diff --git a/.gitignore b/.gitignore index c0bb912ebb73..fb19501a8140 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,12 @@ -**/.DS_Store -**/desktop.ini +.hugo_build.lock +.idea/ +.vscode/mcp.json .vscode/settings.json .vscode/tasks.json +**/.DS_Store +**/desktop.ini node_modules -.hugo_build.lock -resources public -tmp +resources static/pagefind -.idea/ +tmp diff --git a/_vale/config/vocabularies/Docker/accept.txt b/_vale/config/vocabularies/Docker/accept.txt index dc911190c3f4..fa917f9e2c43 100644 --- a/_vale/config/vocabularies/Docker/accept.txt +++ b/_vale/config/vocabularies/Docker/accept.txt @@ -163,6 +163,7 @@ unmanaged VMware vpnkit vSphere +VSCode Wasm Windows windowsfilter diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model.yaml index e33eb58af8e8..873348e5c484 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model.yaml @@ -2,7 +2,7 @@ command: docker model short: Docker Model Runner long: |- Use Docker Model Runner to run and interact with AI models directly from the command line. - For more information, see the [documentation](/model-runner/) + For more information, see the [documentation](/ai/model-runner/) pname: docker plink: docker.yaml cname: diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose.yaml index c87cca134ce3..79353c66aaae 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose.yaml @@ -3,9 +3,11 @@ pname: docker model plink: docker_model.yaml cname: - docker model compose down + - docker model compose metadata - docker model compose up clink: - docker_model_compose_down.yaml + - docker_model_compose_metadata.yaml - docker_model_compose_up.yaml options: - option: project-name diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_down.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_down.yaml index 9020db5199a8..9770b566a273 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_down.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_down.yaml @@ -2,17 +2,6 @@ command: docker model compose down usage: docker model compose down pname: docker model compose plink: docker_model_compose.yaml -options: - - option: model - value_type: stringArray - default_value: '[]' - description: model to use - deprecated: false - hidden: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false inherited_options: - option: project-name value_type: string diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_metadata.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_metadata.yaml new file mode 100644 index 000000000000..ae54bc67afec --- /dev/null +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_metadata.yaml @@ -0,0 +1,23 @@ +command: docker model compose metadata +short: Metadata for Docker Compose +long: Metadata for Docker Compose +usage: docker model compose metadata +pname: docker model compose +plink: docker_model_compose.yaml +inherited_options: + - option: project-name + value_type: string + description: compose project name + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: true +experimental: false +experimentalcli: true +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_up.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_up.yaml index e377b2cfca5b..7a746d11f1ea 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_up.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_compose_up.yaml @@ -3,6 +3,26 @@ usage: docker model compose up pname: docker model compose plink: docker_model_compose.yaml options: + - option: backend + value_type: string + default_value: llama.cpp + description: inference backend to use + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: context-size + value_type: int64 + default_value: "-1" + description: context size for the model + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: model value_type: stringArray default_value: '[]' @@ -13,6 +33,15 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: runtime-flags + value_type: string + description: raw runtime flags to pass to the inference engine + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false inherited_options: - option: project-name value_type: string diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_configure.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_configure.yaml new file mode 100644 index 000000000000..e94cbc918ebc --- /dev/null +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_configure.yaml @@ -0,0 +1,24 @@ +command: docker model configure +short: Configure runtime options for a model +long: Configure runtime options for a model +usage: docker model configure [--context-size=] MODEL [-- ] +pname: docker model +plink: docker_model.yaml +options: + - option: context-size + value_type: int64 + default_value: "-1" + description: context size (in tokens) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: true +experimental: false +experimentalcli: true +kubernetes: false +swarm: false + diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_inspect.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_inspect.yaml index 559d2260817a..0684354c9bf9 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_inspect.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_inspect.yaml @@ -15,6 +15,17 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: remote + shorthand: r + value_type: bool + default_value: "false" + description: Show info for remote models + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false deprecated: false hidden: false experimental: false diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_install-runner.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_install-runner.yaml index 60443efb4048..bc4dc488979c 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_install-runner.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_install-runner.yaml @@ -6,6 +6,16 @@ usage: docker model install-runner pname: docker model plink: docker_model.yaml options: + - option: do-not-track + value_type: bool + default_value: "false" + description: Do not track models usage in Docker Model Runner + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: gpu value_type: string default_value: auto diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_package.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_package.yaml index 1e5a7ec9554e..532909a68150 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_package.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_package.yaml @@ -3,10 +3,20 @@ short: | Package a GGUF file into a Docker model OCI artifact, with optional licenses, and pushes it to the specified registry long: | Package a GGUF file into a Docker model OCI artifact, with optional licenses, and pushes it to the specified registry -usage: docker model package --gguf [--license ...] --push TARGET +usage: docker model package --gguf [--license ...] [--context-size ] --push TARGET pname: docker model plink: docker_model.yaml options: + - option: context-size + value_type: uint64 + default_value: "0" + description: context size in tokens + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: gguf value_type: string description: absolute path to gguf file (required) diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_pull.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_pull.yaml index f10e4368ef6d..f0843b020636 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_pull.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_pull.yaml @@ -16,6 +16,11 @@ examples: |- You can pull GGUF models directly from [Hugging Face](https://huggingface.co/models?library=gguf). + **Note about quantization:** If no tag is specified, the command tries to pull the `Q4_K_M` version of the model. + If `Q4_K_M` doesn't exist, the command pulls the first GGUF found in the **Files** view of the model on HuggingFace. + To specify the quantization, provide it as a tag, for example: + `docker model pull hf.co/bartowski/Llama-3.2-1B-Instruct-GGUF:Q4_K_S` + ```console docker model pull hf.co/bartowski/Llama-3.2-1B-Instruct-GGUF ``` diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_status.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_status.yaml index 07da71d0f79b..5b0c33b46972 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_status.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_status.yaml @@ -5,6 +5,17 @@ long: | usage: docker model status pname: docker model plink: docker_model.yaml +options: + - option: json + value_type: bool + default_value: "false" + description: Format output in JSON + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false deprecated: false hidden: false experimental: false diff --git a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_unload.yaml b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_unload.yaml index 589afe593629..ba581bdcef55 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/docker_model_unload.yaml +++ b/_vendor/github.com/docker/model-cli/docs/reference/docker_model_unload.yaml @@ -1,7 +1,7 @@ command: docker model unload short: Unload running models long: Unload running models -usage: docker model unload (MODEL [--backend BACKEND] | --all) +usage: docker model unload (MODEL [MODEL ...] [--backend BACKEND] | --all) pname: docker model plink: docker_model.yaml options: diff --git a/_vendor/github.com/docker/model-cli/docs/reference/model.md b/_vendor/github.com/docker/model-cli/docs/reference/model.md index f9032718071e..f79e25304ac4 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/model.md +++ b/_vendor/github.com/docker/model-cli/docs/reference/model.md @@ -31,4 +31,4 @@ Docker Model Runner (EXPERIMENTAL) ## Description Use Docker Model Runner to run and interact with AI models directly from the command line. -For more information, see the [documentation](https://docs.docker.com/model-runner/) +For more information, see the [documentation](https://docs.docker.com/ai/model-runner/) diff --git a/_vendor/github.com/docker/model-cli/docs/reference/model_configure.md b/_vendor/github.com/docker/model-cli/docs/reference/model_configure.md new file mode 100644 index 000000000000..81fc1546bd5e --- /dev/null +++ b/_vendor/github.com/docker/model-cli/docs/reference/model_configure.md @@ -0,0 +1,14 @@ +# docker model configure + + +Configure runtime options for a model + +### Options + +| Name | Type | Default | Description | +|:-----------------|:--------|:--------|:-------------------------| +| `--context-size` | `int64` | `-1` | context size (in tokens) | + + + + diff --git a/_vendor/github.com/docker/model-cli/docs/reference/model_inspect.md b/_vendor/github.com/docker/model-cli/docs/reference/model_inspect.md index e9b6b1eff540..7df015093814 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/model_inspect.md +++ b/_vendor/github.com/docker/model-cli/docs/reference/model_inspect.md @@ -5,9 +5,10 @@ Display detailed information on one model ### Options -| Name | Type | Default | Description | -|:-----------|:-------|:--------|:-------------------------------| -| `--openai` | `bool` | | List model in an OpenAI format | +| Name | Type | Default | Description | +|:-----------------|:-------|:--------|:-------------------------------| +| `--openai` | `bool` | | List model in an OpenAI format | +| `-r`, `--remote` | `bool` | | Show info for remote models | diff --git a/_vendor/github.com/docker/model-cli/docs/reference/model_install-runner.md b/_vendor/github.com/docker/model-cli/docs/reference/model_install-runner.md index afcbbf2e56f3..970a6976a42e 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/model_install-runner.md +++ b/_vendor/github.com/docker/model-cli/docs/reference/model_install-runner.md @@ -5,10 +5,11 @@ Install Docker Model Runner (Docker Engine only) ### Options -| Name | Type | Default | Description | -|:---------|:---------|:--------|:----------------------------------------------| -| `--gpu` | `string` | `auto` | Specify GPU support (none\|auto\|cuda) | -| `--port` | `uint16` | `12434` | Docker container port for Docker Model Runner | +| Name | Type | Default | Description | +|:-----------------|:---------|:--------|:-------------------------------------------------| +| `--do-not-track` | `bool` | | Do not track models usage in Docker Model Runner | +| `--gpu` | `string` | `auto` | Specify GPU support (none\|auto\|cuda) | +| `--port` | `uint16` | `12434` | Docker container port for Docker Model Runner | diff --git a/_vendor/github.com/docker/model-cli/docs/reference/model_package.md b/_vendor/github.com/docker/model-cli/docs/reference/model_package.md index 4cfccf302157..615535fd80dc 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/model_package.md +++ b/_vendor/github.com/docker/model-cli/docs/reference/model_package.md @@ -7,6 +7,7 @@ Package a GGUF file into a Docker model OCI artifact, with optional licenses, an | Name | Type | Default | Description | |:------------------|:--------------|:--------|:--------------------------------------| +| `--context-size` | `uint64` | `0` | context size in tokens | | `--gguf` | `string` | | absolute path to gguf file (required) | | `-l`, `--license` | `stringArray` | | absolute path to a license file | | `--push` | `bool` | | push to registry (required) | diff --git a/_vendor/github.com/docker/model-cli/docs/reference/model_pull.md b/_vendor/github.com/docker/model-cli/docs/reference/model_pull.md index bae41fc31a1b..246cc59d78af 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/model_pull.md +++ b/_vendor/github.com/docker/model-cli/docs/reference/model_pull.md @@ -22,6 +22,11 @@ docker model pull ai/smollm2 You can pull GGUF models directly from [Hugging Face](https://huggingface.co/models?library=gguf). +**Note about quantization:** If no tag is specified, the command tries to pull the `Q4_K_M` version of the model. +If `Q4_K_M` doesn't exist, the command pulls the first GGUF found in the **Files** view of the model on HuggingFace. +To specify the quantization, provide it as a tag, for example: +`docker model pull hf.co/bartowski/Llama-3.2-1B-Instruct-GGUF:Q4_K_S` + ```console docker model pull hf.co/bartowski/Llama-3.2-1B-Instruct-GGUF ``` diff --git a/_vendor/github.com/docker/model-cli/docs/reference/model_status.md b/_vendor/github.com/docker/model-cli/docs/reference/model_status.md index 72a0bf7901f0..baa630073db8 100644 --- a/_vendor/github.com/docker/model-cli/docs/reference/model_status.md +++ b/_vendor/github.com/docker/model-cli/docs/reference/model_status.md @@ -3,6 +3,12 @@ Check if the Docker Model Runner is running +### Options + +| Name | Type | Default | Description | +|:---------|:-------|:--------|:----------------------| +| `--json` | `bool` | | Format output in JSON | + diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 77f74e9f57c4..124ef7bfdbfd 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -2,6 +2,6 @@ # github.com/moby/buildkit v0.23.1 # github.com/docker/buildx v0.25.0 # github.com/docker/cli v28.3.0+incompatible -# github.com/docker/compose/v2 v2.38.1 -# github.com/docker/model-cli v0.1.26-0.20250527144806-15d0078a3c01 +# github.com/docker/compose/v2 v2.38.2 +# github.com/docker/model-cli v0.1.33-0.20250703103301-d4e4936a9eb2 # github.com/docker/scout-cli v1.15.0 diff --git a/assets/css/components.css b/assets/css/components.css index 4e7a2234d3a0..0398544f06eb 100644 --- a/assets/css/components.css +++ b/assets/css/components.css @@ -110,6 +110,6 @@ } .tab-item { - @apply inline-block rounded-sm px-3 py-2 hover:bg-gray-100 dark:hover:bg-gray-900; + @apply inline-block rounded-t-sm px-3 py-2 hover:bg-gray-100 dark:hover:bg-gray-900; @apply dark:text-gray-200; } diff --git a/assets/css/global.css b/assets/css/global.css index 37d2c85d8769..8ff730389ba8 100644 --- a/assets/css/global.css +++ b/assets/css/global.css @@ -49,7 +49,7 @@ input[type="search"]::-ms-clear { margin-bottom: 0.4em !important; } > h2 { - @apply mt-5! mb-3!; + @apply mt-7! mb-3!; font-size: 160% !important; a { @apply hover:no-underline!; diff --git a/assets/css/utilities.css b/assets/css/utilities.css index ee01aaadc7ff..cc7f6b3ba1b9 100644 --- a/assets/css/utilities.css +++ b/assets/css/utilities.css @@ -1,13 +1,3 @@ -@utility icon-svg { - svg { - font-size: 24px; - width: 1em; - height: 1em; - display: inline-block; - fill: currentColor; - } -} - @utility icon-xs { svg { font-size: 12px; @@ -91,6 +81,15 @@ fill: currentColor; } } +@utility icon-svg-stroke { + svg { + font-size: 24px; + width: 1em; + height: 1em; + display: inline-block; + stroke: currentColor; + } +} @utility icon-xs { svg { @@ -257,3 +256,7 @@ @utility pagination-link { @apply flex items-center justify-center rounded-sm p-2; } + +@utility breadcrumbs { + font-size: 90%; +} diff --git a/content/get-started/workshop/07_multi_container.md b/content/get-started/workshop/07_multi_container.md index aab577adeb3a..e08b970bbd72 100644 --- a/content/get-started/workshop/07_multi_container.md +++ b/content/get-started/workshop/07_multi_container.md @@ -192,7 +192,7 @@ The todo app supports the setting of a few environment variables to specify MySQ > > While using env vars to set connection settings is generally accepted for development, it's highly discouraged > when running applications in production. Diogo Monica, a former lead of security at Docker, -> [wrote a fantastic blog post](https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/) +> [wrote a fantastic blog post](https://blog.diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/) > explaining why. > > A more secure mechanism is to use the secret support provided by your container orchestration framework. In most cases, diff --git a/content/guides/orchestration.md b/content/guides/orchestration.md index d63d54e0b5fd..8127e98e611a 100644 --- a/content/guides/orchestration.md +++ b/content/guides/orchestration.md @@ -41,7 +41,7 @@ Docker Desktop sets up Kubernetes for you quickly and easily. Follow the setup a 1. From the Docker Dashboard, navigate to **Settings**, and select the **Kubernetes** tab. -2. Select the checkbox labeled **Enable Kubernetes**, and select **Apply & Restart**. Docker Desktop automatically sets up Kubernetes for you. You'll know that Kubernetes has been successfully enabled when you see a green light beside 'Kubernetes _running_' in **Settings**. +2. Select the checkbox labeled **Enable Kubernetes**, and select **Apply**. Docker Desktop automatically sets up Kubernetes for you. You'll know that Kubernetes has been successfully enabled when you see a green light beside 'Kubernetes _running_' in **Settings**. 3. To confirm that Kubernetes is up and running, create a text file called `pod.yaml` with the following content: @@ -107,7 +107,7 @@ Docker Desktop sets up Kubernetes for you quickly and easily. Follow the setup a 1. From the Docker Dashboard, navigate to **Settings**, and select the **Kubernetes** tab. -2. Select the checkbox labeled **Enable Kubernetes**, and select **Apply & Restart**. Docker Desktop automatically sets up Kubernetes for you. You'll know that Kubernetes has been successfully enabled when you see a green light beside 'Kubernetes _running_' in the **Settings** menu. +2. Select the checkbox labeled **Enable Kubernetes**, and select **Apply**. Docker Desktop automatically sets up Kubernetes for you. You'll know that Kubernetes has been successfully enabled when you see a green light beside 'Kubernetes _running_' in the **Settings** menu. 3. To confirm that Kubernetes is up and running, create a text file called `pod.yaml` with the following content: diff --git a/content/includes/admin-company-overview.md b/content/includes/admin-company-overview.md deleted file mode 100644 index 9595e947572d..000000000000 --- a/content/includes/admin-company-overview.md +++ /dev/null @@ -1,22 +0,0 @@ -A company provides a single point of visibility across multiple organizations. This view simplifies the management of Docker organizations and settings. Organization owners with a Docker Business subscription can create a company and then manage it through the [Docker Admin Console](https://app.docker.com/admin). - -The following diagram depicts the setup of a company and how it relates to associated organizations. - -![company-hierarchy](/admin/images/docker-admin-structure.webp) - -## Key features - -With a company, administrators can: - -- View and manage all nested organizations and configure settings centrally -- Carefully control access to the company and company settings -- Have up to ten unique users assigned the company owner role -- Configure SSO and SCIM for all nested organizations -- Enforce SSO for all users in the company - -## Prerequisites - -Before you create a company, verify the following: - -- Any organizations you want to add to a company have a Docker Business subscription -- You're an organization owner for your organization and any additional organizations you want to add diff --git a/content/includes/admin-org-overview.md b/content/includes/admin-org-overview.md deleted file mode 100644 index 3aff83bc2fea..000000000000 --- a/content/includes/admin-org-overview.md +++ /dev/null @@ -1,14 +0,0 @@ -An organization in Docker is a collection of teams and repositories -that can be managed together. A team is a group of Docker members that belong to an organization. -An organization can have multiple teams. Members don't have to be added to a team to be part of an organization. - -Docker users become members of an organization once they're associated with that organization by an organization owner. An organization owner is a user with administrative access to the organization. - -Owners can invite users, assign them roles, create new teams, and add -members to an existing team using their Docker ID or email address. An organization owner can also add -additional owners to help them manage users, teams, and repositories in the -organization. - -The following diagram depicts the setup of an organization and how it relates to teams. Teams are an optional feature that owners can use to group members and assign permissions. - -![organization-hierarchy](/admin/images/org-structure.webp) diff --git a/content/manuals/admin/_index.md b/content/manuals/admin/_index.md index 2e1c733521ab..d75f739cf13f 100644 --- a/content/manuals/admin/_index.md +++ b/content/manuals/admin/_index.md @@ -1,6 +1,6 @@ --- title: Administration -description: Discover manuals on administration for accounts, organizations, and companies. +description: Overview of administration features and roles in the Docker Admin Console keywords: admin, administration, company, organization, Admin Console, user accounts, account management weight: 10 params: @@ -35,17 +35,66 @@ aliases: - /docker-hub/admin-overview --- -Administrators can manage companies and organizations using the Docker Admin Console. +Administrators can manage companies and organizations using the +[Docker Admin Console](https://app.docker.com/admin). The Admin Console +provides centralized observability, access management, and security controls +across Docker environments. + +## Company and organization hierarchy The [Docker Admin Console](https://app.docker.com/admin) provides administrators with centralized observability, access management, and controls for their company and organizations. To provide these features, Docker uses the following hierarchy and roles. -![Docker hierarchy](./images/docker-admin-structure.webp) +![Diagram showing Docker’s administration hierarchy with Company at the top, followed by Organizations, Teams, and Members](./images/docker-admin-structure.webp) + +### Company + +A company groups multiple Docker organizations for centralized configuration. +Companies are only available for Docker Business subscribers. + +Companies have the following administrator role available: + +- Company owner: Can view and manage all organizations within the company. +Has full access to company-wide settings and inherits the same permissions as +organization owners. + +### Organization + +An organization contains teams and repositories. All Docker Team and Business +subscribers must have at least one organization. + +Organizations have the following administrator role available: + +- Organization owner: Can manage organization settings, users, and access +controls. + +### Team + +Teams are optional and let you group members to assign repository permissions +collectively. Teams simplify permission management across projects +or functions. + +### Member + +A member is any Docker user added to an organization. Organization and company +owners can assign roles to members to define their level of access. + +> [!NOTE] +> +> Creating a company is optional, but organizations are required for Team and +Business subscriptions. + +## Admin Console features + +Docker's [Admin Console](https://app.docker.com/admin) allows you to: + +- Create and manage companies and organizations +- Assign roles and permissions to members +- Group members into teams to manage access by project or role +- Set company-wide policies, including SCIM provisioning and security +enforcement + +## Manage companies and organizations -- Company: A company simplifies the management of Docker organizations and settings. Creating a company is optional and only available to Docker Business subscribers. - - Company owner: A company can have multiple owners. Company owners have company-wide observability and can manage company-wide settings that apply to all associated organizations. In addition, company owners have the same access as organization owners for all associated organizations. -- Organization: An organization is a collection of teams and repositories. Docker Team and Business subscribers must have at least one organization. - - Organization owner: An organization can have multiple owners. Organization owners have observability into their organization and can manage its users and settings. -- Team: A team is a group of Docker members that belong to an organization. Organization and company owners can group members into additional teams to configure repository permissions on a per-team basis. Using teams to group members is optional. -- Member: A member is a Docker user that's a member of an organization. Organization and company owners can assign roles to members to define their permissions. +Learn how to manage companies and organizations in the following sections. {{< grid >}} diff --git a/content/manuals/admin/company/_index.md b/content/manuals/admin/company/_index.md index 6a21abaf011d..fb6f8ea723f8 100644 --- a/content/manuals/admin/company/_index.md +++ b/content/manuals/admin/company/_index.md @@ -1,8 +1,8 @@ --- -title: Company administration +title: Company administration overview weight: 20 description: Learn how to manage multiple organizations using companies, including managing users, owners, and security. -keywords: company, multiple organizations, manage companies +keywords: company, multiple organizations, manage companies, admin console, Docker Business settings grid: - title: Create a company description: Get started by learning how to create a company. @@ -13,15 +13,15 @@ grid: company. icon: store link: /admin/company/organizations/ -- title: Manage users - description: Explore how to manage users in all organizations. - icon: group_add - link: /admin/company/users/ - title: Manage company owners description: Find out more about company owners and how to manage them. icon: supervised_user_circle link: /admin/company/owners/ -- title: Configure Single Sign-On +- title: Manage users + description: Explore how to manage users in all organizations. + icon: group_add + link: /admin/company/users/ +- title: Configure single sign-on description: Discover how to configure SSO for your entire company. icon: key link: /security/for-admins/single-sign-on/ @@ -31,11 +31,11 @@ grid: icon: checklist link: /security/for-admins/provisioning/scim/ - title: Domain management - description: Add and verify your domains. + description: Add and verify your company's domains. icon: domain_verification link: /security/for-admins/domain-management/ - title: FAQs - description: Explore common company FAQs. + description: Explore frequently asked questions about companies. link: /faq/admin/company-faqs/ icon: help aliases: @@ -44,8 +44,30 @@ aliases: {{< summary-bar feature_name="Company" >}} -{{% include "admin-company-overview.md" %}} +A company provides a single point of visibility across multiple organizations, +simplifying organization and settings management. + +Organization owners with a Docker Business subscription can create a company +and manage it through the [Docker Admin Console](https://app.docker.com/admin). + +The following diagram shows how a company relates to its associated +organizations. + +![Diagram showing how companies relate to Docker organizations](/admin/images/docker-admin-structure.webp) + +## Key features + +With a company, administrators can: + +- View and manage all nested organizations +- Configure company and organization settings centrally +- Control access to the company +- Have up to ten unique users assigned to the company