced-container-isolation/index.md)
- Turn on and lock in [Enhanced Container Isolation](../enhanced-container-isolation/index.md)
- Configure HTTP proxies
- Configure network settings
- Configure Kubernetes settings

15
desktop/index.md
View File

@ -1,7 +1,7 @@
---
description: Explore more of Docker Desktop, what it has to offer, and its key features. Take the next step by downloading or find additional resources.
keywords: how to use docker desktop, what is docker desktop used for, what does docker desktop do, using docker desktop
title: Docker Desktop
title: Overview of Docker Desktop
redirect_from:
- /desktop/opensource/
- /docker-for-mac/dashboard/
@ -11,9 +11,9 @@ redirect_from:
---
Docker Desktop is a one-click-install application for your Mac, Linux, or Windows environment
that enables you to build and share containerized applications and microservices.
that lets you build, share, and run containerized applications and microservices.
It provides a straightforward GUI (Graphical User Interface) that lets you manage your containers, applications, and images directly from your machine. Docker Desktop can be used either on it's own or as a complementary tool to the CLI.
It provides a straightforward GUI (Graphical User Interface) that lets you manage your containers, applications, and images directly from your machine. Docker Desktop can be used either on its own or as a complementary tool to the CLI.
Docker Desktop reduces the time spent on complex setups so you can focus on writing code. It takes care of port mappings, file system concerns, and other default settings, and is regularly updated with bug fixes and security updates.
@ -42,8 +42,9 @@ Docker Desktop reduces the time spent on complex setups so you can focus on writ
- [Docker Engine](../engine/index.md)
- Docker CLI client
- [Docker Buildx](../build/index.md)
- [Extensions](extensions/index.md)
- [Docker Extensions](extensions/index.md)
- [Docker Compose](../compose/index.md)
- [Docker Scout](../scout/index.md)
- [Docker Content Trust](../engine/security/trust/index.md)
- [Kubernetes](https://github.com/kubernetes/kubernetes/)
- [Credential Helper](https://github.com/docker/docker-credential-helpers/)
@ -64,7 +65,7 @@ Docker Desktop reduces the time spent on complex setups so you can focus on writ
Docker Desktop works with your choice of development tools and languages and
gives you access to a vast library of certified images and templates in
[Docker Hub](https://hub.docker.com/). This enables development teams to extend
[Docker Hub](https://hub.docker.com/). This allows development teams to extend
their environment to rapidly auto-build, continuously integrate, and collaborate
using a secure repository.
@ -77,7 +78,7 @@ using a secure repository.
<img src="/assets/images/download.svg" alt="Download and install" width="70" height="70">
</div>
<h2 id="docker-for-mac">Install Docker Desktop</h2>
<p> <a href="/desktop/install/mac-install/">On Mac </a>, <a href="/desktop/install/windows-install/">Windows</a> or <a href="/desktop/install/linux-install/">Linux</a></p>
<p> <a href="/desktop/install/mac-install/">On Mac </a>, <a href="/desktop/install/windows-install/">Windows</a>, or <a href="/desktop/install/linux-install/">Linux</a></p>
</div>
</div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
@ -116,7 +117,7 @@ using a secure repository.
<a href="/desktop/kubernetes/"><img src="/assets/images/all-inbox.svg" alt="Additional resources" width="70" height="70"></a>
</div>
<h2 id="docker-for-windows/install/"><a href="/desktop/kubernetes/">Find additional resources</a></h2>
<p>Find information on networking features, deploying on Kuberntes and more.</p>
<p>Find information on networking features, deploying on Kuberntes, and more.</p>
</div>
</div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">

9
desktop/install/archlinux.md
View File

@ -1,7 +1,7 @@
---
description: Instructions for installing Docker Desktop Arch package. Mostly meant for hackers who want to try out Docker Desktop on a variety of Arch-based distributions.
keywords: Arch Linux, install, uninstall, upgrade, update, linux, desktop, docker desktop, docker desktop for linux, dd4l
title: Install on Arch-based distributions
title: Install Docker Desktop on Arch-based distributions
redirect_from:
- /desktop/linux/install/archlinux/
---
@ -33,9 +33,9 @@ $ sudo pacman -S gnome-terminal
4. Install the package:
```console
$ sudo pacman -U ./docker-desktop-<version>-<arch>.pkg.tar.zst
```
```console
$ sudo pacman -U ./docker-desktop-<version>-<arch>.pkg.tar.zst
```
## Launch Docker Desktop
@ -44,4 +44,5 @@ $ sudo pacman -U ./docker-desktop-<version>-<arch>.pkg.tar.zst
## Next steps
- Take a look at the [Get started](../../get-started/index.md) training modules to learn how to build an image and run it as a containerized application.
- [Explore Docker Desktop](../use-desktop/index.md) and all its features.
- Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.

62
desktop/install/debian.md
View File

@ -1,7 +1,7 @@
---
description: Instructions for installing Docker Desktop on Debian
keywords: debian, install, uninstall, upgrade, update, linux, desktop, docker desktop, docker desktop for linux, dd4l
title: Install on Debian
title: Install Docker Desktop on Debian
toc_max: 4
redirect_from:
- /desktop/linux/install/debian/
@ -21,30 +21,29 @@ To install Docker Desktop successfully, you must:
- Have a 64-bit version of Debian 11.
- Uninstall the tech preview or beta version of Docker Desktop for Linux. Run:
```console
$ sudo apt remove docker-desktop
```
```console
$ sudo apt remove docker-desktop
```
For a complete cleanup, remove configuration and data files at `$HOME/.docker/desktop`, the symlink at `/usr/local/bin/com.docker.cli`, and purge
the remaining systemd service files.
For a complete cleanup, remove configuration and data files at `$HOME/.docker/desktop`, the symlink at `/usr/local/bin/com.docker.cli`, and purge the remaining systemd service files.
```console
$ rm -r $HOME/.docker/desktop
$ sudo rm /usr/local/bin/com.docker.cli
$ sudo apt purge docker-desktop
```
```console
$ rm -r $HOME/.docker/desktop
$ sudo rm /usr/local/bin/com.docker.cli
$ sudo apt purge docker-desktop
```
> **Note**
>
> If you have installed the Docker Desktop for Linux tech preview or beta version, you need to remove all files that were generated by those packages (eg. `~/.config/systemd/user/docker-desktop.service`, `~/.local/share/systemd/user/docker-desktop.service`).
> **Note**
>
> If you have installed the Docker Desktop for Linux tech preview or beta version, you need to remove all files that were generated by those packages (eg. `~/.config/systemd/user/docker-desktop.service`, `~/.local/share/systemd/user/docker-desktop.service`).
For a Gnome Desktop environment, you must also install AppIndicator and KStatusNotifierItem [Gnome extensions](https://extensions.gnome.org/extension/615/appindicator-support/){:target="_blank" rel="noopener" class="_"}.
- For a Gnome Desktop environment, you must also install AppIndicator and KStatusNotifierItem [Gnome extensions](https://extensions.gnome.org/extension/615/appindicator-support/){:target="_blank" rel="noopener" class="_"}.
For non-Gnome Desktop environments, `gnome-terminal` must be installed:
- For non-Gnome Desktop environments, `gnome-terminal` must be installed:
```console
$ sudo apt install gnome-terminal
```
```console
$ sudo apt install gnome-terminal
```
## Install Docker Desktop
@ -56,19 +55,19 @@ Recommended approach to install Docker Desktop on Debian:
3. Install the package with apt as follows:
```console
$ sudo apt-get update
$ sudo apt-get install ./docker-desktop-<version>-<arch>.deb
```
```console
$ sudo apt-get update
$ sudo apt-get install ./docker-desktop-<version>-<arch>.deb
```
> **Note**
>
> At the end of the installation process, `apt` displays an error due to installing a downloaded package. You
> can ignore this error message.
>
> ```
> N: Download is performed unsandboxed as root, as file '/home/user/Downloads/docker-desktop.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
> ```
> **Note**
>
> At the end of the installation process, `apt` displays an error due to installing a downloaded package. You
> can ignore this error message.
>
> ```
> N: Download is performed unsandboxed as root, as file '/home/user/Downloads/docker-desktop.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
> ```
There are a few post-install configuration steps done through the post-install script contained in the deb package.
@ -95,4 +94,5 @@ $ sudo apt-get install ./docker-desktop-<version>-<arch>.deb
## Next steps
- Take a look at the [Get started](../../get-started/index.md) training modules to learn how to build an image and run it as a containerized application.
- [Explore Docker Desktop](../use-desktop/index.md) and all its features.
- Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.

9
desktop/install/fedora.md
View File

@ -1,7 +1,7 @@
---
description: Instructions for installing Docker Desktop on Fedora
keywords: fedora, rpm, update install, uninstall, upgrade, update, linux, desktop, docker desktop, docker desktop for linux, dd4l
title: Install on Fedora
title: Install Docker Desktop on Fedora
toc_max: 4
redirect_from:
- /desktop/linux/install/fedora/
@ -36,9 +36,9 @@ To install Docker Desktop on Fedora:
3. Install the package with dnf as follows:
```console
$ sudo dnf install ./docker-desktop-<version>-<arch>.rpm
```
```console
$ sudo dnf install ./docker-desktop-<version>-<arch>.rpm
```
There are a few post-install configuration steps done through the post-install script contained in the RPM package.
@ -66,4 +66,5 @@ $ sudo dnf install ./docker-desktop-<version>-<arch>.rpm
## Next steps
- Take a look at the [Get started](../../get-started/index.md) training modules to learn how to build an image and run it as a containerized application.
- [Explore Docker Desktop](../use-desktop/index.md) and all its features.
- Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.

