From 8aec58cf2140988aad8018b48725e19b11504266 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Fri, 31 May 2019 13:27:57 -0700 Subject: [PATCH 01/32] 7724 (#8876) * Fix 7724 * Fix broken link --- datacenter/ucp/2.0/guides/configuration/index.md | 4 ++-- datacenter/ucp/2.0/guides/configuration/integrate-with-dtr.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/datacenter/ucp/2.0/guides/configuration/index.md b/datacenter/ucp/2.0/guides/configuration/index.md index d8ee7ff2b7..a1f22a22c4 100644 --- a/datacenter/ucp/2.0/guides/configuration/index.md +++ b/datacenter/ucp/2.0/guides/configuration/index.md @@ -1,8 +1,8 @@ - --- +--- +title: Use externally-signed certificates description: Learn how to configure Docker Universal Control Plane to use your own certificates. keywords: Universal Control Plane, UCP, certificate, authentication, tls -title: Use externally-signed certificates --- All UCP services are exposed using HTTPS, to ensure all communications between diff --git a/datacenter/ucp/2.0/guides/configuration/integrate-with-dtr.md b/datacenter/ucp/2.0/guides/configuration/integrate-with-dtr.md index 8a6f2623fb..2404bed0e1 100644 --- a/datacenter/ucp/2.0/guides/configuration/integrate-with-dtr.md +++ b/datacenter/ucp/2.0/guides/configuration/integrate-with-dtr.md @@ -139,4 +139,4 @@ steps as you used to configure your local computer. ## Where to go next -* [use your own externally-signed TLS certificates](index.md#customize-the-ucp-tls-certificates) +* [Use your own externally-signed TLS certificates](/datacenter/ucp/2.0/guides/configuration/index.md#customize-the-ucp-tls-certificates) From c9bd496d1b6b24a0aa8eab6566ad1416fdf5080d Mon Sep 17 00:00:00 2001 From: David Yu Date: Sat, 1 Jun 2019 03:27:32 -0700 Subject: [PATCH 02/32] Change to Docker Enterprise (#8877) * Change to Docker Enterprise --- index.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/index.md b/index.md index 7959711d85..8ec4ccc76a 100644 --- a/index.md +++ b/index.md @@ -22,14 +22,14 @@ production servers in the cloud. Total reading time is less than an hour.
-## Try Docker Enterprise Edition +## Try Docker Enterprise -Run your solution in production with Docker Enterprise Edition to get a +Run your solution in production with Docker Enterprise to get a management dashboard, security scanning, LDAP integration, content signing, multi-cloud support, and more. Click below to test-drive a running instance of -Docker EE without installing anything. +Docker Enterprise without installing anything. -[Try Docker Enterprise Edition](https://trial.docker.com){: class="button outline-btn" onclick="ga('send', 'event', 'EE Trial Referral', 'Front Page', 'Click');"} +[Try Docker Enterprise](https://trial.docker.com){: class="button outline-btn" onclick="ga('send', 'event', 'EE Trial Referral', 'Front Page', 'Click');"}
@@ -52,15 +52,17 @@ channel for more predictability.
-### Docker Enterprise Edition +### Docker Enterprise Platform Designed for enterprise development and IT teams who build, ship, and run business critical applications in production at scale. Integrated, certified, and supported to provide enterprises with the most secure container platform in -the industry to modernize all applications. Docker EE Advanced comes with enterprise -[add-ons](#docker-ee-add-ons) like UCP and DTR. +the industry to modernize all applications. Docker Enterprise Advanced comes with enterprise +[add-ons](#docker-ee-add-ons) like Universal Control Plane (UCP) for managing and +orchestrating the container runtime, and Docker Trusted Registry (DTR) for storing and +securing images in an enterprise grade registry. -[Learn more about Docker EE](/ee/supported-platforms/){: class="button outline-btn"} +[Learn more about Docker Enterprise](/ee/supported-platforms/){: class="button outline-btn"}
From 7a2f74adbe26879d2bd00972e4d7d37c95ff0e78 Mon Sep 17 00:00:00 2001 From: Logan Kimmel Date: Sat, 1 Jun 2019 07:08:45 -0500 Subject: [PATCH 03/32] Update the new default addr pool for swarm (#8705) The default address pool for swarm is now a `/8` CIDR --- ee/ucp/admin/install/plan-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/ucp/admin/install/plan-installation.md b/ee/ucp/admin/install/plan-installation.md index d3b7e0bfba..b4e7a80739 100644 --- a/ee/ucp/admin/install/plan-installation.md +++ b/ee/ucp/admin/install/plan-installation.md @@ -44,7 +44,7 @@ this. The `service-cluster-ip-range` Kubernetes API Server flag is currently set to `10.96.0.0/16` and cannot be changed. -Swarm uses a default address pool of `10.0.0.0/16` for its overlay networks. If this conflicts with your current network implementation, please use a custom IP address pool. To specify a custom IP address pool, use the `--default-address-pool` command line option during [Swarm initialization](../../../../engine/swarm/swarm-mode.md). +Swarm uses a default address pool of `10.0.0.0/8` for its overlay networks. If this conflicts with your current network implementation, please use a custom IP address pool. To specify a custom IP address pool, use the `--default-address-pool` command line option during [Swarm initialization](../../../../engine/swarm/swarm-mode.md). > **Note**: Currently, the UCP installation process does not support this flag. To deploy with a custom IP pool, Swarm must first be installed using this flag and UCP must be installed on top of it. From 57bffe0736d849472d9154d2b25306ec60513541 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sat, 1 Jun 2019 15:40:26 -0400 Subject: [PATCH 05/32] Update system-requirements.md --- datacenter/ucp/1.1/installation/system-requirements.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/datacenter/ucp/1.1/installation/system-requirements.md b/datacenter/ucp/1.1/installation/system-requirements.md index b011b3b6c1..a68e71c053 100644 --- a/datacenter/ucp/1.1/installation/system-requirements.md +++ b/datacenter/ucp/1.1/installation/system-requirements.md @@ -17,7 +17,7 @@ all nodes must have: * Linux kernel version 3.10 or higher * CS Docker Engine version 1.10 or higher. Learn about the -[operating systems supported by CS Docker Engine](/cs-engine/install/). +[operating systems supported by CS Docker Engine](/install/). * 2.00 GB of RAM * 3.00 GB of available disk space * A static IP address @@ -59,4 +59,4 @@ Docker Datacenter is a software subscription that includes 3 products: ## Where to go next * [UCP architecture](../architecture.md) -* [Plan a production installation](plan-production-install.md) \ No newline at end of file +* [Plan a production installation](plan-production-install.md) From 5d95c4678ed9c3de68f51c72f0609f67c9883919 Mon Sep 17 00:00:00 2001 From: Peter Salvatore Date: Mon, 3 Jun 2019 10:03:03 -0400 Subject: [PATCH 06/32] TAR-780 Remove redundant withVpn. --- Jenkinsfile | 101 ++++++++++++++++++++++++---------------------------- 1 file changed, 46 insertions(+), 55 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 06000a75f2..5ab1a8d441 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -5,7 +5,6 @@ pipeline { label 'ubuntu-1604-aufs-stable' } environment { - DTR_VPN_ADDRESS = credentials('dtr-vpn-address') DTR_URL = credentials('dtr-url') DOCKER_HOST_STRING = credentials('docker-host') UCP_BUNDLE = credentials('ucp-bundle') @@ -26,19 +25,17 @@ pipeline { branch 'master' } steps { - withVpn("$DTR_VPN_ADDRESS") { - sh """ - cat $SUCCESS_BOT_TOKEN | docker login $DTR_URL --username 'success_bot' --password-stdin - docker build -t $DTR_URL/docker/docker.github.io:stage-${env.BUILD_NUMBER} . - docker push $DTR_URL/docker/docker.github.io:stage-${env.BUILD_NUMBER} - unzip -o $UCP_BUNDLE - export DOCKER_TLS_VERIFY=1 - export COMPOSE_TLS_VERSION=TLSv1_2 - export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot - export DOCKER_HOST=$DOCKER_HOST_STRING - docker service update --detach=false --force --image $DTR_URL/docker/docker.github.io:stage-${env.BUILD_NUMBER} docs-stage-docker-com_docs --with-registry-auth - """ - } + sh """ + cat $SUCCESS_BOT_TOKEN | docker login $DTR_URL --username 'success_bot' --password-stdin + docker build -t $DTR_URL/docker/docker.github.io:stage-${env.BUILD_NUMBER} . + docker push $DTR_URL/docker/docker.github.io:stage-${env.BUILD_NUMBER} + unzip -o $UCP_BUNDLE + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=$DOCKER_HOST_STRING + docker service update --detach=false --force --image $DTR_URL/docker/docker.github.io:stage-${env.BUILD_NUMBER} docs-stage-docker-com_docs --with-registry-auth + """ } } stage( 'build + push prod image, update prod swarm' ) { @@ -46,21 +43,19 @@ pipeline { branch 'published' } steps { - withVpn("$DTR_VPN_ADDRESS") { - withDockerRegistry(reg) { - sh """ - docker build -t docs/docker.github.io:prod-${env.BUILD_NUMBER} . - docker push docs/docker.github.io:prod-${env.BUILD_NUMBER} - unzip -o $UCP_BUNDLE - cd ucp-bundle-success_bot - export DOCKER_TLS_VERIFY=1 - export COMPOSE_TLS_VERSION=TLSv1_2 - export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot - export DOCKER_HOST=$DOCKER_HOST_STRING - docker service update --detach=false --force --image docs/docker.github.io:prod-${env.BUILD_NUMBER} docs-docker-com_docs --with-registry-auth - curl -X POST -H 'Content-type: application/json' --data '{"text":"Successfully published docs. https://docs.docker.com/"}' $SLACK - """ - } + withDockerRegistry(reg) { + sh """ + docker build -t docs/docker.github.io:prod-${env.BUILD_NUMBER} . + docker push docs/docker.github.io:prod-${env.BUILD_NUMBER} + unzip -o $UCP_BUNDLE + cd ucp-bundle-success_bot + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=$DOCKER_HOST_STRING + docker service update --detach=false --force --image docs/docker.github.io:prod-${env.BUILD_NUMBER} docs-docker-com_docs --with-registry-auth + curl -X POST -H 'Content-type: application/json' --data '{"text":"Successfully published docs. https://docs.docker.com/"}' $SLACK + """ } } } @@ -76,19 +71,17 @@ pipeline { branch 'amberjack' } steps { - withVpn("$DTR_VPN_ADDRESS") { - sh """ - cat $SUCCESS_BOT_TOKEN | docker login $DTR_URL --username 'success_bot' --password-stdin - docker build -t $DTR_URL/docker/docs-private:beta-stage-${env.BUILD_NUMBER} . - docker push $DTR_URL/docker/docs-private:beta-stage-${env.BUILD_NUMBER} - unzip -o $UCP_BUNDLE - export DOCKER_TLS_VERIFY=1 - export COMPOSE_TLS_VERSION=TLSv1_2 - export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot - export DOCKER_HOST=$DOCKER_HOST_STRING - docker service update --detach=false --force --image $DTR_URL/docker/docs-private:beta-stage-${env.BUILD_NUMBER} docs-beta-stage-docker-com_docs --with-registry-auth - """ - } + sh """ + cat $SUCCESS_BOT_TOKEN | docker login $DTR_URL --username 'success_bot' --password-stdin + docker build -t $DTR_URL/docker/docs-private:beta-stage-${env.BUILD_NUMBER} . + docker push $DTR_URL/docker/docs-private:beta-stage-${env.BUILD_NUMBER} + unzip -o $UCP_BUNDLE + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=$DOCKER_HOST_STRING + docker service update --detach=false --force --image $DTR_URL/docker/docs-private:beta-stage-${env.BUILD_NUMBER} docs-beta-stage-docker-com_docs --with-registry-auth + """ } } stage( 'build + push beta image, update beta swarm' ) { @@ -96,19 +89,17 @@ pipeline { branch 'published' } steps { - withVpn("$DTR_VPN_ADDRESS") { - sh """ - cat $SUCCESS_BOT_TOKEN | docker login $DTR_URL --username 'success_bot' --password-stdin - docker build -t $DTR_URL/docker/docs-private:beta-${env.BUILD_NUMBER} . - docker push $DTR_URL/docker/docs-private:beta-${env.BUILD_NUMBER} - unzip -o $UCP_BUNDLE - export DOCKER_TLS_VERIFY=1 - export COMPOSE_TLS_VERSION=TLSv1_2 - export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot - export DOCKER_HOST=$DOCKER_HOST_STRING - docker service update --detach=false --force --image $DTR_URL/docker/docs-private:beta-${env.BUILD_NUMBER} docs-beta-docker-com_docs --with-registry-auth - """ - } + sh """ + cat $SUCCESS_BOT_TOKEN | docker login $DTR_URL --username 'success_bot' --password-stdin + docker build -t $DTR_URL/docker/docs-private:beta-${env.BUILD_NUMBER} . + docker push $DTR_URL/docker/docs-private:beta-${env.BUILD_NUMBER} + unzip -o $UCP_BUNDLE + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=$DOCKER_HOST_STRING + docker service update --detach=false --force --image $DTR_URL/docker/docs-private:beta-${env.BUILD_NUMBER} docs-beta-docker-com_docs --with-registry-auth + """ } } } From 9bef3c7cfaac7e618fd5baab15120c01db481b35 Mon Sep 17 00:00:00 2001 From: Alastair Smith Date: Mon, 3 Jun 2019 16:58:49 +0100 Subject: [PATCH 07/32] update configs for docker ee 3.0 --- _config.yml | 38 +++++++++++++++++++++++---------- _data/docsarchive/archives.yaml | 7 ++++-- robots.txt | 3 +++ 3 files changed, 35 insertions(+), 13 deletions(-) diff --git a/_config.yml b/_config.yml index 9c695ca185..9113c496d4 100644 --- a/_config.yml +++ b/_config.yml @@ -13,27 +13,29 @@ safe: false lsi: false url: https://docs.docker.com # This needs to have all the directories you expect to be in the archives (delivered by docs-base in the Dockerfile) -keep_files: ["v17.03", "v17.06", "v17.09", "v17.12", "v18.03"] +keep_files: ["v17.03", "v17.06", "v17.09", "v17.12", "v18.03", "v18.09"] exclude: ["_scripts", "apidocs/layouts", "Gemfile", "hooks", "index.html", "404.html"] # Component versions -- address like site.docker_ce_version # You can't have - characters in these for non-YAML reasons -latest_engine_api_version: "1.39" -docker_ce_version: "18.09" -docker_ee_version: "18.09" -compose_version: "1.24.0" +latest_engine_api_version: "1.41" +docker_ce_version: "19.03" +docker_ee_version: "19.03" +compose_version: "1.25.0" compose_file_v3: "3.7" compose_file_v2: "2.4" -machine_version: "0.16.0" -distribution_version: "2.6" -dtr_version: "2.6" -ucp_version: "3.1" +machine_version: "0.16.1" +distribution_version: "2.7.1" +dtr_version: "2.7" +ucp_version: "3.2" ucp_versions: - - version: "3.1" + - version: "3.2" path: /ee/ucp/ latest: true + - version: "3.1" + path: /datacenter/ucp/3.1/guides/ - version: "3.0" path: /datacenter/ucp/3.0/guides/ - version: "2.2" @@ -46,9 +48,11 @@ ucp_versions: path: /datacenter/ucp/1.1/overview/ dtr_versions: - - version: "2.6" + - version: "2.7" path: /ee/dtr/ latest: true + - version: "2.6" + path: /datacenter/dtr/2.6/guides/ - version: "2.5" path: /datacenter/dtr/2.5/guides/ - version: "2.4" @@ -63,11 +67,23 @@ dtr_versions: path: /datacenter/dtr/2.0/ tablabels: + dee-3.0: Docker Enterprise Edition 3.0 + dee-2.1: Docker Enterprise Edition 2.1 dee-2.0: Docker Enterprise Edition 2.0 + ucp-3.2: Universal Control Plane 3.2 + ucp-3.1: Universal Control Plane 3.1 ucp-3.0: Universal Control Plane 3.0 ucp-2.2: Universal Control Plane 2.2 + dtr-2.7: Docker Trusted Registry 2.7 + dtr-2.6: Docker Trusted Registry 2.6 dtr-2.5: Docker Trusted Registry 2.5 dtr-2.4: Docker Trusted Registry 2.4 + engine-19.03: Docker EE Engine 19.03 + engine-18.09: Docker EE Engine 18.09 + engine-18.03: Docker EE Engine 18.03 + engine-17.12: Docker EE Engine 17.12 + engine-17.09: Docker EE Engine 17.09 + engine-17.06: Docker EE Engine 17.06 engine-17.06: Docker EE Engine 17.06 engine-17.03: Docker EE Engine 17.03 docker-cli-linux: Docker CLI on Mac/Linux diff --git a/_data/docsarchive/archives.yaml b/_data/docsarchive/archives.yaml index a961160d4f..3ccf36deef 100644 --- a/_data/docsarchive/archives.yaml +++ b/_data/docsarchive/archives.yaml @@ -1,12 +1,15 @@ - archive: - name: v18.09 - image: docs/docker.github.io:latest + name: v19.03 + image: docs/docs-private:latest current: true # When you make a new stable archive version, move the edge one to be second in # the list. The image for edge should be the same as latest. - archive: name: edge image: docs/docker.github.io:latest +- archive: + name: v18.09 + image: docs/docker.github.io:v18.09 - archive: name: v18.03 image: docs/docker.github.io:v18.03 diff --git a/robots.txt b/robots.txt index 3026e9d31f..a94019fb16 100644 --- a/robots.txt +++ b/robots.txt @@ -14,6 +14,7 @@ Disallow: /v1.13/ Disallow: /v17.03/ Disallow: /v17.06/ Disallow: /v18.03/ +Disallow: /v18.09/ # Docker Datacenter archives Disallow: /datacenter/dtr/2.0 @@ -22,7 +23,9 @@ Disallow: /datacenter/dtr/2.2 Disallow: /datacenter/dtr/2.3 Disallow: /datacenter/dtr/2.4 Disallow: /datacenter/dtr/2.5 +Disallow: /datacenter/dtr/2.6 +Disallow: /datacenter/ucp/3.1 Disallow: /datacenter/ucp/3.0 Disallow: /datacenter/ucp/2.1 Disallow: /datacenter/ucp/2.0 From 101f2c55dd50e56af51c129a678fca0806f9ba3d Mon Sep 17 00:00:00 2001 From: Alastair Smith Date: Mon, 3 Jun 2019 17:43:04 +0100 Subject: [PATCH 08/32] tick versions in configs for ee 3.0 --- _config.