owner role +- Configure SSO and SCIM for all nested organizations +- Enforce SSO for all users in the company + +## Create and manage your company -Learn how to administer a company in the following sections. +Learn how to create and manage a company in the following sections. {{< grid >}} diff --git a/content/manuals/admin/company/new-company.md b/content/manuals/admin/company/new-company.md index 7ef1e3eb4332..376a1989c448 100644 --- a/content/manuals/admin/company/new-company.md +++ b/content/manuals/admin/company/new-company.md @@ -1,14 +1,20 @@ --- title: Create a company description: Learn how to create a company to centrally manage multiple organizations. -keywords: company, hub, organization, company owner, Admin Console, company management +keywords: company, hub, organization, company owner, Admin Console, company management, Docker Business, create company, Docker Admin Console aliases: - /docker-hub/new-company/ --- {{< summary-bar feature_name="Company" >}} -You can create a new company in the Docker Admin Console. Before you begin, you must: +Learn how to create a new company in the Docker Admin Console, a centralized +dashboard for managing organizations. + +## Prerequisites + +Before you begin, you must: + - Be the owner of the organization you want to add to your company - Have a Docker Business subscription @@ -24,12 +30,13 @@ organization. > [!TIP] > - > The name for your company can't be the same as an existing user, organization, or company namespace. - -1. Review the company migration details and then select **Create company**. + > The name for your company can't be the same as an existing user, + organization, or company namespace. -For more information on how you can add organizations to your company, see [Add organizations to a company](./organizations.md#add-organizations-to-a-company). +1. Review the migration details and then select **Create company**. +For more information on how you can add organizations to your company, +see [Add organizations to a company](./organizations.md#add-organizations-to-a-company). ## Next steps diff --git a/content/manuals/admin/company/organizations.md b/content/manuals/admin/company/organizations.md index 74fc09649117..19d061259332 100644 --- a/content/manuals/admin/company/organizations.md +++ b/content/manuals/admin/company/organizations.md @@ -1,12 +1,12 @@ --- -description: Learn how to manage organizations in a company. -keywords: company, multiple organizations, manage organizations title: Manage company organizations +description: Learn how to manage organizations in a company. +keywords: company, multiple organizations, manage organizations, Docker Admin Console, organization settings, add organization, company management --- {{< summary-bar feature_name="Company" >}} -You can manage the organizations in a company in the Docker Admin Console. +Learn to manage the organizations in a company using the Docker Admin Console. ## View all organizations @@ -18,17 +18,27 @@ The **Organizations** view displays all organizations under your company. ## Add seats to an organization -When you have a [self-serve](../../subscription/details.md#self-serve) subscription that has no pending subscription changes, you can add seats using the following steps. If you have a sales-assisted subscription, you can contact Docker support or sales to add seats. +If you have a [self-serve](../../subscription/details.md#self-serve) +subscription that has no pending subscription changes, you can add seats using +Docker Home. For more information about adding seats, +see [Manage seats](/manuals/subscription/manage-seats.md#add-seats). -For more information about adding seats, see [Manage seats](/manuals/subscription/manage-seats.md#add-seats). +If you have a sales-assisted subscription, you must contact Docker support or +sales to add seats. ## Add organizations to a company -You must be a company owner to add an organization to a company. You must also be an organization owner of the organization you want to add. There is no limit to the number of organizations you can have under a company layer. All organizations must have a Business subscription. +To add an organization to a company, ensure the following: + +- You are a company owner. +- You are an organization owner of the organization you want to add. +- The organization has a Docker Business subscription. +- There’s no limit to how many organizations can exist under a company. > [!IMPORTANT] > -> Once you add an organization to a company, you can't remove it from the company. +> Once you add an organization to a company, you can't remove it from the +company. 1. Sign in to [Docker Home](https://app.docker.com) and select your company. 1. Select **Admin Console**, then **Organizations**. @@ -42,7 +52,8 @@ You must be a company owner to add an organization to a company. You must also b 1. Select **Admin Console**, then **Organizations**. 1. Select the organization you want to manage. -For more details about managing an organization, see [Organization administration](../organization/_index.md). +For more details about managing an organization, see +[Organization administration](../organization/_index.md). ## More resources diff --git a/content/manuals/admin/company/owners.md b/content/manuals/admin/company/owners.md index f383acf971cf..c3afa9a65108 100644 --- a/content/manuals/admin/company/owners.md +++ b/content/manuals/admin/company/owners.md @@ -1,20 +1,19 @@ --- -description: Learn how to add and remove company owners. -keywords: company, owners title: Manage company owners +description: Learn how to add and remove company owners. +keywords: company, owners, add company owner, remove company owner, company manageemnt, company owner permissions aliases: - /docker-hub/company-owner/ --- {{< summary-bar feature_name="Company" >}} -A company can have multiple owners. Company owners have company-wide -observability and can manage company-wide settings that apply to all associated -organizations. In addition, company owners have the same access as organization -owners for all associated organizations. Unlike organization owners, company -owners don't need to be member of an organization. +A company can have multiple owners. Company owners have visibility across the +entire company and can manage settings that apply to all organizations under +that company. They also have the same access rights as organization owners but +don’t need to be members of any individual organization. -> [!NOTE] +> [!IMPORTANT] > > Company owners do not occupy a seat unless one of the following is true: > diff --git a/content/manuals/admin/company/users.md b/content/manuals/admin/company/users.md index c22339997b2c..ad01c5eceb2f 100644 --- a/content/manuals/admin/company/users.md +++ b/content/manuals/admin/company/users.md @@ -1,15 +1,146 @@ --- +title: Manage company members description: Learn how to manage company users in the Docker Admin Console. -keywords: company, company users, users, admin, Admin Console -title: Manage company users +keywords: company, company users, users, admin, Admin Console, memeber management, organization management, company management, bulk invite, resend invites --- {{< summary-bar feature_name="Company" >}} -You can manage users at the company-level in the Docker Admin Console. +Company owners can invite new members to an organization via Docker ID, +email address, or in bulk with a CSV file containing email +addresses. -{{% admin-users product="admin" layer="company" %}} +If an invitee does not have a Docker account, they must create an account and +verify their email address before they can accept an invitation to join the +organization. Pending invitations occupy seats for the organization +the user is invited to. + +## Invite members via Docker ID or email address + +Use the following steps to invite members to your organization via Docker ID or +email address. + +1. Sign in to [Docker Home](https://app.docker.com) and select +your company. +1. On the **Organizations** page, select the organization you want +to invite members to. +1. Select **Members**, then **Invite**. +1. Select **Emails or usernames**. +1. Follow the on-screen instructions to invite members. + Invite a maximum of 1000 members and separate multiple entries by comma, + semicolon, or space. + + > [!NOTE] + > + > When you invite members, you assign them a role. + > See [Roles and permissions](/security/for-admins/roles-and-permissions/) + > for details about the access permissions for each role. + + Pending invitations appear on the Members page. The invitees receive an + email with a link to Docker Hub where they can accept or decline the + invitation. + +## Invite members via CSV file + +To invite multiple members to an organization via a CSV file containing email +addresses: + +1. Sign in to [Docker Home](https://app.docker.com) and select +your company. +1. On the **Organizations** page, select the organization you want +to invite members to. +1. Select **Members**, then **Invite**. +1. Select **CSV upload**. +1. Select **Download the template CSV file** to optionally download an example +CSV file. The following is an example of the contents of a valid CSV file. + + ```text + email + docker.user-0@example.com + docker.user-1@example.com + ``` + + CSV file requirements: + + - The file must contain a header row with at least one heading named `email`. + Additional columns are allowed and are ignored in the import. + - The file must contain a maximum of 1000 email addresses (rows). To invite + more than 1000 users, create multiple CSV files and perform all steps in + this task for each file. + +1. Create a new CSV file or export a CSV file from another application. + + - To export a CSV file from another application, see the application’s + documentation. + - To create a new CSV file, open a new file in a text editor, type `email` + on the first line, type the user email addresses one per line on the + following lines, and then save the file with a .csv extension. + +1. Select **Browse files** and then select your CSV file, or drag and drop the +CSV file into the **Select a CSV file to upload** box. You can only select +one CSV file at a time. + + > [!NOTE] + > + > If the amount of email addresses in your CSV file exceeds the number of + available seats in your organization, you cannot continue to invite members. + To invite members, you can purchase more seats, or remove some email + addresses from the CSV file and re-select the new file. To purchase more + seats, see [Add seats to your subscription](/subscription/add-seats/) or + [Contact sales](https://www.docker.com/pricing/contact-sales/). + +1. After the CSV file has been uploaded, select **Review**. + + Valid email addresses and any email addresses that have issues will appear. + Email addresses may have the following issues: + + - Invalid email: The email address is not a valid address. The email address + will be ignored if you send invites. You can correct the email address in + the CSV file and re-import the file. + - Already invited: The user has already been sent an invite email and another + invite email will not be sent. + - Member: The user is already a member of your organization and an invite + email will not be sent. + - Duplicate: The CSV file has multiple occurrences of the same email address. + The user will be sent only one invite email. + +1. Follow the on-screen instructions to invite members. + + > [!NOTE] + > + > When you invite members, you assign them a role. + > See [Roles and permissions](/security/for-admins/roles-and-permissions/) + > for details about the access permissions for each role. + +Pending invitations appear on the Members page. The invitees receive an email +with a link to Docker Hub where they can accept or decline the invitation. + +## Resend invitations to users + +You can resend individual invitations, or bulk invitations from the Admin Console. + +### Resend individual invitations + +1. In [Docker Home](https://app.docker.com/), select your company. +2. Select **Admin Console**, then **Users**. +3. Select the **action menu** next to the invitee and select **Resend**. +4. Select **Invite** to confirm. + +### Bulk resend invitation + +1. In [Docker Home](https://app.docker.com/), select your company. +2. Select **Admin Console**, then **Users**. +3. Use the **checkboxes** next to **Usernames** to bulk select users. +4. Select **Resend invites**. +5. Select **Resend** to confirm. + +## Invite members via API + +You can bulk invite members using the Docker Hub API. For more information, +see the [Bulk create invites](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1bulk/post) API endpoint. ## Manage members on a team -Use Docker Hub to add a member to a team or remove a member from a team. For more details, see [Manage members](../organization/members.md#manage-members-on-a-team). +Use Docker Hub to add a member to a team or remove a member from a team. For +more details, see [Manage members](../organization/members.md#manage-members-on-a-team). + diff --git a/content/manuals/admin/organization/_index.md b/content/manuals/admin/organization/_index.md index c1a05fe7e556..ec1d2bc1b07f 100644 --- a/content/manuals/admin/organization/_index.md +++ b/content/manuals/admin/organization/_index.md @@ -2,8 +2,8 @@ title: Organization administration overview linkTitle: Organization administration weight: 10 -description: Learn about managing organizations in Docker including how they relate to teams, how to onboard, and more -keywords: organizations, admin, overview +description: Learn how to manage your Docker organization, including teams, members, permissions, and settings. +keywords: organizations, admin, overview, manage teams, roles grid: - title: Onboard your organization description: Learn how to onboard and secure your organization. @@ -45,10 +45,26 @@ grid: icon: help --- -{{% include "admin-org-overview.md" %}} +A Docker organization is a collection of teams and repositories with centralized +management. It helps administrators group members and assign access in a +streamlined, scalable way. -To create an organization, see [Create your organization](../organization/orgs.md). +## Organization structure -Learn how to administer an organization in the following sections. +The following diagram shows how organizations relate to teams and members. -{{< grid >}} +![Diagram showing how teams and members relate within a Docker organization](/admin/images/org-structure.webp) + +## Organization members + +Organization owners have full administrator access to manage members, roles, +and teams across the organization. + +An organization includes members and optional teams. Teams help group members +and simplify permission management. + +## Create and manage your organization + +Learn how to create and manage your organization in the following sections. + +{{< grid >}} \ No newline at end of file diff --git a/content/manuals/admin/organization/activity-logs.md b/content/manuals/admin/organization/activity-logs.md index 281e3efdbf9f..57ea00250a16 100644 --- a/content/manuals/admin/organization/activity-logs.md +++ b/content/manuals/admin/organization/activity-logs.md @@ -1,17 +1,19 @@ --- title: Activity logs weight: 50 -description: Learn about activity logs. -keywords: team, organization, activity, log, audit, activities +description: Learn how to access and interpret Docker activity logs for organizations and repositories. +keywords: audit log, organization activity, Docker business logs, repository activity, track changes Docker, security logs Docker, filter logs, log Docker events aliases: - /docker-hub/audit-log/ --- {{< summary-bar feature_name="Activity logs" >}} -Activity logs display a chronological list of activities that occur at organization and repository levels. It provides a report to owners on all their member activities. +Activity logs display a chronological list of activities that occur at organization and repository levels. The activity log provides organization owners with a record of all +member activities. With activity logs, owners can view and track: + - What changes were made - The date when a change was made - Who initiated the change @@ -20,24 +22,55 @@ For example, activity logs display activities such as the date when a repository Owners can also see the activity logs for their repository if the repository is part of the organization subscribed to a Docker Business or Team subscription. -## Manage activity logs +## Access activity logs {{< tabs >}} {{< tab name="Admin Console" >}} -{{% admin-org-audit-log product="admin" %}} +To view activity logs in the Admin Console: + +1. Sign in to [Docker Home](https://app.docker.com) and select your +organization. +1. Select **Admin Console**, then **Activity logs**. {{< /tab >}} {{< tab name="Docker Hub" >}} {{% include "hub-org-management.md" %}} -{{% admin-org-audit-log product="hub" %}} +To view activity logs in Docker Hub: + +1. Sign in to [Docker Hub](https://hub.docker.com). +1. Select **My Hub**, your organization, and then **Activity**. {{< /tab >}} {{< /tabs >}} -## Event definitions +## Filter and customize activity logs + +By default, the **Activity** tab displays all recorded events. To narrow your +view, use the calendar to select a specific date range. The log updates to +show only the activities that occurred during that period. + +You can also filter by activity type. Use the **All Activities** drop-down to +focus on organization-level, repository-level, or billing-related events. +In Docker Hub, when viewing a repository, the **Activities** tab only shows +events for that repository. + +After selecting a category—**Organization**, **Repository**, or **Billing**—use +the **All Actions** drop-down to refine the results even further by specific +event type. + +> [!NOTE] +> +> Events triggered by Docker Support appear under the username **dockersupport**. + +> [!IMPORTANT] +> +> Docker retains activity logs for three months. To maintain access to older +data, export logs regularly. + +## Types of activity log events Refer to the following section for a list of events and their descriptions: diff --git a/content/manuals/admin/organization/convert-account.md b/content/manuals/admin/organization/convert-account.md index 337ff846617d..d7ee1fee1d91 100644 --- a/content/manuals/admin/organization/convert-account.md +++ b/content/manuals/admin/organization/convert-account.md @@ -9,13 +9,15 @@ aliases: {{< summary-bar feature_name="Admin orgs" >}} -You can convert an existing user account to an organization. This is useful if you need multiple users to access your account and the repositories that it’s connected to. Converting it to an organization gives you better control over permissions for these users through [teams](manage-a-team.md) and [roles](roles-and-permissions.md). +Learn how to convert an existing user account into an organization. This is +useful if you need multiple users to access your account and the repositories +it’s connected to. Converting it to an organization gives you better control +over permissions for these users through +[teams](/manuals/admin/organization/manage-a-team.md) and +[roles](/manuals/security/for-admins/roles-and-permissions.md). -When you convert a user account to an organization, the account is migrated to a Docker Team subscription. - -> [!IMPORTANT] -> -> Once you convert your account to an organization, you can’t revert it to a user account. +When you convert a user account to an organization, the account is migrated to +a Docker Team subscription by default. ## Prerequisites @@ -34,40 +36,43 @@ Before you convert a user account to an organization, ensure that you meet the f If you want to convert your user account into an organization account and you don't have any other user accounts, you need to create a new user account to assign it as the owner of the new organization. With the owner role assigned, this user account has full administrative access to configure and manage the organization. You can assign more users the owner role after the conversion. -## Effects of converting an account into an organization - -Consider the following effects of converting your account: - -- This process removes the email address for the account, and organization owners will receive notification emails instead. You'll be able to reuse the removed email address for another account after converting. - -- The current subscription will cancel and your new subscription will start. - -- Repository namespaces and names won't change, but converting your account removes any repository collaborators. Once you convert the account, you'll need to add those users as team members. - -- Existing automated builds will appear as if they were set up by the first owner added to the organization. See [Convert an account into an organization](#convert-an-account-into-an-organization) for steps on adding the first owner. - -- The user account that you add as the first owner will have full administrative access to configure and manage the organization. - -- To transfer a user's personal access tokens (PATs) to your converted organization, -you must designate the user as an organization owner. This will ensure any PATs associated with the user's account are transferred to the organization owner. - -> [!TIP] -> -> To avoid potentially disrupting service of personal access tokens when converting an account or changing ownership, it is recommended to use [organization access tokens](/manuals/security/for-admins/access-tokens.md). Organization access tokens are -associated with an organization, not a single user account. +## What happens when you convert your account + +The following happens when you convert your account into +an organization: + +- This process removes the email address for the account. Notifications are +instead sent to organization owners. You'll be able to reuse the +removed email address for another account after converting. +- The current subscription will automatically cancel and your new subscription +will start. +- Repository namespaces and names won't change, but converting your account +removes any repository collaborators. Once you convert the account, you'll need +to add repository collaborators as team members. +- Existing automated builds appear as if they were set up by the first owner +added to the organization. +- The user account that you add as the first owner will have full +administrative access to configure and manage the organization. +- To transfer a user's personal access tokens (PATs) to your converted +organization, you must designate the user as an organization owner. This will +ensure any PATs associated with the user's account are transferred to the +organization owner. ## Convert an account into an organization -Before you convert an account into an organization ensure you have: - -- Removed your user account from any company or teams or organizations -- Created a new Docker ID before you convert an account - -See the [Prerequisites](#prerequisites) section for details. - -1. Sign in to [Docker Home](https://app.docker.com/login). -1. Select your avatar in the top-right corner and select **Account settings**. -1. In the **Settings** section, select **Convert**. -1. Review the warning displayed about converting a user account. This action cannot be undone and has considerable implications for your assets and the account. -1. Enter a **Username of new owner** to set an organization owner. This is the user account that will manage the organization, and the only way to access the organization settings after conversion. You cannot use the same Docker ID as the account you are trying to convert. -1. Select **Confirm**. The new owner receives a notification email. Use that owner account to sign in and manage the new organization. +> [!IMPORTANT] +> +> Converting an account into an organization is permanent. Back up any data + or settings you want to retain. + +1. Sign in to [Docker Home](https://app.docker.com/). +1. Select your avatar in the top-right corner to open the drop-down. +1. From **Account settings**, select **Convert**. +1. Review the warning displayed about converting a user account. This action +cannot be undone and has considerable implications for your assets and the +account. +1. Enter a **Username of new owner** to set an organization owner. The new +Docker ID you specify becomes the organization’s owner. You cannot use the +same Docker ID as the account you are trying to convert. +1. Select **Confirm**. The new owner receives a notification email. Use that +owner account to sign in and manage the new organization. diff --git a/content/manuals/admin/organization/deactivate-account.md b/content/manuals/admin/organization/deactivate-account.md index aee1e720bc85..ed8b0474038e 100644 --- a/content/manuals/admin/organization/deactivate-account.md +++ b/content/manuals/admin/organization/deactivate-account.md @@ -1,7 +1,7 @@ --- title: Deactivate an organization -description: Learn how to deactivate a Docker organization. -keywords: Docker Hub, delete, deactivate organization, account, organization management +description: Learn how to deactivate a Docker organization and required prerequisite steps. +keywords: delete, deactivate organization, account, organization management, Admin Console, cancel subscription weight: 42 aliases: - /docker-hub/deactivate-account/ @@ -9,38 +9,44 @@ aliases: {{< summary-bar feature_name="General admin" >}} -You can deactivate an account at any time. This section describes the prerequisites and steps to deactivate an organization account. For information on deactivating a user account, see [Deactivate a user account](../../accounts/deactivate-user-account.md). +Learn how to deactivate a Docker organization, including required prerequisite +steps. For information about deactivating user +accounts, see [Deactivate a user account](../../accounts/deactivate-user-account.md). > [!WARNING] > -> All Docker products and services that use your Docker account or organization account will be inaccessible after deactivating your account. +> All Docker products and services that use your Docker account or organization +account will be inaccessible after deactivating your account. ## Prerequisites -Before deactivating an organization, complete the following: +You must complete all the following steps before you can deactivate your +organization: - Download any images and tags you want to keep: `docker pull -a :`. - If you have an active Docker subscription, [downgrade it to a free subscription](../../subscription/change.md). - Remove all other members within the organization. -- Unlink your [Github and Bitbucket accounts](../../docker-hub/repos/manage/builds/link-source.md#unlink-a-github-user-account). +- Unlink your [GitHub and Bitbucket accounts](../../docker-hub/repos/manage/builds/link-source.md#unlink-a-github-user-account). - For Business organizations, [remove your SSO connection](../../security/for-admins/single-sign-on/manage/#remove-an-organization). ## Deactivate -Once you have completed all the previous steps, you can deactivate your organization. +You can deactivate your organization using either the Admin Console or +Docker Hub. > [!WARNING] > -> This cannot be undone. Be sure you've gathered all the data you need from your organization before deactivating it. +> This cannot be undone. Be sure you've gathered all the data you need from +your organization before deactivating it. {{< tabs >}} {{< tab name="Admin Console" >}} 1. Sign in to [Docker Home](https://app.docker.com) and select the organization you want to deactivate. -1. Select **Admin Console**, then **Deactivate**. If this button is greyed out, -you must complete the [Prerequisites](#prerequisites). +1. Select **Admin Console**, then **Deactivate**. If the **Deactivate** +button is unavailable, confirm you've completed all [Prerequisites](#prerequisites). 1. Enter the organization name to confirm deactivation. 