13
desktop/install/linux-install.md
View File

@ -42,8 +42,8 @@ Docker supports Docker Desktop on the current LTS release of the aforementioned
To install Docker Desktop successfully, your Linux host must meet the following general requirements:
- 64-bit kernel and CPU support for virtualization.
- KVM virtualization support. Follow the [KVM virtualization support instructions](#kvm-virtualization-support) to check if the KVM kernel modules are enabled and how to provide access to the kvm device.
- **QEMU must be version 5.2 or newer**. We recommend upgrading to the latest version.
- KVM virtualization support. Follow the [KVM virtualization support instructions](#kvm-virtualization-support) to check if the KVM kernel modules are enabled and how to provide access to the KVM device.
- QEMU must be version 5.2 or later. We recommend upgrading to the latest version.
- systemd init system.
- Gnome, KDE, or MATE Desktop environment.
- For many Linux distros, the Gnome environment does not support tray icons. To add support for tray icons, you need to install a Gnome extension. For example, [AppIndicator](https://extensions.gnome.org/extension/615/appindicator-support/){:target="_blank" rel="noopener" class="_"}.
@ -53,7 +53,7 @@ To install Docker Desktop successfully, your Linux host must meet the following
Docker Desktop for Linux runs a Virtual Machine (VM). For more information on why, see [Why Docker Desktop for Linux runs a VM](../faqs/linuxfaqs.md#why-does-docker-desktop-for-linux-run-a-vm).
> **Note:**
> **Note**
>
> Docker does not provide support for running Docker Desktop in nested virtualization scenarios. We recommend that you run Docker Desktop for Linux natively on supported distributions.
@ -107,7 +107,7 @@ Add your user to the kvm group in order to access the kvm device:
$ sudo usermod -aG kvm $USER
```
Log out and log back in so that your group membership is re-evaluated.
Sign out and sign back in so that your group membership is re-evaluated.
## Generic installation steps
@ -131,7 +131,7 @@ Make sure you meet the system requirements outlined earlier and follow the distr
![Docker app in Applications](images/docker-app-in-apps.png)
3. Select **Docker Desktop** to start Docker. <br> The Docker menu (![whale menu](images/whale-x.svg){: .inline}) displays the Docker Subscription Service Agreement window.
3. Select **Docker Desktop** to start Docker. <br> The Docker menu (![whale menu](images/whale-x.svg){: .inline}) displays the Docker Subscription Service Agreement.
4. Select **Accept** to continue. Docker Desktop starts after you accept the terms.
@ -142,9 +142,10 @@ Make sure you meet the system requirements outlined earlier and follow the distr
## Where to go next
- [Get started with Docker](../../get-started/index.md) provides a general Docker tutorial.
- [Explore Docker Desktop](../use-desktop/index.md) and all its features.
- [Troubleshooting](../troubleshoot/overview.md) describes common problems, workarounds, how to run and submit diagnostics, and submit issues.
- [FAQs](../faqs/general.md) provide answers to frequently asked questions.
- [Release notes](../release-notes.md) lists component updates, new features, and improvements associated with Docker Desktop releases.
- [Get started with Docker](../../get-started/index.md) provides a general Docker tutorial.
- [Back up and restore data](../backup-and-restore.md) provides instructions
on backing up and restoring data related to Docker.

35
desktop/install/mac-install.md
View File

@ -12,7 +12,7 @@ redirect_from:
- /desktop/mac/apple-silicon/
---
This page contains information about system requirements, download URLs, and instructions on how to install Docker Desktop for Mac.
This page contains download URLs, information about system requirements, and instructions on how to install Docker Desktop for Mac.
[Docker Desktop for Mac with Intel chip](https://desktop.docker.com/mac/main/amd64/Docker.dmg?utm_source=docker&utm_medium=webreferral&utm_campaign=docs-driven-download-mac-amd64){: .button .primary-btn }
[Docker Desktop for Mac with Apple silicon](https://desktop.docker.com/mac/main/arm64/Docker.dmg?utm_source=docker&utm_medium=webreferral&utm_campaign=docs-driven-download-mac-arm64){: .button .primary-btn }
@ -27,8 +27,6 @@ This page contains information about system requirements, download URLs, and ins
## System requirements
Your Mac must meet the following requirements to install Docker Desktop successfully.
<ul class="nav nav-tabs">
<li class="active"><a data-toggle="tab" data-target="#mac-intel">Mac with Intel chip</a></li>
<li><a data-toggle="tab" data-target="#mac-apple-silicon">Mac with Apple silicon</a></li>
@ -53,7 +51,7 @@ Your Mac must meet the following requirements to install Docker Desktop successf
### Mac with Apple silicon
- Beginning with Docker Desktop 4.3.0, we have removed the hard requirement to install **Rosetta 2**. There are a few optional command line tools that still require Rosetta 2 when using Darwin/AMD64. See the [Known issues section](../troubleshoot/known-issues.md). However, to get the best experience, we recommend that you install Rosetta 2. To install Rosetta 2 manually from the command line, run the following command:
- Beginning with Docker Desktop 4.3.0, we have removed the hard requirement to install Rosetta 2. There are a few optional command line tools that still require Rosetta 2 when using Darwin/AMD64. See [Known issues](../troubleshoot/known-issues.md). However, to get the best experience, we recommend that you install Rosetta 2. To install Rosetta 2 manually from the command line, run the following command:
```console
$ softwareupdate --install-rosetta
@ -67,28 +65,28 @@ Your Mac must meet the following requirements to install Docker Desktop successf
### Install interactively
1. Double-click `Docker.dmg` to open the installer, then drag the Docker icon to
the Applications folder.
the **Applications** folder.
2. Double-click `Docker.app` in the **Applications** folder to start Docker.
3. The Docker menu (![whale menu](images/whale-x.svg){: .inline}) displays the Docker Subscription Service Agreement window.
3. The Docker menu (![whale menu](images/whale-x.svg){: .inline}) displays the Docker Subscription Service Agreement.
{% include desktop-license-update.md %}
4. Select **Accept** to continue.
Note that Docker Desktop will not run if you do not agree to the terms. You can choose to accept the terms at a later date by opening Docker Desktop.
Note that Docker Desktop won't run if you do not agree to the terms. You can choose to accept the terms at a later date by opening Docker Desktop.
For more information, see [Docker Desktop Subscription Service Agreement](https://www.docker.com/legal/docker-subscription-service-agreement){: target="_blank" rel="noopener" class="_" }. We recommend that you also read the [FAQs](https://www.docker.com/pricing/faq){: target="_blank" rel="noopener" class="_"}.
5. From the installation window, select either:
- **Use recommended settings (Requires password)**. This let's Docker Desktop automatically set the necessary configuration settings.
- **Use advanced settings**. You can then set the location of the Docker CLI tools either in the system or user directory, enable the default Docker socket, and enable privileged port mapping. See [Settings](../settings/mac.md#advanced), for more information and how to set the location of the Docker CLI tools.
6. Select **Finish**. If you have applied any of the above configurations that require a password in step 5, you are asked to enter your password to confirm.
6. Select **Finish**. If you have applied any of the above configurations that require a password in step 5, enter your password to confirm your choice.
### Install from the command line
After downloading `Docker.dmg`, run the following commands in a terminal to install Docker Desktop in the Applications folder:
After downloading `Docker.dmg`, run the following commands in a terminal to install Docker Desktop in the **Applications** folder:
```console
$ sudo hdiutil attach Docker.dmg
@ -99,24 +97,25 @@ $ sudo hdiutil detach /Volumes/Docker
As macOS typically performs security checks the first time an application is used, the `install` command can take several minutes to run.
The `install` command accepts the following flags:
- `--accept-license`: accepts the [Docker Subscription Service Agreement](https://www.docker.com/legal/docker-subscription-service-agreement){: target="_blank" rel="noopener" class="_"} now, rather than requiring it to be accepted when the application is first run
- `--allowed-org=<org name>`: requires the user to sign in and be part of the specified Docker Hub organization when running the application
- `--user=<username>`: performs the privileged configurations once during installation. This removes the need for the user to grant root privileges on first run. For more information, see [Privileged helper permission requirements](../mac/permission-requirements.md#permission-requirements){: target="_blank" rel="noopener" class="_"}. To find the username, enter `ls /Users` in the CLI.
- `--admin-settings`: automatically creates an `admin-settings.json` file which is used by admins to control certain Docker Desktop settings on client machines within their organization. For more information, see [Settings Management](../hardened-desktop/settings-management/index.md).
- `--accept-license`: Accepts the [Docker Subscription Service Agreement](https://www.docker.com/legal/docker-subscription-service-agreement){: target="_blank" rel="noopener" class="_"} now, rather than requiring it to be accepted when the application is first run.
- `--allowed-org=<org name>`: Requires the user to sign in and be part of the specified Docker Hub organization when running the application
- `--user=<username>`: Performs the privileged configurations once during installation. This removes the need for the user to grant root privileges on first run. For more information, see [Privileged helper permission requirements](../mac/permission-requirements.md#permission-requirements){: target="_blank" rel="noopener" class="_"}. To find the username, enter `ls /Users` in the CLI.
- `--admin-settings`: Automatically creates an `admin-settings.json` file which is used by administrators to control certain Docker Desktop settings on client machines within their organization. For more information, see [Settings Management](../hardened-desktop/settings-management/index.md).
- It must be used together with the `--allowed-org=<org name>` flag.
- For example:
`--allowed-org=<org name> --admin-settings='{"configurationFileVersion": 2, "enhancedContainerIsolation": {"value": true, "locked": false}}'`
- `--proxy-http-mode=<mode>`: sets the HTTP Proxy mode, `system` (default) or `manual`.
- `--override-proxy-http=<URL>`: sets the URL of the HTTP proxy that must be used for outgoing HTTP requests, requires `--proxy-http-mode` to be `manual`.
- `--override-proxy-https=<URL>`: sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests, requires `--proxy-http-mode` to be `manual`.
- `--override-proxy-exclude=<hosts/domains>`: bypasses proxy settings for these hosts and domains, a comma-separated list.
- `--proxy-http-mode=<mode>`: Sets the HTTP Proxy mode. The two modes are `system` (default) or `manual`.
- `--override-proxy-http=<URL>`: Sets the URL of the HTTP proxy that must be used for outgoing HTTP requests. It requires `--proxy-http-mode` to be `manual`.
- `--override-proxy-https=<URL>`: Sets the URL of the HTTP proxy that must be used for outgoing HTTPS requests, requires `--proxy-http-mode` to be `manual`