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/_config.yml b/_config.yml index 9113c496d4..2670876930 100644 --- a/_config.yml +++ b/_config.yml @@ -120,6 +120,13 @@ defaults: - scope: path: "ee/dtr" values: + dtr_org: "docker" + dtr_repo: "dtr" + dtr_version: "2.7.0" + - scope: + path: "datacenter/dtr/2.6" + values: + hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" dtr_version: "2.6.6" @@ -165,15 +172,22 @@ defaults: values: ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "3.1.7" + ucp_version: "3.2.0" - scope: # This is a bit of a hack for the get-support.md topic. path: "ee" values: ucp_org: "docker" ucp_repo: "ucp" dtr_repo: "dtr" + ucp_version: "3.2.0" + dtr_version: "2.7.0" + - scope: + path: "datacenter/ucp/3.1" + values: + hide_from_sitemap: true + ucp_org: "docker" + ucp_repo: "ucp" ucp_version: "3.1.7" - dtr_version: "2.6.6" - scope: path: "datacenter/ucp/3.0" values: From 96a63b40b42f3c2c2d8324d154620c7ab93fe569 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Mon, 3 Jun 2019 10:52:31 -0700 Subject: [PATCH 09/32] Clean up syntax (#8881) --- .../storage-backend-migration.md | 27 +++++++++---------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/ee/dtr/admin/configure/external-storage/storage-backend-migration.md b/ee/dtr/admin/configure/external-storage/storage-backend-migration.md index 6d883cc109..b8eca97dde 100644 --- a/ee/dtr/admin/configure/external-storage/storage-backend-migration.md +++ b/ee/dtr/admin/configure/external-storage/storage-backend-migration.md @@ -26,27 +26,26 @@ Docker recommends the following steps for your storage backend and metadata migr 5. With DTR restored from your backup and your storage data migrated to your new backend, garbage collect any dangling blobs using the following API request: - ```bash - curl -u :$TOKEN -X POST "https:///api/v0/jobs" -H "accept: application/json" -H "content-type: application/json" -d "{ \"action": \"onlinegc_blobs\" }" - ``` - On success, you should get a `202 Accepted` response with a job `id` and other related details. - -This ensures any blobs which are not referenced in your previously created backup get destroyed. + ```bash + curl -u :$TOKEN -X POST "https:///api/v0/jobs" -H "accept: application/json" -H "content-type: application/json" -d "{ \"action": \"onlinegc_blobs\" }" + ``` + + On success, you should get a `202 Accepted` response with a job `id` and other related details. This ensures any blobs which are not referenced in your previously created backup get destroyed. ### Alternative option for data migration -- If you have a long maintenance window, you can skip some steps from above and do the following: +If you have a long maintenance window, you can skip some steps from above and do the following: - 1. Put DTR in "read-only" mode using the following API request: +1. Put DTR in "read-only" mode using the following API request: - ```bash - curl -u :$TOKEN -X POST "https:///api/v0/meta/settings" -H "accept: application/json" -H "content-type: application/json" -d "{ \"readOnlyRegistry\": true }" - ``` - On success, you should get a `202 Accepted` response. + ```bash + curl -u :$TOKEN -X POST "https:///api/v0/meta/settings" -H "accept: application/json" -H "content-type: application/json" -d "{ \"readOnlyRegistry\": true }" + ``` + On success, you should get a `202 Accepted` response. - 2. Migrate the contents of your current storage backend to the new one you are switching to. For example, upload your current storage data to your new NFS server. +2. Migrate the contents of your current storage backend to the new one you are switching to. For example, upload your current storage data to your new NFS server. - 3. [Reconfigure DTR](/reference/dtr/2.6/cli/reconfigure) while specifying the `--storage-migrated` flag to preserve your existing tags. +3. [Reconfigure DTR](/reference/dtr/2.6/cli/reconfigure) while specifying the `--storage-migrated` flag to preserve your existing tags. ## DTR 2.6.0-2.6.4 and DTR 2.5 (with experimental garbage collection) From 7b31b58a99d5c84d56ad8dc58e026302acfd6ce6 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 4 Jun 2019 06:22:37 -0400 Subject: [PATCH 10/32] Removed 2018 references. (#8880) * Removed 2018 references. * Removed pay thru docker question. --- docker-hub/publish/publisher_faq.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/docker-hub/publish/publisher_faq.md b/docker-hub/publish/publisher_faq.md index 5f3003c395..5500002e51 100644 --- a/docker-hub/publish/publisher_faq.md +++ b/docker-hub/publish/publisher_faq.md @@ -71,7 +71,7 @@ We don't support the abiltiy to view available tags for published products becau Official images and community images have available tags visible because anyone can access any tag at any time anonymously. -We aim to have product listings published with the concept of versions, allowing publishers to manage which versions of their products they expose to customers for access. (Expected Q3 2018) +We aim to have product listings published with the concept of versions, allowing publishers to manage which versions of their products they expose to customers for access. ### On the page for another vendor’s product on Docker Hub, I see the following chunks of data: How do these fields map to the following that are required in the publish process? @@ -169,11 +169,6 @@ As a publisher you can charge a subscription fee every month in USD. The amount is determined by you. We are working on other pricing options. If you have feedback about pricing, send us an email at publisher-support@docker.com -### As a publisher, I have not setup any payment account. How does money get to me if my commercial content gets purchased by customers? - -We (Docker) cut you a check post a revenue share. Your Docker Hub Vendor -Agreement should cover specifics. - ### How does Docker handle Export control? Can individual countries be specified if differing from Docker's list of embargoed countries? We provide export control through blacklisting several countries, IPs and users @@ -212,4 +207,4 @@ Yes ### Can I have a publish by date for my content? -Not yet. Potential ETA Q2 2018. +Not yet. This is a planned enhancement, but we have no specific availability date at this time. From 14dd21089a71bbc003b5781c424d103665b30e07 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 4 Jun 2019 09:23:15 -0400 Subject: [PATCH 11/32] Remove pay thru Docker section (#8879) --- docker-hub/publish/index.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/docker-hub/publish/index.md b/docker-hub/publish/index.md index 868d9965ba..6b5511c88d 100644 --- a/docker-hub/publish/index.md +++ b/docker-hub/publish/index.md @@ -38,14 +38,6 @@ experience the following benefits: Docker Hub welcomes free and open-source content, as well as software sold directly by publishers. We support the following commercial models: -### Paid through Docker - -This commercial model allows customers to pay for ISV content through Docker, as -described in the Store Vendor Partner agreement. Paid-through-Docker content -includes both software that can be deployed on a host, as well as software that -runs in the cloud and can be accessed by the customer through an agent -(containerized cloud services, for example). - ### Licensed content through Docker Hub BYOL program ISVs can use Docker Hub as an entitlement and distribution platform. Using From 4782fdb16d027ae1bced1d2ea3d635a57de5f08f Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 4 Jun 2019 10:42:21 -0400 Subject: [PATCH 12/32] Update index.md --- storage/storagedriver/index.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/storage/storagedriver/index.md b/storage/storagedriver/index.md index e55ecfacc2..7144701b1d 100644 --- a/storage/storagedriver/index.md +++ b/storage/storagedriver/index.md @@ -16,7 +16,10 @@ your applications and avoid performance problems along the way. Storage drivers allow you to create data in the writable layer of your container. The files won't be persisted after the container is deleted, and both read and -write speeds are low. +write speeds are lower than native file system performance. + + > **Note**: Operations that are known to be problematic include write-intensive database storage, +particularly when pre-existing data exists in the write-only layer. More details are provided in this document. [Learn how to use volumes](../volumes.md) to persist data and improve performance. From e70fcc21bdcb5bcba36a9d2539cf7c7b7b8ff95c Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Tue, 4 Jun 2019 21:40:21 -0700 Subject: [PATCH 13/32] Edit signing images (#8882) * Edit signing images * Incorporate feedback * Final edits - Change example Security member name --- .../user/manage-images/sign-images/index.md | 141 +++++++++--------- 1 file changed, 68 insertions(+), 73 deletions(-) diff --git a/ee/dtr/user/manage-images/sign-images/index.md b/ee/dtr/user/manage-images/sign-images/index.md index 9bac5a1991..f2409bfc34 100644 --- a/ee/dtr/user/manage-images/sign-images/index.md +++ b/ee/dtr/user/manage-images/sign-images/index.md @@ -7,21 +7,21 @@ redirect_from: - /ee/dtr/user/manage-images/sign-images/manage-trusted-repositories/ --- -2 Key components of the Docker Trusted Registry are the Notary Server and Notary -Signer. These 2 containers give us the required components to use Docker Content -Trust right out of the box. [Docker Content -Trust](/engine/security/trust/content_trust/) allows us to sign image tags, -therefore whoever pulls the image can validate that they are getting the image -you create, or a forged one. +Two key components of the Docker Trusted Registry are the Notary Server and the Notary +Signer. These two containers provide the required components for using Docker Content +Trust (DCT) out of the box. [Docker Content +Trust](/engine/security/trust/content_trust/) allows you to sign image tags, +therefore giving consumers a way to verify the integrity of your image. -As part of Docker Trusted Registry both the Notary server and the Registry -server are accessed through a front end Proxy, with both components sharing the -UCP's RBAC Engine. Therefore no additional configuration of the Docker Client -is required to use trust. +As part of DTR, both the Notary and the Registry +servers are accessed through a front-end proxy, with both components sharing the +UCP's RBAC (Role-based Access Control) Engine. Therefore, you do not need additional Docker client +configuration in order to use DCT. -Docker Content Trust is integrated into the Docker CLI, allowing you to -configure repositories, add signers and sign images all through the `$ docker -trust` command. +DCT is integrated with the Docker CLI, and allows you to: +- Configure repositories +- Add signers, and +- Sign images using the `docker trust` command ![image without signature](../../../images/sign-an-image-1.svg) @@ -29,31 +29,29 @@ trust` command. UCP has a feature which will prevent [untrusted images](/ee/ucp/admin/configure/run-only-the-images-you-trust/) from being -deployed on the cluster. To use this feature, we first need to upload and sign -images into DTR. To tie the signed images back to UCP, we will actually sign the -images with private keys of UCP users. Inside of a UCP Client bundle the -`key.pem` can be used a User's private key, with the `cert.pem` being a public -key within a x509 certificate. +deployed on the cluster. To use the feature, you need to sign and push images to your DTR. +To tie the signed images back to UCP, you need to sign the +images with the private keys of the UCP users. From a UCP client bundle, use +`key.pem` as your private key, and `cert.pem` as your public key +on an `x509` certificate. -To sign images in a way that UCP trusts them, you need to: +To sign images in a way that UCP can trust, you need to: -1. Download a Client Bundle for a User you want to use to sign the images. -2. Load the private key of the User into your workstations trust store. +1. Download a client bundle for the user account you want to use for signing the images. +2. Add the user's private key to your machine's trust store. 3. Initialize trust metadata for the repository. -4. Delegate signing for that repository to the UCP User. -5. Sign the Image. +4. Delegate signing for that repository to the UCP user. +5. Sign the image. -In this example we're going to pull a nginx image from the Docker Hub, re-tag it -as `dtr.example.com/dev/nginx:1`, push the image to DTR and sign it in a way -that is trusted by UCP. If you manage multiple repositories, you'll have to do -the same procedure for each repository. +The following example shows the `nginx` image getting pulled from Docker Hub, tagged +as `dtr.example.com/dev/nginx:1`, pushed to DTR, and signed in a way +that is trusted by UCP. -### Import a UCP User's Private Key +### Import a UCP user's private key -Once you have download and extracted a UCP User's client bundle into your local -directory, you need to load the Private key into the local Docker trust store -`(~/.docker/trust)`. The name used here is purely metadata to help keep track of -which keys you have imported. +After downloading and extracting a UCP client bundle into your local +directory, you need to load the private key into the local Docker trust store +`(~/.docker/trust)`. To illustrate the process, we will use `jeff` as an example user. ```bash $ docker trust key load --name jeff key.pem @@ -63,16 +61,16 @@ Repeat passphrase for new jeff key with ID a453196: Successfully imported key from key.pem ``` -### Initialize the trust metadata and add the Public Key +### Initialize the trust metadata and add the user's public certificate -Next, we need to initiate trust metadata for a DTR repository. If you have not -done so already, navigate to the **DTR web UI**, and create a repository for -your image. In this example we've created the `prod/nginx` repository. +Next,initiate trust metadata for a DTR repository. If you have not +already done so, navigate to the **DTR web UI**, and create a repository for +your image. This example uses the `nginx` repository in the `prod` namespace. -As part of initiating the repository, we will add the public key of the UCP User -as a signer. You will be asked for a number of passphrases to protect the keys. -Make a note of these passphrases, and see [Managing Delegations in a Notary Server](/engine/security/trust/trust_delegation/#managing-delegations-in-a-notary-server) -to learn more about managing keys. +As part of initiating the repository, the public key of the UCP user needs to be added +to the Notary server as a signer for the repository. You will be asked for a number of +passphrases to protect the keys.Make a note of these passphrases, and +see [Managing Delegations in a Notary Server](/engine/security/trust/trust_delegation/#managing-delegations-in-a-notary-server) to learn more about managing keys. ```bash @@ -86,7 +84,7 @@ Successfully initialized "dtr.example.com/prod/nginx" Successfully added signer: jeff to dtr.example.com/prod/nginx ``` -We can inspect the trust metadata of the repository to make sure the User has +Inspect the trust metadata of the repository to make sure the user has been added correctly. ```bash @@ -105,11 +103,10 @@ Administrative keys for dtr.example.com/prod/nginx Root Key: b74854cb27cc25220ede4b08028967d1c6e297a759a6939dfef1ea72fbdd7b9a ``` -### Sign the Image +### Sign the image -Finally, we will sign an image tag. These steps download the Image from the -Docker Hub, retag the Image to the DTR repository, push the image up to DTR, as -well as signing the tag with the UCP User's keys. +Finally, user `jeff` can sign an image tag. The following steps include downloading the image from Hub, tagging the image for Jeff's DTR repository, pushing the image to Jeff's DTR, as +well as signing the tag with Jeff's keys. ```bash $ docker pull nginx:latest @@ -128,7 +125,7 @@ Enter passphrase for jeff key with ID 927f303: Successfully signed dtr.example.com/prod/nginx:1 ``` -We can inspect the trust metadata again to make sure the image tag has been +Inspect the trust metadata again to make sure the image tag has been signed successfully. ```bash @@ -150,49 +147,48 @@ Administrative keys for dtr.example.com/prod/nginx:1 Root Key: b74854cb27cc25220ede4b08028967d1c6e297a759a6939dfef1ea72fbdd7b9a ``` -Or we can have a look at the signed image from within the **DTR UI**. +Alternatively, you can review the signed image from the DTR web UI. ![DTR](../../../images/sign-an-image-3.png){: .with-border} -### Adding Additional Delegations +### Add delegations -If you wanted to sign this image with multiple UCP Users, maybe if you had a use -case where an image needed to be signed by a member of the `Security` team and a -member of the `Developers` team. Then you can add multiple signers to a -repository. +You have the option to sign an image using multiple UCP users' keys. For example, an image +needs to be signed by a member of the `Security` team and a +member of the `Developers` team. Let's assume `jeff` is a member of the Developers team. +In this case, we only need to add a member of the Security team. -To do so, first load a private key from a UCP User of the Security Team's in to -the local Docker Trust Store. +To do so, first add the private key of the Security team member to +the local Docker trust store. ```bash -$ docker trust key load --name security key.pem +$ docker trust key load --name ian key.pem Loading key from "key.pem"... -Enter passphrase for new security key with ID 5ac7d9a: -Repeat passphrase for new security key with ID 5ac7d9a: +Enter passphrase for new ian key with ID 5ac7d9a: +Repeat passphrase for new ian key with ID 5ac7d9a: Successfully imported key from key.pem ``` -Upload the Public Key to the Notary Server and Sign the Image. You will be asked -for both the Developers passphrase, as well as the Security Users passphrase to +Upload the user's public key to the Notary Server and sign the image. You will be asked +for `jeff`, the developer's passphrase, as well as the `ian` user's passphrase to sign the tag. ```bash -$ docker trust signer add --key cert.pem security dtr.example.com/prod/nginx -Adding signer "security" to dtr.example.com/prod/nginx... +$ docker trust signer add --key cert.pem ian dtr.example.com/prod/nginx +Adding signer "ian" to dtr.example.com/prod/nginx... Enter passphrase for repository key with ID e0d15a2: -Successfully added signer: security to dtr.example.com/prod/nginx +Successfully added signer: ian to dtr.example.com/prod/nginx $ docker trust sign dtr.example.com/prod/nginx:1 Signing and pushing trust metadata for dtr.example.com/prod/nginx:1 Existing signatures for tag 1 digest 5b49c8e2c890fbb0a35f6050ed3c5109c5bb47b9e774264f4f3aa85bb69e2033 from: jeff Enter passphrase for jeff key with ID 927f303: -Enter passphrase for security key with ID 5ac7d9a: +Enter passphrase for ian key with ID 5ac7d9a: Successfully signed dtr.example.com/prod/nginx:1 ``` -Finally, we can check the tag again to make sure it is now signed by 2 -signatures. +Finally, check the tag again to make sure it includes two signers. ```bash $ docker trust inspect --pretty dtr.example.com/prod/nginx:1 @@ -200,13 +196,13 @@ $ docker trust inspect --pretty dtr.example.com/prod/nginx:1 Signatures for dtr.example.com/prod/nginx:1 SIGNED TAG DIGEST SIGNERS -1 5b49c8e2c890fbb0a35f6050ed3c5109c5bb47b9e774264f4f3aa85bb69e2033 jeff, security +1 5b49c8e2c890fbb0a35f6050ed3c5109c5bb47b9e774264f4f3aa85bb69e2033 jeff, ian List of signers and their keys for dtr.example.com/prod/nginx:1 SIGNER KEYS jeff 927f30366699 -security 5ac7d9af7222 +ian 5ac7d9af7222 Administrative keys for dtr.example.com/prod/nginx:1 @@ -218,13 +214,12 @@ For more advanced use cases like this, see [Delegations for content trust](/engi ## Delete trust data -If an Administrator wants to delete a DTR repository that contains Trust -metadata, they will be prompted to delete the trust metadata first before the -repository can be removed. +If an administrator wants to delete a DTR repository that contains trust +metadata, they will be prompted to delete the trust metadata first before removing the repository. -To delete trust metadata we need to use the Notary CLI. For information on how -to download and configure the Notary CLI head -[here](/engine/security/trust/trust_delegation/#configuring-the-notary-client) +To delete trust metadata, you need to use the Notary CLI. For information on how +to download and configure the Notary CLI see +[Configuring the Notary client](/engine/security/trust/trust_delegation/#configuring-the-notary-client) ```bash From 5e90682db80cc2568f4c89534770fad0973bc4be Mon Sep 17 00:00:00 2001 From: Olly P Date: Wed, 5 Jun 2019 05:43:26 +0100 Subject: [PATCH 14/32] Updated Windows Docker EE Index Link (#8893) Signed-off-by: Olly Pomeroy --- install/windows/docker-ee.