1. Select **Deactivate organization**. diff --git a/content/manuals/admin/organization/general-settings.md b/content/manuals/admin/organization/general-settings.md index c0f5f07ffb60..3b6ad6803f65 100644 --- a/content/manuals/admin/organization/general-settings.md +++ b/content/manuals/admin/organization/general-settings.md @@ -1,13 +1,13 @@ --- -title: Organization settings +title: Organization information weight: 60 description: Learn how to manage settings for organizations using Docker Admin Console. -keywords: organization, settings, Admin Console +keywords: organization, settings, Admin Console, manage, Docker organization, Gravatar, SCIM, SSO setup, domain management, organization settings --- -This section describes how to manage organization settings in the Docker Admin Console. +Learn how to update your organization information using the Admin Console. -## Configure organization information +## Update organization information General organization information appears on your organization landing page in the Admin Console. @@ -17,14 +17,19 @@ This information includes: - Company - Location - Website - - Gravatar email: To add an avatar to your Docker account, create a [Gravatar account](https://gravatar.com/) and create your avatar. Next, add your Gravatar email to your Docker account settings. It may take some time for your avatar to update in Docker. + - Gravatar email: To add an avatar to your Docker account, create a [Gravatar account](https://gravatar.com/) and upload an avatar. Next, add your Gravatar email to your Docker account settings. It may take some time for your avatar to update in Docker. To edit this information: -1. Sign in to the [Admin Console](https://app.docker.com/admin). -1. Select your company on the **Choose profile** page. -1. Specify the organization information and select **Save**. +1. Sign in to the [Admin Console](https://app.docker.com/admin) and +select your organization. +1. Enter or update your organization’s details, then select **Save**. ## Next steps -In the **Organization settings** menu, you can also [configure SSO](../../security/for-admins/single-sign-on/configure/) and [set up SCIM](../../security/for-admins/provisioning/scim.md). If your organization isn't part of a company, from here you can also [manage your domains](/manuals/security/for-admins/domain-management.md) or [create a company](new-company.md). +After configuring your organization information, you can: + +- [Configure single sign-on (SSO)](../../security/for-admins/single-sign-on/configure/) +- [Set up SCIM provisioning](../../security/for-admins/provisioning/scim.md) +- [Manage domains](../../security/for-admins/domain-management.md) +- [Create a company](new-company.md) diff --git a/content/manuals/admin/organization/insights.md b/content/manuals/admin/organization/insights.md index 6de7e5679090..7d62e416a7fa 100644 --- a/content/manuals/admin/organization/insights.md +++ b/content/manuals/admin/organization/insights.md @@ -1,7 +1,7 @@ --- -description: Gain insights about your organization's users and their Docker usage. -keywords: organization, insights title: Insights +description: Gain insights about your organization's users and their Docker usage. +keywords: organization, insights, Docker Desktop analytics, user usage statistics, Docker Business, track Docker activity --- {{< summary-bar feature_name="Insights" >}} @@ -13,26 +13,29 @@ productivity and efficiency across the organization. Key benefits include: -- Uniform working environment. Establish and maintain standardized +- Uniform working environment: Establish and maintain standardized configurations across teams. -- Best practices. Promote and enforce usage guidelines to ensure optimal +- Best practices: Promote and enforce usage guidelines to ensure optimal performance. -- Increased visibility. Monitor and drive adoption of organizational +- Increased visibility: Monitor and drive adoption of organizational configurations and policies. -- Optimized license use. Ensure that developers have access to advanced +- Optimized license use: Ensure that developers have access to advanced features provided by a Docker subscription. ## Prerequisites +To use Insights, you must meet the following requirements: + - [Docker Business subscription](../../subscription/details.md#docker-business) -- Administrators must [enforce sign-in](/security/for-admins/enforce-sign-in/) for users -- Insights enabled by your Customer Success Manager +- Administrators must [enforce sign-in](/security/for-admins/enforce-sign-in/) +for users +- Your Customer Success Manager must turn on Insights for your organization ## View Insights for organization users -To access Insights, you must contact your Customer Success Manager to have the -feature enabled. Once the feature is enabled, access Insights using the following -steps: +To access Insights, contact your Customer Success Manager to have the +feature turned on. Once the feature is turned on, access Insights using the +following steps: 1. Sign in to [Docker Home](https://app.docker.com/) and choose your organization. @@ -44,7 +47,7 @@ your organization. > Insights page, view the **Last updated** date to understand when the data was > last updated. -You can view data in the following charts: +Insights data is displayed in the following charts: - [Docker Desktop users](#docker-desktop-users) - [Builds](#builds) @@ -187,7 +190,7 @@ installed ## Troubleshoot Insights If you’re experiencing issues with data in Insights, consider the following -solutions to resolve common problems. +solutions to resolve common problems: - Update users to the latest version of Docker Desktop. @@ -195,12 +198,12 @@ solutions to resolve common problems. In addition, older versions may not provide all data. Ensure all users have installed the latest version of Docker Desktop. -- Enable **Send usage statistics** in Docker Desktop for all your users. +- Turn on **Send usage statistics** in Docker Desktop for all your users. If users have opted out of sending usage statistics for Docker Desktop, then their usage data will not be a part of Insights. To manage the setting at scale for all your users, you can use [Settings - Management](/desktop/hardened-desktop/settings-management/) and enable the + Management](/desktop/hardened-desktop/settings-management/) and turn on the `analyticsEnabled` setting. - Ensure users use Docker Desktop and aren't using the standalone @@ -210,7 +213,7 @@ solutions to resolve common problems. Engine outside of Docker Desktop, Docker Engine won't provide data for that user. -- Ensure that users are signing in to an account associated with your +- Make sure users sign in to an account associated with your organization. Users who don’t sign in to an account associated with your organization are diff --git a/content/manuals/admin/organization/manage-a-team.md b/content/manuals/admin/organization/manage-a-team.md index 43dd00e8c6f8..afcb93271026 100644 --- a/content/manuals/admin/organization/manage-a-team.md +++ b/content/manuals/admin/organization/manage-a-team.md @@ -2,35 +2,49 @@ title: Create and manage a team weight: 40 description: Learn how to create and manage teams for your organization -keywords: Docker, docker, registry, teams, organizations, plans, Dockerfile, Docker - Hub, docs, documentation, repository permissions +keywords: docker, registry, teams, organizations, plans, Dockerfile, Docker + Hub, docs, documentation, repository permissions, configure repository access, team management aliases: - /docker-hub/manage-a-team/ --- {{< summary-bar feature_name="Admin orgs" >}} -You can create teams for your organization in Docker Hub and the Docker Admin Console. You can [configure repository access for a team](#configure-repository-permissions-for-a-team) in Docker Hub. +You can create teams for your organization in the Admin Console or Docker Hub, +and configure team repository access in Docker Hub. -A team is a group of Docker users that belong to an organization. An organization can have multiple teams. An organization owner can then create new teams and add members to an existing team using their Docker ID or email address and by selecting a team the user should be part of. Members aren't required to be part of a team to be associated with an organization. +A team is a group of Docker users that belong to an organization. An +organization can have multiple teams. An organization owner can create new +teams and add members to an existing team using their Docker ID or email +address. Members aren't required to be part of a team to be associated with an +organization. -The organization owner can add additional organization owners to help them manage users, teams, and repositories in the organization by assigning them the owner role. +The organization owner can add additional organization owners to help them +manage users, teams, and repositories in the organization by assigning them +the owner role. -## Organization owner +## What is an organization owner? An organization owner is an administrator who has the following permissions: -- Manage repositories and add team members to the organization. -- Access private repositories, all teams, billing information, and organization settings. -- Specify [permissions](#permissions-reference) for each team in the organization. -- Enable [SSO](../../security/for-admins/single-sign-on/_index.md) for the organization. +- Manage repositories and add team members to the organization +- Access private repositories, all teams, billing information, and +organization settings +- Specify [permissions](#permissions-reference) for each team in the +organization +- Enable [SSO](../../security/for-admins/single-sign-on/_index.md) for the +organization When SSO is enabled for your organization, the organization owner can also manage users. Docker can auto-provision Docker IDs for new end-users or users who'd like to have a separate Docker ID for company use through SSO enforcement. -The organization owner can also add additional organization owners to help them manage users, teams, and repositories in the organization. +Organization owners can add others with the owner role to help them +manage users, teams, and repositories in the organization. + +For more information on roles, see +[Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md). ## Create a team @@ -40,9 +54,6 @@ The organization owner can also add additional organization owners to help them 1. Sign in to [Docker Home](https://app.docker.com) and select your organization. 1. Select **Teams**. -1. Select **Create team**. -1. Fill out your team's information and select **Create**. -1. [Add members to your team](members.md#add-a-member-to-a-team). {{< /tab >}} {{< tab name="Docker Hub" >}} @@ -58,34 +69,45 @@ organization. {{< /tab >}} {{< /tabs >}} -## Configure repository permissions for a team +## Set team repository permissions Organization owners can configure repository permissions on a per-team basis. -For example, you can specify that all teams within an organization have "Read and -Write" access to repositories A and B, whereas only specific teams have "Admin" -access. Note that organization owners have full administrative access to all repositories within the organization. +For example, you can specify that all teams within an organization have +"Read and Write" access to repositories A and B, whereas only specific +teams have "Admin" access. + +Note that organization owners have full administrative access to all +repositories within the organization. To give a team access to a repository: 1. Sign in to [Docker Hub](https://hub.docker.com). 1. Select **My Hub** and choose your organization. -1. Select the **Teams** and select the team that you'd like to configure repository access to. +1. In the **Teams** section, select the team you want to configure repository +access for. 1. Select the **Permissions** tab and select a repository from the - **Repository** drop-down. +**Repository** drop-down. 1. Choose a permission from the **Permissions** drop-down list and select - **Add**. +**Add**. -Organization owners can also assign members the editor role to grant partial administrative access. See [Roles and permissions](../../security/for-admins/roles-and-permissions.md) for more about the editor role. +Organization owners can also assign members the editor role to grant partial +administrative access. For more information on the editor role, see +[Roles and permissions](../../security/for-admins/roles-and-permissions.md). ### Permissions reference -- `Read-only` access lets users view, search, and pull a private repository in the same way as they can a public repository. -- `Read & Write` access lets users pull, push, and view a repository. In addition, it lets users view, cancel, retry or trigger builds +- `Read-only` access lets users view, search, and pull a private repository +in the same way as they can a public repository. +- `Read & Write` access lets users pull, push, and view a repository. In +addition, it lets users view, cancel, retry or trigger builds. - `Admin` access lets users pull, push, view, edit, and delete a - repository. You can also edit build settings, and update the repositories description, collaborators rights, public/private visibility, and delete. + repository. You can also edit build settings and update the repository’s + description, collaborator permissions, public/private visibility, and delete. Permissions are cumulative. For example, if you have "Read & Write" permissions, -you automatically have "Read-only" permissions: +you automatically have "Read-only" permissions. + +The following table shows what each permission level allows users to do: | Action | Read-only | Read & Write | Admin | |:------------------:|:---------:|:------------:|:-----:| @@ -103,22 +125,25 @@ you automatically have "Read-only" permissions: > [!NOTE] > -> A user who hasn't verified their email address only has -> `Read-only` access to the repository, regardless of the rights their team -> membership has given them. +> A user who hasn't verified their email address only has `Read-only` access to +the repository, regardless of the rights their team membership has given them. -## View a team's permissions for all repositories +## View team permissions for all repositories To view a team's permissions across all repositories: 1. Sign in to [Docker Hub](https://hub.docker.com). 1. Select **My Hub** and choose your organization. 1. Select **Teams** and choose your team name. -1. Select the **Permissions** tab, where you can view the repositories this team can access. +1. Select the **Permissions** tab, where you can view the repositories this +team can access. ## Delete a team -Organization owners can delete a team in Docker Hub or Admin Console. When you remove a team from your organization, this action revokes the members' access to the team's permitted resources. It won't remove users from other teams that they belong to, nor will it delete any resources. +Organization owners can delete a team. When you remove a team from your +organization, this action revokes member access to the team's permitted +resources. It won't remove users from other teams that they belong to, and it +won't delete any resources. {{< tabs >}} {{< tab name="Admin Console" >}} diff --git a/content/manuals/admin/organization/manage-products.md b/content/manuals/admin/organization/manage-products.md index b2dc56ec662c..5b645bce67a4 100644 --- a/content/manuals/admin/organization/manage-products.md +++ b/content/manuals/admin/organization/manage-products.md @@ -1,8 +1,8 @@ --- title: Manage Docker products weight: 45 -description: Learn how to manage Docker products for your organization -keywords: organization, tools, products +description: Learn how to manage access and usage for Docker products for your organization +keywords: organization, tools, products, product access, organization management --- {{< summary-bar feature_name="Admin orgs" >}} @@ -11,99 +11,105 @@ In this section, learn how to manage access and view usage of the Docker products for your organization. For more detailed information about each product, including how to set up and configure them, see the following manuals: -- [Docker Build Cloud](../../build-cloud/_index.md) - [Docker Desktop](../../desktop/_index.md) - [Docker Hub](../../docker-hub/_index.md) +- [Docker Build Cloud](../../build-cloud/_index.md) - [Docker Scout](../../scout/_index.md) - [Testcontainers Cloud](https://testcontainers.com/cloud/docs/#getting-started) -## Manage access to Docker products +## Manage product access for your organization -Access to Docker products included in your subscription is enabled by default -for all users. The included products are: +Access to the Docker products included in your subscription is turned on by +default for all users. For an overview of products included in your +subscription, see +[Docker subscriptions and features](/manuals/subscription/details.md). -- Docker Hub -- Docker Build Cloud -- Docker Desktop -- Docker Scout +{{< tabs >}} +{{< tab name="Docker Desktop" >}} -Testcontainers Cloud is not enabled by default. To enable Testcontainers Cloud, see the Testcontainers [Getting Started](https://testcontainers.com/cloud/docs/#getting-started) guide. +### Manage Docker Desktop access -The following sections describe how to enable or disable access for these products. +To manage Docker Desktop access: -### Manage access to Docker Build Cloud +1. [Enforce sign-in](../../security/for-admins/enforce-sign-in/_index.md). +1. Manage members [manually](./members.md) or use +[provisioning](../../security/for-admins/provisioning/_index.md). -To learn how to initially set up and configure Docker Build Cloud, sign in to -the [Docker Build Cloud Dashboard](https://app.docker.com/build) and follow the -on-screen instructions. +With sign-in enforced, only users who are a member of your organization can +use Docker Desktop after signing in. -To manage access to Docker Build Cloud, sign in to [Docker Build -Cloud](http://app.docker.com/build) as an organization owner, select **Account -settings**, and then manage access under **Lock Docker Build Cloud**. +{{< /tab >}} +{{< tab name="Docker Hub" >}} -### Manage access to Docker Scout +### Manage Docker Hub access -To learn how to initially set up and configure Docker Scout for remote -repositories, sign in to the [Docker Scout Dashboard](https://scout.docker.com/) -and follow the on-screen instructions. +To manage Docker Hub access, sign in to +[Docker Home](https://app.docker.com/) and configure [Registry Access Management](../../security/for-admins/hardened-desktop/registry-access-management.md) +or [Image Access Management](../../security/for-admins/hardened-desktop/image-access-management.md). -To manage access to Docker Scout for use on remote repositories, sign in to the -[Docker Scout Dashboard](https://scout.docker.com/) and configure -[integrations](../../scout/explore/dashboard.md#integrations) and [repository -settings](../../scout/explore/dashboard.md#repository-settings). +{{< /tab >}} +{{< tab name="Docker Build Cloud" >}} -To manage access to Docker Scout for use on local images with Docker Desktop, use -[Settings -Management](../../security/for-admins/hardened-desktop/settings-management/_index.md) -and set `sbomIndexing` to `false` to disable, or to `true` to enable. +### Manage Docker Build Cloud access -### Manage access to Docker Hub +To initially set up and configure Docker Build Cloud, sign in to +[Docker Build Cloud](https://app.docker.com/build) and follow the +on-screen instructions. -To manage access to Docker Hub, sign in to the [Docker Admin Console](https://app.docker.com/admin) and configure [Registry Access -Management](../../security/for-admins/hardened-desktop/registry-access-management.md) -or [Image Access -Management](../../security/for-admins/hardened-desktop/image-access-management.md). +To manage Docker Build Cloud access: -### Manage access to Testcontainers Cloud +1. Sign in to [Docker Build Cloud](http://app.docker.com/build) as an +organization owner. +1. Select **Account settings**. +1. Select **Lock access to Docker Build Account**. -To learn how to initially set up and configure Testcontainers Cloud, sign in to -[Testcontainers Cloud](https://app.testcontainers.cloud/) and follow the -on-screen instructions. +{{< /tab >}} +{{< tab name="Docker Scout" >}} -To manage access to Testcontainers Cloud, sign in to the [Testcontainers Cloud -Settings page](https://app.testcontainers.cloud/dashboard/settings) as -an organization owner, and then manage access under **Lock Testcontainers -Cloud**. +### Manage Docker Scout access -### Manage access to Docker Desktop +To initially set up and configure Docker Scout, sign in to +[Docker Scout](https://scout.docker.com/) and follow the on-screen instructions. -To manage access to Docker Desktop, you can [enforce -sign-in](../../security/for-admins/enforce-sign-in/_index.md), then and manage -members [manually](./members.md) or use -[provisioning](../../security/for-admins/provisioning/_index.md). With sign-in -enforced, only users who are a member of your organization can use Docker -Desktop after signing in. +To manage Docker Scout access: -## View Docker product usage +1. Sign in to [Docker Scout](https://scout.docker.com/) as an organization +owner. +1. Select your organization, then **Settings**. +1. To manage what repositories are enabled for Docker Scout analysis, select +**Repository settings**. For more information on, +see [repository settings](../../scout/explore/dashboard.md#repository-settings). +1. To manage access to Docker Scout for use on local images with Docker Desktop, +use [Settings Management](../../security/for-admins/hardened-desktop/settings-management/_index.md) +and set `sbomIndexing` to `false` to disable, or to `true` to enable. + +{{< /tab >}} +{{< tab name="Testcontainers Cloud" >}} + +### Manage Testcontainers Cloud access + +To initially set up and configure Testcontainers Cloud, sign in to +[Testcontainers Cloud](https://app.testcontainers.cloud/) and follow the +on-screen instructions. -View usage for the products on the following pages: +To manage access to Testcontainers Cloud: -- Docker Build Cloud: View the **Build minutes** page in the [Docker Build Cloud - Dashboard](http://app.docker.com/build). +1. Sign in to the [Testcontainers Cloud](https://app.testcontainers.cloud/) and +select **Account**. +1. Select **Settings**, then **Lock access to Testcontainers Cloud**. -- Docker Scout: View the [**Repository settings** - page](https://scout.docker.com/settings/repos) in the Docker Scout - Dashboard. +{{< /tab >}} +{{< /tabs >}} -- Docker Hub: View the [**Usage** page](https://hub.docker.com/usage) in Docker - Hub. +## Monitor product usage for your organization -- Testcontainers Cloud: View the [**Billing** - page](https://app.testcontainers.cloud/dashboard/billing) in the - Testcontainers Cloud Dashboard. +To view usage for Docker products: -- Docker Desktop: View the **Insights** page in [Docker Home](https://app.docker.com/). For more details, see - [Insights](./insights.md). +- Docker Desktop: View the **Insights** page in [Docker Home](https://app.docker.com/). For more details, see [Insights](./insights.md). +- Docker Hub: View the [**Usage** page](https://hub.docker.com/usage) in Docker Hub. +- Docker Build Cloud: View the **Build minutes** page in [Docker Build Cloud](http://app.docker.com/build). +- Docker Scout: View the [**Repository settings** page](https://scout.docker.com/settings/repos) in Docker Scout. +- Testcontainers Cloud: View the [**Billing** page](https://app.testcontainers.cloud/dashboard/billing) in Testcontainers Cloud. -If your usage exceeds your subscription amount, you can [scale your -subscription](../../subscription/scale.md) to meet your needs. \ No newline at end of file +If your usage or seat count exceeds your subscription amount, you can +[scale your subscription](../../subscription/scale.md) to meet your needs. diff --git a/content/manuals/admin/organization/members.md b/content/manuals/admin/organization/members.md index 505f088d6188..85d497f58a92 100644 --- a/content/manuals/admin/organization/members.md +++ b/content/manuals/admin/organization/members.md @@ -2,7 +2,7 @@ title: Manage organization members weight: 30 description: Learn how to manage organization members in Docker Hub and Docker Admin Console. -keywords: members, teams, organizations, invite members, manage team members +keywords: members, teams, organizations, invite members, manage team members, export member list, edit roles, organization teams, user management aliases: - /docker-hub/members/ --- @@ -14,14 +14,154 @@ Learn how to manage members for your organization in Docker Hub and the Docker A {{< tabs >}} {{< tab name="Admin Console" >}} -{{% admin-users product="admin" %}} +Owners can invite new members to an organization via Docker ID, email address, or with a CSV file containing email addresses. If an invitee does not have a Docker account, they must create an account and verify their email address before they can accept an invitation to join the organization. When inviting members, their pending invitation occupies a seat. + +### Invite members via Docker ID or email address + +Use the following steps to invite members to your organization via Docker ID or email address. + +1. Sign in to [Docker Home](https://app.docker.com) and select your organization. +1. Select **Members**, then **Invite**. +1. Select **Emails or usernames**. +1. Follow the on-screen instructions to invite members. Invite a maximum of 1000 members and separate multiple entries by comma, semicolon, or space. + +> [!NOTE] +> +> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for +details about the access permissions for each role. + +Pending invitations appear in the table. Invitees receive an email with a link to Docker Hub where they can accept or decline the invitation. + +### Invite members via CSV file + +To invite multiple members to an organization via a CSV file containing email addresses: + +1. Sign in to [Docker Home](https://app.docker.com) and select your organization. +1. Select **Members**, then **Invite**. +1. Select **CSV upload**. +1. Optional. Select **Download the template CSV file** to download an example CSV file. The following is an example of the contents of a valid CSV file. + +```text +email +docker.user-0@example.com +docker.user-1@example.com +``` + +CSV file requirements: + +- The file must contain a header row with at least one heading named email. Additional columns are allowed and are ignored in the import. +- The file must contain a maximum of 1000 email addresses (rows). To invite more than 1000 users, create multiple CSV files and perform all steps in this task for each file. + +1. Create a new CSV file or export a CSV file from another application. + +- To export a CSV file from another application, see the application’s documentation. +- To create a new CSV file, open a new file in a text editor, type email on the first line, type the user email addresses one per line on the following lines, and then save the file with a .csv extension. + +1. Select **Browse files** and then select your CSV file, or drag and drop the CSV file into the **Select a CSV file to upload** box. You can only select one CSV file at a time. + +> [!NOTE] +> +> If the amount of email addresses in your CSV file exceeds the number of available seats in your organization, you cannot continue to invite members. To invite members, you can purchase more seats, or remove some email addresses from the CSV file and re-select the new file. To purchase more seats, see [Add seats](/manuals/subscription/manage-seats.md) to your subscription or [Contact sales](https://www.docker.com/pricing/contact-sales/). + +1. After the CSV file has been uploaded, select **Review**. + +Valid email addresses and any email addresses that have issues appear. Email addresses may have the following issues: + +- Invalid email: The email address is not a valid address. The email address will be ignored if you send invites. You can correct the email address in the CSV file and re-import the file. +- Already invited: The user has already been sent an invite email and another invite email will not be sent. +- Member: The user is already a member of your organization and an invite email will not be sent. +- Duplicate: The CSV file has multiple occurrences of the same email address. The user will be sent only one invite email. + +1. Follow the on-screen instructions to invite members. + +> [!NOTE] +> +> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for +details about the access permissions for each role. + +Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept or decline the invitation. + +### Invite members via API + +You can bulk invite members using the Docker Hub API. For more information, see the [Bulk create invites](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1bulk/post) API endpoint. {{< /tab >}} {{< tab name="Docker Hub" >}} {{% include "hub-org-management.md" %}} -{{% admin-users product="hub" %}} +Owners can invite new members to an organization via Docker ID, email address, or with a CSV file containing email addresses. If an invitee does not have a Docker account, they must create an account and verify their email address before they can accept an invitation to join the organization. When inviting members, their pending invitation occupies a seat. + +### Invite members via Docker ID or email address + +Use the following steps to invite members to your organization via Docker ID or email address. + +1. Sign in to [Docker Hub](https://hub.docker.com). +1. Select **My Hub**, your organization, then **Members**. +1. Select **Invite members**. +1. Select **Emails or usernames**. +1. Follow the on-screen instructions to invite members. Invite a maximum of 1000 members and separate multiple entries by comma, semicolon, or space. + +> [!NOTE] +> +> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for +details about the access permissions for each role. + +Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept or decline the invitation. + +### Invite members via CSV file + +To invite multiple members to an organization via a CSV file containing email addresses: + +1. Sign in to [Docker Hub](https://hub.docker.com). +1. Select **My Hub**, your organization, then **Members**. +1. Select **Invite members**. +1. Select **CSV upload**. +1. Optional. Select **Download the template CSV file** to download an example CSV file. The following is an example of the contents of a valid CSV file. + +```text +email +docker.user-0@example.com +docker.user-1@example.com +``` + +CSV file requirements: + +- The file must contain a header row with at least one heading named email. Additional columns are allowed and are ignored in the import. +- The file must contain a maximum of 1000 email addresses (rows). To invite more than 1000 users, create multiple CSV files and perform all steps in this task for each file. + +1. Create a new CSV file or export a CSV file from another application. + +- To export a CSV file from another application, see the application’s documentation. +- To create a new CSV file, open a new file in a text editor, type email on the first line, type the user email addresses one per line on the following lines, and then save the file with a .csv extension. + +1. Select **Browse files** and then select your CSV file, or drag and drop the CSV file into the **Select a CSV file to upload** box. You can only select one CSV file at a time. + +> [!NOTE] +> +> If the amount of email addresses in your CSV file exceeds the number of available seats in your organization, you cannot continue to invite members. To invite members, you can purchase more seats, or remove some email addresses from the CSV file and re-select the new file. To purchase more seats, see [Add seats](/manuals/subscription/manage-seats.md) to your subscription or [Contact sales](https://www.docker.com/pricing/contact-sales/). + +1. After the CSV file has been uploaded, select **Review**. + +Valid email addresses and any email addresses that have issues appear. Email addresses may have the following issues: + +- Invalid email: The email address is not a valid address. The email address will be ignored if you send invites. You can correct the email address in the CSV file and re-import the file. +- Already invited: The user has already been sent an invite email and another invite email will not be sent. +- Member: The user is already a member of your organization and an invite email will not be sent. +- Duplicate: The CSV file has multiple occurrences of the same email address. The user will be sent only one invite email. + +1. Follow the on-screen instructions to invite members. + +> [!NOTE] +> +> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for +details about the access permissions for each role. + +Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept or decline the invitation. + +### Invite members via API + +You can bulk invite members using the Docker Hub API. For more information, see the [Bulk create invites](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1bulk/post) API endpoint. {{< /tab >}} {{< /tabs >}} @@ -32,7 +172,7 @@ When an invitation is to a user's email address, they receive a link to Docker Hub where they can accept or decline the invitation. To accept an invitation: -1. Navigate to your email inbox and open the Docker email with an invitation to +1. Check your email inbox and open the Docker email with an invitation to join the Docker organization. 