HD-2362

Author: aevesdocker

content/manuals/build-cloud/builder-settings.md

@@ -0,0 +1,56 @@
+---
+title: Builder settings
+description: Set your builder settings relating to private registries, disk allocation .
+keywords: build, cloud build, optimize, remote, local, cloud, registry, package repository, vpn
+---
+
+The **Builder settings** page in Docker Build Cloud lets you configure disk allocation, private resource access, and firewall settings for your cloud builders in your organization. These configurations help optimize storage, enable access to private registries, and secure outbound network traffic.
+
+## Disk allocation
+
+The **Disk allocation** setting lets you control how much of the available storage is dedicated to the build cache. A lower allocation increases storage available for active builds.
+
+To make disk allocation changes, navigate Builder settings in Docker Build Cloud and then adjust the Disk Allocation slider to specify the percentage of storage used for build caching.
+
+Any changes take effect immediately.
+
+> [!TIP]
+> 
+> If you build very large images, consider allocating more storage for caching.
+
+## Private resource access
+
+Private resource access lets cloud builders pull images and packages from private registries that are not publicly accessible. This feature is useful when builds rely on self-hosted artifact repositories or private OCI registries.
+
+For example, if your organization hosts a private [PyPI](https://pypi.org/) repository on a VPN, Docker Build Cloud would not be able to access it by default, since it isn't on the same network as your VPN.
+
+To enable your cloud builders to access your private registries, enter the host name and port of your private registry and then select **Add** to allow your cloud builders to access it.
+
+### Authentication 
+
+If your internal artifacts require authentication, make sure that you
+authenticate with the repository either before or during the build. For
+internal packages like npm or PyPI, use [build secrets](/manuals/build/building/secrets.md)
+to authenticate during the build. For internal OCI registries, use `docker
+login` to authenticate before building.
+
+Note that if you use a private registry that requires authentication, you will
+need to authenticate with `docker login` twice before building. This is because
+the cloud builder needs to authenticate with Docker to use the cloud builder,
+and then again to authenticate with the private registry.
+
+```console
+$ echo $DOCKER_PAT | docker login docker.io -u <username> --password-stdin
+$ echo $REGISTRY_PASSWORD | docker login registry.example.com -u <username> --password-stdin
+$ docker build --builder <cloud-builder> --tag registry.example.com/<image> --push .
+```
+
+## Firewall
+
+Firewall settings let you restrict cloud builder egress traffic to specific IP addresses. This helps enhance security by limiting external access.
+
+1. Select the **Enable firewall: Restrict cloud builder egress to specific public IP Address** checkbox.
+
+2. Enter the IP address you want to allow.
+
+3. Select **Add** to apply the restriction.

content/manuals/build-cloud/usage.md

@@ -186,13 +186,5 @@ It only changes the builder that's automatically selected to run your builds.
 
 ## Registries on internal networks
 
-It isn't possible to use Docker Build Cloud with a private registry
+It is possible to use Docker Build Cloud with a [private registry](/manuals/build-cloud/builder-settings.md#private-resource-access)
 or registry mirror on an internal network behind a VPN.
-All endpoints that a cloud builder interacts with,
-including OCI registries, must be accessible over the internet.
-
-> **Interested in trying out an experimental feature?**
->
->We are currently testing an experimental feature which lets cloud builders access internal resources. 
->
-> If you're interested in trying this feature, contact us using the [Support form](https://hub.docker.com/support/contact?topic=Docker+Build+Cloud&subject=Private+registry+access).