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/windows/docker-ee.md b/install/windows/docker-ee.md index 31f53e3abb..9f8a7fcf99 100644 --- a/install/windows/docker-ee.md +++ b/install/windows/docker-ee.md @@ -148,7 +148,7 @@ manually, via a script, or on air-gapped systems. ``` If you need to download a specific Docker EE Engine release, all URLs can be - found on this [JSON index](https://download.docker.com/components/engine/windows-server/index.json) + found on this [JSON index](https://dockermsft.blob.core.windows.net/dockercontainer/DockerMsftIndex.json) 2. Copy the zip file to the machine where you want to install Docker. In a PowerShell command prompt, use the following commands to extract the archive, @@ -222,7 +222,7 @@ To update Docker Engine - Enterprise to the most recent release, specify the ```powershell Install-Package -Name docker -ProviderName DockerMsftProvider -RequiredVersion {{ site.docker_ee_version }} -Update -Force ``` -The required version number must match a versions available on the [JSON +The required version number must match a version available on the [JSON index](https://dockermsft.blob.core.windows.net/dockercontainer/DockerMsftIndex.json) ## Uninstall Docker EE From fcb2886a05034c60adadd5a7f0c42dd1879ee9dd Mon Sep 17 00:00:00 2001 From: Euan Harris Date: Thu, 6 Jun 2019 12:35:13 +0100 Subject: [PATCH 15/32] interlock: Remove `com.docker.lb.ssl_only` config label (#1135) * interlock: Remove `com.docker.lb.ssl_only` config label and service-lables file (moved to labels-reference.md) * Update labels-reference.md --- _data/toc.yaml | 2 - ee/ucp/interlock/config/service-labels.md | 43 ---------------------- ee/ucp/interlock/usage/labels-reference.md | 20 +++++++++- 3 files changed, 19 insertions(+), 46 deletions(-) delete mode 100644 ee/ucp/interlock/config/service-labels.md diff --git a/_data/toc.yaml b/_data/toc.yaml index 1371623a34..8ce374ede1 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1331,8 +1331,6 @@ manuals: path: /ee/ucp/interlock/config/host-mode-networking/ - title: Configuring an nginx extension path: /ee/ucp/interlock/config/nginx-config/ - - title: Using application service labels - path: /ee/ucp/interlock/config/service-labels/ - title: Tuning the proxy service path: /ee/ucp/interlock/config/tuning/ - title: Updating Interlock services diff --git a/ee/ucp/interlock/config/service-labels.md b/ee/ucp/interlock/config/service-labels.md deleted file mode 100644 index 2ee2d3170b..0000000000 --- a/ee/ucp/interlock/config/service-labels.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Use application service labels -description: Learn how applications use service labels for publishing -keywords: routing, proxy, interlock, load balancing ---- - -Service labels define hostnames that are routed to the -service, the applicable ports, and other routing configurations. Applications that publish using Interlock use service labels to configure how they are published. - -When you deploy or update a swarm service with service labels, the following actions occur: - -1. The `ucp-interlock` service monitors the Docker API for events and -publishes the events to the `ucp-interlock-extension` service. -2. That service then generates a new configuration for the proxy service, -based on the labels you added to your services. -3. The `ucp-interlock` service takes the new configuration and reconfigures the -`ucp-interlock-proxy` to start using the new configuration. - -The previous steps occur in milliseconds and with rolling updates. Even though -services are being reconfigured, users won't notice it. - -## Service label options - -The following table describes the available options: - -| Label | Description | Example | -| --- | --- | --- | -| `com.docker.lb.hosts` | Comma separated list of the hosts that the service should serve | `example.com,test.com` | -| `com.docker.lb.port` | Port to use for internal upstream communication | `8080` | -| `com.docker.lb.network` | Name of network the proxy service should attach to for upstream connectivity | `app-network-a` | -| `com.docker.lb.context_root` | Context or path to use for the application | `/app` | -| `com.docker.lb.context_root_rewrite` | Boolean to enable rewrite for the context root | `true` | -| `com.docker.lb.ssl_only` | Boolean to force SSL for application | `true` | -| `com.docker.lb.ssl_cert` | Docker secret to use for the SSL certificate | `example.com.cert` | -| `com.docker.lb.ssl_key` | Docker secret to use for the SSL key | `example.com.key` | -| `com.docker.lb.websocket_endpoints` | Comma separated list of endpoints to configure to be upgraded for websockets | `/ws,/foo` | -| `com.docker.lb.service_cluster` | Name of the service cluster to use for the application | `us-east` | -| `com.docker.lb.ssl_backend` | Enable SSL communication to the upstreams | `true` | -| `com.docker.lb.ssl_backend_tls_verify` | Verification mode for the upstream TLS | `none` | -| `com.docker.lb.sticky_session_cookie` | Cookie to use for sticky sessions | `none` | -| `com.docker.lb.redirects` | Semi-colon separated list of redirects to add in the format of `,`. Example: (`http://old.example.com,http://new.example.com;`) | `none` | -| `com.docker.lb.ssl_passthrough` | Enable SSL passthrough | `false` | -| `com.docker.lb.backend_mode` | Select the backend mode that the proxy should use to access the upstreams. Defaults to `task`. | `vip` | diff --git a/ee/ucp/interlock/usage/labels-reference.md b/ee/ucp/interlock/usage/labels-reference.md index 513d91cc08..0d70192cf3 100644 --- a/ee/ucp/interlock/usage/labels-reference.md +++ b/ee/ucp/interlock/usage/labels-reference.md @@ -2,12 +2,30 @@ title: Use layer 7 routing labels description: Learn about the labels you can use in your swarm services to route layer 7 traffic. -keywords: routing, proxy +redirect_from: + - /ee/ucp/interlock/config/service-labels/ +keywords: routing, proxy, interlock, load balancing --- After you enable the layer 7 routing solution, you can [start using it in your swarm services](index.md). +Service labels define hostnames that are routed to the +service, the applicable ports, and other routing configurations. Applications that publish using Interlock use service labels to configure how they are published. + +When you deploy or update a swarm service with service labels, the following actions occur: + +1. The `ucp-interlock` service monitors the Docker API for events and +publishes the events to the `ucp-interlock-extension` service. +2. That service then generates a new configuration for the proxy service, +based on the labels you added to your services. +3. The `ucp-interlock` service takes the new configuration and reconfigures the +`ucp-interlock-proxy` to start using the new configuration. + +The previous steps occur in milliseconds and with rolling updates. Even though +services are being reconfigured, users won't notice it. + +## Service label options | Label | Description | Example | |:---------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------| From 58ae6fb04b7b103779ee9a6c177e36edfa35b77b Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Thu, 6 Jun 2019 07:40:49 -0400 Subject: [PATCH 16/32] Interlock fix (#8902) * Removed service-labels (moved info to labels-reference) --- _data/toc.yaml | 2 - ee/ucp/interlock/config/service-labels.md | 43 ---------------------- ee/ucp/interlock/usage/labels-reference.md | 20 +++++++++- 3 files changed, 19 insertions(+), 46 deletions(-) delete mode 100644 ee/ucp/interlock/config/service-labels.md diff --git a/_data/toc.yaml b/_data/toc.yaml index 1371623a34..8ce374ede1 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1331,8 +1331,6 @@ manuals: path: /ee/ucp/interlock/config/host-mode-networking/ - title: Configuring an nginx extension path: /ee/ucp/interlock/config/nginx-config/ - - title: Using application service labels - path: /ee/ucp/interlock/config/service-labels/ - title: Tuning the proxy service path: /ee/ucp/interlock/config/tuning/ - title: Updating Interlock services diff --git a/ee/ucp/interlock/config/service-labels.md b/ee/ucp/interlock/config/service-labels.md deleted file mode 100644 index 2ee2d3170b..0000000000 --- a/ee/ucp/interlock/config/service-labels.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Use application service labels -description: Learn how applications use service labels for publishing -keywords: routing, proxy, interlock, load balancing ---- - -Service labels define hostnames that are routed to the -service, the applicable ports, and other routing configurations. Applications that publish using Interlock use service labels to configure how they are published. - -When you deploy or update a swarm service with service labels, the following actions occur: - -1. The `ucp-interlock` service monitors the Docker API for events and -publishes the events to the `ucp-interlock-extension` service. -2. That service then generates a new configuration for the proxy service, -based on the labels you added to your services. -3. The `ucp-interlock` service takes the new configuration and reconfigures the -`ucp-interlock-proxy` to start using the new configuration. - -The previous steps occur in milliseconds and with rolling updates. Even though -services are being reconfigured, users won't notice it. - -## Service label options - -The following table describes the available options: - -| Label | Description | Example | -| --- | --- | --- | -| `com.docker.lb.hosts` | Comma separated list of the hosts that the service should serve | `example.com,test.com` | -| `com.docker.lb.port` | Port to use for internal upstream communication | `8080` | -| `com.docker.lb.network` | Name of network the proxy service should attach to for upstream connectivity | `app-network-a` | -| `com.docker.lb.context_root` | Context or path to use for the application | `/app` | -| `com.docker.lb.context_root_rewrite` | Boolean to enable rewrite for the context root | `true` | -| `com.docker.lb.ssl_only` | Boolean to force SSL for application | `true` | -| `com.docker.lb.ssl_cert` | Docker secret to use for the SSL certificate | `example.com.cert` | -| `com.docker.lb.ssl_key` | Docker secret to use for the SSL key | `example.com.key` | -| `com.docker.lb.websocket_endpoints` | Comma separated list of endpoints to configure to be upgraded for websockets | `/ws,/foo` | -| `com.docker.lb.service_cluster` | Name of the service cluster to use for the application | `us-east` | -| `com.docker.lb.ssl_backend` | Enable SSL communication to the upstreams | `true` | -| `com.docker.lb.ssl_backend_tls_verify` | Verification mode for the upstream TLS | `none` | -| `com.docker.lb.sticky_session_cookie` | Cookie to use for sticky sessions | `none` | -| `com.docker.lb.redirects` | Semi-colon separated list of redirects to add in the format of `,`. Example: (`http://old.example.com,http://new.example.com;`) | `none` | -| `com.docker.lb.ssl_passthrough` | Enable SSL passthrough | `false` | -| `com.docker.lb.backend_mode` | Select the backend mode that the proxy should use to access the upstreams. Defaults to `task`. | `vip` | diff --git a/ee/ucp/interlock/usage/labels-reference.md b/ee/ucp/interlock/usage/labels-reference.md index 513d91cc08..0d70192cf3 100644 --- a/ee/ucp/interlock/usage/labels-reference.md +++ b/ee/ucp/interlock/usage/labels-reference.md @@ -2,12 +2,30 @@ title: Use layer 7 routing labels description: Learn about the labels you can use in your swarm services to route layer 7 traffic. -keywords: routing, proxy +redirect_from: + - /ee/ucp/interlock/config/service-labels/ +keywords: routing, proxy, interlock, load balancing --- After you enable the layer 7 routing solution, you can [start using it in your swarm services](index.md). +Service labels define hostnames that are routed to the +service, the applicable ports, and other routing configurations. Applications that publish using Interlock use service labels to configure how they are published. + +When you deploy or update a swarm service with service labels, the following actions occur: + +1. The `ucp-interlock` service monitors the Docker API for events and +publishes the events to the `ucp-interlock-extension` service. +2. That service then generates a new configuration for the proxy service, +based on the labels you added to your services. +3. The `ucp-interlock` service takes the new configuration and reconfigures the +`ucp-interlock-proxy` to start using the new configuration. + +The previous steps occur in milliseconds and with rolling updates. Even though +services are being reconfigured, users won't notice it. + +## Service label options | Label | Description | Example | |:---------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------| From 4a7c0efb09321be20107ea4305175e979540a3fd Mon Sep 17 00:00:00 2001 From: Oleg Burov Date: Thu, 6 Jun 2019 04:46:26 -0700 Subject: [PATCH 17/32] Update from microsoft/* to mcr.microsoft.com/*. (#8738) Update Dockerfile with following changes: 1. Switch .NET Core Images from legacy location at Docker Hub Registry (microsoft/*) to a new location at Microsoft Container Registry (mcr.microsoft.com/*). 2. Since Microsoft no longer supports the tag 'latest', I must set a specific version of '2.2' (current), which is the most recent stable release. --- engine/examples/dotnetcore.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/engine/examples/dotnetcore.md b/engine/examples/dotnetcore.md index 38facac14b..20542d5964 100644 --- a/engine/examples/dotnetcore.md +++ b/engine/examples/dotnetcore.md @@ -41,7 +41,7 @@ Windows](/docker-for-windows/). Read more on [switching containers](/docker-for- the `Dockerfile` to use the DLL file of your project. ```dockerfile -FROM microsoft/dotnet:sdk AS build-env +FROM mcr.microsoft.com/dotnet/core/sdk:2.2 AS build-env WORKDIR /app # Copy csproj and restore as distinct layers @@ -53,7 +53,7 @@ COPY . ./ RUN dotnet publish -c Release -o out # Build runtime image -FROM microsoft/dotnet:aspnetcore-runtime +FROM mcr.microsoft.com/dotnet/core/aspnet:2.2 WORKDIR /app COPY --from=build-env /app/out . ENTRYPOINT ["dotnet", "aspnetapp.dll"] From e4b1af1a46f0bbd5b836d2a067949274ae4574c1 Mon Sep 17 00:00:00 2001 From: Wang Jie Date: Thu, 6 Jun 2019 19:47:22 +0800 Subject: [PATCH 18/32] Update upgrade.md (#8887) --- docker-hub/upgrade.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-hub/upgrade.md b/docker-hub/upgrade.md index b842b3b93d..6a0de8db5e 100644 --- a/docker-hub/upgrade.md +++ b/docker-hub/upgrade.md @@ -14,7 +14,7 @@ plan. To upgrade: 1. Visit the [Plans Page](https://hub.docker.com/account/billing-plans/) -2. Click Change Plan +2. Click **Change Plan** 3. Select your plan and provide your payment information to upgrade ![Upgrade Plan](images/index-upgrade-plan.png) ### Upgrade your organization's plan @@ -24,4 +24,4 @@ To upgrade an Organization's plan: 1. Visit the [Plans Page](https://hub.docker.com/account/billing-plans/) 2. Change the selected account to your Organization whose plan you'd like to upgrade ![Change Account](images/upgrade-change-account.png) -3. Click Change Plan ![Change Plan](images/upgrade-change-plan.png) +3. Click **Change Plan** ![Change Plan](images/upgrade-change-plan.png) From 79c56207620de1d2703cf91bbfce7f46c7bdb20e Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Thu, 6 Jun 2019 13:20:48 -0400 Subject: [PATCH 19/32] Update wording --- engine/release-notes.