1. To open the link to Docker Hub, select the **click here** link. @@ -176,7 +316,7 @@ To add a member to a team with Docker Hub: {{< /tab >}} {{< /tabs >}} -### Remove a member from a team +### Remove members from teams > [!NOTE] > @@ -217,6 +357,11 @@ Organization owners can manage [roles](/security/for-admins/roles-and-permission within an organization. If an organization is part of a company, the company owner can also manage that organization's roles. If you have SSO enabled, you can use [SCIM for role mapping](/security/for-admins/provisioning/scim/). +> [!NOTE] +> +> If you're the only owner of an organization, you need to assign a new owner +before you can edit your role. + {{< tabs >}} {{< tab name="Admin Console" >}} @@ -228,11 +373,6 @@ organization. 1. Find the username of the member whose role you want to edit. Select the **Actions** menu, then **Edit role**. -> [!NOTE] -> -> If you're the only owner of an organization, -> you need to assign a new owner before you can edit your role. - {{< /tab >}} {{< tab name="Docker Hub" >}} @@ -289,4 +429,4 @@ To export a CSV file of your members: 1. Select the **Action** icon and then select **Export users as CSV**. {{< /tab >}} -{{< /tabs >}} \ No newline at end of file +{{< /tabs >}} diff --git a/content/manuals/admin/organization/onboard.md b/content/manuals/admin/organization/onboard.md index 480252e5f81b..392f26861e7b 100644 --- a/content/manuals/admin/organization/onboard.md +++ b/content/manuals/admin/organization/onboard.md @@ -2,7 +2,7 @@ title: Onboard your organization weight: 20 description: Get started onboarding your Docker Team or Business organization. -keywords: business, team, organizations, get started, onboarding +keywords: business, team, organizations, get started, onboarding, Admin Console, organization management, toc_min: 1 toc_max: 3 aliases: @@ -13,33 +13,40 @@ aliases: {{< summary-bar feature_name="Admin orgs" >}} -Learn how to onboard your organization using Docker Hub or the Docker Admin Console. +Learn how to onboard your organization using the Admin Console or Docker Hub. -Onboarding your organization lets administrators gain visibility into user activity and enforce security settings. In addition, members of your organization receive increased pull limits and other organization wide benefits. For more details, see [Docker subscriptions and features](../../subscription/details.md). +Onboarding your organization includes: -In this guide, you'll learn how to do the following: - -- Identify your users to help you efficiently allocate your subscription seats +- Identifying users to help you allocate your subscription seats - Invite members and owners to your organization -- Secure authentication and authorization for your organization using Single Sign-On (SSO) and System for Cross-domain Identity Management (SCIM) -- Enforce sign-on for Docker Desktop to ensure security best practices +- Secure authentication and authorization for your organization +- Enforce sign-in for Docker Desktop to ensure security best practices + +These actions help administrators gain visibility into user activity and +enforce security settings. Organization memebers also receive increased pull +limits and other benefits when they are signed in. ## Prerequisites -Before you start onboarding your organization, ensure that you: +Before you start onboarding your organization, ensure you: -- Have a Docker Team or Business subscription. See [Docker Pricing](https://www.docker.com/pricing/) for details. +- Have a Docker Team or Business subscription. For more details, see +[Docker subscriptions and features](/manuals/subscription/details.md). > [!NOTE] > - > When purchasing a self-serve subscription, the on-screen instructions guide you through creating an organization. If you have purchased a subscription through Docker Sales and you have not yet created an organization, see [Create an organization](/admin/organization/orgs). + > When purchasing a self-serve subscription, the on-screen instructions + guide you through creating an organization. If you have purchased a + subscription through Docker Sales and you have not yet created an + organization, see [Create an organization](/manuals/admin/organization/orgs.md). -- Familiarize yourself with Docker concepts and terminology in the [administration overview](../_index.md) and [FAQs](/faq/admin/general-faqs/). +- Familiarize yourself with Docker concepts and terminology in +the [administration overview](../_index.md). ## Onboard with guided setup -The Admin Console has a guided setup to help you easily -onboard your organization. The guided setup steps consist of basic onboarding +The Admin Console has a guided setup to help you +onboard your organization. The guided setup's steps consist of basic onboarding tasks. If you want to onboard outside of the guided setup, see [Recommended onboarding steps](/manuals/admin/organization/onboard.md#recommended-onboarding-steps). @@ -52,8 +59,8 @@ The guided setup walks you through the following onboarding steps: - **Invite your team**: Invite owners and members. - **Manage user access**: Add and verify a domain, manage users with SSO, and enforce Docker Desktop sign-in. -- **Docker Desktop security**: Configure image access management, registry access -management, and settings management. +- **Docker Desktop security**: Configure image access management, registry +access management, and settings management. ## Recommended onboarding steps @@ -63,56 +70,91 @@ Identifying your users helps you allocate seats efficiently and ensures they receive your Docker subscription benefits. 1. Identify the Docker users in your organization. - - If your organization uses device management software, like MDM or Jamf, you can use the device management software to help identify Docker users. See your device management software's documentation for details. You can identify Docker users by checking if Docker Desktop is installed at the following location on each user's machine: + - If your organization uses device management software, like MDM or Jamf, + you can use the device management software to help identify Docker users. + See your device management software's documentation for details. You can + identify Docker users by checking if Docker Desktop is installed at the + following location on each user's machine: - Mac: `/Applications/Docker.app` - Windows: `C:\Program Files\Docker\Docker` - Linux: `/opt/docker-desktop` - - If your organization doesn't use device management software or your users haven't installed Docker Desktop yet, you can survey your users. -2. Ask users to update their Docker account email to one in your organization’s domain, or create a new account with that email. - - To update an account's email address, instruct your users to sign in to [Docker Hub](https://hub.docker.com), and update the email address to their email address in your organization's domain. - - To create a new account, instruct your users to go [sign up](https://hub.docker.com/signup) using their email address in your organization's domain. -3. Ask your Docker sales representative or [contact sales](https://www.docker.com/pricing/contact-sales/) to get a list of Docker accounts that use an email address in your organization's domain. + - If your organization doesn't use device management software or your + users haven't installed Docker Desktop yet, you can survey your users to + identify who is using Docker Desktop. +1. Ask users to update their Docker account's email address to one associated +with your organization's domain, or create a new account with that email. + - To update an account's email address, instruct your users to sign in + to [Docker Hub](https://hub.docker.com), and update the email address to + their email address in your organization's domain. + - To create a new account, instruct your users to + [sign up](https://hub.docker.com/signup) using their email address associated + with your organization's domain. +1. Identify Docker accounts associated with your organization's domain: + - Ask your Docker sales representative or + [contact sales](https://www.docker.com/pricing/contact-sales/) to get a list + of Docker accounts that use an email address in your organization's domain. ### Step two: Invite owners -When you create an organization, you are the only owner. It is optional to add additional owners. Owners can help you onboard and manage your organization. +Owners can help you onboard and manage your organization. + +When you create an organization, you are the only owner. It is optional to +add additional owners. -To add an owner, invite a user and assign them the owner role. For more details, see [Invite members](/admin/organization/members/). +To add an owner, invite a user and assign them the owner role. For more +details, see [Invite members](/manuals/admin/organization/members.md) and +[Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md). ### Step three: Invite members -When you add users to your organization, you gain visibility into their activity and you can enforce security settings. In addition, members of your organization receive increased pull limits and other organization wide benefits. +When you add users to your organization, you gain visibility into their +activity and you can enforce security settings. Your members also +receive increased pull limits and other organization wide benefits when +they are signed in. -To add a member, invite a user and assign them the member role. For more details, see [Invite members](/admin/organization/members/). +To add a member, invite a user and assign them the member role. +For more details, see [Invite members](/manuals/admin/organization/members.md) and +[Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md). ### Step four: Manage user access with SSO and SCIM -Configuring SSO and SCIM is optional and only available to Docker Business subscribers. To upgrade a Docker Team subscription to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/). +Configuring SSO and SCIM is optional and only available to Docker Business +subscribers. To upgrade a Docker Team subscription to a Docker Business +subscription, see [Change your subscription](/manuals/subscription/change.md). Use your identity provider (IdP) to manage members and provision them to Docker automatically via SSO and SCIM. See the following for more details: - - [Configure SSO](/manuals/security/for-admins/single-sign-on/configure.md) to authenticate and add members when they sign in to Docker through your identity provider. - - Optional. [Enforce SSO](/manuals/security/for-admins/single-sign-on/connect.md) to ensure that when users sign in to Docker, they must use SSO. + - [Configure SSO](/manuals/security/for-admins/single-sign-on/configure.md) + to authenticate and add members when they sign in to Docker through your + identity provider. + - Optional. + [Enforce SSO](/manuals/security/for-admins/single-sign-on/connect.md) to + ensure that when users sign in to Docker, they must use SSO. > [!NOTE] > > Enforcing single sign-on (SSO) and enforcing Docker Desktop sign in are different features. For more details, see - > [Enforcing sign-in versus enforcing single sign-on (SSO)](/security/for-admins/enforce-sign-in/#enforcing-sign-in-versus-enforcing-single-sign-on-sso). + > [Enforcing sign-in versus enforcing single sign-on (SSO)](/manuals/security/for-admins/enforce-sign-in.md#enforcing-sign-in-versus-enforcing-single-sign-on-sso). - - [Configure SCIM](/security/for-admins/provisioning/scim/) to automatically provision, add, and de-provision members to Docker through your identity provider. + - [Configure SCIM](/manuals/security/for-admins/provisioning/scim.md) to + automatically provision, add, and de-provision members to Docker through + your identity provider. ### Step five: Enforce sign-in for Docker Desktop By default, members of your organization can use Docker Desktop without signing in. When users don’t sign in as a member of your organization, they don’t -receive the [benefits of your organization’s subscription](../../subscription/details.md) and they can circumvent [Docker’s security features](/security/for-admins/hardened-desktop/). +receive the +[benefits of your organization’s subscription](../../subscription/details.md) +and they can circumvent [Docker’s security features](/manuals/security/for-admins/hardened-desktop/_index.md). -There are multiple ways you can enforce sign-in, depending on your company's setup and preferences: -- [Registry key method (Windows only)](/security/for-admins/enforce-sign-in/methods/#registry-key-method-windows-only) -- [`.plist` method (Mac only)](/security/for-admins/enforce-sign-in/methods/#plist-method-mac-only) -- [`registry.json` method (All)](/security/for-admins/enforce-sign-in/methods/#registryjson-method-all) +There are multiple ways you can enforce sign-in, depending on your organization's +Docker configuration: +- [Registry key method (Windows only)](/manuals/security/for-admins/enforce-sign-in/methods.md#registry-key-method-windows-only) +- [`.plist` method (Mac only)](/manuals/security/for-admins/enforce-sign-in/methods.md#plist-method-mac-only) +- [`registry.json` method (All)](/manuals/security/for-admins/enforce-sign-in/methods.md#registryjson-method-all) ### Step six: Manage Docker Desktop security @@ -129,4 +171,5 @@ security posture: - Configure [Hardened Docker Desktop](/desktop/hardened-desktop/) to improve your organization’s security posture for containerized development. - [Manage your domains](/manuals/security/for-admins/domain-management.md) to ensure that all Docker users in your domain are part of your organization. -Your Docker subscription provides many more additional features. To learn more, see [Docker subscriptions and features](/subscription/details/). \ No newline at end of file +Your Docker subscription provides many more additional features. To learn more, +see [Docker subscriptions and features](/subscription/details/). diff --git a/content/manuals/admin/organization/orgs.md b/content/manuals/admin/organization/orgs.md index 9115918628f9..e9d9ea6fb634 100644 --- a/content/manuals/admin/organization/orgs.md +++ b/content/manuals/admin/organization/orgs.md @@ -2,23 +2,29 @@ title: Create your organization weight: 10 description: Learn how to create an organization. -keywords: Docker, docker, registry, teams, organizations, plans, Dockerfile, Docker - Hub, docs, documentation +keywords: docker organizations, organization, create organization, docker teams, docker admin console, organization management aliases: -- /docker-hub/orgs/ + - /docker-hub/orgs/ --- {{< summary-bar feature_name="Admin orgs" >}} -This section describes how to create an organization. Before you begin: +This page describes how to create an organization. + +## Prerequisites + +Before you begin creating an organization: - You need a [Docker ID](/accounts/create-account/) -- Review the [Docker subscriptions and features](../../subscription/details.md) to determine what subscription to choose for your organization +- Review the [Docker subscriptions and features](../../subscription/details.md) + to determine what subscription to choose for your organization ## Create an organization There are multiple ways to create an organization. You can either: -- Create a new organization using the **Create Organization** option in Docker Hub + +- Create a new organization using the **Create Organization** option in the +Admin Console or Docker Hub - Convert an existing user account to an organization The following section contains instructions on how to create a new organization. For prerequisites and @@ -105,7 +111,8 @@ configure your organization. To view an organization: -1. Sign in to [Docker Hub](https://hub.docker.com) with a user account that is a member of any team in the organization. +1. Sign in to [Docker Hub](https://hub.docker.com) with a user account that is + a member of any team in the organization. > [!NOTE] > @@ -139,10 +146,9 @@ configure your organization. - **Settings**: Displays information about your organization, and you to view and change your repository privacy settings, configure org permissions such as - [Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md), configure notification settings, and [deactivate](/manuals/admin/organization/deactivate-account.md#deactivate-an-organization) You can also update your organization name and company name that appear on your organization landing page. You must be an owner to access the - organization's **Settings** page. + [Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md), configure notification settings, and [deactivate](/manuals/admin/organization/deactivate-account.md#deactivate-an-organization) You can also update your organization name and company name that appear on your organization landing page. You must be an owner to access the organization's **Settings** page. - **Billing**: Displays information about your existing -[Docker subscription](../../subscription/_index.md), including the number of seats and next payment due date. For how to access the billing history and payment methods for your organization, see [View billing history](../../billing/history.md). + [Docker subscription](../../subscription/_index.md), including the number of seats and next payment due date. For how to access the billing history and payment methods for your organization, see [View billing history](../../billing/history.md). {{< /tab >}} {{< /tabs >}} @@ -151,12 +157,13 @@ configure your organization. > [!WARNING] > -> If you are merging organizations, it is recommended to do so at the *end* of +> If you are merging organizations, it is recommended to do so at the _end_ of > your billing cycle. When you merge an organization and downgrade another, you > will lose seats on your downgraded organization. Docker does not offer > refunds for downgrades. -If you have multiple organizations that you want to merge into one, complete the following: +If you have multiple organizations that you want to merge into one, complete +the following steps: 1. Based on the number of seats from the secondary organization, [purchase additional seats](../../subscription/manage-seats.md) for the primary organization account that you want to keep. 1. Manually add users to the primary organization and remove existing users from the secondary organization. @@ -165,7 +172,8 @@ If you have multiple organizations that you want to merge into one, complete the > [!TIP] > -> If your organization has a Docker Business subscription with a purchase order, contact Support or your Account Manager at Docker. +> If your organization has a Docker Business subscription with a purchase +order, contact Support or your Account Manager at Docker. ## More resources diff --git a/content/manuals/ai/compose/models-and-compose.md b/content/manuals/ai/compose/models-and-compose.md index bdfb0de5eb65..737b4b217af2 100644 --- a/content/manuals/ai/compose/models-and-compose.md +++ b/content/manuals/ai/compose/models-and-compose.md @@ -3,6 +3,9 @@ title: Define AI Models in Docker Compose applications linkTitle: Use AI models in Compose description: Learn how to define and use AI models in Docker Compose applications using the models top-level element keywords: compose, docker compose, models, ai, machine learning, cloud providers, specification +aliases: + - /compose/how-tos/model-runner/ + - /ai/compose/model-runner/ weight: 10 params: sidebar: @@ -18,11 +21,12 @@ Compose lets you define AI models as core components of your application, so you ## Prerequisites - Docker Compose v2.38 or later -- A platform that supports Compose models such as Docker Model Runner or compatible cloud providers +- A platform that supports Compose models such as Docker Model Runner (DMR) or compatible cloud providers. + If you are using DMR, see the [requirements](/manuals/ai/model-runner/_index.md#requirements). ## What are Compose models? -Compose `models` are a standardized way to define AI model dependencies in your application. By using the []`models` top-level element](/reference/compose-file/models.md) in your Compose file, you can: +Compose `models` are a standardized way to define AI model dependencies in your application. By using the [`models` top-level element](/reference/compose-file/models.md) in your Compose file, you can: - Declare which AI models your application needs - Specify model configurations and requirements @@ -42,7 +46,7 @@ services: models: llm: - image: ai/smollm2 + model: ai/smollm2 ``` This example defines: @@ -56,7 +60,7 @@ Models support various configuration options: ```yaml models: llm: - image: ai/smollm2 + model: ai/smollm2 context_size: 1024 runtime_flags: - "--a-flag" @@ -64,10 +68,17 @@ models: ``` Common configuration options include: -- `model` (required): The OCI artifact identifier for the model. This is what Compose pulls and runs via the model runner. +- `model` (required): The OCI artifact identifier for the model. This is what Compose pulls and runs via the model runner. - `context_size`: Defines the maximum token context size for the model. + + > [!NOTE] + > Each model has its own maximum context size. When increasing the context length, + > consider your hardware constraints. In general, try to keep context size + > as small as feasible for your specific needs. + - `runtime_flags`: A list of raw command-line flags passed to the inference engine when the model is started. -- Platform-specific options may also be available via extensions attributes `x-*` + For example, if you use llama.cpp, you can pass any of [the available parameters](https://github.com/ggml-org/llama.cpp/blob/master/tools/server/README.md). +- Platform-specific options may also be available via extension attributes `x-*` ## Service model binding @@ -87,9 +98,9 @@ services: models: llm: - image: ai/smollm2 + model: ai/smollm2 embedding-model: - image: ai/all-minilm + model: ai/all-minilm ``` With short syntax, the platform automatically generates environment variables based on the model name: @@ -116,9 +127,9 @@ services: models: llm: - image: ai/smollm2 + model: ai/smollm2 embedding-model: - image: ai/all-minilm + model: ai/all-minilm ``` With this configuration, your service receives: @@ -131,18 +142,23 @@ One of the key benefits of using Compose models is portability across different ### Docker Model Runner -When Docker Model Runner is enabled: +When [Docker Model Runner is enabled](/manuals/ai/model-runner/_index.md): ```yaml services: chat-app: image: my-chat-app models: - - llm + llm: + endpoint_var: AI_MODEL_URL + model_var: AI_MODEL_NAME models: llm: - image: ai/smollm2 + model: ai/smollm2 + context_size: 4096 + runtime_flags: + - "--no-prefill-assistant" ``` Docker Model Runner will: @@ -150,6 +166,34 @@ Docker Model Runner will: - Provide endpoint URLs for accessing the model - Inject environment variables into the service +#### Alternative configuration with provider services + +> [!TIP] +> +> This approach is deprecated. Use the [`models` top-level element](#basic-model-definition) instead. + +You can also use the `provider` service type, which allows you to declare platform capabilities required by your application. +For AI models, you can use the `model` type to declare model dependencies. + +To define a model provider: + +```yaml +services: + chat: + image: my-chat-app + depends_on: + - ai_runner + + ai_runner: + provider: + type: model + options: + model: ai/smollm2 + context-size: 1024 + runtime-flags: "--no-prefill-assistant" +``` + + ### Cloud providers The same Compose file can run on cloud providers that support Compose models: @@ -163,9 +207,9 @@ services: models: llm: - image: ai/smollm2 + model: ai/smollm2 # Cloud-specific configurations - labels: + x-cloud-options: - "cloud.instance-type=gpu-small" - "cloud.region=us-west-2" ``` @@ -181,4 +225,4 @@ Cloud providers might: - [`models` top-level element](/reference/compose-file/models.md) - [`models` attribute](/reference/compose-file/services.md#models) - [Docker Model Runner documentation](/manuals/ai/model-runner.md) -- [Compose Model Runner documentation](/manuals/compose/how-tos/model-runner.md)] \ No newline at end of file +- [Compose Model Runner documentation](/manuals/ai/compose/models-and-compose.md) diff --git a/content/manuals/ai/gordon/_index.md b/content/manuals/ai/gordon/_index.md index 83b1faf5fd56..eaa6685b0d1e 100644 --- a/content/manuals/ai/gordon/_index.md +++ b/content/manuals/ai/gordon/_index.md @@ -18,18 +18,21 @@ Ask Gordon is your personal AI assistant embedded in Docker Desktop and the Docker CLI. It's designed to streamline your workflow and help you make the most of the Docker ecosystem. -## What is Ask Gordon? +## Key features -Ask Gordon provides AI-powered assistance in Docker tools. It offers contextual help for tasks like: +Ask Gordon provides AI-powered assistance within Docker tools. It can: -- Improving Dockerfiles -- Running and troubleshooting containers -- Interacting with your images and code -- Finding vulnerabilities or configuration issues +- Improve Dockerfiles +- Run and troubleshoot containers +- Interact with your images and code +- Find vulnerabilities or configuration issues -It understands your local environment, including source code, Dockerfiles, and images, to provide personalized and actionable guidance. +It understands your local environment, including source code, Dockerfiles, and +images, to provide personalized and actionable guidance. -These features are not enabled by default, and are not +Ask Gordon remembers conversations, allowing you to switch topics more easily. + +Ask Gordon is not enabled by default, and is not production-ready. You may also encounter the term "Docker AI" as a broader reference to this technology. @@ -93,7 +96,7 @@ If you have concerns about data collection or usage, you can terms before you can enable the feature. Review the terms and select **Accept and enable** to continue. -4. Select **Apply & restart**. +4. Select **Apply**. > [!IMPORTANT] > @@ -203,7 +206,7 @@ If you've enabled Ask Gordon and you want to disable it again: 1. Open the **Settings** view in Docker Desktop. 