- `--override-proxy-exclude=<hosts/domains>`: Bypasses proxy settings for the hosts and domains. It's a comma-separated list.
## Where to go next
- [Get started with Docker](../../get-started/index.md) provides a general Docker tutorial.
- [Explore Docker Desktop](../use-desktop/index.md) and all its features.
- [Troubleshooting](../troubleshoot/overview.md) describes common problems, workarounds, how
to run and submit diagnostics, and submit issues.
- [FAQs](../faqs/general.md) provide answers to frequently asked questions.
- [Release notes](../release-notes.md) lists component updates, new features, and improvements associated with Docker Desktop releases.
- [Get started with Docker](../../get-started/index.md) provides a general Docker tutorial.
- [Back up and restore data](../backup-and-restore.md) provides instructions
on backing up and restoring data related to Docker.

1
desktop/install/ubuntu.md
View File

@ -91,4 +91,5 @@ $ sudo apt-get install ./docker-desktop-<version>-<arch>.deb
## Next steps
- Take a look at the [Get started](../../get-started/index.md) training modules to learn how to build an image and run it as a containerized application.
- [Explore Docker Desktop](../use-desktop/index.md) and all its features.
- Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.

34
desktop/install/windows-install.md
View File

@ -15,7 +15,7 @@ redirect_from:
- /installation/windows/
---
Welcome to Docker Desktop for Windows. This page contains information about Docker Desktop for Windows system requirements, download URL, instructions to install and update Docker Desktop for Windows.
This page contains the download URL, information about system requirements, and instructions on how to install Docker Desktop for Windows.
[Docker Desktop for Windows](https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe){: .button .primary-btn }
@ -29,8 +29,6 @@ _For checksums, see [Release notes](../release-notes.md)_
## System requirements
You must meet the following requirements to successfully install Docker Desktop on Windows:
<ul class="nav nav-tabs">
<li class="active"><a data-toggle="tab" data-target="#win-wsl2">WSL 2 backend</a></li>
<li><a data-toggle="tab" data-target="#win-hyper-v">Hyper-V backend and Windows containers</a></li>
@ -40,22 +38,20 @@ You must meet the following requirements to successfully install Docker Desktop
### WSL 2 backend
- WSL version 1.1.3.0 or above.
- WSL version 1.1.3.0 or later.
- Windows 11 64-bit: Home or Pro version 21H2 or higher, or Enterprise or Education version 21H2 or higher.
- Windows 10 64-bit: Home or Pro 21H2 (build 19044) or higher, or Enterprise or Education 21H2 (build 19044) or higher.
- Enable the WSL 2 feature on Windows. For detailed instructions, refer to the
- Turn on the WSL 2 feature on Windows. For detailed instructions, refer to the
[Microsoft documentation](https://docs.microsoft.com/en-us/windows/wsl/install-win10){: target="_blank" rel="noopener" class="_"}.
- The following hardware prerequisites are required to successfully run
WSL 2 on Windows 10 or Windows 11:
- 64-bit processor with [Second Level Address Translation (SLAT)](https://en.wikipedia.org/wiki/Second_Level_Address_Translation){: target="_blank" rel="noopener" class="_"}
- 4GB system RAM
- BIOS-level hardware virtualization support must be enabled in the
- BIOS-level hardware virtualization support must be turned on in the
BIOS settings. For more information, see
[Virtualization](../troubleshoot/topics.md#virtualization).
- Download and install the [Linux kernel update package](https://docs.microsoft.com/windows/wsl/wsl2-kernel){: target="_blank" rel="noopener" class="_"}.
</div>
<div id="win-hyper-v" class="tab-pane fade" markdown="1">
@ -66,13 +62,13 @@ You must meet the following requirements to successfully install Docker Desktop
For Windows 10 and Windows 11 Home, see the system requirements in the [WSL 2 backend](#wsl-2-backend){: data-toggle="tab" data-target="#win-wsl2" } tab.
- Hyper-V and Containers Windows features must be enabled.
- Hyper-V and Containers Windows features must be turned on.
- The following hardware prerequisites are required to successfully run Client
Hyper-V on Windows 10:
- 64 bit processor with [Second Level Address Translation (SLAT)](https://en.wikipedia.org/wiki/Second_Level_Address_Translation){: target="_blank" rel="noopener" class="_"}
- 4GB system RAM
- BIOS-level hardware virtualization support must be enabled in the
- BIOS-level hardware virtualization support must be turned on in the
BIOS settings. For more information, see
[Virtualization](../troubleshoot/topics.md#virtualization).
@ -106,7 +102,7 @@ Looking for information on using Windows containers?
> **Note**
>
> To run Windows containers, you need Windows 10 or Windows 11 Professional or Enterprise edition.
> Windows Home or Education editions will only allow you to run Linux containers.
> Windows Home or Education editions only allow you to run Linux containers.
## Install Docker Desktop on Windows
@ -114,21 +110,16 @@ Looking for information on using Windows containers?
1. Double-click **Docker Desktop Installer.exe** to run the installer.
If you haven't already downloaded the installer (`Docker Desktop Installer.exe`), you can get it from
[**Docker Hub**](https://hub.docker.com/editions/community/docker-ce-desktop-windows/){:target="_blank" rel="noopener" class="_"}.
It typically downloads to your `Downloads` folder, or you can run it from
the recent downloads bar at the bottom of your web browser.
2. When prompted, ensure the **Use WSL 2 instead of Hyper-V** option on the Configuration page is selected or not depending on your choice of backend.
If your system only supports one of the two options, you will not be able to select which backend to use.
3. Follow the instructions on the installation wizard to authorize the installer and proceed with the install.
4. When the installation is successful, click **Close** to complete the installation process.
4. When the installation is successful, select **Close** to complete the installation process.
5. If your admin account is different to your user account, you must add the user to the **docker-users** group. Run **Computer Management** as an **administrator** and navigate to **Local Users and Groups** > **Groups** > **docker-users**. Right-click to add the user to the group.
Log out and log back in for the changes to take effect.
Sign out and sign back in for the changes to take effect.
### Install from the command line
@ -183,20 +174,21 @@ Docker Desktop does not start automatically after installation. To start Docker
![Search for Docker app](images/docker-app-search.png){:width="300px"}
2. The Docker menu (![whale menu](images/whale-x.svg){: .inline}) displays the Docker Subscription Service Agreement window.
2. The Docker menu (![whale menu](images/whale-x.svg){: .inline}) displays the Docker Subscription Service Agreement.
{% include desktop-license-update.md %}
3. Select **Accept** to continue. Docker Desktop starts after you accept the terms.
Note that Docker Desktop will not run if you do not agree to the terms. You can choose to accept the terms at a later date by opening Docker Desktop.
Note that Docker Desktop won't run if you do not agree to the terms. You can choose to accept the terms at a later date by opening Docker Desktop.
For more information, see [Docker Desktop Subscription Service Agreement](https://www.docker.com/legal/docker-subscription-service-agreement/){:target="_blank" rel="noopener" class="_"}. We recommend that you also read the [FAQs](https://www.docker.com/pricing/faq){: target="\_blank" rel="noopener" class="*" id="dkr_docs_desktop_install_btl"}.
## Where to go next
* [Get started with Docker](/get-started/) is a tutorial that teaches you how to deploy a multi-service stack.
- [Get started with Docker](/get-started/) is a tutorial that teaches you how to deploy a multi-service stack.
- [Explore Docker Desktop](../use-desktop/index.md) and all its features.
- [Troubleshooting](../troubleshoot/overview.md) describes common problems, workarounds, and
how to get support.
- [FAQs](../faqs/general.md) provide answers to frequently asked questions.

23
desktop/kubernetes.md
View File

@ -1,7 +1,7 @@
---
description: See how you can deploy to Kubernetes on Docker Desktop
keywords: deploy, kubernetes, kubectl, orchestration, Docker Desktop
title: Deploy on Kubernetes
title: Deploy on Kubernetes with Docker Desktop
redirect_from:
- /docker-for-windows/kubernetes/
- /docker-for-mac/kubernetes/
@ -13,21 +13,21 @@ as well as Docker CLI integration that runs on your machine.
The Kubernetes server runs locally within your Docker instance, is not configurable, and is a single-node cluster. It runs within a Docker container on your local system, and
is only for local testing.
Enabling Kubernetes allows you to deploy
your workloads in parallel, on Kubernetes, Swarm, and as standalone containers. Enabling or disabling the Kubernetes server does not affect your other
Turning on Kubernetes allows you to deploy
your workloads in parallel, on Kubernetes, Swarm, and as standalone containers. Turning on or off the Kubernetes server does not affect your other
workloads.
## Enable Kubernetes
## Turn on Kubernetes
To enable Kubernetes in Docker Desktop:
To turn on Kubernetes in Docker Desktop:
1. From the Docker Dashboard, select the **Settings**.
2. Select **Kubernetes** from the left sidebar.
3. Next to **Enable Kubernetes**, select the checkbox.
4. Select **Apply & Restart** to save the settings and then click **Install** to confirm. This instantiates images required to run the Kubernetes server as containers, and installs the `/usr/local/bin/kubectl` command on your machine.
4. Select **Apply & Restart** to save the settings and then select **Install** to confirm. This instantiates images required to run the Kubernetes server as containers, and installs the `/usr/local/bin/kubectl` command on your machine.
By default, Kubernetes containers are hidden from commands like `docker ps`, because managing them manually is not supported. Most users do not need this option. To see these internal containers, select **Show system containers (advanced)**.
When Kubernetes is enabled and running, an additional status bar in the Dashboard footer and Docker menu displays.
When Kubernetes is turned on and running, an additional status bar in the Docker Dashboard footer and Docker menu displays.
> Note
>
@ -50,11 +50,12 @@ $ kubectl config get-contexts
$ kubectl config use-context docker-desktop
```
>Note
> **Tip**
>
> Run the `kubectl` command in a CMD or PowerShell terminal, otherwise `kubectl config get-contexts` may return an empty result.
>
>If you are using a different terminal and this happens, you can try setting the `kubeconfig` environment variable to the location of the `.kube/config` file.
> If you are using a different terminal and this happens, you can try setting the `kubeconfig` environment variable to the location of the `.kube/config` file.
{: .tip}
If you installed `kubectl` using Homebrew, or by some other method, and
experience conflicts, remove `/usr/local/bin/kubectl`.
@ -71,9 +72,9 @@ docker-desktop Ready master 3h v1.19.7
For more information about `kubectl`, see the
[`kubectl` documentation](https://kubernetes.io/docs/reference/kubectl/overview/){:target="_blank" rel="noopener" class="_"}.
## Disable Kubernetes
## Turn off Kubernetes
To disable Kubernetes in Docker Desktop:
To turn off Kubernetes in Docker Desktop:
1. From the Docker Dashboard, select the **Settings** icon.
2. Select **Kubernetes** from the left sidebar.
3. Next to **Enable Kubernetes**, clear the checkbox