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index a494943744..04b2188cfb 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -312,15 +312,17 @@ Update your configuration if this command prints a non-empty value for `MountFla This issue is resolved in 18.09.1. -### Deprecation Notice +### Deprecation Notices -As of EE 2.1, Docker has deprecated support for Device Mapper as a storage driver. It will continue to be supported at this -time, but support will be removed in a future release. Docker will continue to support Device Mapper for existing -EE 2.0 and 2.1 customers. Please contact Sales for more information. +- As of EE 2.1, Docker has deprecated support for Device Mapper as a storage driver. It will continue to be +supported at this time, but support will be removed in a future release. Docker will continue to support +Device Mapper for existing EE 2.0 and 2.1 customers. Please contact Sales for more information. -Docker recommends that existing customers [migrate to using Overlay2 for the storage driver](https://success.docker.com/article/how-do-i-migrate-an-existing-ucp-cluster-to-the-overlay2-graph-driver). -The [Overlay2 storage driver](https://docs.docker.com/storage/storagedriver/overlayfs-driver/) is now the -default for Docker engine implementations. + Docker recommends that existing customers + [migrate to using Overlay2 for the storage driver](https://success.docker.com/article/how-do-i-migrate-an-existing-ucp-cluster-to-the-overlay2-graph-driver). The [Overlay2 storage driver](https://docs.docker.com/storage/storagedriver/overlayfs-driver/) is now the default for Docker engine implementations. +- As of EE 2.1, Docker has deprecated support for IBM Z (s390x). Refer to the +[Docker Compatibility Matrix](https://success.docker.com/article/compatibility-matrix) for detailed +compatibility information. For more information on the list of deprecated flags and APIs, have a look at the [deprecation information](https://docs.docker.com/engine/deprecated/) where you can find the target removal dates. From d82934a2c1a4033143a305c4df8f3a375878a33b Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Thu, 6 Jun 2019 16:09:07 -0400 Subject: [PATCH 20/32] Updates per Anusha's feedback (#8905) --- config/containers/logging/local.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/config/containers/logging/local.md b/config/containers/logging/local.md index dbd9d9974d..bb6b1a550d 100644 --- a/config/containers/logging/local.md +++ b/config/containers/logging/local.md @@ -11,8 +11,9 @@ The `local` logging driver captures output from container's stdout/stderr and writes them to an internal storage that is optimized for performance and disk use. -By default the `local` driver preserves 100MB of log messages per container and -uses automatic compression to reduce the size on disk. +By default, the `local` driver preserves 100MB of log messages per container and +uses automatic compression to reduce the size on disk. The 100MB default value is based on a 20M default size +for each file and a default count of 5 for the number of such files (to account for log rotation). > *Note*: the `local` logging driver currently uses file-based storage. The > file-format and storage mechanism are designed to be exclusively accessed by @@ -58,7 +59,7 @@ The `local` logging driver supports the following logging options: | Option | Description | Example value | |:------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------| | `max-size` | The maximum size of the log before it is rolled. A positive integer plus a modifier representing the unit of measure (`k`, `m`, or `g`). Defaults to 20m. | `--log-opt max-size=10m` | -| `max-file` | The maximum number of log files that can be present. If rolling the logs creates excess files, the oldest file is removed. **Only effective when `max-size` is also set.** A positive integer. Defaults to 5. | `--log-opt max-file=3` | +| `max-file` | The maximum number of log files that can be present. If rolling the logs creates excess files, the oldest file is removed. A positive integer. Defaults to 5. | `--log-opt max-file=3` | | `compress` | Toggle compression of rotated log files. Enabled by default. | `--log-opt compress=false` | ### Examples @@ -67,5 +68,5 @@ This example starts an `alpine` container which can have a maximum of 3 log files no larger than 10 megabytes each. ```bash -$ docker run -it --log-opt max-size=10m --log-opt max-file=3 alpine ash +$ docker run -it --log-driver local --log-opt max-size=10m --log-opt max-file=3 alpine ash ``` From 456f9f554534b61a1f24456c9607ba53c32390b1 Mon Sep 17 00:00:00 2001 From: Brady Smith <13873429+gnomestar@users.noreply.github.com> Date: Thu, 6 Jun 2019 15:44:10 -0700 Subject: [PATCH 21/32] Remove "Edition" / update application URL (#1145) Removing "Edition" per https://github.com/docker/docs-private/issues/1143 Updated "apply to be a publisher" URL per https://github.com/docker/docs-private/issues/1144 --- docker-hub/publish/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-hub/publish/index.md b/docker-hub/publish/index.md index 6b5511c88d..fa7d3b8e1d 100644 --- a/docker-hub/publish/index.md +++ b/docker-hub/publish/index.md @@ -53,9 +53,9 @@ information, see [Bring Your Own License (BYOL) products on Store](byol.md). ### Plugins and agents -ISVs have the ability to create and distribute [plugin images](https://hub.docker.com/search?certification_status=certified&q=&type=plugin) for their customers to integrate with the ISV's proprietary hardware or cloud infrastructure and Docker Enterprise Edition deployments. +ISVs have the ability to create and distribute [plugin images](https://hub.docker.com/search?certification_status=certified&q=&type=plugin) for their customers to integrate with the ISV's proprietary hardware or cloud infrastructure and Docker Enterprise deployments. -You can [apply to be a publisher](https://goto.docker.com/partners) and learn more about our [Technology Partner Program](https://www.docker.com/partners/partner-program#/technology_partner). +You can [apply to be a publisher](https://goto.docker.com/2019-Partner-Program-Technology.html) and learn more about our [Technology Partner Program](https://www.docker.com/partners/partner-program#/technology_partner). ## What's next? From c2d80906a10b6e681259be5ac6e4249a1d228fa8 Mon Sep 17 00:00:00 2001 From: Olly P Date: Fri, 7 Jun 2019 16:04:36 +0100 Subject: [PATCH 22/32] Removed Build from Compose on Docker Desktop Example (#8750) * Removed Build from Compose.yaml on Compose to Kubernetes * Removed build from UCP example too --- _includes/kubernetes-mac-win.md | 15 +++++---------- ee/ucp/kubernetes/deploy-with-compose.md | 3 --- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/_includes/kubernetes-mac-win.md b/_includes/kubernetes-mac-win.md index 093a7c81a6..3246e30ceb 100644 --- a/_includes/kubernetes-mac-win.md +++ b/_includes/kubernetes-mac-win.md @@ -145,28 +145,23 @@ version: '3.3' services: web: - build: web - image: dockerdemos/lab-web - volumes: - - "./web/static:/static" + image: dockersamples/k8s-wordsmith-web ports: - "80:80" words: - build: words - image: dockerdemos/lab-words + image: dockersamples/k8s-wordsmith-api deploy: replicas: 5 endpoint_mode: dnsrr resources: limits: - memory: 16M + memory: 50M reservations: - memory: 16M + memory: 50M db: - build: db - image: dockerdemos/lab-db + image: dockersamples/k8s-wordsmith-db ``` If you already have a Kubernetes YAML file, you can deploy it using the diff --git a/ee/ucp/kubernetes/deploy-with-compose.md b/ee/ucp/kubernetes/deploy-with-compose.md index e75aa8e656..cefade7df4 100644 --- a/ee/ucp/kubernetes/deploy-with-compose.md +++ b/ee/ucp/kubernetes/deploy-with-compose.md @@ -29,19 +29,16 @@ version: '3.3' services: web: - build: web image: dockersamples/k8s-wordsmith-web ports: - "8080:80" words: - build: words image: dockersamples/k8s-wordsmith-api deploy: replicas: 5 db: - build: db image: dockersamples/k8s-wordsmith-db ``` From 366c23c2ad4892ab7515b3baa96b2525c7cd0cee Mon Sep 17 00:00:00 2001 From: Brady Smith <13873429+gnomestar@users.noreply.github.com> Date: Fri, 7 Jun 2019 15:14:18 -0700 Subject: [PATCH 23/32] Adding Release Notes commentary (#1161) * Adding Release Notes commentary Per HUB-1827, we discovered a Hub feature which is *very valuable* to partners & customers, but was not previously documented. Given that we only discovered this because _one partner_ was made aware by _one partner manager_, it is a great example of tribal knowledge we can disseminate via proactive documentation. Adding to the FAQ's now so it will not be lost / forgotten. In a more comprehensive revision, this could easily be situated in a dedicated "Publisher Portal Usage Docs" section. * Minor edit --- docker-hub/publish/publisher_faq.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-hub/publish/publisher_faq.md b/docker-hub/publish/publisher_faq.md index 5500002e51..a23d62ffb7 100644 --- a/docker-hub/publish/publisher_faq.md +++ b/docker-hub/publish/publisher_faq.md @@ -60,6 +60,8 @@ The customer will be given the permissions to docker pull any tag associated wit Edit the same product and update with the newly tagged repos. +Additionally, for product updates, you may include a set of *Release Notes*. These notes will not be published with the product listing itself. Instead, they will be emailed directly to the current subscriber of the product. This ensures that consumers will have timely, valuable alerts about the availability of new images and significant changes. + ### On the Information page, organization details are required. Do we need to fill those in again for every product we publish, or are they carried over? And if we change them for a later image publish, are they updated for all images published by our organization? Organization details need to be filled in only once. Updating organization info From 223b63f693a267a3756cf39954cfc3d2d374bbb1 Mon Sep 17 00:00:00 2001 From: Brady Smith <13873429+gnomestar@users.noreply.github.com> Date: Fri, 7 Jun 2019 15:17:18 -0700 Subject: [PATCH 24/32] Moving Billing FAQs from Customer FAQ section (#1156) * Moving Billing FAQs from Customer FAQ section This whole section is completely out of place under customer FAQ. Seems to only be relevant to this Plan upgrade page, given this is the only current place in Hub where I can make a payment for anything. https://github.com/docker/docs-private/pull/1155 for more context * Update upgrade.md --- docker-hub/upgrade.md | 55 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 3 deletions(-) diff --git a/docker-hub/upgrade.md b/docker-hub/upgrade.md index b842b3b93d..d94e2ef75b 100644 --- a/docker-hub/upgrade.md +++ b/docker-hub/upgrade.md @@ -1,12 +1,12 @@ --- description: Upgrading your Docker Hub Plan keywords: Docker, docker, trusted, registry, accounts, plans, Dockerfile, Docker Hub, webhooks, docs, documentation -title: Upgrade your Plan +title: Upgrade your plan --- User and organization accounts maintain separate Docker Hub billing profiles. -### Upgrade your personal plan +## Upgrade your personal plan Docker Hub includes one private Docker Hub repository for free. If you need more private repositories, you can upgrade from your free account to a paid @@ -17,7 +17,7 @@ To upgrade: 2. Click Change Plan 3. Select your plan and provide your payment information to upgrade ![Upgrade Plan](images/index-upgrade-plan.png) -### Upgrade your organization's plan +## Upgrade your organization's plan To upgrade an Organization's plan: @@ -25,3 +25,52 @@ To upgrade an Organization's plan: 2. Change the selected account to your Organization whose plan you'd like to upgrade ![Change Account](images/upgrade-change-account.png) 3. Click Change Plan ![Change Plan](images/upgrade-change-plan.png) + + +## Docker Hub repo plan billing FAQ + +### What forms of payment do you accept? + +The Docker Hub accepts Visa, MasterCard, American Express, and Discover credit +cards. We do not accept ACH, EFT, or PIN-based debit card transactions at this +time. + +### What currencies do you accept? + +Docker is a US-based company, and bills in US Dollars (USD). This keeps our +pricing stable and consistent, rather than fluctuating with exchange rates. + +### When do you charge my credit card? + +We automatically charge your credit card on the first day of your billing cycle +each month, and the charge comes from Docker, Inc. Your billing cycle is a +30-day period starting on the day you subscribe. + +### What do I do if my payment fails? + +If your payment failed because the card expired or was canceled, you need to +update your credit card information or add an additional card. + +Click the user icon menu in the upper right corner, and click +**Billing**. Click the **Payment methods** tab to update your credit card and +contact information. + +If you are updating the card details for an organization, be sure to select the +organization name from the **Account** menu before updating the information. + +### How does cancellation work? Do you offer refunds? + +You can cancel a subscription at any time, however you are still billed +for the full month, and have access to the subscription content until the end of +that billing period. + +We do not offer refunds. If you believe that you've been billed in error, +contact our [Billing Support team](mailto:billing@docker.com). + +### How do I download the licenses my organization has purchased? + +You can view and download all you active licenses for an organization from the +**Subscriptions** page. + +Click the user icon menu at the top right, choose **My Content** and then +select the organization from the **Accounts** drop down menu. From fb15a0e215c51bac32364538015a101014ae6f16 Mon Sep 17 00:00:00 2001 From: Brady Smith <13873429+gnomestar@users.noreply.github.com> Date: Fri, 7 Jun 2019 15:19:19 -0700 Subject: [PATCH 25/32] Update customer_faq.md (#1155) * Update customer_faq.md Quick hit edits to User FAQ * Remove Docker EE references * Added Community vs. Verified profile Question * Q1 2018 product teaser removed. * Buy / purchase references adjusted to "Subscription" / "subscribe" * Removed "How can I become a Publisher" because it was redundant with Publisher FAQ, Publisher onboarding, etc. other pages... * Payment details -> I'm moving this entire section over to the "Upgrade your Plan" section. Pay via Docker deprecation means that content is _not purchased_ via Hub any longer. Additionally, for some time Docker Enterprise has _not been sold_ through Hub. Don't see any reason to keep this whole section here. _If anything, this would need to be a part of Digital / SaaS documentation._ I'm assuming that's tracked elsewhere and there's no dependency. Given all that, I think "Upgrade your Plan" is the only other sensible place for this content to live.. as it is the only other current place where payments are being made, and I don't see any similar references to billing in that section. * Make headings consistent --- docker-hub/publish/customer_faq.md | 93 ++++++------------------------ 1 file changed, 19 insertions(+), 74 deletions(-) diff --git a/docker-hub/publish/customer_faq.md b/docker-hub/publish/customer_faq.md index ee2f3cf94a..1ea8fe5d90 100644 --- a/docker-hub/publish/customer_faq.md +++ b/docker-hub/publish/customer_faq.md @@ -8,18 +8,23 @@ redirect_from: ## Customer FAQs -## Certification program +## Hub publisher profile -### What is the certification program for images and plugins, and what are some benefits? +### What is the difference between a Community User and a Verified Publisher? -The Docker Certification program for Infrastructure, Images, and Plugins is -designed for both technology partners and enterprise customers to recognize -high-quality Containers and Plugins, provide collaborative support, and ensure -compatibility with Docker EE. Docker Certification is aligned to the available -Docker EE infrastructure and gives enterprises a trusted way to run more -technology in containers with support from both Docker and the publisher. +Community Users have simply signed up to receive a DockerID and made some of their repositories Public on Docker Hub. By contrast, Verified Publishers have engaged directly with Docker's partner team, and enrolled in our Docker Technology Partner program. These profiles indicate that the business entity of the publisher has been validated, and have taken proactive steps to partner with Docker. Unlike Community content, these Verified Publisher profiles indicate true provenance of the content. -## End user experience +## Certified content + +### What are Certified Containers and Plugins, and how are they differentiated from other content on Docker Hub? + +The Docker Certification program is +designed for enterprise customers to recognize +high-quality content which is compatible, tested, and supported on Docker Enterprise by a Verified publisher. Docker Certification is aligned to the available +Docker Enterprise products, and gives enterprises a trusted way to run more +technology in containers with the confidence knowing there is a collaborative support relationship in place between Docker and the Verified Publisher. + +## End-user experience ### Why do I see the pull command for a few products and no pull command in other products? @@ -27,77 +32,17 @@ If a publisher publishes multiple images as part of their plan - we do not display the pull command. The pull command visual is exclusively for submissions that have a single image. -As a future feature we would like to start bringing in the concept of -compositions because it is more connected to real world usage of containers. Our -intent is to start surfacing a better UX by Q1 '18. +### Where can I see all of my subscribed content? -### Where can I see all of my purchases? - -To view your purchases, go to the account menu at the upper right corner, and +To view your accessible content, go to the account menu at the