2. Navigate to **Beta features**. 3. Clear the **Enable Docker AI** checkbox. -4. Select **Apply & restart**. +4. Select **Apply**. ### For organizations diff --git a/content/manuals/ai/mcp-catalog-and-toolkit/images/copilot-mode.png b/content/manuals/ai/mcp-catalog-and-toolkit/images/copilot-mode.png new file mode 100644 index 000000000000..9ce6e961c5c6 Binary files /dev/null and b/content/manuals/ai/mcp-catalog-and-toolkit/images/copilot-mode.png differ diff --git a/content/manuals/ai/mcp-catalog-and-toolkit/images/tools.png b/content/manuals/ai/mcp-catalog-and-toolkit/images/tools.png new file mode 100644 index 000000000000..4439dc4b5e1f Binary files /dev/null and b/content/manuals/ai/mcp-catalog-and-toolkit/images/tools.png differ diff --git a/content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md b/content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md index 729d43479528..d06e7a946671 100644 --- a/content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md +++ b/content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md @@ -80,10 +80,12 @@ Security at runtime is enforced through resource and access limitations: 1. Open the Docker Desktop settings and select **Beta features**. 2. Select **Enable Docker MCP Toolkit**. -3. Select **Apply & restart**. +3. Select **Apply**. >[!NOTE] ->If you have the MCP Toolkit _extension_ installed, you can uninstall it. +> +> This feature started as the MCP Toolkit _extension_. This extension is now deprecated +>and should be uninstalled. ## Install an MCP server @@ -107,17 +109,16 @@ To install an MCP server: To learn more about the MCP server catalog, see [Catalog](catalog.md). -### Example: Use the GitHub MCP server +### Example: Use the **GitHub Official** MCP server Imagine you want to enable Ask Gordon to interact with your GitHub account: 1. From the **MCP Toolkit** menu, select the **Catalog** tab and find the **GitHub Official** server and add it. -2. In the server's **Config** tab, insert your token generated from - your [GitHub account](https://github.com/settings/personal-access-tokens). +2. In the server's **Config** tab, [connect via OAuth](#authenticate-via-oauth). 3. In the **Clients** tab, ensure Gordon is connected. 4. From the **Ask Gordon** menu, you can now send requests related to your - GitHub account, in accordance to the tools provided by the GitHub MCP server. To test it, ask Gordon: + GitHub account, in accordance to the tools provided by the GitHub Official server. To test it, ask Gordon: ```text What's my GitHub handle? @@ -145,7 +146,7 @@ You can simply install these 2 MCP servers in the MCP Toolkit, and add Claude Desktop as a client: 1. From the **MCP Toolkit** menu, select the **Catalog** tab and find the **Puppeteer** server and add it. -2. Repeat for the **GitHub** server. +2. Repeat for the **GitHub Official** server. 3. From the **Clients** tab, select **Connect** next to **Claude Desktop**. Restart Claude Desktop if it's running, and it can now access all the servers in the MCP Toolkit. 4. Within Claude Desktop, run a test by submitting the following prompt using the Sonnet 3.5 model: @@ -160,3 +161,74 @@ and add Claude Desktop as a client: ```text Take a screenshot of docs.docker.com and then invert the colors ``` + +### Example: Use Visual Studio Code as a client + +You can interact with all your installed MCP servers in VS Code: + +1. To enable the MCP Toolkit: + + + {{< tabs group="" >}} + {{< tab name="Enable globally">}} + + 1. Insert the following in your VS Code's User`settings.json`: + + ```json + "mcp": { + "servers": { + "MCP_DOCKER": { + "command": "docker", + "args": [ + "mcp", + "gateway", + "run" + ], + "type": "stdio" + } + } + } + ``` + + {{< /tab >}} + {{< tab name="Enable for a given project">}} + + 1. In your terminal, navigate to your project's folder. + 1. Run: + + ```bash + docker mcp client connect vscode + ``` + + > [!NOTE] + > This command creates a `.vscode/mcp.json` file in the current directory. We + > recommend you add it to your `.gitignore` file. + + {{< /tab >}} + {{}} + +1. In Visual Studio Code, open a new Chat and select the **Agent** mode: + + ![Copilot mode switching](./images/copilot-mode.png) + +1. You can also check the available MCP tools: + + ![Displaying tools in VSCode](./images/tools.png) + +For more information about the Agent mode, see the +[Visual Studio Code documentation](https://code.visualstudio.com/docs/copilot/chat/mcp-servers#_use-mcp-tools-in-agent-mode). + +## Authenticate via OAuth + +You can connect the MCP Toolkit to your development workflow via +OAuth integration. For now, the MCP Toolkit only supports GitHub OAuth. + +1. On https://github.com/, ensure you are signed in. +1. In Docker Desktop, select **MCP Toolkit** and select the **OAuth** tab. +1. In the GitHub entry, select **Authorize**. Your browser opens the GitHub authorization page. +1. In the GitHub authorization page, select **Authorize Docker**. Once the authorization + is successful, you are automatically redirected to Docker Desktop. +1. Install the **GitHub Official** MCP server, see [Install an MCP server](#install-an-mcp-server). + +The MCP Toolkit now has access to your GitHub account. To revoke access, select **Revoke** in the **OAuth** tab. +See an example in [Use the **GitHub Official** MCP server](#example-use-the-github-official-mcp-server). diff --git a/content/manuals/ai/model-runner/_index.md b/content/manuals/ai/model-runner/_index.md index 9523b47e8b5b..8549f3d6127c 100644 --- a/content/manuals/ai/model-runner/_index.md +++ b/content/manuals/ai/model-runner/_index.md @@ -84,26 +84,31 @@ Models are pulled from Docker Hub the first time they're used and stored locally > Using Testcontainers or Docker Compose? > [Testcontainers for Java](https://java.testcontainers.org/modules/docker_model_runner/) > and [Go](https://golang.testcontainers.org/modules/dockermodelrunner/), and -> [Docker Compose](/manuals/compose/how-tos/model-runner.md) now support Docker Model Runner. +> [Docker Compose](/manuals/ai/compose/models-and-compose.md) now support Docker Model Runner. ## Enable Docker Model Runner ### Enable DMR in Docker Desktop -1. Navigate to the **Beta features** tab in settings. -2. Tick the **Enable Docker Model Runner** setting. -3. If you are running on Windows with a supported NVIDIA GPU, you should also see and be able to tick the **Enable GPU-backed inference** setting. +1. In the settings view, navigate to the **Beta features** tab. +1. Tick the **Enable Docker Model Runner** setting. +1. If you are running on Windows with a supported NVIDIA GPU, you should also see and be able to tick the **Enable GPU-backed inference** setting. +1. Optional: If you want to enable TCP support, select the **Enable host-side TCP support** + 1. In the **Port** field, type the port of your choice. + 1. If you are interacting with Model Runner from a local frontend web app, + in **CORS Allows Origins**, select the origins that Model Runner should accept requests from. + An origin is the URL where your web app is running, for example `http://localhost:3131`. You can now use the `docker model` command in the CLI and view and interact with your local models in the **Models** tab in the Docker Desktop Dashboard. > [!IMPORTANT] > -> For Docker Desktop versions 4.41 and earlier, this settings lived under the **Experimental features** tab on the **Features in development** page. +> For Docker Desktop versions 4.41 and earlier, this setting lived under the **Experimental features** tab on the **Features in development** page. ### Enable DMR in Docker Engine 1. Ensure you have installed [Docker Engine](/engine/install/). -2. DMR is available as a package. To install it, run: +1. DMR is available as a package. To install it, run: {{< tabs >}} {{< tab name="Ubuntu/Debian">}} @@ -124,13 +129,19 @@ You can now use the `docker model` command in the CLI and view and interact with {{< /tab >}} {{< /tabs >}} -3. Test the installation: +1. Test the installation: ```console $ docker model version $ docker model run ai/smollm2 ``` +1. Optional: To enable TCP support, set the port with the `DMR_RUNNER_PORT` environment variable. +1. Optional: If you enabled TCP support, you can configure CORS allowed origins with the `DMR_ORIGINS` environment variable. Possible values are: + - `*`: Allow all origins + - Comma-separated list of allowed origins + - When unspecified, all origins are denied. + ## Pull a model Models are cached locally. @@ -143,7 +154,9 @@ Models are cached locally. {{< tab name="From Docker Desktop">}} 1. Select **Models** and select the **Docker Hub** tab. -2. Find the model of your choice and select **Pull**. +1. Find the model of your choice and select **Pull**. + +![screencapture of the Docker Hub view](./images/dmr-catalog.png) {{< /tab >}} {{< tab name="From the Docker CLI">}} @@ -166,8 +179,10 @@ docker model pull hf.co/bartowski/Llama-3.2-1B-Instruct-GGUF {{< tabs group="release" >}} {{< tab name="From Docker Desktop">}} -Select **Models** and select the **Local** tab and click the play button. -The interactive chat screen opens. +1. Select **Models** and select the **Local** tab +1. Click the play button. The interactive chat screen opens. + +![screencapture of the Local view](./images/dmr-run.png) {{< /tab >}} {{< tab name="From the Docker CLI" >}} @@ -186,6 +201,8 @@ To troubleshoot potential issues, display the logs: Select **Models** and select the **Logs** tab. +![screencapture of the Models view](./images/dmr-logs.png) + {{< /tab >}} {{< tab name="From the Docker CLI">}} @@ -200,7 +217,7 @@ Use the [`docker model logs` command](/reference/cli/docker/model/logs/). > > This works for any Container Registry supporting OCI Artifacts, not only Docker Hub. -You can tag existing models with a new name and publish them under a different namespace and repository: +You can tag existing models with a new name and publish them under a different namespaceand repository: ```console # Tag a pulled model under a new name diff --git a/content/manuals/ai/model-runner/images/dmr-catalog.png b/content/manuals/ai/model-runner/images/dmr-catalog.png new file mode 100644 index 000000000000..15d8bd04df11 Binary files /dev/null and b/content/manuals/ai/model-runner/images/dmr-catalog.png differ diff --git a/content/manuals/ai/model-runner/images/dmr-logs.png b/content/manuals/ai/model-runner/images/dmr-logs.png new file mode 100644 index 000000000000..e2b2289e9886 Binary files /dev/null and b/content/manuals/ai/model-runner/images/dmr-logs.png differ diff --git a/content/manuals/ai/model-runner/images/dmr-run.png b/content/manuals/ai/model-runner/images/dmr-run.png new file mode 100644 index 000000000000..c12b3bd5fdd4 Binary files /dev/null and b/content/manuals/ai/model-runner/images/dmr-run.png differ diff --git a/content/manuals/build/buildkit/dockerfile-release-notes.md b/content/manuals/build/buildkit/dockerfile-release-notes.md index 0877b592c5a0..136135006e6b 100644 --- a/content/manuals/build/buildkit/dockerfile-release-notes.md +++ b/content/manuals/build/buildkit/dockerfile-release-notes.md @@ -13,6 +13,20 @@ issues, and bug fixes in [Dockerfile reference](/reference/dockerfile.md). For usage, see the [Dockerfile frontend syntax](frontend.md) page. +## 1.17.0 + +{{< release-date date="2025-06-17" >}} + +The full release notes for this release are available +[on GitHub](https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.17.0). + +```dockerfile +# syntax=docker/dockerfile:1.17.0 +``` + +* Add `ADD --unpack=bool` to control whether archives from a URL path are unpacked. The default is to detect unpack behavior based on the source path, as it happened in previous versions. [moby/buildkit#5991](https://github.com/moby/buildkit/pull/5991) +* Add support for `ADD --chown` when unpacking archive, similar to when copying regular files. [moby/buildkit#5987](https://github.com/moby/buildkit/pull/5987) + ## 1.16.0 {{< release-date date="2025-05-22" >}} diff --git a/content/manuals/build/release-notes.md b/content/manuals/build/release-notes.md index cf2d98245c6b..aeae1f672679 100644 --- a/content/manuals/build/release-notes.md +++ b/content/manuals/build/release-notes.md @@ -10,6 +10,31 @@ toc_max: 2 This page contains information about the new features, improvements, and bug fixes in [Docker Buildx](https://github.com/docker/buildx). +## 0.25.0 + +{{< release-date date="2025-06-17" >}} + +The full release notes for this release are available +[on GitHub](https://github.com/docker/buildx/releases/tag/v0.25.0). + +### New + +- Bake now supports defining `extra-hosts`. [docker/buildx#3234](https://github.com/docker/buildx/pull/3234) + +### Enhancements + +- Add support for bearer token auth. [docker/buildx#3233](https://github.com/docker/buildx/pull/3233) +- Add custom exit codes for internal, resource, and canceled errors in commands. [docker/buildx#3214](https://github.com/docker/buildx/pull/3214) +- Show variable type when using `--list=variables` with Bake. [docker/buildx#3207](https://github.com/docker/buildx/pull/3207) +- Consider typed, value-less variables to have `null` value in Bake. [docker/buildx#3198](https://github.com/docker/buildx/pull/3198) +- Add support for multiple IPs in extra hosts configuration. [docker/buildx#3244](https://github.com/docker/buildx/pull/3244) +- Support for updated SLSA V1 provenance in `buildx history` commands. [docker/buildx#3245](https://github.com/docker/buildx/pull/3245) +- Add support for `RegistryToken` configuration in imagetools commands. [docker/buildx#3233](https://github.com/docker/buildx/pull/3233) + +### Bug fixes + +- Fix `keep-storage` flag deprecation notice for `prune` command. [docker/buildx#3216](https://github.com/docker/buildx/pull/3216) + ## 0.24.0 {{< release-date date="2025-05-21" >}} diff --git a/content/manuals/compose/bridge/_index.md b/content/manuals/compose/bridge/_index.md index 5a4265875b8c..ba857555e46d 100644 --- a/content/manuals/compose/bridge/_index.md +++ b/content/manuals/compose/bridge/_index.md @@ -1,6 +1,6 @@ --- -description: Understand what Compose Bridge is and how it can be useful -keywords: compose, orchestration, kubernetes, bridge +description: Learn how Compose Bridge transforms Docker Compose files into Kubernetes manifests for seamless platform transitions +keywords: docker compose bridge, compose to kubernetes, docker compose kubernetes integration, docker compose kustomize, compose bridge docker desktop title: Overview of Compose Bridge linkTitle: Compose Bridge weight: 50 @@ -8,7 +8,7 @@ weight: 50 {{< summary-bar feature_name="Compose bridge" >}} -Compose Bridge lets you transform your Compose configuration file into configuration files for different platforms, primarily focusing on Kubernetes. The default transformation generates Kubernetes manifests and a Kustomize overlay which are designed for deployment on Docker Desktop with Kubernetes enabled. +Compose Bridge converts your Docker Compose configuration into platform-specific formats—primarily Kubernetes manifests. The default transformation generates Kubernetes manifests and a Kustomize overlay which are designed for deployment on Docker Desktop with Kubernetes enabled. It's a flexible tool that lets you either take advantage of the [default transformation](usage.md) or [create a custom transformation](customize.md) to suit specific project needs and requirements. diff --git a/content/manuals/compose/bridge/customize.md b/content/manuals/compose/bridge/customize.md index 390710053427..36e6100805e7 100644 --- a/content/manuals/compose/bridge/customize.md +++ b/content/manuals/compose/bridge/customize.md @@ -2,13 +2,14 @@ title: Customize Compose Bridge linkTitle: Customize weight: 20 -description: Learn about the Compose Bridge templates syntax -keywords: compose, bridge, templates +description: Learn how to customize Compose Bridge transformations using Go templates and Compose extensions +keywords: docker compose bridge, customize compose bridge, compose bridge templates, compose to kubernetes, compose bridge transformation, go templates docker + --- {{< summary-bar feature_name="Compose bridge" >}} -This page explains how Compose Bridge utilizes templating to efficiently translate Docker Compose files into Kubernetes manifests. It also explain how you can customize these templates for your specific requirements and needs, or how you can build your own transformation. +This page explains how Compose Bridge utilizes templating to efficiently translate Docker Compose files into Kubernetes manifests. It also explains how you can customize these templates for your specific requirements and needs, or how you can build your own transformation. ## How it works @@ -16,11 +17,11 @@ Compose bridge uses transformations to let you convert a Compose model into anot A transformation is packaged as a Docker image that receives the fully-resolved Compose model as `/in/compose.yaml` and can produce any target format file under `/out`. -Compose Bridge provides its transformation for Kubernetes using Go templates, so that it is easy to extend for customization by just replacing or appending your own templates. +Compose Bridge includes a default Kubernetes transformation using Go templates, which you can customize by replacing or extending templates. ### Syntax -Compose Bridge make use of templates to transform a Compose configuration file into Kubernetes manifests. Templates are plain text files that use the [Go templating syntax](https://pkg.go.dev/text/template). This enables the insertion of logic and data, making the templates dynamic and adaptable according to the Compose model. +Compose Bridge makes use of templates to transform a Compose configuration file into Kubernetes manifests. Templates are plain text files that use the [Go templating syntax](https://pkg.go.dev/text/template). This enables the insertion of logic and data, making the templates dynamic and adaptable according to the Compose model. When a template is executed, it must produce a YAML file which is the standard format for Kubernetes manifests. Multiple files can be generated as long as they are separated by `---` @@ -44,7 +45,7 @@ key: value ### Input -The input Compose model is the canonical YAML model you can get by running `docker compose config`. Within the templates, data from the `compose.yaml` is accessed using dot notation, allowing you to navigate through nested data structures. For example, to access the deployment mode of a service, you would use `service.deploy.mode`: +You can generate the input model by running `docker compose config`. This canonical YAML output serves as the input for Compose Bridge transformations. Within the templates, data from the `compose.yaml` is accessed using dot notation, allowing you to navigate through nested data structures. For example, to access the deployment mode of a service, you would use `service.deploy.mode`: ```yaml # iterate over a yaml sequence @@ -86,7 +87,7 @@ In the following example, the template checks if a healthcheck interval is speci As Kubernetes is a versatile platform, there are many ways to map Compose concepts into Kubernetes resource definitions. Compose Bridge lets you customize the transformation to match your own infrastructure -decisions and preferences, with various level of flexibility and effort. +decisions and preferences, with varying level of flexibility and effort. ### Modify the default templates diff --git a/content/manuals/compose/bridge/usage.md b/content/manuals/compose/bridge/usage.md index 47c418eff065..d2b6b2f620f3 100644 --- a/content/manuals/compose/bridge/usage.md +++ b/content/manuals/compose/bridge/usage.md @@ -2,13 +2,13 @@ title: Use the default Compose Bridge transformation linkTitle: Usage weight: 10 -description: Learn about and use the Compose Bridge default transformation -keywords: compose, bridge, kubernetes +description: Learn how to use the default Compose Bridge transformation to convert Compose files into Kubernetes manifests +keywords: docker compose bridge, compose kubernetes transform, kubernetes from compose, compose bridge convert, compose.yaml to kubernetes --- {{< summary-bar feature_name="Compose bridge" >}} -Compose Bridge supplies an out-of-the box transformation for your Compose configuration file. Based on an arbitrary `compose.yaml` file, Compose Bridge produces: +Compose Bridge supplies an out-of-the-box transformation for your Compose configuration file. Based on an arbitrary `compose.yaml` file, Compose Bridge produces: - A [Namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) so all your resources are isolated and don't conflict with resources from other deployments. - A [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) with an entry for each and every [config](/reference/compose-file/configs.md) resource in your Compose application. @@ -34,7 +34,8 @@ $ docker compose bridge convert Compose looks for a `compose.yaml` file inside the current directory and then converts it. -The following output is displayed +When successful, Compose Bridge generates Kubernetes manifests and logs output similar to the following: + ```console $ docker compose bridge convert -f compose.yaml Kubernetes resource api-deployment.yaml created @@ -62,7 +63,7 @@ These files are then stored within your project in the `/out` folder. The Kubernetes manifests can then be used to run the application on Kubernetes using the standard deployment command `kubectl apply -k out/overlays/desktop/`. -> [!NOTE] +> [!IMPORTANT] > > Make sure you have enabled Kubernetes in Docker Desktop before you deploy your Compose Bridge transformations. @@ -80,7 +81,7 @@ $ docker compose bridge convert --help > [!TIP] > -> You can now convert and deploy your Compose project to a Kubernetes cluster from the Compose file viewer. +> You can convert and deploy your Compose project to a Kubernetes cluster from the Compose file viewer. > > Make sure you are signed in to your Docker account, navigate to your container in the **Containers** view, and in the top-right corner select **View configurations** and then **Convert and Deploy to Kubernetes**. diff --git a/content/manuals/compose/how-tos/dependent-images.md b/content/manuals/compose/how-tos/dependent-images.md index d62668548acf..ba9e44ff31e2 100644 --- a/content/manuals/compose/how-tos/dependent-images.md +++ b/content/manuals/compose/how-tos/dependent-images.md @@ -8,7 +8,7 @@ weight: 50 {{< summary-bar feature_name="Compose dependent images" >}} To reduce push/pull time and image weight, a common practice for Compose applications is to have services -share base layers as much as possible. You will typically select the same operating system base image for +share base layers as much as possible. You typically select the same operating system base image for all services. But you can also get one step further by sharing image layers when your images share the same system packages. The challenge to address is then to avoid repeating the exact same Dockerfile instruction in all services. @@ -162,3 +162,8 @@ Bake can also be selected as the default builder by editing your `$HOME/.docker/ ... } ``` + +## Additional resources + +- [Docker Compose build reference](/reference/cli/docker/compose/build.md) +- [Learn about multi-stage Dockerfiles](/manuals/build/building/multi-stage.md) diff --git a/content/manuals/compose/how-tos/environment-variables/_index.md b/content/manuals/compose/how-tos/environment-variables/_index.md index a2ddb86929a7..0775edc2665d 100644 --- a/content/manuals/compose/how-tos/environment-variables/_index.md +++ b/content/manuals/compose/how-tos/environment-variables/_index.md @@ -2,14 +2,13 @@ title: Environment variables in Compose linkTitle: Use environment variables weight: 40 -description: Explainer on the ways to set, use and manage environment variables in - Compose +description: Explains how to set, use, and manage environment variables in Docker Compose. keywords: compose, orchestration, environment, env file aliases: - /compose/environment-variables/ --- -By leveraging environment variables and interpolation in Docker Compose, you can create versatile and reusable configurations, making your Dockerized applications easier to manage and deploy across different environments. +Environment variables and interpolation in Docker Compose help you create reusable, flexible configurations. This makes Dockerized applications easier to manage and deploy across environments. > [!TIP] > diff --git a/content/manuals/compose/how-tos/environment-variables/envvars-precedence.md b/content/manuals/compose/how-tos/environment-variables/envvars-precedence.md index f5e14549472d..8197d8f18f7a 100644 --- a/content/manuals/compose/how-tos/environment-variables/envvars-precedence.md +++ b/content/manuals/compose/how-tos/environment-variables/envvars-precedence.md @@ -12,7 +12,7 @@ aliases: When the same environment variable is set in multiple sources, Docker Compose follows a precedence rule to determine the value for that variable in your container's environment. -This page contains information on the level of precedence each method of setting environmental variables takes. +This page explains how Docker Compose determines the final value of an environment variable when it's defined in multiple locations. The order of precedence (highest to lowest) is as follows: 1. Set using [`docker compose run -e` in the CLI](set-environment-variables.md#set-environment-variables-with-docker-compose-run---env). @@ -59,25 +59,25 @@ The columns `Host OS environment` and `.env` file is listed only for illustratio Each row represents a combination of contexts where `VALUE` is set, substituted, or both. The **Result** column indicates the final value for `VALUE` in each scenario. -| # | `docker compose run` | `environment` attribute | `env_file` attribute | Image `ENV` | `Host OS` environment | `.env` file | | Result | -|:--:|:----------------:|:-------------------------------:|:----------------------:|:------------:|:-----------------------:|:-----------------:|:---:|:----------:| -| 1 | - | - | - | - | `VALUE=1.4` | `VALUE=1.3` || - | -| 2 | - | - | `VALUE=1.6` | `VALUE=1.5` | `VALUE=1.4` | - ||**`VALUE=1.6`** | -| 3 | - | `VALUE=1.7` | - | `VALUE=1.5` | `VALUE=1.4` | - ||**`VALUE=1.7`** | -| 4 | - | - | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` ||**`VALUE=1.5`** | -| 5 |`--env VALUE=1.8` | - | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` ||**`VALUE=1.8`** | -| 6 |`--env VALUE` | - | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` ||**`VALUE=1.4`** | -| 7 |`--env VALUE` | - | - | `VALUE=1.5` | - | `VALUE=1.3` ||**`VALUE=1.3`** | -| 8 | - | - | `VALUE` | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` ||**`VALUE=1.4`** | -| 9 | - | - | `VALUE` | `VALUE=1.5` | - | `VALUE=1.3` ||**`VALUE=1.3`** | -| 10 | - | `VALUE` | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` ||**`VALUE=1.4`** | -| 11 | - | `VALUE` | - | `VALUE=1.5` | - | `VALUE=1.3` ||**`VALUE=1.3`** | -| 12 |`--env VALUE` | `VALUE=1.7` | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` ||**`VALUE=1.4`** | -| 13 |`--env VALUE=1.8` | `VALUE=1.7` | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` ||**`VALUE=1.8`** | -| 14 |`--env VALUE=1.8` | - | `VALUE=1.6` | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` ||**`VALUE=1.8`** | -| 15 |`--env VALUE=1.8` | `VALUE=1.7` | `VALUE=1.6` | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` ||**`VALUE=1.8`** | - -### Result explanation +| # | `docker compose run` | `environment` attribute | `env_file` attribute | Image `ENV` | `Host OS` environment | `.env` file | Result | +|:--:|:----------------:|:-------------------------------:|:----------------------:|:------------:|:-----------------------:|:-----------------:|:----------:| +| 1 | - | - | - | - | `VALUE=1.4` | `VALUE=1.3` | - | +| 2 | - | - | `VALUE=1.6` | `VALUE=1.5` | `VALUE=1.4` | - |**`VALUE=1.6`** | +| 3 | - | `VALUE=1.7` | - | `VALUE=1.5` | `VALUE=1.4` | - |**`VALUE=1.7`** | +| 4 | - | - | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` |**`VALUE=1.5`** | +| 