30
desktop/mac/permission-requirements.md
View File

@ -1,7 +1,7 @@
---
description: Understand permission requirements for Docker Desktop for Mac and the differences between versions
keywords: Docker Desktop, mac, security, install, permissions
title: Understand permission requirements for Mac
title: Understand permission requirements for Docker Desktop on Mac
redirect_from:
- /docker-for-mac/privileged-helper/
- /desktop/mac/privileged-helper/
@ -15,11 +15,11 @@ It also provides clarity on running containers as `root` as opposed to having `r
Docker Desktop for Mac is run as an unprivileged user. However, certain functionalities are required for Docker Desktop to perform a limited set of privileged configurations such as:
- [Installing symlinks](#installing-symlinks) in`/usr/local/bin`.
- [Binding privileged ports](#binding-privileged-ports) that are less than 1024. The so-called "privileged ports" are not generally used as a security boundary, however OSes still prevent unprivileged processes from binding them which breaks commands like `docker run -p 127.0.0.1:80:80 docker/getting-started`.
- [Ensuring `localhost` and `kubernetes.docker.internal` are defined](#ensuring-localhost-and-kubernetesdockerinternal-are-defined) in `/etc/hosts`. Some old macOS installs do not have `localhost` in `/etc/hosts`, which causes Docker to fail. Defining the DNS name `kubernetes.docker.internal` allows Docker to share Kubernetes contexts with containers.
- [Binding privileged ports](#binding-privileged-ports) that are less than 1024. The so-called "privileged ports" are not generally used as a security boundary, however operating systems still prevent unprivileged processes from binding them which breaks commands like `docker run -p 127.0.0.1:80:80 docker/getting-started`.
- [Ensuring `localhost` and `kubernetes.docker.internal` are defined](#ensuring-localhost-and-kubernetesdockerinternal-are-defined) in `/etc/hosts`. Some old macOS installs don't have `localhost` in `/etc/hosts`, which causes Docker to fail. Defining the DNS name `kubernetes.docker.internal` allows Docker to share Kubernetes contexts with containers.
- Securely caching the Registry Access Management policy which is read-only for the developer.
Depending on which version of Docker Desktop for Mac is used, privileged access is granted either during installation, first run, or only when it is needed.
Depending on which version of Docker Desktop for Mac is used, privileged access is granted either during installation, first run, or only when it's needed.
<ul class="nav nav-tabs">
<li class="active"><a data-toggle="tab" data-target="#tab1">Version 4.18 and later</a></li>
@ -29,9 +29,9 @@ Depending on which version of Docker Desktop for Mac is used, privileged access
<div class="tab-content">
<div id="tab1" class="tab-pane fade in active" markdown="1">
From version 4.18 and above, Docker Desktop for Mac provides greater control over functionality that's enabled during installation.
From version 4.18 and later, Docker Desktop for Mac provides greater control over functionality that's enabled during installation.
The first time Docker Desktop for Mac is launched, you are presented with an installation window where you can choose to either use the default settings, which work for most developers and require privileged access to be granted, or use advanced settings.
The first time Docker Desktop for Mac launches, you are presented with an installation window where you can choose to either use the default settings, which work for most developers and require privileged access to be granted, or use advanced settings.
If you work in an environment with elevated security requirements, for instance where local administrative access is prohibited, then you can use the advanced settings to remove the need for granting privileged access. You can configure:
- The location of the Docker CLI tools either in the system or user directory
@ -46,14 +46,14 @@ You can change these configurations at a later date from the **Advanced** page i
</div>
<div id="tab2" class="tab-pane fade" markdown="1">
Versions 4.15 to 4.17 of Docker Desktop for Mac doesn't require the privileged process to run permanently. Whenever elevated privileges are needed for a configuration, Docker Desktop prompts you with information on the task it needs to perform. Most configurations are applied once, subsequent runs don't prompt for privileged access anymore.
The only time Docker Desktop may start the privileged process is for binding privileged ports that are not allowed by default on the host OS.
Versions 4.15 to 4.17 of Docker Desktop for Mac don't require the privileged process to run permanently. Whenever elevated privileges are needed for a configuration, Docker Desktop prompts you with information on the task it needs to perform. Most configurations are applied once, subsequent runs don't prompt for privileged access anymore.
The only time Docker Desktop may start the privileged process is for binding privileged ports that aren't allowed by default on the host OS.
<hr>
</div>
<div id="tab3" class="tab-pane fade" markdown="1">
Versions prior to 4.15 of Docker Desktop for Mac require `root` access to be granted on the first run. The first time that Docker Desktop is launched you receive an admin prompt to grant permission for the installation of the `com.docker.vmnetd` privileged helper service. For subsequent runs, `root` privileges aren't required. Following the principle of least privilege, this approach allows `root` access to be used only for the operations for which it is absolutely necessary, while still being able to use Docker Desktop as an unprivileged user.
Versions prior to 4.15 of Docker Desktop for Mac require `root` access to be granted on the first run. The first time that Docker Desktop is launched you receive an admin prompt to grant permission for the installation of the `com.docker.vmnetd` privileged helper service. For subsequent runs, `root` privileges aren't required. Following the principle of least privilege, this approach allows `root` access to be used only for the operations for which it's absolutely necessary, while still being able to use Docker Desktop as an unprivileged user.
All privileged operations are run using the privileged helper process `com.docker.vmnetd`.
<hr>
@ -71,13 +71,13 @@ The Docker binaries are installed by default in `/Applications/Docker.app/Conten
<div class="tab-content">
<div id="tab4" class="tab-pane fade in active" markdown="1">
With version 4.18 or later, you can choose whether to install symlinks either in `/usr/local/bin` or `$HOME/.docker/bin` during installation of Docker Desktop.
With version 4.18 and later, you can choose whether to install symlinks either in `/usr/local/bin` or `$HOME/.docker/bin` during installation of Docker Desktop.
If `/usr/local/bin` is chosen, and this location is not writable by unprivileged users, Docker Desktop requires authorization to confirm this choice before the symlinks to Docker binaries are created in `/usr/local/bin`. If `$HOME/.docker/bin` is chosen, authorization is not required, but the you must [manually add `$HOME/.docker/bin`](../settings/mac.md#advanced) to their PATH.
You are also given the option to enable the installation of the `/var/run/docker.sock` symlink. Creating this symlink ensures various Docker clients relying on the default Docker socket path to work without additional changes.
As the `/var/run` is mounted as a tmpfs, its content is deleted on restart, symlink to the Docker socket included. To ensure the Docker socket exists after restart, Docker Desktop sets up a `launchd` startup task that creates the symlink by running `ln -s -f /Users/<user>/.docker/run/docker.sock /var/run/docker.sock`. This ensures the user is not prompted on each startup to create the symlink. If the user does not enable this option at installation, the symlink and the startup task is not created and the user may have to explicitly set the `DOCKER_HOST` environment variable to `/Users/<user>/.docker/run/docker.sock` in the clients it is using. The Docker CLI relies on the current context to retrieve the socket path, the current context is set to `desktop-linux` on Docker Desktop startup.
As the `/var/run` is mounted as a tmpfs, its content is deleted on restart, symlink to the Docker socket included. To ensure the Docker socket exists after restart, Docker Desktop sets up a `launchd` startup task that creates the symlink by running `ln -s -f /Users/<user>/.docker/run/docker.sock /var/run/docker.sock`. This ensures the you aren't prompted on each startup to create the symlink. If you don't enable this option at installation, the symlink and the startup task is not created and you may have to explicitly set the `DOCKER_HOST` environment variable to `/Users/<user>/.docker/run/docker.sock` in the clients it is using. The Docker CLI relies on the current context to retrieve the socket path, the current context is set to `desktop-linux` on Docker Desktop startup.
<hr>
</div>
@ -85,7 +85,7 @@ As the `/var/run` is mounted as a tmpfs, its content is deleted on restart, syml
For versions prior to 4.18, installing symlinks in `/usr/local/bin` is a privileged configuration Docker Desktop performs on the first startup. Docker Desktop checks if symlinks exists and takes the following actions:
- Creates the symlinks without the admin prompt if `/usr/local/bin` is writable by unprivileged users.
- Triggers an admin prompt for the user to authorize the creation of symlinks in `/usr/local/bin`. If you authorizes this, symlinks to Docker binaries are created in `/usr/local/bin`. If you reject the prompt, are not willing to run configurations requiring elevated privileges, or don't have admin rights on your machine, Docker Desktop creates the symlinks in `~/.docker/bin` and edits your shell profile to ensure this location is in your PATH. This requires all open shells to be reloaded.
- Triggers an admin prompt for you to authorize the creation of symlinks in `/usr/local/bin`. If you authorizes this, symlinks to Docker binaries are created in `/usr/local/bin`. If you reject the prompt, are not willing to run configurations requiring elevated privileges, or don't have admin rights on your machine, Docker Desktop creates the symlinks in `~/.docker/bin` and edits your shell profile to ensure this location is in your PATH. This requires all open shells to be reloaded.
The rejection is recorded for future runs to avoid prompting you again.
For any failure to ensure binaries are on your PATH, you may need to manually add to their PATH the `/Applications/Docker.app/Contents/Resources/bin` or use the full path to Docker binaries.
@ -142,7 +142,7 @@ ERRO[0003] error waiting for container: context canceled
<div class="tab-content">
<div id="tab8" class="tab-pane fade in active" markdown="1">
With version 4.18 it is your responsibility to ensure that localhost is resolved to `127.0.0.1` and if Kubernetes is used, that `kubernetes.docker.internal` is resolved to `127.0.0.1`.
With versions 4.18 and later, it is your responsibility to ensure that localhost is resolved to `127.0.0.1` and if Kubernetes is used, that `kubernetes.docker.internal` is resolved to `127.0.0.1`.
<hr>
</div>
@ -154,7 +154,7 @@ On first run, Docker Desktop checks if `localhost` is resolved to `127.0.0.1`. I
</div>
</div>
## Installing from the commandline
## Installing from the command line
In version 4.11 and later of Docker Desktop for Mac, privileged configurations are applied during the installation with the `--user` flag on the [install command](../install/mac-install.md#install-from-the-command-line). In this case, you are not prompted to grant root privileges on the first run of Docker Desktop. Specifically, the `--user` flag:
- Uninstalls the previous `com.docker.vmnetd` if present
@ -163,7 +163,7 @@ In version 4.11 and later of Docker Desktop for Mac, privileged configurations a
The limitation of this approach is that Docker Desktop can only be run by one user-account per machine, namely the one specified in the `-user` flag.
## Privileged Helper
## Privileged helper
In the limited situations when the privileged helper is needed, for example binding privileged ports or caching the Registry Access Management policy, the privileged helper is started by `launchd` and runs in the background unless it is disabled at runtime as previously described. The Docker Desktop backend communicates with the privileged helper over the UNIX domain socket `/var/run/com.docker.vmnetd.sock`. The functionalities it performs are:
- Binding privileged ports that are less than 1024.

