security: add k8s setting to reference (#23026)

## Description
- Adds a callout to enable K8s setting
- Adds "Custom K8s image repository" setting
- Adds Admin Console as an option for configuring network settings
- Adds min DD version to network settings in reference

## Related issues or tickets
- https://docker.atlassian.net/browse/ENGDOCS-2722
- https://docker.atlassian.net/browse/ENGDOCS-2719
- https://docker.atlassian.net/browse/ENGDOCS-2820

## Reviews
- [ ] Editorial review

content/manuals/desktop/features/networking.md

@@ -107,7 +107,8 @@ Depending on your selected network mode, the options available are:
 
 ### Using Settings Management
 
-If you're an administrator, you can use [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md#networking) to enforce this Docker Desktop setting across your developer's machines. Choose from the following code snippets and at it to your `admin-settings.json` file.
+If you're an administrator, you can use [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md#networking) to enforce this Docker Desktop setting across your developer's machines. Choose from the following code snippets and at it to your `admin-settings.json` file,
+or configure this setting using the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
 
 {{< tabs >}}
 {{< tab name="Networking mode" >}}

content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md

@@ -534,7 +534,8 @@ For more information, see [Networking](/manuals/desktop/features/networking.md#n
 |---------------|-----------------|----------|
 | `auto` | `ipv4`, `ipv6`, `none` | String  |
 
-- **Description:** Filters unsupported DNS record types.
+- **Description:** Filters unsupported DNS record types. Requires Docker Desktop
+version 4.43 and up.
 - **OS:** {{< badge color=blue text="Windows and Mac" >}}
 - **Use case:** Control how Docker filters DNS records returned to containers, improving reliability in environments where only IPv4 or IPv6 is supported.
 - **Configure this setting with:**
@@ -621,6 +622,12 @@ Builders settings lets you manage Buildx builder instances for advanced image-bu
 >
 > In hardened environments, disable and lock this setting.
 
+> [!IMPORTANT]
+>
+> When Kubernetes is enabled through Settings Management policies, only the
+`kubeadm` cluster provisioning method is supported. The `kind` provisioning
+method is not yet supported by Settings Management.
+
 - **Configure this setting with:**
     - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
     - Settings Management: `kubernetes` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
@@ -680,6 +687,40 @@ compatibility.
 - **Configure this setting with:**
     - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
 
+### Custom Kubernetes image repository
+
+| Default value | Accepted values | Format   |
+|---------------|-----------------|----------|
+| `""`          | Registry URL    | String   |
+
+- **Description**: Configure a custom image repository for Kubernetes control
+plane images. This allows Docker Desktop to pull Kubernetes system
+images from a private registry or mirror instead of Docker Hub. This setting
+overrides the `[registry[:port]/][namespace]` portion of image names.
+- **OS**: {{< badge color=blue text="All" >}}
+- **Use case**: Use private registries in air-gapped environments or
+when Docker Hub access is restricted.
+
+> [!NOTE]
+>
+> The images must be cloned/mirrored from Docker Hub with matching tags. The
+specific images required depend on the cluster provisioning method (`kubeadm`
+or `kind`). See the Kubernetes documentation for the complete list
+of required images and detailed setup instructions.
+
+- **Configure this setting with**:
+    - Settings Management: `KubernetesImagesRepository` settings in the
+    [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md)
+    - Settings Management: **Kubernetes Images Repository** setting in the
+    [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md)
+
+> [!IMPORTANT]
+>
+> When using `KubernetesImagesRepository` with Enhanced Container Isolation (ECI)
+enabled, you must add the following images to the ECI Docker socket mount image
+list: `[imagesRepository]/desktop-cloud-provider-kind:*` and
+`[imagesRepository]/desktop-containerd-registry-mirror:*`.
+
 ## Software updates
 
 ### Automatically check for updates

hugo_stats.json

@@ -4,7 +4,7 @@
     "classes": [
       "--mount",
       "--tmpfs",
-      "-mr-8",
+      "-mr-20",
       "-mt-0.5",
       "-mt-8",
       "-top-10",
@@ -36,12 +36,16 @@
       "Debian",
       "Debian-GNU/Linux",
       "Diff",
+      "Docker-Build-Cloud",
       "Docker-Desktop",
       "Docker-Engine",
       "Docker-Hub",
+      "Docker-Scout",
       "Docker-Scout-Dashboard",
       "Docker-subscription",
       "Download",
+      "Enable-for-a-given-project",
+      "Enable-globally",
       "Entra-ID",
       "Entra-ID-OIDC",
       "Entra-ID-SAML-2.0",
@@ -116,6 +120,7 @@
       "Single-container",
       "Specific-version",
       "Svelte",
+      "Testcontainers-Cloud",
       "Ubuntu",
       "Ubuntu/Debian",
       "Unix-pipe",
@@ -195,6 +200,7 @@
       "border-transparent",
       "border-white",
       "bottom-0",
+      "breadcrumbs",
       "build-push-action",
       "button",
       "card",
@@ -415,6 +421,7 @@
       "md:z-auto",
       "min-h-screen",
       "min-w-0",
+      "min-w-48",
       "min-w-52",
       "min-w-fit",
       "ml-2",