5 |`--env VALUE=1.8` | - | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` |**`VALUE=1.8`** | +| 6 |`--env VALUE` | - | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` |**`VALUE=1.4`** | +| 7 |`--env VALUE` | - | - | `VALUE=1.5` | - | `VALUE=1.3` |**`VALUE=1.3`** | +| 8 | - | - | `VALUE` | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` |**`VALUE=1.4`** | +| 9 | - | - | `VALUE` | `VALUE=1.5` | - | `VALUE=1.3` |**`VALUE=1.3`** | +| 10 | - | `VALUE` | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` |**`VALUE=1.4`** | +| 11 | - | `VALUE` | - | `VALUE=1.5` | - | `VALUE=1.3` |**`VALUE=1.3`** | +| 12 |`--env VALUE` | `VALUE=1.7` | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` |**`VALUE=1.4`** | +| 13 |`--env VALUE=1.8` | `VALUE=1.7` | - | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` |**`VALUE=1.8`** | +| 14 |`--env VALUE=1.8` | - | `VALUE=1.6` | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` |**`VALUE=1.8`** | +| 15 |`--env VALUE=1.8` | `VALUE=1.7` | `VALUE=1.6` | `VALUE=1.5` | `VALUE=1.4` | `VALUE=1.3` |**`VALUE=1.8`** | + +### Understanding precedence results Result 1: The local environment takes precedence, but the Compose file is not set to replicate this inside the container, so no such variable is set. @@ -87,7 +87,7 @@ Result 3: The `environment` attribute in the Compose file defines an explicit va Result 4: The image's `ENV` directive declares the variable `VALUE`, and since the Compose file is not set to override this value, this variable is defined by image -Result 5: The `docker compose run` command has the `--env` flag set which an explicit value, and overrides the value set by the image. +Result 5: The `docker compose run` command has the `--env` flag set with an explicit value, and overrides the value set by the image. Result 6: The `docker compose run` command has the `--env` flag set to replicate the value from the environment. Host OS value takes precedence and is replicated into the container's environment. @@ -104,3 +104,8 @@ Result 11: The `environment` attribute in the Compose file is set to replicate ` Result 12: The `--env` flag has higher precedence than the `environment` and `env_file` attributes and is to set to replicate `VALUE` from the local environment. Host OS value takes precedence and is replicated into the container's environment. Results 13 to 15: The `--env` flag has higher precedence than the `environment` and `env_file` attributes and so sets the value. + +## Next steps + +- [Set environment variables in Compose](set-environment-variables.md) +- [Use variable interpolation in Compose files](variable-interpolation.md) diff --git a/content/manuals/compose/how-tos/environment-variables/envvars.md b/content/manuals/compose/how-tos/environment-variables/envvars.md index 430a719f509d..f17aa2b9f2cb 100644 --- a/content/manuals/compose/how-tos/environment-variables/envvars.md +++ b/content/manuals/compose/how-tos/environment-variables/envvars.md @@ -1,7 +1,7 @@ --- description: Compose pre-defined environment variables -keywords: fig, composition, compose, docker, orchestration, cli, reference -title: Set or change pre-defined environment variables in Docker Compose +keywords: fig, composition, compose, docker, orchestration, cli, reference, compose environment configuration, docker env variables +title: Configure pre-defined environment variables in Docker Compose linkTitle: Pre-defined environment variables weight: 30 aliases: @@ -9,9 +9,9 @@ aliases: - /compose/environment-variables/envvars/ --- -Compose already comes with pre-defined environment variables. It also inherits common Docker CLI environment variables, such as `DOCKER_HOST` and `DOCKER_CONTEXT`. See [Docker CLI environment variable reference](/reference/cli/docker/#environment-variables) for details. +Docker Compose includes several pre-defined environment variables. It also inherits common Docker CLI environment variables, such as `DOCKER_HOST` and `DOCKER_CONTEXT`. See [Docker CLI environment variable reference](/reference/cli/docker/#environment-variables) for details. -This page contains information on how you can set or change the following pre-defined environment variables if you need to: +This page explains how to set or change the following pre-defined environment variables: - `COMPOSE_PROJECT_NAME` - `COMPOSE_FILE` @@ -30,16 +30,19 @@ This page contains information on how you can set or change the following pre-de ## Methods to override -You can set or change the pre-defined environment variables: -- With an [`.env` file located in your working directory](/manuals/compose/how-tos/environment-variables/variable-interpolation.md) -- From the command line -- From your [shell](variable-interpolation.md#substitute-from-the-shell) +| Method | Description | +| ----------- | -------------------------------------------- | +| [`.env` file](/manuals/compose/how-tos/environment-variables/variable-interpolation.md) | Located in the working directory. | +| [Shell](variable-interpolation.md#substitute-from-the-shell) | Defined in the host operating system shell. | +| CLI | Passed with `--env` or `-e` flag at runtime. | When changing or setting any environment variables, be aware of [Environment variable precedence](envvars-precedence.md). -## Configure +## Configuration details -### COMPOSE\_PROJECT\_NAME +### Project and file configuration + +#### COMPOSE\_PROJECT\_NAME Sets the project name. This value is prepended along with the service name to the container's name on startup. @@ -64,7 +67,7 @@ constraint, you must use one of the other mechanisms. See also the [command-line options overview](/reference/cli/docker/compose/_index.md#command-options-overview-and-help) and [using `-p` to specify a project name](/reference/cli/docker/compose/_index.md#use--p-to-specify-a-project-name). -### COMPOSE\_FILE +#### COMPOSE\_FILE Specifies the path to a Compose file. Specifying multiple Compose files is supported. @@ -81,7 +84,7 @@ Specifies the path to a Compose file. Specifying multiple Compose files is suppo See also the [command-line options overview](/reference/cli/docker/compose/_index.md#command-options-overview-and-help) and [using `-f` to specify name and path of one or more Compose files](/reference/cli/docker/compose/_index.md#use--f-to-specify-the-name-and-path-of-one-or-more-compose-files). -### COMPOSE\_PROFILES +#### COMPOSE\_PROFILES Specifies one or more profiles to be enabled when `docker compose up` is run. @@ -100,7 +103,29 @@ COMPOSE_PROFILES=frontend,debug See also [Using profiles with Compose](../profiles.md) and the [`--profile` command-line option](/reference/cli/docker/compose/_index.md#use-profiles-to-enable-optional-services). -### COMPOSE\_CONVERT\_WINDOWS\_PATHS +#### COMPOSE\_PATH\_SEPARATOR + +Specifies a different path separator for items listed in `COMPOSE_FILE`. + +- Defaults to: + - On macOS and Linux to `:` + - On Windows to`;` + +#### COMPOSE\_ENV\_FILES + +Specifies which environment files Compose should use if `--env-file` isn't used. + +When using multiple environment files, use a comma as a separator. For example: + +```console +COMPOSE_ENV_FILES=.env.envfile1, .env.envfile2 +``` + +If `COMPOSE_ENV_FILES` is not set, and you don't provide `--env-file` in the CLI, Docker Compose uses the default behavior, which is to look for an `.env` file in the project directory. + +### Environment handling and container lifecycle + +#### COMPOSE\_CONVERT\_WINDOWS\_PATHS When enabled, Compose performs path conversion from Windows-style to Unix-style in volume definitions. @@ -109,15 +134,7 @@ When enabled, Compose performs path conversion from Windows-style to Unix-style - `false` or `0`, to disable - Defaults to: `0` -### COMPOSE\_PATH\_SEPARATOR - -Specifies a different path separator for items listed in `COMPOSE_FILE`. - -- Defaults to: - - On macOS and Linux to `:` - - On Windows to`;` - -### COMPOSE\_IGNORE\_ORPHANS +#### COMPOSE\_IGNORE\_ORPHANS When enabled, Compose doesn't try to detect orphaned containers for the project. @@ -126,7 +143,7 @@ When enabled, Compose doesn't try to detect orphaned containers for the project. - `false` or `0`, to disable - Defaults to: `0` -### COMPOSE\_REMOVE\_ORPHANS +#### COMPOSE\_REMOVE\_ORPHANS When enabled, Compose automatically removes orphaned containers when updating a service or stack. Orphaned containers are those that were created by a previous configuration but are no longer defined in the current `compose.yaml` file. @@ -135,11 +152,13 @@ When enabled, Compose automatically removes orphaned containers when updating a - `false` or `0`, to disable automatic removal. Compose displays a warning about orphaned containers instead. - Defaults to: `0` -### COMPOSE\_PARALLEL\_LIMIT +#### COMPOSE\_PARALLEL\_LIMIT Specifies the maximum level of parallelism for concurrent engine calls. -### COMPOSE\_ANSI +### Output + +#### COMPOSE\_ANSI Specifies when to print ANSI control characters. @@ -149,7 +168,7 @@ Specifies when to print ANSI control characters. - `always` or `0`, use TTY mode - Defaults to: `auto` -### COMPOSE\_STATUS\_STDOUT +#### COMPOSE\_STATUS\_STDOUT When enabled, Compose writes its internal status and progress messages to `stdout` instead of `stderr`. The default value is false to clearly separate the output streams between Compose messages and your container's logs. @@ -159,19 +178,18 @@ The default value is false to clearly separate the output streams between Compos - `false` or `0`, to disable - Defaults to: `0` -### COMPOSE\_ENV\_FILES +#### COMPOSE\_PROGRESS -Lets you specify which environment files Compose should use if `--env-file` isn't used. +{{< summary-bar feature_name="Compose progress" >}} -When using multiple environment files, use a comma as a separator. For example: +Defines the type of progress output, if `--progress` isn't used. -```console -COMPOSE_ENV_FILES=.env.envfile1, .env.envfile2 -``` +Supported values are `auto`, `tty`, `plain`, `json`, and `quiet`. +Default is `auto`. -If `COMPOSE_ENV_FILES` is not set, and you don't provide `--env-file` in the CLI, Docker Compose uses the default behavior, which is to look for an `.env` file in the project directory. +### User experience -### COMPOSE\_MENU +#### COMPOSE\_MENU {{< summary-bar feature_name="Compose menu" >}} @@ -182,26 +200,17 @@ When enabled, Compose displays a navigation menu where you can choose to open th - `false` or `0`, to disable - Defaults to: `1` if you obtained Docker Compose through Docker Desktop, otherwise the default is `0` -### COMPOSE\_EXPERIMENTAL +#### COMPOSE\_EXPERIMENTAL {{< summary-bar feature_name="Compose experimental" >}} -This is an opt-out variable. When turned off it deactivates the experimental features such as the navigation menu or [Synchronized file shares](/manuals/desktop/features/synchronized-file-sharing.md). +This is an opt-out variable. When turned off it deactivates the experimental features. - Supported values: - `true` or `1`, to enable - `false` or `0`, to disable - Defaults to: `1` -### COMPOSE\_PROGRESS - -{{< summary-bar feature_name="Compose progress" >}} - -Defines the type of progress output, if `--progress` isn't used. - -Supported values are `auto`, `tty`, `plain`, `json`, and `quiet`. -Default is `auto`. - ## Unsupported in Compose V2 The following environment variables have no effect in Compose V2. @@ -216,3 +225,4 @@ For more information, see [Migrate to Compose V2](/manuals/compose/releases/migr - `COMPOSE_INTERACTIVE_NO_CLI` - `COMPOSE_DOCKER_CLI_BUILD` Use `DOCKER_BUILDKIT` to select between BuildKit and the classic builder. If `DOCKER_BUILDKIT=0` then `docker compose build` uses the classic builder to build images. + diff --git a/content/manuals/compose/how-tos/environment-variables/variable-interpolation.md b/content/manuals/compose/how-tos/environment-variables/variable-interpolation.md index bc2461c78ed5..04b185534697 100644 --- a/content/manuals/compose/how-tos/environment-variables/variable-interpolation.md +++ b/content/manuals/compose/how-tos/environment-variables/variable-interpolation.md @@ -149,6 +149,21 @@ The following syntax rules apply to environment files: - `VAR="some\tvalue"` -> `some value` - `VAR='some\tvalue'` -> `some\tvalue` - `VAR=some\tvalue` -> `some\tvalue` +- Single-quoted values can span multiple lines. Example: + + ```yaml + KEY='SOME + VALUE' + ``` + + If you then run `docker compose config`, you'll see: + + ```yaml + environment: + KEY: |- + SOME + VALUE + ``` ### Substitute with `--env-file` diff --git a/content/manuals/compose/how-tos/file-watch.md b/content/manuals/compose/how-tos/file-watch.md index e59386d267eb..a9463df9683a 100644 --- a/content/manuals/compose/how-tos/file-watch.md +++ b/content/manuals/compose/how-tos/file-watch.md @@ -207,10 +207,6 @@ This setup demonstrates how to use the `sync+restart` action in Docker Compose t > or [local setup for Docker docs](https://github.com/docker/docs/blob/main/CONTRIBUTING.md) > for a demonstration of Compose `watch`. -## Feedback - -We are actively looking for feedback on this feature. Give feedback or report any bugs you may find in the [Compose Specification repository](https://github.com/compose-spec/compose-spec/pull/253). - ## Reference - [Compose Develop Specification](/reference/compose-file/develop.md) diff --git a/content/manuals/compose/how-tos/gpu-support.md b/content/manuals/compose/how-tos/gpu-support.md index a9b0bb899f10..8bbd955cb591 100644 --- a/content/manuals/compose/how-tos/gpu-support.md +++ b/content/manuals/compose/how-tos/gpu-support.md @@ -1,7 +1,7 @@ --- -description: Understand GPU support in Docker Compose +description: Learn how to configure Docker Compose to use NVIDIA GPUs with CUDA-based containers keywords: documentation, docs, docker, compose, GPU access, NVIDIA, samples -title: Enable GPU access with Docker Compose +title: Run Docker Compose services with GPU access linkTitle: Enable GPU support weight: 90 aliases: @@ -19,16 +19,18 @@ GPUs are referenced in a `compose.yaml` file using the [device](/reference/compo This provides more granular control over a GPU reservation as custom values can be set for the following device properties: -- `capabilities`. This value specifies as a list of strings (eg. `capabilities: [gpu]`). You must set this field in the Compose file. Otherwise, it returns an error on service deployment. -- `count`. This value, specified as an integer or the value `all`, represents the number of GPU devices that should be reserved (providing the host holds that number of GPUs). If `count` is set to `all` or not specified, all GPUs available on the host are used by default. +- `capabilities`. This value is specified as a list of strings. For example, `capabilities: [gpu]`. You must set this field in the Compose file. Otherwise, it returns an error on service deployment. +- `count`. Specified as an integer or the value `all`, represents the number of GPU devices that should be reserved (providing the host holds that number of GPUs). If `count` is set to `all` or not specified, all GPUs available on the host are used by default. - `device_ids`. This value, specified as a list of strings, represents GPU device IDs from the host. You can find the device ID in the output of `nvidia-smi` on the host. If no `device_ids` are set, all GPUs available on the host are used by default. -- `driver`. This value is specified as a string, for example `driver: 'nvidia'` +- `driver`. Specified as a string, for example `driver: 'nvidia'` - `options`. Key-value pairs representing driver specific options. > [!IMPORTANT] > > You must set the `capabilities` field. Otherwise, it returns an error on service deployment. + +> [!NOTE] > > `count` and `device_ids` are mutually exclusive. You must only define one field at a time. diff --git a/content/manuals/compose/how-tos/model-runner.md b/content/manuals/compose/how-tos/model-runner.md deleted file mode 100644 index 2a7fca43ca83..000000000000 --- a/content/manuals/compose/how-tos/model-runner.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Use Docker Model Runner -description: Learn how to integrate Docker Model Runner with Docker Compose to build AI-powered applications -keywords: compose, docker compose, model runner, ai, llm, artificial intelligence, machine learning -weight: 111 -params: - sidebar: - badge: - color: green - text: New ---- - -{{< summary-bar feature_name="Compose model runner" >}} - -Docker Model Runner can be integrated with Docker Compose to run AI models as part of your multi-container applications. -This lets you define and run AI-powered applications alongside your other services. - -## Prerequisites - -- Docker Compose v2.35 or later -- Docker Desktop 4.41 or later -- Docker Desktop for Mac with Apple Silicon or Docker Desktop for Windows with NVIDIA GPU -- [Docker Model Runner enabled in Docker Desktop](/manuals/ai/model-runner.md#enable-docker-model-runner) - -## Provider services - -Compose introduces a new service type called `provider` that allows you to declare platform capabilities required by your application. For AI models, you can use the `model` type to declare model dependencies. - -Here's an example of how to define a model provider: - -```yaml -services: - chat: - image: my-chat-app - depends_on: - - ai_runner - - ai_runner: - provider: - type: model - options: - model: ai/smollm2 -``` - -Notice the dedicated `provider` attribute in the `ai_runner` service. -This attribute specifies that the service is a model provider and lets you define options such as the name of the model to be used. - -There is also a `depends_on` attribute in the `chat` service. -This attribute specifies that the `chat` service depends on the `ai_runner` service. -This means that the `ai_runner` service will be started before the `chat` service to allow injection of model information to the `chat` service. - -## How it works - -During the `docker compose up` process, Docker Model Runner automatically pulls and runs the specified model. -It also sends Compose the model tag name and the URL to access the model runner. - -This information is then passed to services which declare a dependency on the model provider. -In the example above, the `chat` service receives 2 environment variables prefixed by the service name: - - `AI_RUNNER_URL` with the URL to access the model runner - - `AI_RUNNER_MODEL` with the model name which could be passed with the URL to request the model. - -This lets the `chat` service to interact with the model and use it for its own purposes. - -## Reference - -- [Docker Model Runner documentation](/manuals/ai/model-runner.md) diff --git a/content/manuals/compose/how-tos/multiple-compose-files/extends.md b/content/manuals/compose/how-tos/multiple-compose-files/extends.md index 2ba1bb55b99e..5380c555b2e9 100644 --- a/content/manuals/compose/how-tos/multiple-compose-files/extends.md +++ b/content/manuals/compose/how-tos/multiple-compose-files/extends.md @@ -1,7 +1,6 @@ --- -description: How to use Docker Compose's extends keyword to share configuration between - files and projects -keywords: fig, composition, compose, docker, orchestration, documentation, docs +description: Learn how to reuse service configurations across files and projects using Docker Compose’s extends attribute. +keywords: fig, composition, compose, docker, orchestration, documentation, docs, compose file modularization title: Extend your Compose file linkTitle: Extend weight: 20 @@ -29,7 +28,7 @@ configuration. Tracking which fragment of a service is relative to which path is difficult and confusing, so to keep paths easier to understand, all paths must be defined relative to the base file. -## How it works +## How the `extends` attribute works ### Extending services from another file @@ -62,7 +61,7 @@ You get exactly the same result as if you wrote `compose.yaml` with the same `build`, `ports`, and `volumes` configuration values defined directly under `web`. -To include the service `webapp` in the final project when extending services from another file, you need to explicitly include both services in your current Compose file. For example (note this is a non-normative example): +To include the service `webapp` in the final project when extending services from another file, you need to explicitly include both services in your current Compose file. For example (this is for illustrative purposes only): ```yaml services: diff --git a/content/manuals/compose/how-tos/multiple-compose-files/include.md b/content/manuals/compose/how-tos/multiple-compose-files/include.md index 2f0ebc22a6d0..db6139af59fa 100644 --- a/content/manuals/compose/how-tos/multiple-compose-files/include.md +++ b/content/manuals/compose/how-tos/multiple-compose-files/include.md @@ -18,7 +18,7 @@ Once the included Compose application loads, all resources are copied into the c > [!NOTE] > -> `include` applies recursively so an included Compose file which declares its own `include` section, results in those other files being included as well. +> `include` applies recursively so an included Compose file which declares its own `include` section, causes those files to also be included. ## Example @@ -48,11 +48,12 @@ services: `include` allows you to reference Compose files from remote sources, such as OCI artifacts or Git repositories. Here `serviceB` is defined in a Compose file stored on Docker Hub. -## Include and overrides +## Using overrides with included Compose files Compose reports an error if any resource from `include` conflicts with resources from the included Compose file. This rule prevents -unexpected conflicts with resources defined by the included compose file author. However, there may be some circumstances where you might want to tweak the +unexpected conflicts with resources defined by the included compose file author. However, there may be some circumstances where you might want to customize the included model. This can be achieved by adding an override file to the include directive: + ```yaml include: - path : @@ -61,7 +62,7 @@ include: ``` The main limitation with this approach is that you need to maintain a dedicated override file per include. For complex projects with multiple -includes this would result into many Compose files. +includes this would result in many Compose files. The other option is to use a `compose.override.yaml` file. While conflicts will be rejected from the file using `include` when same resource is declared, a global Compose override file can override the resulting merged model, as demonstrated in following example: diff --git a/content/manuals/compose/how-tos/oci-artifact.md b/content/manuals/compose/how-tos/oci-artifact.md index 0791df4e6f6b..6125ea989ce7 100644 --- a/content/manuals/compose/how-tos/oci-artifact.md +++ b/content/manuals/compose/how-tos/oci-artifact.md @@ -1,9 +1,9 @@ --- -title: Using Docker Compose with OCI artifacts +title: Package and deploy Docker Compose applications as OCI artifacts linkTitle: OCI artifact applications weight: 110 -description: How to publish and start Compose applications as OCI artifacts -keywords: cli, compose, oci, docker hub, artificats, publish, package, distribute +description: Learn how to package, publish, and securely run Docker Compose applications from OCI-compliant registries. +keywords: cli, compose, oci, docker hub, artificats, publish, package, distribute, docker compose oci support params: sidebar: badge: @@ -18,7 +18,7 @@ Docker Compose supports working with [OCI artifacts](/manuals/docker-hub/repos/m ## Publish your Compose application as an OCI artifact To distribute your Compose application as an OCI artifact, you can use the `docker compose publish` command, to publish it to an OCI-compliant registry. -This allows others to deploy your application directly from the registry. +This allows others to then deploy your application directly from the registry. The publish function supports most of the composition capabilities of Compose, like overrides, extends or include, [with some limitations](#limitations). @@ -84,12 +84,12 @@ Are you ok to publish these environment variables? [y/N]: If you decline, the publish process stops without sending anything to the registry. -### Limitations +## Limitations -There is limitations to publishing Compose applications as OCI artifacts. You can't publish a Compose configuration: +There are limitations to publishing Compose applications as OCI artifacts. You can't publish a Compose configuration: - With service(s) containing bind mounts - With service(s) containing only a `build` section -- That includes local files with the `include` attribute. To publish successfully, ensure that any included local files are also published. You can then `include` to reference these files as remote `include` is supported. +- That includes local files with the `include` attribute. To publish successfully, ensure that any included local files are also published. You can then use `include` to reference these files as remote `include` is supported. ## Start an OCI artifact application @@ -147,3 +147,9 @@ The `docker compose publish` command supports non-interactive execution, letting ```console $ docker compose publish -y username/my-compose-app:latest ``` + +## Next steps + +- [Learn about OCI artifacts in Docker Hub](/manuals/docker-hub/repos/manage/hub-images/oci-artifacts.md) +- [Compose publish command](/reference/cli/docker/compose/publish.md) +- [Understand `include`](/reference/compose-file/include.md) diff --git a/content/manuals/compose/how-tos/production.md b/content/manuals/compose/how-tos/production.md index 0392c00ff9bd..d2c8e4189942 100644 --- a/content/manuals/compose/how-tos/production.md +++ b/content/manuals/compose/how-tos/production.md @@ -1,6 +1,6 @@ --- -description: Guide to using Docker Compose in production -keywords: compose, orchestration, containers, production +description: Learn how to configure, deploy, and update Docker Compose applications for production environments. +keywords: compose, orchestration, containers, production, production docker compose configuration title: Use Compose in production weight: 100 aliases: @@ -29,8 +29,8 @@ production. These changes might include: - Adding extra services such as a log aggregator For this reason, consider defining an additional Compose file, for example -`compose.production.yaml`, which specifies production-appropriate -configuration. This configuration file only needs to include the changes you want to make from the original Compose file. The additional Compose file +`compose.production.yaml`, with production-specific +configuration details. This configuration file only needs to include the changes you want to make from the original Compose file. The additional Compose file is then applied over the original `compose.yaml` to create a new configuration. Once you have a second configuration file, you can use it with the @@ -55,7 +55,7 @@ $ docker compose up --no-deps -d web This first command rebuilds the image for `web` and then stops, destroys, and recreates just the `web` service. The `--no-deps` flag prevents Compose from also -recreating any services which `web` depends on. +recreating any services that `web` depends on. ### Running Compose on a single server @@ -65,3 +65,8 @@ appropriately. For more information, see [pre-defined environment variables](env Once you've set up your environment variables, all the normal `docker compose` commands work with no further configuration. + +## Next steps + +- [Using multiple Compose files](multiple-compose-files/_index.md) + diff --git a/content/manuals/compose/how-tos/provider-services.md b/content/manuals/compose/how-tos/provider-services.md index fa1ddbb3dad7..91c5be1efa2e 100644 --- a/content/manuals/compose/how-tos/provider-services.md +++ b/content/manuals/compose/how-tos/provider-services.md @@ -15,7 +15,6 @@ params: Docker Compose supports provider services, which allow integration with services whose lifecycles are managed by third-party components rather than by Compose itself. This feature enables you to define and utilize platform-specific services without the need for manual setup or direct lifecycle management. - ## What are provider services? Provider services are a special type of service in Compose that represents platform capabilities rather than containers. @@ -104,6 +103,10 @@ The plugin or binary is responsible for: This information is then passed to dependent services as environment variables. +> [!TIP] +> +> If you're working with AI models in Compose, use the [`models` top-level element](/manuals/ai/compose/models-and-compose.md) instead. + ## Benefits of using provider services Using provider services in your Compose applications offers several benefits: diff --git a/content/manuals/compose/how-tos/use-secrets.md b/content/manuals/compose/how-tos/use-secrets.md index 63680e6ac352..d2c6352c3be5 100644 --- a/content/manuals/compose/how-tos/use-secrets.md +++ b/content/manuals/compose/how-tos/use-secrets.md @@ -1,9 +1,9 @@ --- -title: How to use secrets in Docker Compose +title: Manage secrets securely in Docker Compose linkTitle: Secrets in Compose weight: 60 -description: How to use secrets in Compose and their benefits -keywords: secrets, compose, security, environment variables +description: Learn how to securely manage runtime and build-time secrets in Docker Compose. +keywords: secrets, compose, security, environment variables, docker secrets, secure Docker builds, sensitive data in containers tags: [Secrets] aliases: - /compose/use-secrets/ @@ -25,7 +25,7 @@ Unlike the other methods, this permits granular access control within a service ## Examples -### Simple +### Single-service secret injection In the following example, the frontend service is given access to the `my_secret` secret. In the container, `/run/secrets/my_secret` is set to the contents of the file `./my_secret.txt`. @@ -40,7 +40,7 @@ secrets: file: ./my_secret.txt ``` -### Advanced +### Multi-service secret sharing and password management ```yaml services: diff --git a/content/manuals/compose/releases/migrate.md b/content/manuals/compose/releases/migrate.md index 1fc0ef126697..df6305a72ea6 100644 --- a/content/manuals/compose/releases/migrate.md +++ b/content/manuals/compose/releases/migrate.md @@ -1,8 +1,9 @@ --- -title: Migrate to Compose v2 +linkTitle: Migrate to Compose v2 +Title: Migrate from Docker Compose v1 to v2 weight: 20 -description: How to migrate from Compose v1 to v2 -keywords: compose, upgrade, migration, v1, v2, docker compose vs docker-compose +description: Step-by-step guidance to migrate from Compose v1 to v2, including syntax differences, environment handling, and CLI changes +keywords: migrate docker compose, upgrade docker compose v2, docker compose migration, docker compose v1 vs v2, docker compose CLI changes, docker-compose to docker compose aliases: - /compose/compose-v2/ - /compose/cli-command-compatibility/ diff --git a/content/manuals/compose/releases/release-notes.md b/content/manuals/compose/releases/release-notes.md index 421beeed21f5..569b3d4cd918 100644 --- a/content/manuals/compose/releases/release-notes.md +++ b/content/manuals/compose/releases/release-notes.md @@ -15,6 +15,23 @@ For more detailed information, see the [release notes in the Compose repo](https ## 2.38.1 +{{< release-date date="2025-07-08" >}} + +### Bug fixes and enhancements + +- Added `--networks` flag to `config` command to list networks +- Fixed an issue on `down` command with Docker Model Runner used as a provider service +- Fixed a display issue on Docker Model Runner progress +- Fixed an issue with services with profile missing secrets + +### Update + +- Dependencies upgrade: bump docker engine and cli to v28.3.1 +- Dependencies upgrade: bump buildkit to v0.23.2 +- Dependencies upgrade: bump golang to v1.23.10 + +## 2.38.1 + {{< release-date date="2025-06-30" >}} ### Bug fixes and enhancements diff --git a/content/manuals/compose/support-and-feedback/faq.md b/content/manuals/compose/support-and-feedback/faq.md index 52a113bb04fc..106f16af2f3f 100644 --- a/content/manuals/compose/support-and-feedback/faq.md +++ b/content/manuals/compose/support-and-feedback/faq.md @@ -1,7 +1,7 @@ --- -description: Frequently asked questions for Docker Compose -keywords: documentation, docs, docker, compose, faq, docker compose vs docker-compose -title: Compose FAQs +description: Answers to common questions about Docker Compose, including v1 vs v2, commands, shutdown behavior, and development setup. +keywords: docker compose faq, docker compose questions, docker-compose vs docker compose, docker compose json, docker compose stop delay, run multiple docker compose +title: Frequently asked questions about Docker Compose linkTitle: FAQs weight: 10 tags: [FAQ] diff --git a/content/manuals/desktop/features/containerd.md b/content/manuals/desktop/features/containerd.md index 6f80994faebc..34a0b081ed3a 100644 --- a/content/manuals/desktop/features/containerd.md +++ b/content/manuals/desktop/features/containerd.md @@ -59,7 +59,7 @@ To manually enable this feature in Docker Desktop: 1. Navigate to **Settings** in Docker Desktop. 