upper right corner, and click **My Content**. The page that appears lists all of your active subscriptions, and any lapsed or canceled subscriptions. -### Can I buy subscriptions for my organization? +### Can I subscribe to content for my organization? -Yes! Members of an Organization's "Owners" team can buy images and subscriptions -for use in their Organization. Once purchased, images are available for any +Yes! Members of an Organization's "Owners" team can subcsribe to content +for use in their Organization. Once the subscription has been completed, images are available for any organization member to pull. Organization owners can view the organization's subscriptions by changing the selected account on the **My Content** page. - -### How can I become a Docker Hub publisher? - -You can apply to become a Docker Hub publisher by filling out -the form [here](https://hub.docker.com/publisher/signup). When you've been -accepted to the program, you can set up a publisher profile and submit your -images for review. Learn more about the publisher duties and requirements -[here](https://success.docker.com/Store). - -## Docker Hub billing frequently asked questions - -### What forms of payment do you accept? - -The Docker Hub accepts Visa, MasterCard, American Express, and Discover credit -cards. We do not accept ACH, EFT, or PIN-based debit card transactions at this -time. - -### What currencies do you accept? - -Docker is a US-based company, and bills in US Dollars (USD). This keeps our -pricing stable and consistent, rather than fluctuating with exchange rates. - -### When do you charge my credit card? - -We automatically charge your credit card on the first day of your billing cycle -each month, and the charge comes from Docker, Inc. Your billing cycle is a -30 day period starting on the day you subscribe. - -### What do I do if my payment fails? - -If your payment failed because the card expired or was canceled, you need to -update your credit card information or add an additional card. - -Click the user icon menu in the upper right corner, and click -**Billing**. Click the **Payment methods** tab to update your credit card and -contact information. - -If you are updating the card details for an organization, be sure to select the -organization name from the **Account** menu before updating the information. - -### How does cancellation work? Do you offer refunds? - -You can cancel a subscription at any time, however you are still billed -for the full month, and have access to the subscription content until the end of -that billing period. - -We do not offer refunds. If you believe that you've been billed in error, -contact our [Billing Support team](mailto:billing@docker.com). - -### How do I download the licenses my organization has purchased? - -You can view and download your all active licenses for an organization from the -Subscriptions page. - -Click the user icon menu at the top right, choose **My Content** and then -select the organization from the **Accounts** drop down menu. From 67b9804f691c47fe7c07bcf179d8c05f595fca09 Mon Sep 17 00:00:00 2001 From: Brady Smith <13873429+gnomestar@users.noreply.github.com> Date: Fri, 7 Jun 2019 15:20:50 -0700 Subject: [PATCH 26/32] Publisher FAQ Updates. (#1150) Updated application URL -> https://github.com/docker/docs-private/issues/1146 Removed misleading DCI verbiage -> https://github.com/docker/docs-private/issues/1147 Removed non-applicable Paid & Pricing plan sections -> https://github.com/docker/docs-private/issues/1148 Additional FAQ additions and edits on spur of moment.. and from team feedback (SD-556) --- docker-hub/publish/publisher_faq.md | 76 ++++++++++++----------------- 1 file changed, 31 insertions(+), 45 deletions(-) diff --git a/docker-hub/publish/publisher_faq.md b/docker-hub/publish/publisher_faq.md index a23d62ffb7..8ebc639fdc 100644 --- a/docker-hub/publish/publisher_faq.md +++ b/docker-hub/publish/publisher_faq.md @@ -9,38 +9,21 @@ redirect_from: ## Certification program -### What is the certification program for images and plugins, and what are some benefits? +### What is the certification program for containers and plugins, and what are some benefits? -The Docker Certification program for Infrastructure, Images, and Plugins is +The Docker Certification program for Containers and Plugins is designed for both technology partners and enterprise customers to recognize high-quality Containers and Plugins, provide collaborative support, and ensure -compatibility with Docker EE. Docker Certification is aligned to the available -Docker EE infrastructure and gives enterprises a trusted way to run more +compatibility with the Docker Enterprise platform. Docker Certified products give enterprises a trusted way to run more technology in containers with support from both Docker and the publisher. The -[Docker Technology Partner guide](https://www.docker.com/partners/partner-program#/technology_partner) -explains the Technology Partner program and the Docker Certification Program for -Infrastructure, Images, and Plugins in more detail. +[Docker Technology Partner guide](https://www.docker.com/sites/default/files/d8/2018-12/Docker-Technology-Partner-Program-Guide-120418.pdf) +explains the Technology Partner program, inclusive of process and requirements to Certify Containers and Plugins. ## Publisher signup and approval ### How do I get started with the publisher signup and approval process? -Start by applying to be a Docker Technology Partner at https://goto.docker.com/partner and click on "Publisher". - -* Requires acceptance of partnership agreement for completion -* Identify content that can be listed on Hub and includes a support offering -* Test your image against Docker Certified Infrastructure version 17.03 and -above (Plugins must run on 17.03 and above). -* Submit your image for Certification through the publisher portal. Docker -scans the image and work with you to address vulnerabilities. Docker also -conducts a best practices review of the image. -* Be a TSAnet member or join the Docker Limited Group. -* Upon completion of Certification criteria, and acceptance by Docker, -Publisher’s product page is updated to reflect Certified status. - -### What is the Docker Hub Publisher Program application timeline? - -1-2 weeks. +Start by completing our [Technology Partner application](https://goto.docker.com/2019-Partner-Program-Technology.html). Docker's partner team will review your application, and follow up directly with further steps. If you have any questions or concerns, please reach out directly to us at partners@docker.com! ### Can we have a group of people work on the same product and publish to Docker Hub? (This replicates our internal workflow where more than one person is working on Dockerizing our product.) @@ -52,9 +35,8 @@ Yes. You can submit your content as a team. The customer will be given the permissions to docker pull any tag associated with the source repo specified. We recommend that you create a distinct repo per plan and only use tags for different versions of that specific plan. For example, if you have a community, pro, and enterprise plan of a single product, you should create three separate repos, `namespace/community, namespace/pro, and namespace/enterprise`. Once a customer is entitled to your enterprise plan, they will be able to pull `store/namespace/enterprise:anytag`. -### How long does it typically take to have an image approved? - -2 Weeks. +### What is the typical publishing time for new products and updates? +Products are typically published within 24hrs of submission. ### Once a product is published, what is the process for pushing a new build (1.2, 1.3)? Will we simply edit the same product, adding the newly tagged repos? @@ -73,7 +55,7 @@ We don't support the abiltiy to view available tags for published products becau Official images and community images have available tags visible because anyone can access any tag at any time anonymously. -We aim to have product listings published with the concept of versions, allowing publishers to manage which versions of their products they expose to customers for access. +In the future, we may enable product listings published with the concept of versions, allowing publishers to manage which versions of their products they expose to customers for access. ### On the page for another vendor’s product on Docker Hub, I see the following chunks of data: How do these fields map to the following that are required in the publish process? @@ -101,7 +83,7 @@ We aim to have product listings published with the concept of versions, allowing *Tier Description* is what you see once users get entitled to a plan. For instance, in https://hub.docker.com/images/openmaptiles-openstreetmap-maps/plans/f1fc533a-76f0-493a-80a1-4e0a2b38a563?tab=instructions `A detailed street map of any place on a planet. Evaluation and non-production use. Production use license available separately` is what this publisher entered in the Tier description *Installation instructions* is documentation on installing your software. In this case the documentation is just `Just launch the container and the map is going to be available on port 80 - ready-to-use - with instructions and list of available styles.` (We recommend more details for any content that's a certification candidate). -### How can I remove a submission? I don’t want to currently have this image published as it is missing several information. +### How can I remove a published product? If you would like your submission removed, let us know by contacting us at publisher-support@docker.com. @@ -135,9 +117,9 @@ For instance, if you have a `Developer` Plan, that is mapped to repositories sto ### What options are presented to users to pull an image? We provide users the following options to access your software -* logged-in users. -* users who have accepted ToS -* all users (including users without Docker Identity) +* Logged-in users +* Subscribed users only (requires ToS acceptance) +* All users (including users without Docker Identity) Here is a [screenshot](https://user-images.githubusercontent.com/2453622/32067299-00cf1210-ba83-11e7-89f8-15deed6fef62.png) to describe how publishers can update the options provided to customers. ### If something is published as a free tier, for subscribed users only, does a user need to explicitly click Accept on the license terms for which we provide the link before they can download the image? @@ -160,16 +142,8 @@ from Docker Hub. The container may continue running. If you have a licensing scheme built into the container, the licensing scheme can be a forcing function and stop the container. (_We do not build anything into the container, it is up to the publisher_). -### How does a customer transition from a Trial to a Paid subscription? Question assumes these are two separate pulls from Docker Hub, or can they just drop in a license through Docker Hub? - -Publisher can provide two different tokens or let customers use the same token -and internally map the customer to a paid plan vs a free trial. - -### What are Docker Hub pricing plans like? Can I have metered pricing? - -As a publisher you can charge a subscription fee every month in USD. The amount -is determined by you. We are working on other pricing options. If you have -feedback about pricing, send us an email at publisher-support@docker.com +### Does Docker Hub offer a Subscription service, handle our invoicing, payments, etc? What happened to Pay-via-Docker? +Docker has deprecated the Pay-via-Docker subscription service. At this time, Docker Hub only supports distribution of content, under the BYOL Ungated model. In the future, we intend to release BYOL Gated functionality as well. If neither of these options will work for your product and licensing structure, please do inform your partner manager to help guide our feature prioritization. ### How does Docker handle Export control? Can individual countries be specified if differing from Docker's list of embargoed countries? @@ -182,16 +156,15 @@ specific groups. Send us an email at publisher-support if you have questions ### Where can I view customer insights? -Analytics reports are only available to Publishers with Certified or Commercial -Content. Go to https://hub.docker.com/publisher/center and click on "Actions" +Analytics reports are only available to Publishers with Certified. Go to https://hub.docker.com/publisher/center and click on "Actions" for the product you'd like to view analytics for. Here is a [screenshot](https://user-images.githubusercontent.com/2453622/32352202-6e87ce6e-bfdd-11e7-8fb0-08fe5a3e8930.png). -### How do metrics differentiate between Free and Paid subscribers? +### How do metrics differentiate between the different Pull Requirement options? The Analytics reports contain information about the Subscriber and the relevant product plan. You can identify subscribers for each plan -for each product. +for each product. Only anonymous information is available to our publishers. If you'd like the opportunity to receive Lead information, Subscribed Users Only will need to be selected as the pull requirement. Please review the Technology Partner Program guide, and consult with your partner manager, for more information on Lead Generation plans. ### Can I preview my submission before publishing? @@ -210,3 +183,16 @@ Yes ### Can I have a publish by date for my content? Not yet. This is a planned enhancement, but we have no specific availability date at this time. +In lieu of an automated approach, you may coordinate publication timeline directly with your partner manager. + +### Can I convert my Hub Community profile to a Verified Publisher profile? + +No, at this time you will need to separately sign up to become a Verified Publisher. Following that, you may migrate or re-publish your public repo's under the new Verified Publisher profile. + +### Once I've completed the process to become a Verified Publisher with my partner manager, how do I get access to the Publisher Portal? + +You will need to apply for access. Please either follow [this direct link](https://hub.docker.com/publisher/center) or click the "Publisher Center" link at the bottom of any Docker Hub page. Please note, that you will need to be logged in with a DockerID in order to see this link. + +### What kind of DockerID should I use to publish my content? + +Publishing should be done with an [Organization level DockerID](https://docs.docker.com/docker-hub/orgs/). We recommend that this account utilize a shared alias with your corporate email account and only individual DockerIDs with company email are added to that organization. From 37b29f257b9f9c820c46c42b32934d8f4689b3cc Mon Sep 17 00:00:00 2001 From: Brady Smith <13873429+gnomestar@users.noreply.github.com> Date: Fri, 7 Jun 2019 15:22:39 -0700 Subject: [PATCH 27/32] Revising antiquated product references, deleting incorrect statements (#1152) https://github.com/docker/docs-private/issues/1151 * Docker Store references * Incorrect DCI references * Docker Enterprise Edition references * Removing "Private repo" requirement which is _not actually true and has mislead / frustrated many partners_ * Removing SLA - This has never been enforced, to the extent that we don't even have Certification requirements around resolving the CVE's anymore! * Deleted DCI reference, because it is wildly inaccurate :) * Program Guide URL * Listing fee is a lie.. we've kept that up for 3+ years, time to let it go! * Removing old versioning which is irrelevant 2 years later.. Just a note... much of this look extremely redundant with the Publisher FAQ's. Also, there's no link to this page at all within the doc's tree. There's only a lone link to it at the end of another doc's section.. not sure if this page was intended to be shut down? If not, we ought to get it pulled back into the tree again. --- docker-hub/publish/publish.md | 115 ++++++++-------------------------- 1 file changed, 27 insertions(+), 88 deletions(-) diff --git a/docker-hub/publish/publish.md b/docker-hub/publish/publish.md index eb1003fa24..bcdd07f60d 100644 --- a/docker-hub/publish/publish.md +++ b/docker-hub/publish/publish.md @@ -8,32 +8,28 @@ redirect_from: ## Permitted content and support options -* Content that runs on a Docker Enterprise Edition (Docker Certified - Infrastructure) may be published in the Store. This content may also qualify - to become a Docker Certified Container or Plugin image and be backed by - collaborative Docker/Publisher support +* Content that runs on Docker Enterprise may be published on Docker Hub under a Verified Publisher profile. This content may also qualify + to become a Docker Certified Container or Plugin image, and thus backed by + collaborative Docker/Publisher support. -* Content that runs on the Docker Community Edition may be published in the - Store, but is not supported by Docker nor is it eligible for certification. +* Content that runs on the Docker Community may be published in Docker Hub, but is not supported by Docker nor is it eligible to become Certified. * Content that requires a non Certified Infrastructure environment may not be - published in the Store. + published. -| If your content: | Can publish on Store | Can be certified and supported by Docker | Supported by publisher | +| If your content: | Can publish | Can be Certified | Supported by publisher | |:-----|:--------|:------|:-----| -| Works on Docker Enterprise Edition | YES | YES | Required | -| Works on Docker Community Edition | YES | NO | Optional | +| Works on Docker Enterprise | YES | YES | Required | +| Works on Docker Community | YES | NO | Optional | | Does not work on Docker Certified Infrastructure | NO | N/A | N/A | ## Onboarding The Docker Hub publishing process begins from the landing page: sign in with -your Docker ID and specify a product name and image source from a private -repository. Your product images must be stored in private repositories of Docker -Cloud and/or Hub as they serve as an internal staging area from which you can -revise and submit content for review. +your Docker ID and specify a product name and image source from a private or public +repository. After specifying a source, provide the content-manifest items to populate your product details page. These items include logos, descriptions, and licensing and @@ -127,7 +123,7 @@ of your product, keep your images up-to-date: `apt-get install ...