12
desktop/networking.md
View File

@ -1,7 +1,7 @@
---
description: Understand how networking works on Docker Desktop and see the known limitations
keywords: networking, docker desktop, proxy, vpn, Linux, Mac, Windows
title: Explore networking features
title: Explore networking features on Docker Desktop
redirect_from:
- /desktop/linux/networking/
- /docker-for-mac/networking/
@ -23,7 +23,7 @@ Docker Desktop networking can work when attached to a VPN. To do this,
Docker Desktop intercepts traffic from the containers and injects it into
the host as if it originated from the Docker application.
### Port Mapping
### Port mapping
When you run a container with the `-p` argument, for example:
@ -43,7 +43,7 @@ $ docker run -p 8000:80 -d nginx
Now, connections to `localhost:8000` are sent to port 80 in the container. The
syntax for `-p` is `HOST_PORT:CLIENT_PORT`.
### HTTP/HTTPS Proxy Support
### HTTP/HTTPS Proxy support
See:
- [Proxies on Linux](settings/linux.md#proxies)
@ -91,12 +91,12 @@ The internal IP addresses used by Docker can be changed from **Settings**. After
### There is no docker0 bridge on the host
Because of the way networking is implemented in Docker Desktop, you cannot
see a `docker0` interface on the host. This interface is actually within the
see a `docker0` interface on the host. This interface is actually within the
virtual machine.
### I cannot ping my containers
Docker Desktop can't route traffic to Linux containers. However if you're a Windows user, you can
Docker Desktop can't route traffic to Linux containers. However if you're a Windows user, you can
ping the Windows containers.
### Per-container IP addressing is not possible
@ -136,7 +136,7 @@ If you have installed Python on your machine, use the following instructions as
Port forwarding works for `localhost`. `--publish`, `-p`, or `-P` all work.
Ports exposed from Linux are forwarded to the host.
Our current recommendation is to publish a port, or to connect from another
We recommend you publish a port, or to connect from another
container. This is what you need to do even on Linux if the container is on an
overlay network, not a bridge network, as these are not routed.

12
desktop/settings/linux.md
View File

@ -16,7 +16,7 @@ To navigate to **Settings** either:
On the **General** tab, you can configure when to start Docker and specify other settings:
- **Start Docker Desktop when you log in**. Select to automatically start Docker
Desktop when you log into your machine.
Desktop when you sign in to your machine.
- **Choose Theme for Docker Desktop**. Choose whether you want to apply a **Light** or **Dark** theme to Docker Desktop. Alternatively you can set Docker Desktop to **Use System Settings**.
@ -87,9 +87,9 @@ otherwise you may get `Mounts denied` or `cannot start service` errors at runtim
File share settings are:
- **Add a Directory**. Click `+` and navigate to the directory you want to add.
- **Add a Directory**. Select `+` and navigate to the directory you want to add.
- **Remove a Directory**. Click `-` next to the directory you want to remove
- **Remove a Directory**. Select `-` next to the directory you want to remove
- **Apply & Restart** makes the directory available to containers using Docker's
bind mount (`-v`) feature.
@ -166,7 +166,7 @@ Select **Apply & Restart** to save your settings and restart Docker Desktop.
## Kubernetes
Docker Desktop includes a standalone Kubernetes server, so that you can test
deploying your Docker workloads on Kubernetes. To enable Kubernetes support and
deploying your Docker workloads on Kubernetes. To turn on Kubernetes support and
install a standalone instance of Kubernetes running as a Docker container,
select **Enable Kubernetes**.
@ -182,7 +182,7 @@ see [Deploy on Kubernetes](../kubernetes.md){:target="_blank" rel="noopener" cla
The **Software Updates** tab notifies you of any updates available to Docker Desktop.
When there's a new update,
click the **Release Notes** option to learn what's included in the updated version.
select the **Release Notes** option to learn what's included in the updated version.
Turn off the check for updates by clearing the **Automatically check for updates**
check box. This disables notifications in the Docker menu and the notification
@ -191,7 +191,7 @@ the **Check for updates** option in the Docker menu.
To allow Docker Desktop to automatically download new updates in the background,
select **Always download updates**. This downloads newer versions of Docker Desktop
when an update becomes available. After downloading the update, click
when an update becomes available. After downloading the update, select
**Apply and Restart** to install the update. You can do this either through the
Docker menu or in the **Updates** section in the Docker Dashboard.

18
desktop/settings/mac.md
View File

@ -23,7 +23,7 @@ You can also locate the `settings.json` file at `~/Library/Group Containers/grou
On the **General** tab, you can configure when to start Docker and specify other settings:
- **Start Docker Desktop when you log in**. Select to automatically start Docker
Desktop when you log into your machine.
Desktop when you sign in to your machine.
- **Choose Theme for Docker Desktop**. Choose whether you want to apply a **Light** or **Dark** theme to Docker Desktop. Alternatively you can set Docker Desktop to **Use System Settings**.
@ -110,9 +110,9 @@ otherwise you may get `Mounts denied` or `cannot start service` errors at runtim
File share settings are:
- **Add a Directory**. Click `+` and navigate to the directory you want to add.
- **Add a Directory**. Select `+` and navigate to the directory you want to add.
- **Remove a Directory**. Click `-` next to the directory you want to remove
- **Remove a Directory**. Select `-` next to the directory you want to remove
- **Apply & Restart** makes the directory available to containers using Docker's
bind mount (`-v`) feature.
@ -150,7 +150,7 @@ File share settings are:
HTTP/HTTPS proxies can be used when:
- Logging in to Docker
- Signing in to Docker
- Pulling or pushing images
- Fetching artifacts during image builds
- Containers interact with the external network
@ -158,14 +158,14 @@ HTTP/HTTPS proxies can be used when:
If the host uses a HTTP/HTTPS proxy configuration (static or via Proxy Auto-Configuration), Docker Desktop reads
this configuration
and automatically uses these settings for logging into Docker, for pulling and pushing images, and for
and automatically uses these settings for signing in to Docker, for pulling and pushing images, and for
container Internet access. If the proxy requires authorization then Docker Desktop dynamically asks
the developer for a username and password. All passwords are stored securely in the OS credential store.
Note that only the `Basic` proxy authentication method is supported so we recommend using an `https://`
URL for your HTTP/HTTPS proxies to protect passwords while in transit on the network. Docker Desktop
supports TLS 1.3 when communicating with proxies.
To set a different proxy for Docker Desktop, enable **Manual proxy configuration** and enter a single
To set a different proxy for Docker Desktop, turn on **Manual proxy configuration** and enter a single
upstream proxy URL of the form `http://proxy:port` or `https://proxy:port`.
To prevent developers from accidentally changing the proxy settings, see
@ -211,7 +211,7 @@ Select **Apply & Restart** to save your settings and restart Docker Desktop.
## Kubernetes
Docker Desktop includes a standalone Kubernetes server, so that you can test
deploying your Docker workloads on Kubernetes. To enable Kubernetes support and
deploying your Docker workloads on Kubernetes. To turn on Kubernetes support and
install a standalone instance of Kubernetes running as a Docker container,
select **Enable Kubernetes**.
@ -227,7 +227,7 @@ see [Deploy on Kubernetes](../kubernetes.md){:target="_blank" rel="noopener" cla
The **Software Updates** tab notifies you of any updates available to Docker Desktop.
When there's a new update, you can choose to download the update right away, or
click the **Release Notes** option to learn what's included in the updated version.
select the **Release Notes** option to learn what's included in the updated version.
Turn off the check for updates by clearing the **Automatically check for updates**
check box. This disables notifications in the Docker menu and the notification
@ -236,7 +236,7 @@ the **Check for updates** option in the Docker menu.
To allow Docker Desktop to automatically download new updates in the background,
select **Always download updates**. This downloads newer versions of Docker Desktop
when an update becomes available. After downloading the update, click
when an update becomes available. After downloading the update, select
**Apply and Restart** to install the update. You can do this either through the
Docker menu or in the **Updates** section in the Docker Dashboard.