2. In the **General** tab, check **Use containerd for pulling and storing images**. -3. Select **Apply & Restart**. +3. Select **Apply**. To disable the containerd image store, clear the **Use containerd for pulling and storing images** checkbox. diff --git a/content/manuals/desktop/features/kubernetes.md b/content/manuals/desktop/features/kubernetes.md index 49d02f4a7a66..057e91ae76a3 100644 --- a/content/manuals/desktop/features/kubernetes.md +++ b/content/manuals/desktop/features/kubernetes.md @@ -35,7 +35,7 @@ Turning the Kubernetes server on or off in Docker Desktop does not affect your o 2. Select the **Kubernetes** tab. 3. Toggle on **Enable Kubernetes**. 4. Choose your [cluster provisioning method](#cluster-provisioning-method). -5. Select **Apply & Restart** to save the settings. +5. Select **Apply** to save the settings. This sets up the images required to run the Kubernetes server as containers, and installs the `kubectl` command-line tool on your system at `/usr/local/bin/kubectl` (Mac) or `C:\Program Files\Docker\Docker\resources\bin\kubectl.exe` (Windows). @@ -214,14 +214,16 @@ The recommended approach to set this up is the following: > [!NOTE] > -> When using `KubernetesImagesRepository` and [Enhanced Container Isolation (ECI)](../../security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) +> In Docker Desktop versions 4.43 or earlier: when using `KubernetesImagesRepository` and [Enhanced Container Isolation (ECI)](../../security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) > is enabled, add the following images to the [ECI Docker socket mount image list](../../security/for-admins/hardened-desktop/settings-management/configure-json-file.md#enhanced-container-isolation): > -> * [imagesRepository]/desktop-cloud-provider-kind:* -> * [imagesRepository]/desktop-containerd-registry-mirror:* +> `[imagesRepository]/desktop-cloud-provider-kind:*` +> `[imagesRepository]/desktop-containerd-registry-mirror:*` > -> These containers mount the Docker socket, so you must add the images to the ECI images list. If not, -> ECI will block the mount and Kubernetes won't start. +> These containers mount the Docker socket, so you must add the images to the +> ECI images list. If not, ECI will block the mount and Kubernetes won't +> start. This does not apply to Docker Desktop 4.44 or later because it +> automatically allows these images to mount the Docker socket. ## Troubleshooting @@ -240,4 +242,4 @@ To turn off Kubernetes in Docker Desktop: 1. From the Docker Desktop Dashboard, select the **Settings** icon. 2. Select the **Kubernetes** tab. 3. Deselect the **Enable Kubernetes** checkbox. -4. Select **Apply & Restart** to save the settings. This stops and removes Kubernetes containers, and also removes the `/usr/local/bin/kubectl` command. +4. Select **Apply** to save the settings. This stops and removes Kubernetes containers, and also removes the `/usr/local/bin/kubectl` command. diff --git a/content/manuals/desktop/features/wasm.md b/content/manuals/desktop/features/wasm.md index 35df7ca492c2..b14de66ad6ae 100644 --- a/content/manuals/desktop/features/wasm.md +++ b/content/manuals/desktop/features/wasm.md @@ -34,7 +34,7 @@ then pre-existing images and containers will be inaccessible. 1. Navigate to **Settings** in Docker Desktop. 2. In the **General** tab, check **Use containerd for pulling and storing images**. 3. Go to **Features in development** and check the **Enable Wasm** option. -4. Select **Apply & restart** to save the settings. +4. Select **Apply** to save the settings. 5. In the confirmation dialog, select **Install** to install the Wasm runtimes. Docker Desktop downloads and installs the following runtimes: diff --git a/content/manuals/desktop/features/wsl/_index.md b/content/manuals/desktop/features/wsl/_index.md index 31c88fc5a082..66dc8cd1b034 100644 --- a/content/manuals/desktop/features/wsl/_index.md +++ b/content/manuals/desktop/features/wsl/_index.md @@ -48,7 +48,7 @@ Before you turn on the Docker Desktop WSL 2 feature, ensure you have: 5. From the **General** tab, select **Use WSL 2 based engine**.. If you have installed Docker Desktop on a system that supports WSL 2, this option is turned on by default. -6. Select **Apply & Restart**. +6. Select **Apply**. Now `docker` commands work from Windows using the new WSL 2 engine. @@ -92,7 +92,7 @@ Docker Desktop does not require any particular Linux distributions to be install ``` If **WSL integrations** isn't available under **Resources**, Docker may be in Windows container mode. In your taskbar, select the Docker menu and then **Switch to Linux containers**. -3. Select **Apply & Restart**. +3. Select **Apply**. > [!NOTE] > diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md index 23a78dbee57c..d3f085e49c50 100644 --- a/content/manuals/desktop/release-notes.md +++ b/content/manuals/desktop/release-notes.md @@ -29,6 +29,76 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo > > If you're experiencing malware detection issues on Mac, follow the steps documented in [docker/for-mac#7527](https://github.com/docker/for-mac/issues/7527). +## 4.43.1 + +{{< release-date date="2025-07-04" >}} + +{{< desktop-install-v2 all=true beta_win_arm=true version="4.43.1" build_path="/198352/" >}} + +### Bug fixes and enhancements + +#### For all platforms + +- Fixed an issue that caused Docker Desktop UI to break when Ask Gordon responses contained HTML tags. +- Fixed an issue that prevented extensions from communicating with their backends. + +## 4.43.0 + +{{< release-date date="2025-07-03" >}} + +{{< desktop-install-v2 all=true beta_win_arm=true version="4.43.0" build_path="/198134/" >}} + +### New + +- [Compose Bridge](/manuals/compose/bridge/_index.md) is now generally available. + +### Upgrades + +- [Docker Buildx v0.25.0](https://github.com/docker/buildx/releases/tag/v0.25.0) +- [Docker Compose v2.38.1](https://github.com/docker/compose/releases/tag/v2.38.1) +- [Docker Engine v28.3.0](https://docs.docker.com/engine/release-notes/28/#2830) +- [NVIDIA Container Toolkit v1.17.8](https://github.com/NVIDIA/nvidia-container-toolkit/releases/tag/v1.17.8) + +### Security + +- Fixed [CVE-2025-6587](https://www.cve.org/CVERecord?id=CVE-2025-6587) where sensitive system environment variables were included in Docker Desktop diagnostic logs, allowing for potential secret exposure. + +### Bug fixes and enhancements + +#### For all platforms + +- Fixed a bug causing `docker start` to drop the container's port mappings for a container already running. +- Fixed a bug that prevented container ports to be displayed on the GUI when a container was re-started. +- Fixed a bug that caused Docker API `500 Internal Server Error for API route and version` error application start. +- The settings **Apply & restart** button is now labeled **Apply**. The VM is no longer restarted when applying changed settings. +- Fixed a bug where the disk would be corrupted if Docker is shutdown during a `fsck`. +- Fixed a bug causing an incorrect `~/.kube/config` in WSL2 when using a `kind` Kubernetes cluster. +- Return an explicit error to a Docker API / `docker` CLI command if Docker Desktop has been manually paused. +- Fixed an issue where unknown keys in Admin and Cloud settings caused a failure. + +#### For Mac + +- Removed `eBPF` which blocked `io_uring`. To enable `io_uring` in a container, use `--security-opt seccomp=unconfined`. Fixes [docker/for-mac#7707](https://github.com/docker/for-mac/issues/7707). + +#### For Windows + +- Fixed an issue that caused the Docker Desktop installer to crash when the current user has no `SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` registry key. +- Fixed a bug where Docker Desktop could leak a `com.docker.build` process and fail to start. Fixes [docker/for-win#14840](https://github.com/docker/for-win/issues/14840) + +### Known issues + +#### For all platforms + +- `docker buildx bake` will not build images in Compose files with a top-level models attribute. Use `docker compose build` instead. +- Gordon responses containing HTML can cause Desktop UI to be permanently broken. As a workaround, you can delete `persisted-state.json` file to reset the UI. The file is located in the following directories: + - Windows: `%APPDATA%\Docker Desktop\persisted-state.json` + - Linux: `$XDG_CONFIG_HOME/Docker Desktop/persisted-state.json` or `~/.config/Docker Desktop/persisted-state.json` + - Mac: `~/Library/Application Support/Docker Desktop/persisted-state.json` + +#### For Windows + +- Possible incompatibility between the "host networking" feature of Docker Desktop and the most recent WSL 2 Linux kernel. If you encounter such issues, downgrade WSL 2 to 2.5.7. + ## 4.42.1 {{< release-date date="2025-06-18" >}} @@ -166,7 +236,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo - Docker Model Runner is now available on x86 Windows machines with NVIDIA GPUs. - You can now [push models](/manuals/ai/model-runner.md#push-a-model-to-docker-hub) to Docker Hub with Docker Model Runner. - Added support for Docker Model Runner's model management and chat interface in Docker Desktop for Mac and Windows (on hardware supporting Docker Model Runner). Users can now view, interact with, and manage local AI models through a new dedicated interface. -- [Docker Compose](/manuals/compose/how-tos/model-runner.md) and Testcontainers [Java](https://java.testcontainers.org/modules/docker_model_runner/) and [Go](https://golang.testcontainers.org/modules/dockermodelrunner/) now support Docker Model Runner. +- [Docker Compose](/manuals/ai/compose/models-and-compose.md) and Testcontainers [Java](https://java.testcontainers.org/modules/docker_model_runner/) and [Go](https://golang.testcontainers.org/modules/dockermodelrunner/) now support Docker Model Runner. - Introducing Docker Desktop in the [Microsoft App Store](https://apps.microsoft.com/detail/xp8cbj40xlbwkx?hl=en-GB&gl=GB). ### Upgrades diff --git a/content/manuals/desktop/settings-and-maintenance/settings.md b/content/manuals/desktop/settings-and-maintenance/settings.md index d43c9d1cc4ef..9252701ed9ad 100644 --- a/content/manuals/desktop/settings-and-maintenance/settings.md +++ b/content/manuals/desktop/settings-and-maintenance/settings.md @@ -187,7 +187,7 @@ File share settings are: - **Remove a Directory**. Select `-` next to the directory you want to remove -- **Apply & Restart** makes the directory available to containers using Docker's +- **Apply** makes the directory available to containers using Docker's bind mount (`-v`) feature. > [!TIP] @@ -350,7 +350,7 @@ edit the file using your favorite text editor. To see the full list of possible configuration options, see the [dockerd command reference](/reference/cli/dockerd/). -Select **Apply & Restart** to save your settings and restart Docker Desktop. +Select **Apply** to save your settings. ## Builders diff --git a/content/manuals/desktop/troubleshoot-and-support/faqs/linuxfaqs.md b/content/manuals/desktop/troubleshoot-and-support/faqs/linuxfaqs.md index 5257cfb3206c..c9b33869772c 100644 --- a/content/manuals/desktop/troubleshoot-and-support/faqs/linuxfaqs.md +++ b/content/manuals/desktop/troubleshoot-and-support/faqs/linuxfaqs.md @@ -121,7 +121,7 @@ To move the disk image file to a different location: 2. In the **Disk image location** section, select **Browse** and choose a new location for the disk image. -3. Select **Apply & Restart** for the changes to take effect. +3. Select **Apply** for the changes to take effect. Do not move the file directly in Finder as this can cause Docker Desktop to lose track of the file. @@ -183,6 +183,6 @@ To reduce the maximum size of the disk image file: 2. The **Disk image size** section contains a slider that allows you to change the maximum size of the disk image. Adjust the slider to set a lower limit. -3. Select **Apply & Restart**. +3. Select **Apply**. When you reduce the maximum size, the current disk image file is deleted, and therefore, all containers and images are lost. diff --git a/content/manuals/desktop/troubleshoot-and-support/faqs/macfaqs.md b/content/manuals/desktop/troubleshoot-and-support/faqs/macfaqs.md index d11a00f7db21..f9fea6020fa5 100644 --- a/content/manuals/desktop/troubleshoot-and-support/faqs/macfaqs.md +++ b/content/manuals/desktop/troubleshoot-and-support/faqs/macfaqs.md @@ -48,7 +48,7 @@ To move the disk image file to a different location: 2. In the **Disk image location** section, select **Browse** and choose a new location for the disk image. -3. Select **Apply & Restart** for the changes to take effect. +3. Select **Apply** for the changes to take effect. > [!IMPORTANT] > @@ -112,7 +112,7 @@ To reduce the maximum size of the disk image file: 2. The **Disk image size** section contains a slider that allows you to change the maximum size of the disk image. Adjust the slider to set a lower limit. -3. Select **Apply & Restart**. +3. Select **Apply**. When you reduce the maximum size, the current disk image file is deleted, and therefore, all containers and images are lost. diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md index 38d82183113a..88aea4c1c81d 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md @@ -189,58 +189,9 @@ If you don't have a paid Docker subscription, create an issue on GitHub: ### Self-diagnose tool -Docker Desktop contains a self-diagnose tool which can help you identify some common problems. - -{{< tabs group="os" >}} -{{< tab name="Windows" >}} -1. Locate the `com.docker.diagnose` tool. - - ```console - $ C:\Program Files\Docker\Docker\resources\com.docker.diagnose.exe - ``` - -2. In PowerShell, run the self-diagnose tool: - - ```console - $ & "C:\Program Files\Docker\Docker\resources\com.docker.diagnose.exe" gather - ``` - -{{< /tab >}} -{{< tab name="Mac" >}} - -1. Locate the `com.docker.diagnose` tool. - - ```console - $ /Applications/Docker.app/Contents/MacOS/com.docker.diagnose - ``` - -2. Run the self-diagnose tool: - - ```console - $ /Applications/Docker.app/Contents/MacOS/com.docker.diagnose gather - ``` - -{{< /tab >}} -{{< tab name="Linux" >}} - -1. Locate the `com.docker.diagnose` tool. - -2. Run the self-diagnose tool: - - ```console - $ /opt/docker-desktop/bin/com.docker.diagnose gather - ``` - -{{< /tab >}} -{{< /tabs >}} - -The tool runs a suite of checks and displays **PASS** or **FAIL** next to each check. If there are any failures, it highlights the most relevant at the end of the report. - -You can then create an issue on GitHub: - -- [For Linux](https://github.com/docker/desktop-linux/issues) -- [For Mac](https://github.com/docker/for-mac/issues) -- [For Windows](https://github.com/docker/for-win/issues) +> [!IMPORTANT] +> +> This tool has been deprecated. ## Check the logs diff --git a/content/manuals/dhi/about/test.md b/content/manuals/dhi/about/test.md index e515864b029b..8dc3aa625ef2 100644 --- a/content/manuals/dhi/about/test.md +++ b/content/manuals/dhi/about/test.md @@ -142,7 +142,7 @@ You can view and verify this attestation using the Docker Scout CLI. ``` If the attestation is valid, Docker Scout will confirm the signature and show -the matching Cosign verify-attestation command. +the matching `cosign verify` command. To view other attestations, such as SBOMs or vulnerability reports, see [Verify an image](../how-to/verify.md). diff --git a/content/manuals/dhi/core-concepts/sbom.md b/content/manuals/dhi/core-concepts/sbom.md index 2517c789e7da..18c6dd876570 100644 --- a/content/manuals/dhi/core-concepts/sbom.md +++ b/content/manuals/dhi/core-concepts/sbom.md @@ -67,27 +67,23 @@ $ docker scout sbom : ## Verify the SBOM of a Docker Hardened Image -Since Docker Hardened Images come with signed SBOMs, you can use Cosign to +Since Docker Hardened Images come with signed SBOMs, you can use Docker Scout to verify the authenticity and integrity of the SBOM attached to the image. This ensures that the SBOM has not been tampered with and that the image's contents are trustworthy. -To verify the SBOM of a Docker Hardened Image using Cosign, use the following command: +To verify the SBOM of a Docker Hardened Image using Docker Scout, use the following command: ```console -$ cosign verify-attestation \ - --key https://registry.scout.docker.com/keyring/dhi/latest.pub \ - --type sbom \ - +$ docker scout attest get : \ + --predicate-type https://scout.docker.com/sbom/v0.1 --verify --platform ``` -For example, to verify the SBOM attestation for the dhi/node image: +For example, to verify the SBOM attestation for the `dhi/node:20.19-debian12-fips-20250701182639` image: ```console -$ cosign verify-attestation \ - --key https://registry.scout.docker.com/keyring/dhi/latest.pub \ - --type sbom \ - registry.scout.docker.com/dhi/node@sha256:6de8ac9c07367652496bf926675425a22bf93e487cc2690d6778a82dd0159c4f +$ docker scout attest get docs/dhi-node:20.19-debian12-fips-20250701182639 \ + --predicate-type https://scout.docker.com/sbom/v0.1 --verify --platform linux/amd64 ``` ## Resources diff --git a/content/manuals/dhi/core-concepts/slsa.md b/content/manuals/dhi/core-concepts/slsa.md index 750d9b05327d..7178a368a043 100644 --- a/content/manuals/dhi/core-concepts/slsa.md +++ b/content/manuals/dhi/core-concepts/slsa.md @@ -77,25 +77,27 @@ By integrating SLSA-compliant DHIs into your development and deployment processe - Streamline audits: Utilize verifiable build records and signatures to simplify security audits and assessments. -## How to verify SLSA compliance +## Get and verify SLSA provenance for Docker Hardened Images -Each DHI is cryptographically signed and complies with the SLSA framework, -ensuring verifiable build provenance and integrity. +Each Docker Hardened Image (DHI) is cryptographically signed and includes +attestations. These attestations provide verifiable build provenance and +demonstrate adherence to SLSA Build Level 3 standards. -To evaluate whether a DHI complies with SLSA standards, you can use the -[slsa-verifier tool](https://github.com/slsa-framework/slsa-verifier). This tool -verifies the SLSA provenance of an image, ensuring that it was built according -to the specified security levels. - -To use the slsa-verifier tool after installation, run the following command. -Replace `/dhi-:` with the image name and tag. +To get and verify SLSA provenance for a DHI, you can use Docker Scout. ```console -$ slsa-verifier verify-image /dhi-: +$ docker scout attest get /dhi-: \ + --predicate-type https://slsa.dev/provenance/v0.2 \ + --verify ``` -This command will verify the SLSA provenance of the image, checking that it -meets the specified security levels. +For example: + +```console +$ docker scout attest get docs/dhi-node:20.19-debian12-fips-20250701182639 \ + --predicate-type https://slsa.dev/provenance/v0.2 \ + --verify +``` ## Resources diff --git a/content/manuals/dhi/how-to/verify.md b/content/manuals/dhi/how-to/verify.md index 1087e7d1e8ff..8b305afcaa81 100644 --- a/content/manuals/dhi/how-to/verify.md +++ b/content/manuals/dhi/how-to/verify.md @@ -57,8 +57,6 @@ offers several key advantages when working with Docker Hardened Images: In short, Docker Scout streamlines the verification process and reduces the chances of human error, while still giving you full visibility and the option to fall back to cosign when needed. - - ### List available attestations To list attestations for a mirrored DHI: @@ -105,9 +103,26 @@ $ docker scout attest get \ docs/dhi-python:3.13 --platform linux/amd64 ``` -### Validate and show the equivalent cosign command +### Validate the attestation with Docker Scout + +To validate the attestation using Docker Scout, you can use the `--verify` flag: + +```console +$ docker scout attest get : \ + --predicate-type https://scout.docker.com/sbom/v0.1 --verify +``` -You can use the `--verify` flag to validate the attestation and print the corresponding [cosign](https://docs.sigstore.dev/) command: +For example, to verify the SBOM attestation for the `dhi/node:20.19-debian12-fips-20250701182639` image: + +```console +$ docker scout attest get docs/dhi-node:20.19-debian12-fips-20250701182639 \ + --predicate-type https://scout.docker.com/sbom/v0.1 --verify +``` + +### Show the equivalent cosign command + +When using the `--verify` flag, it also prints the corresponding +[cosign](https://docs.sigstore.dev/) command to verify the image signature: ```console $ docker scout attest get \ @@ -137,6 +152,21 @@ Example output: ... ``` +> [!IMPORTANT] +> +> When using cosign, you must first authenticate to both the Docker Hub registry +> and the Docker Scout registry. +> +> For example: +> +> ```console +> $ docker login +> $ docker login registry.scout.docker.com +> $ cosign verify \ +> registry.scout.docker.com/docker/dhi-python@sha256:b5418da893ada6272add2268573a3d5f595b5c486fb7ec58370a93217a9785ae \ +> --key https://registry.scout.docker.com/keyring/dhi/latest.pub --experimental-oci11 +> ``` + ## Available DHI attestations See [available diff --git a/content/manuals/engine/containers/start-containers-automatically.md b/content/manuals/engine/containers/start-containers-automatically.md index 213ae635c54a..f5a084362931 100644 --- a/content/manuals/engine/containers/start-containers-automatically.md +++ b/content/manuals/engine/containers/start-containers-automatically.md @@ -10,7 +10,7 @@ aliases: - /config/containers/start-containers-automatically/ --- -Docker provides [restart policies](/manuals/engine/containers/run.md#restart-policies---restart) +Docker provides [restart policies](/reference/cli/docker/container/run.md#restart) to control whether your containers start automatically when they exit, or when Docker restarts. Restart policies start linked containers in the correct order. Docker recommends that you use restart policies, and avoid using process @@ -22,7 +22,7 @@ a Docker upgrade, though networking and user input are interrupted. ## Use a restart policy -To configure the restart policy for a container, use the `--restart` flag +To configure the restart policy for a container, use the [`--restart`](/reference/cli/docker/container/run.md#restart) flag when using the `docker run` command. The value of the `--restart` flag can be any of the following: diff --git a/content/manuals/extensions/settings-feedback.md b/content/manuals/extensions/settings-feedback.md index e1f672489abd..8e93c855268f 100644 --- a/content/manuals/extensions/settings-feedback.md +++ b/content/manuals/extensions/settings-feedback.md @@ -17,7 +17,7 @@ Docker Extensions is switched on by default. To change your settings: 1. Navigate to **Settings**. 2. Select the **Extensions** tab. 3. Next to **Enable Docker Extensions**, select or clear the checkbox to set your desired state. -4. In the bottom-right corner, select **Apply & Restart**. +4. In the bottom-right corner, select **Apply**. > [!NOTE] > @@ -35,7 +35,7 @@ You can install extensions through the Marketplace or through the Extensions SDK 1. Navigate to **Settings**. 2. Select the **Extensions** tab. 3. Next to **Allow only extensions distributed through the Docker Marketplace**, select or clear the checkbox to set your desired state. -4. In the bottom-right corner, select **Apply & Restart**. +4. In the bottom-right corner, select **Apply**. ### See containers created by extensions @@ -45,7 +45,7 @@ update your settings: 1. Navigate to **Settings**. 