` pull the latest versions of dependencies, which may include security fixes. -## Create and maintain your publisher profile in the Store +## Create and maintain your Verified Publisher profile Let the Docker community know who you are. Add your details, your company story, and what you do. At the very minimum, we require: @@ -136,12 +132,12 @@ story, and what you do. At the very minimum, we require: * Company website * Phone number * Valid company email -* Company icon/logo (square; at least 512x512px +* Company icon/logo (square; at least 512x512px) ## Prepare your image-manifest materials -You must provide the namespace (including repository and tags) of a private +You must provide the namespace (including repository and tags) of a private or public repository on Docker Hub that contains the source for your product. This repository path is not shown to users, but the repositories you choose determine the Product Tiers available for customers to download. @@ -160,18 +156,17 @@ discoverable: 9. Product tier description 10. Product tier price 11. Installation instructions -12. Link to license agreements +12. Link to, or text of, license agreements ### How the manifest information is displayed in the UI -This is an approximate representation. We frequently make enhancements to the -look and some elements might shift around. +This is an approximate representation, and some elements might shift around as we make enhancements. ![manifest information displayed on store UI](images/subscribed.png) ## Support your users -Docker users who download your content from the Store might need your help +Docker users who download your content might need help later, so be prepared for questions! The information you provide with your submission saves support time in the future. @@ -183,14 +178,13 @@ there self-help or troubleshooting resources available? ### Support SLA -Include a Service Level Agreement (SLA) for each image you're offering for the -Store. An SLA is your commitment to your users about the nature and level of +Include a Service Level Agreement (SLA) for each image you're offering. An SLA is your commitment to your users about the nature and level of support you provide to them. Make sure your SLA includes support hours and response-time expectations, where applicable. ## Security and audit policies -Docker Hub [scans](#docker-security-scanning) your official images for +Docker Hub [scans](#docker-security-scanning) your content for vulnerabilities with the Docker Security Scanning tool, and [audits](#usage-audit-and-reporting) consumer activity of your images to provide you intelligence about the use of your product. @@ -285,15 +279,6 @@ To interpret the results of a scanned image: National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities. -* Docker classifies the severity of issues per CVSS range, Docker classification, - and service level agreement (SLA) as follows. - -| CVSS range | Docker classification | SLA for fixing issues | -|:-----|:--------|:------| -| 7.0 to 10.0 | Critical | Within 72 hours of notification | -| 4.0 to 6.9 | Major | Within 7 days of notification | -| 0.1 to 3.9 | Minor | No SLA. Best-effort to fix or address in documentation. | - * In addition to CVSS, the Docker Security team can identify or classify vulnerabilities that need to be fixed, and categorize them in the minor-to-critical range. @@ -304,14 +289,6 @@ To interpret the results of a scanned image: * If you use Docker’s Scanning Service, you can subscribe to a notification service for new vulnerabilities. -* Failure to meet above SLAs may cause the listing to be put on “hold”. - -* A warning label shows up on the marketplace listing. An email is sent to the - users who have downloaded and subscribed for notifications. - -* A Repo’s listing can stay in the "hold" state for a maximum of 1 month, after - which the listing is revoked. - ### Usage audit and reporting Unless otherwise negotiated, an audit of activity on publisher content is @@ -330,7 +307,7 @@ There are three types of certification that appear in Docker Hub. ![certified container badge](images/certified_container.png) Certifies that a container image on Docker Hub has been tested; complies best -practices guidelines; runs on a Docker Certified Infrastructure; has proven +practices guidelines; runs on Docker Certified Infrastructure; has proven provenance; been scanned for vulnerabilities; and is supported by Docker and the content publisher @@ -341,12 +318,6 @@ access system level Docker APIs. Docker Certified Plugins provide the same level of assurance as a Docker Certified Container, but go further by having passed an additional suite of API compliance testing. -![certified plugins badge](images/certified_infrastructure.png) - -Indicates that the release of the Docker Edition and the underlying platform -have been tested together and are supported in combination by both Docker and -the partner. - ### Docker Certified Publisher FAQ #### What is the Docker Certified program? @@ -354,16 +325,12 @@ the partner. Docker Certified Container images and plugins are meant to differentiate high quality content on Docker Hub. Customers can consume Certified Containers with confidence knowing that both Docker and the publisher stands behind the -solution. Further details can be found in the -[Docker Partner Program Guide](https://www.docker.com/partnerprogramguide){: target="_blank" class="_"}. +solution. Further details and an application can be [found here.](https://goto.docker.com/2019-Partner-Program-Technology.html){: target="_blank" class="_"}. #### What are the benefits of Docker Certified? Docker Hub promotes Docker Certified Containers and Plugins running on Docker -Certified Infrastructure trusted and high quality content. With over 8B image -pulls and access to Docker’s large customer base, a publisher can differentiate -their content by certifying their images and plugins. With a revenue share -agreement, Docker can be a channel for your content. The Docker Certified badge +Certified Infrastructure trusted and high quality content. The Docker Certified badge can also be listed alongside external references to your product. #### How is the Docker Certified Container image listed on Docker Hub? @@ -376,7 +343,7 @@ search parameters to show only certified content. #### Is certification optional or required? -Certification is recommended for most commercial and supported container images. +Certification is recommended for all commercial and supported container images. Free, community, and other commercial (non-certified) content may also be listed on Docker Hub. @@ -384,10 +351,9 @@ on Docker Hub. #### How is support handled? -All Docker Certified Container images and plugins running on Docker Certified -Infrastructure come with SLA based support provided by the publisher and Docker. +All Docker Certified Container images and plugins running on Docker Enterprise come with support provided directly by the publisher, under your existing SLA. Normally, a customer contacts the publisher for container and application level -issues. Likewise, a customer contacts Docker for Docker Edition support. In the +issues. Likewise, a customer contacts Docker for Docker Enterprise support. In the case where a customer calls Docker (or vice versa) about an issue on the application, Docker advises the customer about the publisher support process and performs a handover directly to the publisher if required. TSAnet is required @@ -396,42 +362,15 @@ for exchange of support tickets between the publisher and Docker. #### How does a publisher apply to the Docker Certified program? Start by applying to be a [Docker Technology -Partner](https://goto.docker.com/partners){: target="_blank" class="_"} - -* Requires acceptance of partnership agreement for completion - -* Identify commercial content that can be listed on Store and includes a support - offering - -* Test your image against the Docker CS Engine 1.12+ or on a Docker Certified - Infrastructure version 17.03 and above (Plugins must run on 17.03 and above) - -* Submit your image for Certification through the publisher portal. Docker - scans the image and works with you to address vulnerabilities. Docker also - conducts a best practices review of the image. - -* Be a [TSAnet](https://www.tsanet.org/){: target="_blank" class="_"} member or - join the Docker Limited Group. - -* Upon completion of Certification criteria, and acceptance by - Docker, the Publisher’s product page is updated to reflect Certified status. - -#### Is there a fee to join the program? - -In the future, Docker may charge a small annual listing fee. This is waived for -the initial period. +Partner](https://goto.docker.com/2019-Partner-Program-Technology.html){: target="_blank" class="_"} #### What is the difference between Official Images and Docker Certified? -Many Official images transition to the Docker Certified program and are -maintained and updated by the original owner of the software. Docker -continues to maintain some of the base OS images and language frameworks. +Official Images is a program sponsored by Docker for the curation and packaging of Open Source Software. While upstream vendors are sometimes involved, this is not always the case. Docker Certified content is explicitly provided, maintained, and supported directly by the ISV. #### How is certification of plugins handled? Docker Certification program recognizes the need to apply special scrutiny and testing to containers that access system level interfaces like storage volumes and networking. Docker identifies these special containers as “Plugins” which -require additional testing by the publisher or Docker. These plugins employ the -V2 Plugin Architecture that was first made available in 1.12 (experimental) and -now available in Docker Enterprise Edition 17.03 +require additional testing by the publisher or Docker. From 8fc39036c8ce4042e849e0562604b84f7386ec57 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Fri, 7 Jun 2019 17:17:10 -0700 Subject: [PATCH 28/32] Publish Hub updates and add TOC entry for Publish page (#8908) --- _data/toc.yaml | 2 + docker-hub/publish/index.md | 4 +- docker-hub/publish/publish.md | 115 +++++++--------------------- docker-hub/publish/publisher_faq.md | 78 ++++++++----------- docker-hub/upgrade.md | 59 ++++++++++++-- 5 files changed, 118 insertions(+), 140 deletions(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index 8ce374ede1..1cd7d6b806 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -3370,6 +3370,8 @@ manuals: section: - path: /docker-hub/publish/ title: Overview + - path: /docker-hub/publish/publish/ + title: Submit a product for Docker Hub - path: /docker-hub/publish/customer_faq/ title: User FAQs - path: /docker-hub/publish/publisher_faq/ diff --git a/docker-hub/publish/index.md b/docker-hub/publish/index.md index 6b5511c88d..fa7d3b8e1d 100644 --- a/docker-hub/publish/index.md +++ b/docker-hub/publish/index.md @@ -53,9 +53,9 @@ information, see [Bring Your Own License (BYOL) products on Store](byol.md). ### Plugins and agents -ISVs have the ability to create and distribute [plugin images](https://hub.docker.com/search?certification_status=certified&q=&type=plugin) for their customers to integrate with the ISV's proprietary hardware or cloud infrastructure and Docker Enterprise Edition deployments. +ISVs have the ability to create and distribute [plugin images](https://hub.docker.com/search?certification_status=certified&q=&type=plugin) for their customers to integrate with the ISV's proprietary hardware or cloud infrastructure and Docker Enterprise deployments. -You can [apply to be a publisher](https://goto.docker.com/partners) and learn more about our [Technology Partner Program](https://www.docker.com/partners/partner-program#/technology_partner). +You can [apply to be a publisher](https://goto.docker.com/2019-Partner-Program-Technology.html) and learn more about our [Technology Partner Program](https://www.docker.com/partners/partner-program#/technology_partner). ## What's next? diff --git a/docker-hub/publish/publish.md b/docker-hub/publish/publish.md index eb1003fa24..bcdd07f60d 100644 --- a/docker-hub/publish/publish.md +++ b/docker-hub/publish/publish.md @@ -8,32 +8,28 @@ redirect_from: ## Permitted content and support options -* Content that runs on a Docker Enterprise Edition (Docker Certified - Infrastructure) may be published in the Store. This content may also qualify - to become a Docker Certified Container or Plugin image and be backed by - collaborative Docker/Publisher support +* Content that runs on Docker Enterprise may be published on Docker Hub under a Verified Publisher profile. This content may also qualify + to become a Docker Certified Container or Plugin image, and thus backed by + collaborative Docker/Publisher support. -* Content that runs on the Docker Community Edition may be published in the - Store, but is not supported by Docker nor is it eligible for certification. +* Content that runs on the Docker Community may be published in Docker Hub, but is not supported by Docker nor is it eligible to become Certified. * Content that requires a non Certified Infrastructure environment may not be - published in the Store. + published. -| If your content: | Can publish on Store | Can be certified and supported by Docker | Supported by publisher | +| If your content: | Can publish | Can be Certified | Supported by publisher | |:-----|:--------|:------|:-----| -| Works on Docker Enterprise Edition | YES | YES | Required | -| Works on Docker Community Edition | YES | NO | Optional | +| Works on Docker Enterprise | YES | YES | Required | +| Works on Docker Community | YES | NO | Optional | | Does not work on Docker Certified Infrastructure | NO | N/A | N/A | ## Onboarding The Docker Hub publishing process begins from the landing page: sign in with -your Docker ID and specify a product name and image source from a private -repository. Your product images must be stored in private repositories of Docker -Cloud and/or Hub as they serve as an internal staging area from which you can -revise and submit content for review. +your Docker ID and specify a product name and image source from a private or public +repository. After specifying a source, provide the content-manifest items to populate your product details page. These items include logos, descriptions, and licensing and @@ -127,7 +123,7 @@ of your product, keep your images up-to-date: `apt-get install ...