18
desktop/settings/windows.md
View File

@ -18,7 +18,7 @@ You can also locate the `settings.json` file at `C:\Users\[USERNAME]\AppData\Roa
On the **General** tab, you can configure when to start Docker and specify other settings:
- **Start Docker Desktop when you log in**. Select to automatically start Docker
Desktop when you log into your machine.
Desktop when you sign in to your machine.
- **Choose Theme for Docker Desktop**. Choose whether you want to apply a **Light** or **Dark** theme to Docker Desktop. Alternatively you can set Docker Desktop to **Use System Settings**.
@ -111,9 +111,9 @@ or `cannot start service` errors at runtime. See [Volume mounting requires share
File share settings are:
- **Add a Directory**. Click `+` and navigate to the directory you want to add.
- **Add a Directory**. select `+` and navigate to the directory you want to add.
- **Remove a Directory**. Click `-` next to the directory you want to remove
- **Remove a Directory**. select `-` next to the directory you want to remove
- **Apply & Restart** makes the directory available to containers using Docker's
bind mount (`-v`) feature.
@ -162,7 +162,7 @@ containers. Alternatively, you can opt not to share it by selecting **Cancel**.
HTTP/HTTPS proxies can be used when:
- Logging in to Docker
- Signing in to Docker
- Pulling or pushing images
- Fetching artifacts during image builds
- Containers interact with the external network
@ -170,14 +170,14 @@ HTTP/HTTPS proxies can be used when:
If the host uses a HTTP/HTTPS proxy configuration (static or via Proxy Auto-Configuration), Docker Desktop reads
this configuration
and automatically uses these settings for logging into Docker, for pulling and pushing images, and for
and automatically uses these settings for signing into Docker, for pulling and pushing images, and for
container Internet access. If the proxy requires authorization then Docker Desktop dynamically asks
the developer for a username and password. All passwords are stored securely in the OS credential store.
Note that only the `Basic` proxy authentication method is supported so we recommend using an `https://`
URL for your HTTP/HTTPS proxies to protect passwords while in transit on the network. Docker Desktop
supports TLS 1.3 when communicating with proxies.
To set a different proxy for Docker Desktop, enable **Manual proxy configuration** and enter a single
To set a different proxy for Docker Desktop, turn on **Manual proxy configuration** and enter a single
upstream proxy URL of the form `http://proxy:port` or `https://proxy:port`.
To prevent developers from accidentally changing the proxy settings, see
@ -249,7 +249,7 @@ Select **Apply & Restart** to save your settings and restart Docker Desktop.
> The **Kubernetes** tab is not available in Windows container mode.
Docker Desktop includes a standalone Kubernetes server, so that you can test
deploying your Docker workloads on Kubernetes. To enable Kubernetes support and
deploying your Docker workloads on Kubernetes. To turn on Kubernetes support and
install a standalone instance of Kubernetes running as a Docker container,
select **Enable Kubernetes**.
@ -265,7 +265,7 @@ see [Deploy on Kubernetes](../kubernetes.md){:target="_blank" rel="noopener" cla
The **Software Updates** tab notifies you of any updates available to Docker Desktop.
When there's a new update, you can choose to download the update right away, or
click the **Release Notes** option to learn what's included in the updated version.
select the **Release Notes** option to learn what's included in the updated version.
Turn off the check for updates by clearing the **Automatically check for updates**
check box. This disables notifications in the Docker menu and the notification
@ -274,7 +274,7 @@ the **Check for updates** option in the Docker menu.
To allow Docker Desktop to automatically download new updates in the background,
select **Always download updates**. This downloads newer versions of Docker Desktop
when an update becomes available. After downloading the update, click
when an update becomes available. After downloading the update, select
**Apply and Restart** to install the update. You can do this either through the
Docker menu or in the **Updates** section in the Docker Dashboard.

2
desktop/troubleshoot/overview.md
View File

@ -2,7 +2,7 @@
description: Understand how to diagnose and troubleshoot Docker Desktop, and how to check the logs.
keywords: Linux, Mac, Windows, troubleshooting, logs, issues, Docker Desktop
toc_max: 2
title: Overview
title: Troubleshoot Docker Desktop
redirect_from:
- /desktop/linux/troubleshoot/
- /desktop/mac/troubleshoot/

24
desktop/troubleshoot/topics.md
View File

@ -1,7 +1,7 @@
---
description: Explore common troubleshooting topics for Docker Desktop
keywords: Linux, Mac, Windows, troubleshooting, topics, Docker Desktop
title: Troubleshoot topics
title: Troubleshoot topics for Docker Desktop
toc_max: 4
---
@ -32,7 +32,7 @@ As well as on the registry. For example:
If you are using mounted volumes and get runtime errors indicating an
application file is not found, access to a volume mount is denied, or a service
cannot start, such as when using [Docker Compose](../../compose/gettingstarted.md),
you might need to enable [file sharing](../settings/linux.md#file-sharing).
you might need to turn on [file sharing](../settings/linux.md#file-sharing).
Volume mounting requires shared drives for projects that live outside of the
`/home/<user>` directory. From **Settings**, select **Resources** and then **File sharing**. Share the drive that contains the Dockerfile and volume.
@ -111,7 +111,7 @@ in the FAQs.
If you are using mounted volumes and get runtime errors indicating an
application file is not found, access is denied to a volume mount, or a service
cannot start, such as when using [Docker Compose](../../compose/gettingstarted.md),
you might need to enable [shared folders](../settings/windows.md#file-sharing).
you might need to turn on [shared folders](../settings/windows.md#file-sharing).
With the Hyper-V backend, mounting files from Windows requires shared folders for Linux containers. From **Settings**, select **Shared Folders** and share the folder that contains the
Dockerfile and volume.
@ -180,7 +180,7 @@ This is because the `\` character has a special meaning in Git Bash. If you are
$ docker run --rm -ti -v C:\\Users\\user\\work:/work alpine
```
Also, in scripts, the `pwd` command is used to avoid hardcoding file system locations. Its output is a Unix-style path.
Also, in scripts, the `pwd` command is used to avoid hard-coding file system locations. Its output is a Unix-style path.
```console
$ pwd
@ -251,7 +251,7 @@ On Windows 10 Pro or Enterprise, you can also use Hyper-V with the following fea
![Hyper-V on Windows features](../images/hyperv-enabled.png){:width="600px"}
Docker Desktop requires Hyper-V as well as the Hyper-V Module for Windows
Powershell to be installed and enabled. The Docker Desktop installer enables
PowerShell to be installed and enabled. The Docker Desktop installer enables
it for you.
Docker Desktop also needs two CPU hardware features to use Hyper-V: Virtualization and Second Level Address Translation (SLAT), which is also called Rapid Virtualization Indexing (RVI). On some systems, Virtualization must be enabled in the BIOS. The steps required are vendor-specific, but typically the BIOS option is called `Virtualization Technology (VTx)` or something similar. Run the command `systeminfo` to check all required Hyper-V features. See [Pre-requisites for Hyper-V on Windows 10](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/hyper-v-requirements){:target="_blank" rel="noopener" class="_"} for more details.
@ -261,24 +261,24 @@ To install Hyper-V manually, see [Install Hyper-V on Windows 10](https://msdn.mi
From the start menu, type **Turn Windows features on or off** and press enter.
In the subsequent screen, verify that Hyper-V is enabled.
#### Virtualization must be enabled
#### Virtualization must be turned on
In addition to [Hyper-V](#hyper-v) or [WSL 2](../wsl/index.md), virtualization must be enabled. Check the
In addition to [Hyper-V](#hyper-v) or [WSL 2](../wsl/index.md), virtualization must be turned on. Check the
Performance tab on the Task Manager:
![Task Manager](../images/virtualization-enabled.png){:width="700px"}
If you manually uninstall Hyper-V, WSL 2 or disable virtualization,
If you manually uninstall Hyper-V, WSL 2 or turn off virtualization,
Docker Desktop cannot start.
To enable nested virtualisation, see [Run Docker Desktop for Windows in a VM or VDI environment](../vm-vdi.md#enable-nested-virtualization){:target="_blank" rel="noopener" class="_"}.
To turn on nested virtualisation, see [Run Docker Desktop for Windows in a VM or VDI environment](../vm-vdi.md#turn-on-nested-virtualization){:target="_blank" rel="noopener" class="_"}.
#### Hypervisor enabled at Windows startup
If you have completed the steps described above and are still experiencing
Docker Desktop startup issues, this could be because the Hypervisor is installed,
but not launched during Windows startup. Some tools (such as older versions of
Virtual Box) and video game installers disable hypervisor on boot. To re-enable it:
Virtual Box) and video game installers turn off hypervisor on boot. To turn it back on:
1. Open an administrative console prompt.
2. Run `bcdedit /set hypervisorlaunchtype auto`.
@ -286,7 +286,7 @@ Virtual Box) and video game installers disable hypervisor on boot. To re-enable
You can also refer to the [Microsoft TechNet article](https://social.technet.microsoft.com/Forums/en-US/ee5b1d6b-09e2-49f3-a52c-820aafc316f9/hyperv-doesnt-work-after-upgrade-to-windows-10-1809?forum=win10itprovirt){:target="_blank" rel="noopener" class="_"} on Code flow guard (CFG) settings.
#### Enable nested virtualization
#### Turn on nested virtualization
If you are using Hyper-V and you get the following error message when running Docker Desktop in a VDI environment:
@ -294,7 +294,7 @@ If you are using Hyper-V and you get the following error message when running Do
The Virtual Machine Management Service failed to start the virtual machine 'DockerDesktopVM' because one of the Hyper-V components is not running
```
Try [enabling nested virtualization](../vm-vdi.md#enable-nested-virtualization){:target="_blank" rel="noopener" class="_"}.
Try [enabling nested virtualization](../vm-vdi.md#turn-on-nested-virtualization){:target="_blank" rel="noopener" class="_"}.
### Windows containers and Windows Server

2
desktop/troubleshoot/workarounds.md
View File

@ -30,7 +30,7 @@ or `listen tcp:0.0.0.0:8080: bind: address is already in use` ...
These errors are often caused by some other software on Windows using those
ports. To discover the identity of this software, either use the `resmon.exe`
GUI and click "Network" and then "Listening Ports" or in a Powershell use
GUI and click "Network" and then "Listening Ports" or in a PowerShell use
`netstat -aon | find /i "listening "` to discover the PID of the process
currently using the port (the PID is the number in the rightmost column). Decide
whether to shut the other process down, or to use a different port in your

27
desktop/uninstall.md
View File

@ -20,7 +20,7 @@ To uninstall Docker Desktop from your Windows machine:
1. From the Windows **Start** menu, select **Settings** > **Apps** > **Apps & features**.
2. Select **Docker Desktop** from the **Apps & features** list and then select **Uninstall**.
3. Click **Uninstall** to confirm your selection.
3. Select **Uninstall** to confirm your selection.
> **Important**
>
@ -35,7 +35,7 @@ To uninstall Docker Desktop from your Windows machine:
To uninstall Docker Desktop from your Mac:
1. From the Docker menu, select the **Troubleshoot** icon in the top-right corner of Docker Dashboard and then select **Uninstall**.
2. Click **Uninstall** to confirm your selection.
2. Select **Uninstall** to confirm your selection.
> Uninstall Docker Desktop from the command line
>
@ -49,16 +49,9 @@ To uninstall Docker Desktop from your Mac:
> Docker uninstalled successfully. You can move the Docker application to the trash.
> ```
>
> You might want to use the command-line uninstall if, for example, you find that
> You might want to use the command line to uninstall if, for example, you find that
> the app is non-functional, and you cannot uninstall it from the menu.
> **Note**
>
> Uninstalling Docker Desktop destroys Docker containers, images, volumes, and
> other Docker related data local to the machine, and removes the files generated
> by the application. Refer to the [back up and restore data](backup-and-restore.md)
> section to learn how to preserve important data before uninstalling.
<hr>
</div>
<div id="tab5" class="tab-pane fade" markdown="1">
@ -67,12 +60,6 @@ Docker Desktop can be removed from a Linux host using the package manager.
Once Docker Desktop has been removed, users must remove the `credsStore` and `currentContext` properties from the `~/.docker/config.json`.
> **Note**
>
> Uninstalling Docker Desktop destroys Docker containers, images, volumes, and
> other Docker related data local to the machine, and removes the files generated
> by the application. Refer to the [back up and restore data](backup-and-restore.md)
> section to learn how to preserve important data before uninstalling.
<hr>
</div>
<div id="tab6" class="tab-pane fade" markdown="1">
@ -161,3 +148,11 @@ Remove the `credsStore` and `currentContext` properties from `$HOME/.docker/conf
<hr>
</div>
</div>
> **Important**
>
> Uninstalling Docker Desktop destroys Docker containers, images, volumes, and
> other Docker related data local to the machine, and removes the files generated
> by the application. Refer to the [back up and restore data](backup-and-restore.md)
> section to learn how to preserve important data before uninstalling.
{: .important}

2
desktop/use-desktop/container.md
View File

@ -1,7 +1,7 @@
---
description: Understand what you can do with the Containers view on Docker Dashboard
keywords: Docker Dashboard, manage, containers, gui, dashboard, images, user manual
title: Explore Containers
title: Explore the Containers view in Docker Desktop
---
The **Containers** view lists all your running containers and applications. You must have running or stopped containers and applications to see them listed.

24
desktop/use-desktop/images.md
View File

@ -1,22 +1,22 @@
---
description: Understand what you can do with the Images view on Docker Dashboard
keywords: Docker Dashboard, manage, containers, gui, dashboard, images, user manual
title: Explore Images
title: Explore the Images view in Docker Desktop
---
The **Images** view is a simple interface that lets you manage Docker images without having to use the CLI. By default, it displays a list of all Docker images on your local disk.
The **Images** view lets you manage Docker images without having to use the CLI. By default, it displays a list of all Docker images on your local disk.
You can also view Hub images once you have signed in to Docker Hub. This allows you to collaborate with your team and manage your images directly through Docker Desktop.
The **Images** view allows you to perform core operations such as running an image as a container, pulling the latest version of an image from Docker Hub, pushing the image to Docker Hub, and inspecting images.
The **Images** view lets you perform core operations such as running an image as a container, pulling the latest version of an image from Docker Hub, pushing the image to Docker Hub, and inspecting images.
The **Images** view displays metadata about the image such as the:
It also displays metadata about the image such as the:
- Tag
- Image ID
- Date created
- Size of the image.
It also displays **In Use** tags next to images used by running and stopped containers. You can choose what information you want displayed by selecting the **More options** menu to the right of the search bar, and then use the toggle switches according to your preferences.
An **In Use** tag displays next to images used by running and stopped containers. You can choose what information you want displayed by selecting the **More options** menu to the right of the search bar, and then use the toggle switches according to your preferences.
The **Images on disk** status bar displays the number of images and the total disk space used by the images and when this information was last refreshed.
@ -61,7 +61,7 @@ Select the image from the list, select the **More options** button and select **
> **Note**
>
> The repository must exist on Docker Hub in order to pull the latest version of an image. You must be logged in to pull private images.
> The repository must exist on Docker Hub in order to pull the latest version of an image. You must be signed in to pull private images.
## Push an image to Docker Hub
@ -103,7 +103,7 @@ For more information about supported integrations, see
### Hub
Switching to the **Hub** tab prompts you to sign in to your Docker ID, if you're not already signed in.
Switching to the **Hub** tab prompts you to sign in to your Docke Hub account, if you're not already signed in.
When signed in, it shows you a list of images in Docker Hub organizations and repositories that you have access to.
Select an organization from the drop-down to view a list of repositories for that organization.
@ -112,8 +112,8 @@ If you have enabled [Vulnerability Scanning](../../docker-hub/vulnerability-scan
Hovering over an image tag reveals two options:
- **Pull**: pulls the latest version of the image from Docker Hub.
- **View in Hub**: opens the Docker Hub page and displays detailed information about the image.
- **Pull**: Pull the latest version of the image from Docker Hub.
- **View in Hub**: Open the Docker Hub page and display detailed information about the image.
### Artifactory
@ -135,9 +135,9 @@ To connect a new Artifactory registry to Docker Desktop:
$ cat ./password.txt | docker login -u <username> --password-stdin <hostname>
```
- `password.txt`: text file containing your Artifactory password.
- `username`: your Artifactory username.
- `hostname`: hostname for your Artifactory instance.
- `password.txt`: Text file containing your Artifactory password.
- `username`: Your Artifactory username.
- `hostname`: Hostname for your Artifactory instance.
2. Open the **Images** view in Docker Desktop.
3. Select the **Artifactory** tab near the top of the image view to see Artifactory images.

14
desktop/use-desktop/index.md
View File

@ -1,7 +1,7 @@
---
description: Understand what you can do with Docker Dashboard
keywords: Docker Dashboard, manage, containers, gui, dashboard, images, user manual, whale menu
title: Overview
title: Explore Docker Desktop
redirect_from:
- /desktop/dashboard/
---
@ -18,14 +18,14 @@ The **Volumes** view displays a list of volumes and allows you to easily create
In addition, the Docker Dashboard allows you to:
- Easily navigate to the **Settings** menu to configure Docker Desktop preferences. Select the **Settings** icon in the Dashboard header.
- Navigate to the **Settings** menu to configure your Docker Desktop settings. Select the **Settings** icon in the Dashboard header.
- Access the **Troubleshoot** menu to debug and perform restart operations. Select the **Troubleshoot** icon in the Dashboard header.
## Quick search
From the Docker Dashboard you can use Quick Search, which is located in the Dashboard header, to search for:
- Any container or Compose app on your local system. You can see an overview of associated environment variables or perform quick actions, such as start, stop, or delete.
- Any container or Compose application on your local system. You can see an overview of associated environment variables or perform quick actions, such as start, stop, or delete.
- Public Docker Hub images, local images, and images from remote repositories. Depending on the type of image you select, you can either pull the image by tag, view documentation, go to Docker Hub for more details, or run a new container using the image.
@ -39,17 +39,19 @@ From the Docker Dashboard you can use Quick Search, which is located in the Dash
Docker Desktop also provides an easy-access tray icon that appears in the taskbar and is referred to as the Docker menu ![whale menu](../../assets/images/whale-x.svg){: .inline}.
To display the Docker menu, right-click on the ![whale menu](../../assets/images/whale-x.svg){: .inline} icon. It displays the following options:
To display the Docker menu, select the ![whale menu](../../assets/images/whale-x.svg){: .inline} icon. It displays the following options:
- **Dashboard**. This takes you to the Docker Dashboard.
- **Sign in/Create Docker ID**
- **Settings**
- **Check for updates**
- **Troubleshoot**
- **Switch to Windows containers**
- **Give feedback**
- **Switch to Windows containers** (if you're on Windows)
- **About Docker Desktop**. Contains information on the versions you are running, and links to the Subscription Service Agreement for example.
- **Learning Center**
- **Learning center**
- **Docker Hub**
- **Documentation**
- **Extensions**
- **Kubernetes**
- **Pause**

10
desktop/vm-vdi.md
View File

@ -6,7 +6,7 @@ redirect_from:
- /desktop/nested-virtualization/
---
In general, Docker recommends running Docker Desktop natively on either Mac, Linux, or Windows. However, Docker Desktop for Windows can run inside a virtual desktop provided the virtual desktop is properly configured.
In general, we recommend running Docker Desktop natively on either Mac, Linux, or Windows. However, Docker Desktop for Windows can run inside a virtual desktop provided the virtual desktop is properly configured.
To run Docker Desktop in a virtual desktop environment, it is essential nested virtualization is enabled on the virtual machine that provides the virtual desktop. This is because, under the hood, Docker Desktop is using a Linux VM in which it runs Docker Engine and the containers.
@ -20,18 +20,18 @@ The support available from Docker extends to installing and running Docker Deskt
For troubleshooting problems and intermittent failures that are outside of Docker's control, you should contact your hypervisor vendor. Each hypervisor vendor offers different levels of support. For example, Microsoft supports running nested Hyper-V both on-prem and on Azure, with some version constraints. This may not be the case for VMWare ESXi.
## Enable nested virtualization
## Turn on nested virtualization
You must enable nested virtualization before you install Docker Desktop on a virtual machine.
You must turn on nested virtualization before you install Docker Desktop on a virtual machine.
### Enable nested virtualization on VMware ESXi
### Turn on nested virtualization on VMware ESXi
Nested virtualization of other hypervisors like Hyper-V inside a vSphere VM [is not a supported scenario](https://kb.vmware.com/s/article/2009916){:target="_blank" rel="noopener" class="_"}. However, running Hyper-V VM in a VMware ESXi VM is technically possible and, depending on the version, ESXi includes hardware-assisted virtualization as a supported feature. For internal testing, we used a VM that had 1 CPU with 4 cores and 12GB of memory.
For steps on how to expose hardware-assisted virtualization to the guest OS, [see VMware's documentation](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-2A98801C-68E8-47AF-99ED-00C63E4857F6.html){:target="_blank" rel="noopener" class="_"}.
### Enable nested virtualization on Microsoft Hyper-V
### Turn on nested virtualization on Microsoft Hyper-V
Nested virtualization is supported by Microsoft for running Hyper-V inside an Azure VM.