` pull the latest versions of dependencies, which may include security fixes. -## Create and maintain your publisher profile in the Store +## Create and maintain your Verified Publisher profile Let the Docker community know who you are. Add your details, your company story, and what you do. At the very minimum, we require: @@ -136,12 +132,12 @@ story, and what you do. At the very minimum, we require: * Company website * Phone number * Valid company email -* Company icon/logo (square; at least 512x512px +* Company icon/logo (square; at least 512x512px) ## Prepare your image-manifest materials -You must provide the namespace (including repository and tags) of a private +You must provide the namespace (including repository and tags) of a private or public repository on Docker Hub that contains the source for your product. This repository path is not shown to users, but the repositories you choose determine the Product Tiers available for customers to download. @@ -160,18 +156,17 @@ discoverable: 9. Product tier description 10. Product tier price 11. Installation instructions -12. Link to license agreements +12. Link to, or text of, license agreements ### How the manifest information is displayed in the UI -This is an approximate representation. We frequently make enhancements to the -look and some elements might shift around. +This is an approximate representation, and some elements might shift around as we make enhancements. ![manifest information displayed on store UI](images/subscribed.png) ## Support your users -Docker users who download your content from the Store might need your help +Docker users who download your content might need help later, so be prepared for questions! The information you provide with your submission saves support time in the future. @@ -183,14 +178,13 @@ there self-help or troubleshooting resources available? ### Support SLA -Include a Service Level Agreement (SLA) for each image you're offering for the -Store. An SLA is your commitment to your users about the nature and level of +Include a Service Level Agreement (SLA) for each image you're offering. An SLA is your commitment to your users about the nature and level of support you provide to them. Make sure your SLA includes support hours and response-time expectations, where applicable. ## Security and audit policies -Docker Hub [scans](#docker-security-scanning) your official images for +Docker Hub [scans](#docker-security-scanning) your content for vulnerabilities with the Docker Security Scanning tool, and [audits](#usage-audit-and-reporting) consumer activity of your images to provide you intelligence about the use of your product. @@ -285,15 +279,6 @@ To interpret the results of a scanned image: National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities. -* Docker classifies the severity of issues per CVSS range, Docker classification, - and service level agreement (SLA) as follows. - -| CVSS range | Docker classification | SLA for fixing issues | -|:-----|:--------|:------| -| 7.0 to 10.0 | Critical | Within 72 hours of notification | -| 4.0 to 6.9 | Major | Within 7 days of notification | -| 0.1 to 3.9 | Minor | No SLA. Best-effort to fix or address in documentation. | - * In addition to CVSS, the Docker Security team can identify or classify vulnerabilities that need to be fixed, and categorize them in the minor-to-critical range. @@ -304,14 +289,6 @@ To interpret the results of a scanned image: * If you use Docker’s Scanning Service, you can subscribe to a notification service for new vulnerabilities. -* Failure to meet above SLAs may cause the listing to be put on “hold”. - -* A warning label shows up on the marketplace listing. An email is sent to the - users who have downloaded and subscribed for notifications. - -* A Repo’s listing can stay in the "hold" state for a maximum of 1 month, after - which the listing is revoked. - ### Usage audit and reporting Unless otherwise negotiated, an audit of activity on publisher content is @@ -330,7 +307,7 @@ There are three types of certification that appear in Docker Hub. ![certified container badge](images/certified_container.png) Certifies that a container image on Docker Hub has been tested; complies best -practices guidelines; runs on a Docker Certified Infrastructure; has proven +practices guidelines; runs on Docker Certified Infrastructure; has proven provenance; been scanned for vulnerabilities; and is supported by Docker and the content publisher @@ -341,12 +318,6 @@ access system level Docker APIs. Docker Certified Plugins provide the same level of assurance as a Docker Certified Container, but go further by having passed an additional suite of API compliance testing. -![certified plugins badge](images/certified_infrastructure.png) - -Indicates that the release of the Docker Edition and the underlying platform -have been tested together and are supported in combination by both Docker and -the partner. - ### Docker Certified Publisher FAQ #### What is the Docker Certified program? @@ -354,16 +325,12 @@ the partner. Docker Certified Container images and plugins are meant to differentiate high quality content on Docker Hub. Customers can consume Certified Containers with confidence knowing that both Docker and the publisher stands behind the -solution. Further details can be found in the -[Docker Partner Program Guide](https://www.docker.com/partnerprogramguide){: target="_blank" class="_"}. +solution. Further details and an application can be [found here.](https://goto.docker.com/2019-Partner-Program-Technology.html){: target="_blank" class="_"}. #### What are the benefits of Docker Certified? Docker Hub promotes Docker Certified Containers and Plugins running on Docker -Certified Infrastructure trusted and high quality content. With over 8B image -pulls and access to Docker’s large customer base, a publisher can differentiate -their content by certifying their images and plugins. With a revenue share -agreement, Docker can be a channel for your content. The Docker Certified badge +Certified Infrastructure trusted and high quality content. The Docker Certified badge can also be listed alongside external references to your product. #### How is the Docker Certified Container image listed on Docker Hub? @@ -376,7 +343,7 @@ search parameters to show only certified content. #### Is certification optional or required? -Certification is recommended for most commercial and supported container images. +Certification is recommended for all commercial and supported container images. Free, community, and other commercial (non-certified) content may also be listed on Docker Hub. @@ -384,10 +351,9 @@ on Docker Hub. #### How is support handled? -All Docker Certified Container images and plugins running on Docker Certified -Infrastructure come with SLA based support provided by the publisher and Docker. +All Docker Certified Container images and plugins running on Docker Enterprise come with support provided directly by the publisher, under your existing SLA. Normally, a customer contacts the publisher for container and application level -issues. Likewise, a customer contacts Docker for Docker Edition support. In the +issues. Likewise, a customer contacts Docker for Docker Enterprise support. In the case where a customer calls Docker (or vice versa) about an issue on the application, Docker advises the customer about the publisher support process and performs a handover directly to the publisher if required. TSAnet is required @@ -396,42 +362,15 @@ for exchange of support tickets between the publisher and Docker. #### How does a publisher apply to the Docker Certified program? Start by applying to be a [Docker Technology -Partner](https://goto.docker.com/partners){: target="_blank" class="_"} - -* Requires acceptance of partnership agreement for completion - -* Identify commercial content that can be listed on Store and includes a support - offering - -* Test your image against the Docker CS Engine 1.12+ or on a Docker Certified - Infrastructure version 17.03 and above (Plugins must run on 17.03 and above) - -* Submit your image for Certification through the publisher portal. Docker - scans the image and works with you to address vulnerabilities. Docker also - conducts a best practices review of the image. - -* Be a [TSAnet](https://www.tsanet.org/){: target="_blank" class="_"} member or - join the Docker Limited Group. - -* Upon completion of Certification criteria, and acceptance by - Docker, the Publisher’s product page is updated to reflect Certified status. - -#### Is there a fee to join the program? - -In the future, Docker may charge a small annual listing fee. This is waived for -the initial period. +Partner](https://goto.docker.com/2019-Partner-Program-Technology.html){: target="_blank" class="_"} #### What is the difference between Official Images and Docker Certified? -Many Official images transition to the Docker Certified program and are -maintained and updated by the original owner of the software. Docker -continues to maintain some of the base OS images and language frameworks. +Official Images is a program sponsored by Docker for the curation and packaging of Open Source Software. While upstream vendors are sometimes involved, this is not always the case. Docker Certified content is explicitly provided, maintained, and supported directly by the ISV. #### How is certification of plugins handled? Docker Certification program recognizes the need to apply special scrutiny and testing to containers that access system level interfaces like storage volumes and networking. Docker identifies these special containers as “Plugins” which -require additional testing by the publisher or Docker. These plugins employ the -V2 Plugin Architecture that was first made available in 1.12 (experimental) and -now available in Docker Enterprise Edition 17.03 +require additional testing by the publisher or Docker. diff --git a/docker-hub/publish/publisher_faq.md b/docker-hub/publish/publisher_faq.md index 5500002e51..8ebc639fdc 100644 --- a/docker-hub/publish/publisher_faq.md +++ b/docker-hub/publish/publisher_faq.md @@ -9,38 +9,21 @@ redirect_from: ## Certification program -### What is the certification program for images and plugins, and what are some benefits? +### What is the certification program for containers and plugins, and what are some benefits? -The Docker Certification program for Infrastructure, Images, and Plugins is +The Docker Certification program for Containers and Plugins is designed for both technology partners and enterprise customers to recognize high-quality Containers and Plugins, provide collaborative support, and ensure -compatibility with Docker EE. Docker Certification is aligned to the available -Docker EE infrastructure and gives enterprises a trusted way to run more +compatibility with the Docker Enterprise platform. Docker Certified products give enterprises a trusted way to run more technology in containers with support from both Docker and the publisher. The -[Docker Technology Partner guide](https://www.docker.com/partners/partner-program#/technology_partner) -explains the Technology Partner program and the Docker Certification Program for -Infrastructure, Images, and Plugins in more detail. +[Docker Technology Partner guide](https://www.docker.com/sites/default/files/d8/2018-12/Docker-Technology-Partner-Program-Guide-120418.pdf) +explains the Technology Partner program, inclusive of process and requirements to Certify Containers and Plugins. ## Publisher signup and approval ### How do I get started with the publisher signup and approval process? -Start by applying to be a Docker Technology Partner at https://goto.docker.com/partner and click on "Publisher". - -* Requires acceptance of partnership agreement for completion -* Identify content that can be listed on Hub and includes a support offering -* Test your image against Docker Certified Infrastructure version 17.03 and -above (Plugins must run on 17.03 and above). -* Submit your image for Certification through the publisher portal. Docker -scans the image and work with you to address vulnerabilities. Docker also -conducts a best practices review of the image. -* Be a TSAnet member or join the Docker Limited Group. -* Upon completion of Certification criteria, and acceptance by Docker, -Publisher’s product page is updated to reflect Certified status. - -### What is the Docker Hub Publisher Program application timeline? - -1-2 weeks. +Start by completing our [Technology Partner application](https://goto.docker.com/2019-Partner-Program-Technology.html). Docker's partner team will review your application, and follow up directly with further steps. If you have any questions or concerns, please reach out directly to us at partners@docker.com! ### Can we have a group of people work on the same product and publish to Docker Hub? (This replicates our internal workflow where more than one person is working on Dockerizing our product.) @@ -52,14 +35,15 @@ Yes. You can submit your content as a team. The customer will be given the permissions to docker pull any tag associated with the source repo specified. We recommend that you create a distinct repo per plan and only use tags for different versions of that specific plan. For example, if you have a community, pro, and enterprise plan of a single product, you should create three separate repos, `namespace/community, namespace/pro, and namespace/enterprise`. Once a customer is entitled to your enterprise plan, they will be able to pull `store/namespace/enterprise:anytag`. -### How long does it typically take to have an image approved? - -2 Weeks. +### What is the typical publishing time for new products and updates? +Products are typically published within 24hrs of submission. ### Once a product is published, what is the process for pushing a new build (1.2, 1.3)? Will we simply edit the same product, adding the newly tagged repos? Edit the same product and update with the newly tagged repos. +Additionally, for product updates, you may include a set of *Release Notes*. These notes will not be published with the product listing itself. Instead, they will be emailed directly to the current subscriber of the product. This ensures that consumers will have timely, valuable alerts about the availability of new images and significant changes. + ### On the Information page, organization details are required. Do we need to fill those in again for every product we publish, or are they carried over? And if we change them for a later image publish, are they updated for all images published by our organization? Organization details need to be filled in only once. Updating organization info @@ -71,7 +55,7 @@ We don't support the abiltiy to view available tags for published products becau Official images and community images have available tags visible because anyone can access any tag at any time anonymously. -We aim to have product listings published with the concept of versions, allowing publishers to manage which versions of their products they expose to customers for access. +In the future, we may enable product listings published with the concept of versions, allowing publishers to manage which versions of their products they expose to customers for access. ### On the page for another vendor’s product on Docker Hub, I see the following chunks of data: How do these fields map to the following that are required in the publish process? @@ -99,7 +83,7 @@ We aim to have product listings published with the concept of versions, allowing *Tier Description* is what you see once users get entitled to a plan. For instance, in https://hub.docker.com/images/openmaptiles-openstreetmap-maps/plans/f1fc533a-76f0-493a-80a1-4e0a2b38a563?tab=instructions `A detailed street map of any place on a planet. Evaluation and non-production use. Production use license available separately` is what this publisher entered in the Tier description *Installation instructions* is documentation on installing your software. In this case the documentation is just `Just launch the container and the map is going to be available on port 80 - ready-to-use - with instructions and list of available styles.` (We recommend more details for any content that's a certification candidate). -### How can I remove a submission? I don’t want to currently have this image published as it is missing several information. +### How can I remove a published product? If you would like your submission removed, let us know by contacting us at publisher-support@docker.com. @@ -133,9 +117,9 @@ For instance, if you have a `Developer` Plan, that is mapped to repositories sto ### What options are presented to users to pull an image? We provide users the following options to access your software -* logged-in users. -* users who have accepted ToS -* all users (including users without Docker Identity) +* Logged-in users +* Subscribed users only (requires ToS acceptance) +* All users (including users without Docker Identity) Here is a [screenshot](https://user-images.githubusercontent.com/2453622/32067299-00cf1210-ba83-11e7-89f8-15deed6fef62.png) to describe how publishers can update the options provided to customers. ### If something is published as a free tier, for subscribed users only, does a user need to explicitly click Accept on the license terms for which we provide the link before they can download the image? @@ -158,16 +142,8 @@ from Docker Hub. The container may continue running. If you have a licensing scheme built into the container, the licensing scheme can be a forcing function and stop the container. (_We do not build anything into the container, it is up to the publisher_). -### How does a customer transition from a Trial to a Paid subscription? Question assumes these are two separate pulls from Docker Hub, or can they just drop in a license through Docker Hub? - -Publisher can provide two different tokens or let customers use the same token -and internally map the customer to a paid plan vs a free trial. - -### What are Docker Hub pricing plans like? Can I have metered pricing? - -As a publisher you can charge a subscription fee every month in USD. The amount -is determined by you. We are working on other pricing options. If you have -feedback about pricing, send us an email at publisher-support@docker.com +### Does Docker Hub offer a Subscription service, handle our invoicing, payments, etc? What happened to Pay-via-Docker? +Docker has deprecated the Pay-via-Docker subscription service. At this time, Docker Hub only supports distribution of content, under the BYOL Ungated model. In the future, we intend to release BYOL Gated functionality as well. If neither of these options will work for your product and licensing structure, please do inform your partner manager to help guide our feature prioritization. ### How does Docker handle Export control? Can individual countries be specified if differing from Docker's list of embargoed countries? @@ -180,16 +156,15 @@ specific groups. Send us an email at publisher-support if you have questions ### Where can I view customer insights? -Analytics reports are only available to Publishers with Certified or Commercial -Content. Go to https://hub.docker.com/publisher/center and click on "Actions" +Analytics reports are only available to Publishers with Certified. Go to https://hub.docker.com/publisher/center and click on "Actions" for the product you'd like to view analytics for. Here is a [screenshot](https://user-images.githubusercontent.com/2453622/32352202-6e87ce6e-bfdd-11e7-8fb0-08fe5a3e8930.png). -### How do metrics differentiate between Free and Paid subscribers? +### How do metrics differentiate between the different Pull Requirement options? The Analytics reports contain information about the Subscriber and the relevant product plan. You can identify subscribers for each plan -for each product. +for each product. Only anonymous information is available to our publishers. If you'd like the opportunity to receive Lead information, Subscribed Users Only will need to be selected as the pull requirement. Please review the Technology Partner Program guide, and consult with your partner manager, for