34
desktop/wasm/index.md
View File

@ -5,6 +5,13 @@ keywords: Docker, WebAssembly, wasm, containerd, engine
toc_max: 3
---
> **Beta**
>
> The Wasm feature is currently in [Beta](../../release-lifecycle.md/#beta).
> We recommend that you do not use this feature in production environments as
> this feature may change or be removed from future releases.
{: .experimental}
Wasm (short for WebAssembly) is a fast, light alternative to the Linux and
Windows containers youre using in Docker today (with
[some tradeoffs](https://www.docker.com/blog/docker-wasm-technical-preview/){:target="_blank"
@ -13,20 +20,14 @@ rel="noopener" class="_"}).
This page provides information about the new ability to run Wasm applications
alongside your Linux containers in Docker.
> **Beta**
>
> The Wasm feature is currently in [Beta](../../release-lifecycle.md/#beta).
> We recommend that you do not use this feature in production environments as
> this feature may change or be removed from future releases.
## Enable Wasm workloads
## Turn on Wasm workloads
Wasm workloads require the [containerd image store](../containerd/index.md)
feature to be enabled. If youre not already using the containerd image store,
feature to be turned on. If youre not already using the containerd image store,
then pre-existing images and containers will be inaccessible.
1. Open the Docker Desktop **Settings**.
2. Go to the **Features in development** tab.
2. Go to **Features in development** and then select the **Beta features** tab.
3. Check the following checkboxes:
- **Use containerd for storing and pulling images**
- **Enable Wasm**
@ -56,15 +57,14 @@ $ docker run \
After running this command, you can visit [http://localhost:8080/](http://localhost:8080/) to see the "Hello world" output from this example module.
> Got an error message? Head to the [troubleshooting section](#troubleshooting)
> for help.
If you are receiving an error message, see the [troubleshooting section](#troubleshooting) for help.
Note the `--runtime` and `--platform` flags used in this command:
- `--runtime=io.containerd.wasmedge.v1`: informs the Docker engine that you want
- `--runtime=io.containerd.wasmedge.v1`: Informs the Docker engine that you want
to use the Wasm containerd shim instead of the standard Linux container
runtime
- `--platform=wasi/wasm`: specifies the architecture of the image you want to
- `--platform=wasi/wasm`: Specifies the architecture of the image you want to
use. By leveraging a Wasm architecture, you dont need to build separate
images for the different machine architectures. The Wasm runtime takes care of
the final step of converting the Wasm binary to machine instructions.
@ -83,9 +83,9 @@ services:
Start the application using the normal Docker Compose commands:
```console
$ docker compose up
```
```console
$ docker compose up
```
### Running a multi-service application with Wasm
@ -192,7 +192,7 @@ containerd image store, an error similar to the following displays:
docker: Error response from daemon: Unknown runtime specified io.containerd.wasmedge.v1.
```
[Turn on the containerd feature](../containerd/index.md#enabling-the-containerd-image-store-feature)
[Turn on the containerd feature](../containerd/index.md#turn-on-the-containerd-image-store-feature)
in Docker Desktop settings and try again.
### Failed to start shim: failed to resolve runtime path

14
desktop/windows/permission-requirements.md
View File

@ -12,11 +12,11 @@ It also provides clarity on running containers as `root` as opposed to having `A
## Permission requirements
While Docker Desktop on Windows can be run without having `Administrator` privileges, it does require them during installation. On installation the user gets a UAC prompt which allows a privileged helper service to be installed. After that, Docker Desktop can be run by users without administrator privileges, provided they are members of the `docker-users` group. The user who performs the installation is automatically added to this group, but other users must be added manually. This allows the administrator to control who has access to Docker Desktop.
While Docker Desktop on Windows can be run without having `Administrator` privileges, it does require them during installation. On installation you recieve a UAC prompt which allows a privileged helper service to be installed. After that, Docker Desktop can be run without administrator privileges, provided you are members of the `docker-users` group. If you performed the installation, you are automatically added to this group, but other users must be added manually. This allows the administrator to control who has access to Docker Desktop.
The reason for this approach is that Docker Desktop needs to perform a limited set of privileged operations which are conducted by the privileged helper process `com.docker.service`. This approach allows, following the principle of least privilege, `Administrator` access to be used only for the operations for which it is absolutely necessary, while still being able to use Docker Desktop as an unprivileged user.
## Privileged Helper
## Privileged helper
The privileged helper `com.docker.service` is a Windows service which runs in the background with `SYSTEM` privileges. It listens on the named pipe `//./pipe/dockerBackendV2`. The developer runs the Docker Desktop application, which connects to the named pipe and sends commands to the service. This named pipe is protected, and only users that are part of the `docker-users` group can have access to it.
@ -26,7 +26,7 @@ The service performs the following functionalities:
- Securely caching the Registry Access Management policy which is read-only for the developer.
- Creating the Hyper-V VM `"DockerDesktopVM"` and managing its lifecycle - starting, stopping and destroying it. The VM name is hard coded in the service code so the service cannot be used for creating or manipulating any other VMs.
- Moving the VHDX file or folder.
- Starting and stopping the Windows Docker engine and querying whether it is running.
- Starting and stopping the Windows Docker engine and querying whether it's running.
- Deleting all Windows containers data files.
- Checking if Hyper-V is enabled.
- Checking if the bootloader activates Hyper-V.
@ -34,13 +34,13 @@ The service performs the following functionalities:
- Conducting healthchecks and retrieving the version of the service itself.
The service start mode depends on which container engine is selected, and, for WSL, on whether it is needed to maintain `host.docker.internal` and `gateway.docker.internal` in the Win32 hosts file. This is controlled by a setting under `Use the WSL 2 based engine` in the settings page. When this is set, WSL engine behaves the same as Hyper-V. So:
- With Windows containers, or Hyper-v Linux containers, the service is started when the system boots and runs all the time, even when Docker Desktop isn't running. This is required for the user to be able to launch Docker Desktop without admin privileges.
- With WSL2 Linux containers, the service isn't necessary and therefore doesn't run automatically when the system boots. When the user switches to Windows containers or Hyper-v Linux containers, or chooses to maintain `host.docker.internal` and `gateway.docker.internal` in the Win32 hosts file, a UAC prompt is displayed which asks the user to accept the privileged operation to start the service. If accepted, the service is started and set to start automatically upon the next Windows boot.
- With Windows containers, or Hyper-v Linux containers, the service is started when the system boots and runs all the time, even when Docker Desktop isn't running. This is required so you can launch Docker Desktop without admin privileges.
- With WSL2 Linux containers, the service isn't necessary and therefore doesn't run automatically when the system boots. When you switche to Windows containers or Hyper-v Linux containers, or chooses to maintain `host.docker.internal` and `gateway.docker.internal` in the Win32 hosts file, a UAC prompt is displayed which asks you to accept the privileged operation to start the service. If accepted, the service is started and set to start automatically upon the next Windows boot.
## Containers running as root within the Linux VM
The Linux Docker daemon and containers run in a minimal, special-purpose Linux VM managed by Docker. It is immutable so users cant extend it or change the installed software.
This means that although containers run by default as `root`, this doesn't allow altering the VM and doesn't grant `Administrator` access to the Windows host machine. The Linux VM serves as a security boundary and limits what resources from the host can be accessed. File sharing uses a user-space crafted file server and any directories from the host bind mounted into Docker containers still retain their original permissions. It doesn't give the user access to any files that it doesnt already have access to.
The Linux Docker daemon and containers run in a minimal, special-purpose Linux VM managed by Docker. It is immutable so you cant extend it or change the installed software.
This means that although containers run by default as `root`, this doesn't allow altering the VM and doesn't grant `Administrator` access to the Windows host machine. The Linux VM serves as a security boundary and limits what resources from the host can be accessed. File sharing uses a user-space crafted file server and any directories from the host bind mounted into Docker containers still retain their original permissions. It doesn't give you access to any files that it doesnt already have access to.
## Windows Containers

1
desktop/wsl/best-practices.md
View File

@ -17,5 +17,4 @@ keywords: wsl, docker desktop, best practices
- Instead, from a Linux shell use a command like `docker run -v ~/my-project:/sources <my-image>` where `~` is expanded by the Linux shell to `$HOME`.
- If you have concerns about the size of the docker-desktop-data VHDX, or need to change it, take a look at the [WSL tooling built into Windows](https://learn.microsoft.com/en-us/windows/wsl/disk-space).
- If you have concerns about CPU or memory usage, you can configure limits on the memory, CPU, and swap size allocated to the [WSL 2 utility VM](https://learn.microsoft.com/en-us/windows/wsl/wsl-config#global-configuration-options-with-wslconfig).