more information on Lead Generation plans. ### Can I preview my submission before publishing? @@ -208,3 +183,16 @@ Yes ### Can I have a publish by date for my content? Not yet. This is a planned enhancement, but we have no specific availability date at this time. +In lieu of an automated approach, you may coordinate publication timeline directly with your partner manager. + +### Can I convert my Hub Community profile to a Verified Publisher profile? + +No, at this time you will need to separately sign up to become a Verified Publisher. Following that, you may migrate or re-publish your public repo's under the new Verified Publisher profile. + +### Once I've completed the process to become a Verified Publisher with my partner manager, how do I get access to the Publisher Portal? + +You will need to apply for access. Please either follow [this direct link](https://hub.docker.com/publisher/center) or click the "Publisher Center" link at the bottom of any Docker Hub page. Please note, that you will need to be logged in with a DockerID in order to see this link. + +### What kind of DockerID should I use to publish my content? + +Publishing should be done with an [Organization level DockerID](https://docs.docker.com/docker-hub/orgs/). We recommend that this account utilize a shared alias with your corporate email account and only individual DockerIDs with company email are added to that organization. diff --git a/docker-hub/upgrade.md b/docker-hub/upgrade.md index 6a0de8db5e..d94e2ef75b 100644 --- a/docker-hub/upgrade.md +++ b/docker-hub/upgrade.md @@ -1,12 +1,12 @@ --- description: Upgrading your Docker Hub Plan keywords: Docker, docker, trusted, registry, accounts, plans, Dockerfile, Docker Hub, webhooks, docs, documentation -title: Upgrade your Plan +title: Upgrade your plan --- User and organization accounts maintain separate Docker Hub billing profiles. -### Upgrade your personal plan +## Upgrade your personal plan Docker Hub includes one private Docker Hub repository for free. If you need more private repositories, you can upgrade from your free account to a paid @@ -14,14 +14,63 @@ plan. To upgrade: 1. Visit the [Plans Page](https://hub.docker.com/account/billing-plans/) -2. Click **Change Plan** +2. Click Change Plan 3. Select your plan and provide your payment information to upgrade ![Upgrade Plan](images/index-upgrade-plan.png) -### Upgrade your organization's plan +## Upgrade your organization's plan To upgrade an Organization's plan: 1. Visit the [Plans Page](https://hub.docker.com/account/billing-plans/) 2. Change the selected account to your Organization whose plan you'd like to upgrade ![Change Account](images/upgrade-change-account.png) -3. Click **Change Plan** ![Change Plan](images/upgrade-change-plan.png) +3. Click Change Plan ![Change Plan](images/upgrade-change-plan.png) + + +## Docker Hub repo plan billing FAQ + +### What forms of payment do you accept? + +The Docker Hub accepts Visa, MasterCard, American Express, and Discover credit +cards. We do not accept ACH, EFT, or PIN-based debit card transactions at this +time. + +### What currencies do you accept? + +Docker is a US-based company, and bills in US Dollars (USD). This keeps our +pricing stable and consistent, rather than fluctuating with exchange rates. + +### When do you charge my credit card? + +We automatically charge your credit card on the first day of your billing cycle +each month, and the charge comes from Docker, Inc. Your billing cycle is a +30-day period starting on the day you subscribe. + +### What do I do if my payment fails? + +If your payment failed because the card expired or was canceled, you need to +update your credit card information or add an additional card. + +Click the user icon menu in the upper right corner, and click +**Billing**. Click the **Payment methods** tab to update your credit card and +contact information. + +If you are updating the card details for an organization, be sure to select the +organization name from the **Account** menu before updating the information. + +### How does cancellation work? Do you offer refunds? + +You can cancel a subscription at any time, however you are still billed +for the full month, and have access to the subscription content until the end of +that billing period. + +We do not offer refunds. If you believe that you've been billed in error, +contact our [Billing Support team](mailto:billing@docker.com). + +### How do I download the licenses my organization has purchased? + +You can view and download all you active licenses for an organization from the +**Subscriptions** page. + +Click the user icon menu at the top right, choose **My Content** and then +select the organization from the **Accounts** drop down menu. From cacf25bfe111b2fcf0b692c1c35545e265e7f88b Mon Sep 17 00:00:00 2001 From: usha-mandya Date: Mon, 10 Jun 2019 15:09:21 +0100 Subject: [PATCH 29/32] DESKTOP-1299 Adding experimental blurb in the Desktop community docs --- _includes/experimental-feature.md | 3 ++ docker-for-mac/faqs.md | 7 ++++- docker-for-windows/faqs.md | 50 +++++++++++++++++-------------- 3 files changed, 36 insertions(+), 24 deletions(-) create mode 100644 _includes/experimental-feature.md diff --git a/_includes/experimental-feature.md b/_includes/experimental-feature.md new file mode 100644 index 0000000000..b6d3aca57b --- /dev/null +++ b/_includes/experimental-feature.md @@ -0,0 +1,3 @@ + + +Experimental features provide early access to future product functionality. These features are intended for testing and feedback only as they may change between releases without warning or can be removed entirely from a future release. Experimental features must not be used in production environments. Docker does not offer support for experimental features. \ No newline at end of file diff --git a/docker-for-mac/faqs.md b/docker-for-mac/faqs.md index 31b4cfc1e8..b751e67c02 100644 --- a/docker-for-mac/faqs.md +++ b/docker-for-mac/faqs.md @@ -11,6 +11,7 @@ title: Frequently asked questions (FAQ) for knowledge base articles, FAQs, technical support for subscription levels, and more. ## Questions about Docker.app + ### Stable and Edge channels **Q: How do I get the Stable or Edge version of Docker Desktop for Mac?** @@ -113,7 +114,6 @@ To preserve them, open the `~/Library/Group Containers/group.com.docker/settings.json` file, and update the `diskPath` entry. - ### Do I need to uninstall Docker Toolbox to use Docker for Mac? No, you can use these side by side. Docker Toolbox leverages a Docker daemon @@ -135,7 +135,12 @@ and want to uninstall it. For details on how to perform a clean uninstall of Toolbox on the Mac, see [How to uninstall Toolbox](/toolbox/toolbox_install_mac/#how-to-uninstall-toolbox) in the Toolbox Mac topics. +## Experimental features + +{% include experimental-feature.md %} + ## Questions about feedback and help + ### What kind of feedback are we looking for? Everything is fair game. We'd like your impressions on the download-install diff --git a/docker-for-windows/faqs.md b/docker-for-windows/faqs.md index 4af4fbff49..3be9e5b0a8 100644 --- a/docker-for-windows/faqs.md +++ b/docker-for-windows/faqs.md @@ -8,16 +8,16 @@ title: Frequently asked questions (FAQ) [Docker Success Center](http://success.docker.com/){: target="_blank" class="_"} for knowledge base articles, FAQs, technical support for subscription levels, and more. -### Questions about Stable and Edge channels +## Questions about Stable and Edge channels -#### How do I get the Stable or Edge version of Docker Desktop for Windows? +### How do I get the Stable or Edge version of Docker Desktop for Windows? Use the download links for the channels given in the topic [Download Docker Desktop for Windows](install#download-docker-for-windows). This topic also has more information about the two channels. -#### What is the difference between the Stable and Edge versions of Docker Desktop for Windows? +### What is the difference between the Stable and Edge versions of Docker Desktop for Windows? Two different download channels are available for Docker Desktop for Windows: @@ -35,7 +35,7 @@ Two different download channels are available for Docker Desktop for Windows: Stable, often one or more per month. Usage statistics and crash reports are sent by default. You do not have the option to disable this on the Edge channel. -#### Can I switch back and forth between Stable and Edge versions of Docker Desktop for Windows? +### Can I switch back and forth between Stable and Edge versions of Docker Desktop for Windows? Yes, you can switch between versions to try out the Edge release to see what's new, then go back to Stable for other work. However, **you can have only one app @@ -54,7 +54,7 @@ to save images and export the containers you need, then uninstall the current version before installing another. The workflow is described in more detail below.
-#### How to save and restore data +### How to save and restore data The following procedure can be used to save/restore images and container data, for example, if you want to switch between Edge and Stable, or reset your VM @@ -82,9 +82,13 @@ disk: procedure](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes) explains how to backup and restore data volumes. -### Feedback +## Experimental features -#### What kind of feedback are we looking for? +{% include experimental-feature.md %} + +## Feedback + +### What kind of feedback are we looking for? Everything is fair game. We'd like your impressions on the download-install process, startup, functionality available, the GUI, usefulness of the app, @@ -95,7 +99,7 @@ We are especially interested in getting feedback on the new swarm mode described in [Docker Swarm](/engine/swarm/). A good place to start is the [tutorial](/engine/swarm/swarm-tutorial/). -#### What if I have problems or questions? +### What if I have problems or questions? You can find the list of frequent issues in [Logs and Troubleshooting](troubleshoot). @@ -111,7 +115,7 @@ provides discussion threads as well, and you can create discussion topics there, but we recommend using the GitHub issues over the forums for better tracking and response. -#### How can I opt out of sending my usage data? +### How can I opt out of sending my usage data? If you do not want auto-send of usage data, use the Stable channel. For more information, see [Stable and Edge channels](#questions-about-stable-and-edge-channels) ("What is the difference between the Stable and Edge versions of Docker Desktop for Windows?"). @@ -158,8 +162,9 @@ See also [Docker Engine API](/engine/api) and the Docker Desktop for Windows for topic [How to find the remote API](https://forums.docker.com/t/how-to-find-the-remote-api/20988){: target="_blank" class="_"}. -### Volumes -#### Can I change permissions on shared volumes for container-specific deployment requirements? +## Volumes + +### Can I change permissions on shared volumes for container-specific deployment requirements? No, at this point, Docker Desktop for Windows does not enable you to control (`chmod`) the Unix-style permissions on [shared volumes](/docker-for-windows#shared-drives) for @@ -171,14 +176,14 @@ deployed containers, but rather sets permissions to a default value of For workarounds and to learn more, see [Permissions errors on data directories for shared volumes](troubleshoot#permissions-errors-on-data-directories-for-shared-volumes). -#### Why doesn't `nodemon` pick up file changes in a container mounted on a shared drive? +### Why doesn't `nodemon` pick up file changes in a container mounted on a shared drive? Currently, `inotify` does not work on Docker Desktop for Windows. This is a known issue. For more information and a temporary workaround, see [inotify on shared drives does not work](troubleshoot#inotify-on-shared-drives-does-not-work){: target="_blank" class="_"} in [Troubleshooting](troubleshoot). -#### Are symlinks supported? +### Are symlinks supported? Docker Desktop for Windows supports symbolic links (symlinks) created within containers. Symlinks resolve within and across containers. @@ -192,10 +197,9 @@ To learn more about the reasons for this limitation, see the following discussio * Docker Desktop for Windows forums topic: [Symlinks on shared volumes not supported](https://forums.docker.com/t/symlinks-on-shared-volumes-not-supported/9288){: target="_blank" class="_"} +## Certificates -### Certificates - -#### How do I add custom CA certificates? +### How do I add custom CA certificates? Starting with Docker Desktop for Windows 1.12.1, 2016-09-16 (Stable) and Beta 26 (2016-09-14 1.12.1-beta26), all trusted Certificate Authorities (CA) (root or @@ -211,7 +215,7 @@ To learn more about how to install a CA root certificate for the registry, see [Verify repository client with certificates](/engine/security/certificates) in the Docker Engine topics. -#### How do I add client certificates? +### How do I add client certificates? Starting with Docker Desktop for Windows 17.06.0-ce, you do not need to push your certificates with `git` commands anymore. You can put your client certificates @@ -262,27 +266,27 @@ Getting Started topic. For more about Docker Machine itself, see [What is Docker Machine?](/machine/overview#what-is-docker-machine), and the [Hyper-V driver](/machine/drivers/hyper-v) for Docker Machine. -### Windows Requirements +## Windows Requirements -#### How do I run Windows containers on Docker Desktop on Windows Server 2016? +### How do I run Windows containers on Docker Desktop on Windows Server 2016? See [About Windows containers and Windows Server 2016](/install/windows/docker-ee/#about-docker-ee-containers-and-windows-server). A full tutorial is available in [docker/labs](https://github.com/docker/labs){: target="_blank" class="_"} at [Getting Started with Windows Containers](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md){: target="_blank" class="_"}. -#### Why is Windows 10 Home not supported? +### Why is Windows 10 Home not supported? Docker Desktop for Windows requires the Hyper-V Windows feature which is not available on Home-edition. -#### Why is Windows 10 required? +### Why is Windows 10 required? Docker Desktop for Windows uses Windows Hyper-V. While older Windows versions have Hyper-V, their Hyper-V implementations lack features critical for Docker Desktop for Windows to work. -#### Why does Docker Desktop for Windows fail to start when firewalls or anti-virus software is installed? +### Why does Docker Desktop for Windows fail to start when firewalls or anti-virus software is installed? Some firewalls and anti-virus software might be incompatible with Hyper-V and some Windows 10 builds (possibly, the Anniversary Update), which impacts Docker @@ -290,7 +294,7 @@ Desktop for Windows. See details and workarounds in [Docker fails to start when firewall or anti-virus software is installed](troubleshoot#docker-fails-to-start-when-firewall-or-anti-virus-software-is-installed) in [Troubleshooting](troubleshoot). -### How do I uninstall Docker Toolbox? +## How do I uninstall Docker Toolbox? You might decide that you do not need Toolbox now that you have Docker Desktop for Windows, and want to uninstall it. For details on how to perform a clean From fadf77e4208eb0b301246d3d84e5625579acf506 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Mon, 10 Jun 2019 08:19:58 -0700 Subject: [PATCH 30/32] Change Engine API version to 1.40 --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 2670876930..c24f16ada2 100644 --- a/_config.yml +++ b/_config.yml @@ -19,7 +19,7 @@ exclude: ["_scripts", "apidocs/layouts", "Gemfile", "hooks", "index.html", "404. # Component versions -- address like site.docker_ce_version # You can't have - characters in these for non-YAML reasons -latest_engine_api_version: "1.41" +latest_engine_api_version: "1.40" docker_ce_version: "19.03" docker_ee_version: "19.03" compose_version: "1.25.0" From e547834bb26c986db579c05aee48a2ad3c755958 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Thu, 13 Jun 2019 10:22:38 -0700 Subject: [PATCH 31/32] Final touch-ups --- _config.yml | 3 +-- _data/docsarchive/archives.yaml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/_config.yml b/_config.yml index c24f16ada2..642d3cecd6 100644 --- a/_config.yml +++ b/_config.yml @@ -84,7 +84,6 @@ tablabels: engine-17.12: Docker EE Engine 17.12 engine-17.09: Docker EE Engine 17.09 engine-17.06: Docker EE Engine 17.06 - engine-17.06: Docker EE Engine 17.06 engine-17.03: Docker EE Engine 17.03 docker-cli-linux: Docker CLI on Mac/Linux docker-cli-win: Docker CLI on Windows @@ -112,7 +111,7 @@ defaults: - scope: path: "install" values: - win_latest_build: "docker-18.09.6" + win_latest_build: "docker-19.03.0" - scope: path: "datacenter" values: diff --git a/_data/docsarchive/archives.yaml b/_data/docsarchive/archives.yaml index 3ccf36deef..a58c17ed68 100644 --- a/_data/docsarchive/archives.yaml +++ b/_data/docsarchive/archives.yaml @@ -1,6 +1,6 @@ - archive: name: v19.03 - image: docs/docs-private:latest + image: docs/docker.github.io:latest current: true # When you make a new stable archive version, move the edge one to be second in # the list. The image for edge should be the same as latest. From 4c40161382420c80f7e9aa356c31c8137b7a46d2 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Thu, 13 Jun 2019 11:17:08 -0700 Subject: [PATCH 32/32] Fix distribution version --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 642d3cecd6..757671a716 100644 --- a/_config.yml +++ b/_config.yml @@ -26,7 +26,7 @@ compose_version: "1.25.0" compose_file_v3: "3.7" compose_file_v2: "2.4" machine_version: "0.16.1" -distribution_version: "2.7.1" +distribution_version: "2.7" dtr_version: "2.7" ucp_version: "3.2"