2. Select the **Extensions** tab. 3. Next to **Show Docker Extensions system containers**, select or clear the checkbox to set your desired state. -4. In the bottom-right corner, select **Apply & Restart**. +4. In the bottom-right corner, select **Apply**. > [!NOTE] > diff --git a/content/manuals/scout/quickstart.md b/content/manuals/scout/quickstart.md index 7a1da8ae022c..89ccd30cbdea 100644 --- a/content/manuals/scout/quickstart.md +++ b/content/manuals/scout/quickstart.md @@ -207,7 +207,7 @@ The classic image store doesn't support manifest lists, which is how the provenance attestations are attached to an image. Open **Settings** in Docker Desktop. Under the **General** section, make sure -that the **Use containerd for pulling and storing images** option is checked, then select **Apply & Restart**. +that the **Use containerd for pulling and storing images** option is checked, then select **Apply**. Note that changing image stores temporarily hides images and containers of the inactive image store until you switch back. diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md index ca2cc9f25a06..843d77b50073 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md @@ -290,12 +290,17 @@ quit and reopened. > [!NOTE] > -> When using the `imagesRepository` setting and Enhanced Container Isolation (ECI), add the following images to the [ECI Docker socket mount image list](#enhanced-container-isolation): +> In Docker Desktop versions 4.43 or earlier: when using the `imagesRepository` +> setting and Enhanced Container Isolation (ECI), add the following images to +> the [ECI Docker socket mount image list](#enhanced-container-isolation): > -> * [imagesRepository]/desktop-cloud-provider-kind:* -> * [imagesRepository]/desktop-containerd-registry-mirror:* +> `[imagesRepository]/desktop-cloud-provider-kind:*` +> `[imagesRepository]/desktop-containerd-registry-mirror:*` > -> These containers mount the Docker socket, so you must add the images to the ECI images list. If not, ECI will block the mount and Kubernetes won't start. +> These containers mount the Docker socket, so you must add the images to the +> ECI images list. If not, ECI will block the mount and Kubernetes won't start. +> This does not apply to Docker Desktop 4.44 or later because it automatically +> allows these images to mount the Docker socket. ### Networking @@ -312,14 +317,16 @@ For more information, see [Networking](/manuals/desktop/features/networking.md#n > > For Docker Desktop versions 4.41 and earlier, some of these settings lived under the **Experimental features** tab on the **Features in development** page. -| Parameter | OS | Description | Version | -|:----------------------------|----|:--------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| -| `allowBetaFeatures` | | If `value` is set to `true`, beta features are enabled. | | -| `enableDockerAI` | | If `allowBetaFeatures` is true, setting `enableDockerAI` to `true` enables [Docker AI (Ask Gordon)](/manuals/ai/gordon/_index.md) by default. You can independently control this setting from the `allowBetaFeatures` setting. | | -| `enableInference` | | If `allowBetaFeatures` is true, setting `enableInference` to `true` enables [Docker Model Runner](/manuals/ai/model-runner/_index.md) by default. You can independently control this setting from the `allowBetaFeatures` setting. | | -|         `enableInferenceTCP` | | Enable host-side TCP support. This setting requires Docker Model Runner setting to be enabled first. | | -| `enableDockerMCPToolkit` | | If `allowBetaFeatures` is true, setting `enableDockerMCPToolkit` to `true` enables the [MCP toolkit feature](/manuals/ai/mcp-catalog-and-toolkit/toolkit.md) by default. You can independently control this setting from the `allowBetaFeatures` setting. | | -| `allowExperimentalFeatures` | | If `value` is set to `true`, experimental features are enabled. | Docker Desktop version 4.41 and earlier | +| Parameter | OS | Description | Version | +|:-----------------------------------------------------|----|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------| +| `allowBetaFeatures` | | If `value` is set to `true`, beta features are enabled. | | +| `enableDockerAI` | | If `allowBetaFeatures` is true, setting `enableDockerAI` to `true` enables [Docker AI (Ask Gordon)](/manuals/ai/gordon/_index.md) by default. You can independently control this setting from the `allowBetaFeatures` setting. | | +| `enableInference` | | If `allowBetaFeatures` is true, setting `enableInference` to `true` enables [Docker Model Runner](/manuals/ai/model-runner/_index.md) by default. You can independently control this setting from the `allowBetaFeatures` setting. | | +|         `enableInferenceTCP` | | Enable host-side TCP support. This setting requires Docker Model Runner setting to be enabled first. | | +|         `enableInferenceTCPPort` | | Specifies the exposed TCP port. This setting requires Docker Model Runner setting to be enabled first. | | +|         `enableInferenceCORS` | | Specifies the allowed CORS origins. Empty string to deny all,`*` to accept all, or a list of comma-separated values. This setting requires Docker Model Runner setting to be enabled first. | | +| `enableDockerMCPToolkit` | | If `allowBetaFeatures` is true, setting `enableDockerMCPToolkit` to `true` enables the [MCP toolkit feature](/manuals/ai/mcp-catalog-and-toolkit/toolkit.md) by default. You can independently control this setting from the `allowBetaFeatures` setting. | | +| `allowExperimentalFeatures` | | If `value` is set to `true`, experimental features are enabled. | Docker Desktop version 4.41 and earlier | ### Enhanced Container Isolation diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md index 0d3403a89623..4bb18edb3b82 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md @@ -795,7 +795,7 @@ third-party or unvetted plugins from being installed. - **Beta** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -### Enable host-side TCP support +#### Enable host-side TCP support | Default value | Accepted values | Format | |---------------|-----------------|----------| @@ -808,11 +808,36 @@ third-party or unvetted plugins from being installed. - **Beta** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - > [!NOTE] > > This setting requires Docker Model Runner setting to be enabled first. +##### Port + +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| 12434 | Integer | Integer | + +- **Description:** Specifies the exposed TCP port. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Connect to the Model Runner via TCP. +- **Configure this setting with:** + - **Beta features** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `enableInferenceTCP` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +##### CORS Allowed Origins + +| Default value | Accepted values | Format | +|---------------|---------------------------------------------------------------------------------|--------| +| Empty string | Empty string to deny all,`*` to accept all, or a list of comma-separated values | String | + +- **Description:** Specifies the allowed CORS origins. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Integration with a web app. +- **Configure this setting with:** + - **Beta features** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `enableInferenceCORS` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + ### Enable Docker MCP Toolkit | Default value | Accepted values | Format | @@ -1127,4 +1152,4 @@ overrides are possible. - **OS:** {{< badge color=blue text="All" >}} - **Use case:** Allow users to authenticate with enterprise proxy servers that require Kerberos or NTLM. - **Configure this setting with:** - - Settings Management: `proxy.enableKerberosNtlm` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) \ No newline at end of file + - Settings Management: `proxy.enableKerberosNtlm` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) diff --git a/content/manuals/security/security-announcements.md b/content/manuals/security/security-announcements.md index eed5615e4512..5735a62cbe22 100644 --- a/content/manuals/security/security-announcements.md +++ b/content/manuals/security/security-announcements.md @@ -7,30 +7,38 @@ toc_min: 1 toc_max: 2 --- +## Docker Desktop 4.43.0 Security Update: CVE-2025-6587 + +_Last updated July 03, 2025_ + +A vulnerability in Docker Desktop was fixed on July 03 in the [4.43.0](/manuals/desktop/release-notes.md#4430) release: + +- Fixed [CVE-2025-6587](https://www.cve.org/CVERecord?id=CVE-2025-6587) where sensitive system environment variables were included in Docker Desktop diagnostic logs, allowing for potential secret exposure. + ## Docker Desktop 4.41.0 Security Update: CVE-2025-3224, CVE-2025-4095, and CVE-2025-3911 _Last updated May 15, 2025_ -Three vulnerabilities in Docker Desktop were fixed on April 28 in the [4.41.0](https://docs.docker.com/desktop/release-notes/#4410) release. +Three vulnerabilities in Docker Desktop were fixed on April 28 in the [4.41.0](/manuals/desktop/release-notes.md#4410) release. - Fixed [CVE-2025-3224](https://www.cve.org/CVERecord?id=CVE-2025-3224) allowing an attacker with access to a user machine to perform an elevation of privilege when Docker Desktop updates. - Fixed [CVE-2025-4095](https://www.cve.org/CVERecord?id=CVE-2025-4095) where Registry Access Management (RAM) policies were not enforced when using a MacOS configuration profile, allowing users to pull images from unapproved registries. - Fixed [CVE-2025-3911](https://www.cve.org/CVERecord?id=CVE-2025-3911) allowing an attacker with read access to a user's machine to obtain sensitive information from Docker Desktop log files, including environment variables configured for running containers. -We strongly encourage you to update to Docker Desktop [4.41.0](https://docs.docker.com/desktop/release-notes/#4410). +We strongly encourage you to update to Docker Desktop [4.41.0](/manuals/desktop/release-notes.md#4410). ## Docker Desktop 4.34.2 Security Update: CVE-2024-8695 and CVE-2024-8696 _Last updated September 13, 2024_ -Two remote code execution (RCE) vulnerabilities in Docker Desktop related to Docker Extensions were reported by [Cure53](https://cure53.de/) and were fixed on September 12 in the [4.34.2](https://docs.docker.com/desktop/release-notes/#4342) release. +Two remote code execution (RCE) vulnerabilities in Docker Desktop related to Docker Extensions were reported by [Cure53](https://cure53.de/) and were fixed on September 12 in the [4.34.2](/manuals/desktop/release-notes.md#4342) release. - [CVE-2024-8695](https://www.cve.org/cverecord?id=CVE-2024-8695): A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. [Critical] - [CVE-2024-8696](https://www.cve.org/cverecord?id=CVE-2024-8696): A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. [High] No existing extensions exploiting the vulnerabilities were found in the Extensions Marketplace. The Docker team will be closely monitoring and diligently reviewing any requests for publishing new extensions. -We strongly encourage you to update to Docker Desktop [4.34.2](https://docs.docker.com/desktop/release-notes/#4342). If you are unable to update promptly, you can [disable Docker Extensions](https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions) as a workaround. +We strongly encourage you to update to Docker Desktop [4.34.2](/manuals/desktop/release-notes.md#4342). If you are unable to update promptly, you can [disable Docker Extensions](/manuals/extensions/settings-feedback.md#turn-on-or-turn-off-extensions) as a workaround. ## Deprecation of password logins on CLI when SSO enforced @@ -87,7 +95,7 @@ If you are unable to update to an unaffected version promptly, follow these best * [Enhanced Container Isolation](/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md), which mitigates the impact of CVE-2024-21626 in the case of running containers from malicious images. * [Image Access Management](for-admins/hardened-desktop/image-access-management.md), and [Registry Access Management](/manuals/security/for-admins/hardened-desktop/registry-access-management.md), which give organizations control over which images and repositories their users can access. * For CVE-2024-23650, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, avoid using BuildKit frontend from an untrusted source. A frontend image is usually specified as the #syntax line on your Dockerfile, or with `--frontend` flag when using the `buildctl build` command. -* To mitigate CVE-2024-24557, make sure to either use BuildKit or disable caching when building images. From the CLI this can be done via the `DOCKER_BUILDKIT=1` environment variable (default for Moby >= v23.0 if the buildx plugin is installed) or the `--no-cache flag`. If you are using the HTTP API directly or through a client, the same can be done by setting `nocache` to `true` or `version` to `2` for the [/build API endpoint](https://docs.docker.com/engine/api/v1.44/#tag/Image/operation/ImageBuild). +* To mitigate CVE-2024-24557, make sure to either use BuildKit or disable caching when building images. From the CLI this can be done via the `DOCKER_BUILDKIT=1` environment variable (default for Moby >= v23.0 if the buildx plugin is installed) or the `--no-cache flag`. If you are using the HTTP API directly or through a client, the same can be done by setting `nocache` to `true` or `version` to `2` for the [/build API endpoint](https://docs.docker.com/reference/api/engine/version/v1.44/#tag/Image/operation/ImageBuild). ### Technical details and impact diff --git a/content/reference/compose-file/services.md b/content/reference/compose-file/services.md index 962754b8ab20..eed8488b10ad 100644 --- a/content/reference/compose-file/services.md +++ b/content/reference/compose-file/services.md @@ -43,9 +43,9 @@ services: POSTGRES_DB: exampledb ``` -### Advanced example +### Advanced example -In the following example, the `proxy` service uses the Nginx image, mounts a local Nginx configuration file into the container, exposes port `80` and depends on the `backend` service. +In the following example, the `proxy` service uses the Nginx image, mounts a local Nginx configuration file into the container, exposes port `80` and depends on the `backend` service. The `backend` service builds an image from the Dockerfile located in the `backend` directory that is set to build at stage `builder`. @@ -376,7 +376,9 @@ credential_spec: When using `registry:`, the credential spec is read from the Windows registry on the daemon's host. A registry value with the given name must be located in: - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs +```bash +HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs +``` The following example loads the credential spec from a value named `my-credential-spec` in the registry: @@ -668,7 +670,7 @@ env_file: The `format` attribute lets you use an alternative file format for the `env_file`. When not set, `env_file` is parsed according to the Compose rules outlined in [`Env_file` format](#env_file-format). -`raw` format lets you use an `env_file` with key=value items, but without any attempt from Compose to parse the value for interpolation. +`raw` format lets you use an `env_file` with key=value items, but without any attempt from Compose to parse the value for interpolation. This let you pass values as-is, including quotes and `$` signs. ```yml @@ -760,7 +762,7 @@ expose: > [!NOTE] > -> If the Dockerfile for the image already exposes ports, it is visible to other containers on the network even if `expose` is not set in your Compose file. +> If the Dockerfile for the image already exposes ports, it is visible to other containers on the network even if `expose` is not set in your Compose file. ### `extends` @@ -778,7 +780,7 @@ extends: - `service`: Defines the name of the service being referenced as a base, for example `web` or `database`. - `file`: The location of a Compose configuration file defining that service. -#### Restrictions +#### Restrictions When a service is referenced using `extends`, it can declare dependencies on other resources. These dependencies may be explicitly defined through attributes like `volumes`, `networks`, `configs`, `secrets`, `links`, `volumes_from`, or `depends_on`. Alternatively, dependencies can reference another service using the `service:{name}` syntax in namespace declarations such as `ipc`, `pid`, or `network_mode`. @@ -1022,7 +1024,7 @@ an implicit `gpu` capability. ```yaml services: model: - gpus: + gpus: - driver: 3dfx count: 2 ``` @@ -1325,12 +1327,12 @@ If either is omitted, Compose automatically generates the environment variable n ### `network_mode` -`network_mode` sets a service container's network mode. +`network_mode` sets a service container's network mode. - `none`: Turns off all container networking. - `host`: Gives the container raw access to the host's network interface. -- `service:{name}`: Gives the container access to the specified container by referring to its service name. -- `container:{name}`: Gives the container access to the specified container by referring to its container ID. +- `service:{name}`: Gives the container access to the specified container by referring to its service name. +- `container:{name}`: Gives the container access to the specified container by referring to its container ID. For more information container networks, see the [Docker Engine documentation](/manuals/engine/network/_index.md#container-networks). @@ -1359,7 +1361,7 @@ For more information about the `networks` top-level element, see [Networks](netw ### Implicit default network If `networks` is empty or absent from the Compose file, Compose considers an implicit definition for the service to be -connected to the `default` network: +connected to the `default` network: ```yml services: @@ -1371,9 +1373,9 @@ This example is actually equivalent to: ```yml services: some-service: - image: foo + image: foo networks: - default: {} + default: {} ``` If you want the service to not be connected a network, you must set [`network_mode: none`](#network_mode). @@ -1454,7 +1456,7 @@ services: Running the example Compose application shows: ```console -backend-1 | 11: eth0@if64: mtu 1500 qdisc noqueue state UP +backend-1 | 11: eth0@if64: mtu 1500 qdisc noqueue state UP ``` #### `ipv4_address`, `ipv6_address` @@ -1625,11 +1627,11 @@ in the form: `[HOST:]CONTAINER[/PROTOCOL]` where: -- `HOST` is `[IP:](port | range)` (optional). If it is not set, it binds to all network interfaces (`0.0.0.0`). +- `HOST` is `[IP:](port | range)` (optional). If it is not set, it binds to all network interfaces (`0.0.0.0`). - `CONTAINER` is `port | range`. - `PROTOCOL` restricts ports to a specified protocol either `tcp` or `udp`(optional). Default is `tcp`. -Ports can be either a single value or a range. `HOST` and `CONTAINER` must use equivalent ranges. +Ports can be either a single value or a range. `HOST` and `CONTAINER` must use equivalent ranges. You can either specify both ports (`HOST:CONTAINER`), or just the container port. In the latter case, the container runtime automatically allocates any unassigned port of the host. @@ -1650,10 +1652,10 @@ ports: - "49100:22" - "8000-9000:80" - "127.0.0.1:8001:8001" - - "127.0.0.1:5000-5010:5000-5010" - - "::1:6000:6000" - - "[::1]:6001:6001" - - "6060:6060/udp" + - "127.0.0.1:5000-5010:5000-5010" + - "::1:6000:6000" + - "[::1]:6001:6001" + - "6060:6060/udp" ``` > [!NOTE] @@ -1762,15 +1764,15 @@ services: type: awesomecloud options: type: mysql - foo: bar + foo: bar app: - image: myapp + image: myapp depends_on: - database ``` -As Compose runs the application, the `awesomecloud` binary is used to manage the `database` service setup. -Dependent service `app` receives additional environment variables prefixed by the service name so it can access the resource. +As Compose runs the application, the `awesomecloud` binary is used to manage the `database` service setup. +Dependent service `app` receives additional environment variables prefixed by the service name so it can access the resource. For illustration, assuming `awesomecloud` execution produced variables `URL` and `API_KEY`, the `app` service runs with environment variables `DATABASE_URL` and `DATABASE_API_KEY`. @@ -1906,7 +1908,7 @@ the service's containers. - `mode`: The [permissions](https://wintelguy.com/permissions-calc.pl) for the file to be mounted in `/run/secrets/` in the service's task containers, in octal notation. The default value is world-readable permissions (mode `0444`). - The writable bit must be ignored if set. The executable bit may be set. + The writable bit must be ignored if set. The executable bit may be set. Note that support for `uid`, `gid`, and `mode` attributes are not implemented in Docker Compose when the source of the secret is a [`file`](secrets.md). This is because bind-mounts used under the hood don't allow uid remapping. @@ -1949,7 +1951,7 @@ It's specified as a [byte value](extension.md#specifying-byte-values). ### `stdin_open` -`stdin_open` configures a service's container to run with an allocated stdin. This is the same as running a container with the +`stdin_open` configures a service's container to run with an allocated stdin. This is the same as running a container with the `-i` flag. For more information, see [Keep stdin open](/reference/cli/docker/container/run.md#interactive). Supported values are `true` or `false`. @@ -2036,7 +2038,7 @@ services: ### `tty` -`tty` configures a service's container to run with a TTY. This is the same as running a container with the +`tty` configures a service's container to run with a TTY. This is the same as running a container with the `-t` or `--tty` flag. For more information, see [Allocate a pseudo-TTY](/reference/cli/docker/container/run.md#tty). Supported values are `true` or `false`. @@ -2140,7 +2142,7 @@ The short syntax uses a single string with colon-separated values to specify a v > [!NOTE] > -> For bind mounts, the short syntax creates a directory at the source path on the host if it doesn't exist. This is for backward compatibility with `docker-compose` legacy. +> For bind mounts, the short syntax creates a directory at the source path on the host if it doesn't exist. This is for backward compatibility with `docker-compose` legacy. > It can be prevented by using long syntax and setting `create_host_path` to `false`. #### Long syntax @@ -2170,8 +2172,8 @@ expressed in the short form. > [!TIP] > -> Working with large repositories or monorepos, or with virtual file systems that are no longer scaling with your codebase? -> Compose now takes advantage of [Synchronized file shares](/manuals/desktop/features/synchronized-file-sharing.md) and automatically creates file shares for bind mounts. +> Working with large repositories or monorepos, or with virtual file systems that are no longer scaling with your codebase? +> Compose now takes advantage of [Synchronized file shares](/manuals/desktop/features/synchronized-file-sharing.md) and automatically creates file shares for bind mounts. > Ensure you're signed in to Docker with a paid subscription and have enabled both **Access experimental features** and **Manage Synchronized file shares with Compose** in Docker Desktop's settings. ### `volumes_from` diff --git a/data/summary.yaml b/data/summary.yaml index 84f2aae2dc25..8555d24742d0 100644 --- a/data/summary.yaml +++ b/data/summary.yaml @@ -110,7 +110,7 @@ Compose menu: Compose models: requires: Docker Compose [2.38.0](/manuals/compose/releases/release-notes.md#2380) and later Compose model runner: - requires: Docker Compose [2.35.0](/manuals/compose/releases/release-notes.md#2350) and later, and Docker Desktop 4.41 and later + requires: Docker Compose [2.38.0](/manuals/compose/releases/release-notes.md#2350) and later, and Docker Desktop 4.43 and later Compose OCI artifact: requires: Docker Compose [2.34.0](/manuals/compose/releases/release-notes.md#2340) and later Compose provider services: diff --git a/go.mod b/go.mod index a5a81b7bc8f0..a67a037d7c33 100644 --- a/go.mod +++ b/go.mod @@ -3,20 +3,110 @@ module github.com/docker/docs go 1.24.0 require ( + github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect + github.com/StackExchange/wmi v1.2.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/containerd/containerd/v2 v2.1.3 // indirect + github.com/containerd/errdefs v1.0.0 // indirect + github.com/containerd/errdefs/pkg v0.3.0 // indirect + github.com/containerd/log v0.1.0 // indirect + github.com/containerd/platforms v1.0.0-rc.1 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect + github.com/containerd/typeurl/v2 v2.2.3 // indirect + github.com/distribution/reference v0.6.0 // indirect github.com/docker/buildx v0.25.0 // indirect github.com/docker/cli v28.3.0+incompatible // indirect - github.com/docker/compose/v2 v2.38.1 // indirect - github.com/docker/model-cli v0.1.26-0.20250527144806-15d0078a3c01 // indirect + github.com/docker/compose/v2 v2.38.2 // indirect + github.com/docker/distribution v2.8.3+incompatible // indirect + github.com/docker/docker v28.3.0+incompatible // indirect + github.com/docker/docker-credential-helpers v0.9.3 // indirect + github.com/docker/go-connections v0.5.0 // indirect + github.com/docker/go-units v0.5.0 // indirect + github.com/docker/model-cli v0.1.33-0.20250703103301-d4e4936a9eb2 // indirect + github.com/docker/model-distribution v0.0.0-20250627163720-aff34abcf3e0 // indirect + github.com/docker/model-runner v0.0.0-20250627142917-26a0a73fbbc0 // indirect github.com/docker/scout-cli v1.15.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fsnotify/fsnotify v1.9.0 // indirect + github.com/fvbommel/sortorder v1.1.0 // indirect + github.com/go-logr/logr v1.4.3 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-ole/go-ole v1.3.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/google/go-containerregistry v0.20.6 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gpustack/gguf-parser-go v0.14.1 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1 // indirect + github.com/henvic/httpretty v0.1.4 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jaypipes/ghw v0.17.0 // indirect + github.com/jaypipes/pcidb v1.0.1 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.18.0 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect + github.com/mattn/go-shellwords v1.0.12 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/moby/buildkit v0.23.1 // indirect + github.com/moby/docker-image-spec v1.3.1 // indirect + github.com/moby/locker v1.0.1 // indirect github.com/moby/moby v28.3.0+incompatible // indirect + github.com/moby/sys/atomicwriter v0.1.0 // indirect + github.com/moby/sys/sequential v0.6.0 // indirect + github.com/moby/term v0.5.2 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/morikuni/aec v1.0.0 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/nxadm/tail v1.4.8 // indirect + github.com/olekukonko/tablewriter v0.0.5 // indirect + github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/opencontainers/image-spec v1.1.1 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_model v0.6.2 // indirect + github.com/prometheus/common v0.65.0 // indirect + github.com/rivo/uniseg v0.4.7 // indirect + github.com/rs/dnscache v0.0.0-20230804202142-fc85eb664529 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect + github.com/smallnest/ringbuffer v0.0.0-20241116012123-461381446e3d // indirect + github.com/spf13/cobra v1.9.1 // indirect + github.com/spf13/pflag v1.0.6 // indirect + github.com/vbatts/tar-split v0.12.1 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect + go.opentelemetry.io/otel v1.37.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.34.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 // indirect + go.opentelemetry.io/otel/metric v1.37.0 // indirect + go.opentelemetry.io/otel/sdk v1.37.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.37.0 // indirect + go.opentelemetry.io/otel/trace v1.37.0 // indirect + go.opentelemetry.io/proto/otlp v1.5.0 // indirect + golang.org/x/crypto v0.39.0 // indirect + golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect + golang.org/x/mod v0.25.0 // indirect + golang.org/x/net v0.41.0 // indirect + golang.org/x/sync v0.15.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/text v0.26.0 // indirect + golang.org/x/tools v0.34.0 // indirect + gonum.org/v1/gonum v0.15.1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e // indirect + google.golang.org/grpc v1.73.0 // indirect + google.golang.org/protobuf v1.36.6 // indirect + gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + howett.net/plist v1.0.1 // indirect ) replace ( github.com/docker/buildx => github.com/docker/buildx v0.24.0 github.com/docker/cli => github.com/docker/cli v28.3.0+incompatible github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.38.1 - github.com/docker/model-cli => github.com/docker/model-cli v0.1.26-0.20250527144806-15d0078a3c01 + github.com/docker/model-cli => github.com/docker/model-cli v0.1.33-0.20250703103301-d4e4936a9eb2 github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0 github.com/moby/buildkit => github.com/moby/buildkit v0.22.0 github.com/moby/moby => github.com/moby/moby v28.3.0+incompatible diff --git a/go.sum b/go.sum index 5bd3ce6751e2..774e9565c40a 100644 --- a/go.sum +++ b/go.sum @@ -2,15 +2,25 @@ github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEK github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA= +github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/containerd/containerd/v2 v2.1.3 h1:eMD2SLcIQPdMlnlNF6fatlrlRLAeDaiGPGwmRKLZKNs= +github.com/containerd/containerd/v2 v2.1.3/go.mod h1:8C5QV9djwsYDNhxfTCFjWtTBZrqjditQ4/ghHSYjnHM= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/containerd/platforms v1.0.0-rc.1 h1:83KIq4yy1erSRgOVHNk1HYdPvzdJ5CnsWaRoJX4C41E= +github.com/containerd/platforms v1.0.0-rc.1/go.mod h1:J71L7B+aiM5SdIEqmd9wp6THLVRzJGXfNuWCZCllLA4= github.com/containerd/stargz-snapshotter v0.16.3 h1:zbQMm8dRuPHEOD4OqAYGajJJUwCeUzt4j7w9Iaw58u4= github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8= github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= +github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= +github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -36,6 +46,8 @@ github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBi github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v28.2.2+incompatible h1:CjwRSksz8Yo4+RmQ339Dp/D2tGO5JxwYeqtMOEe0LDw= github.com/docker/docker v28.2.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.3.0+incompatible h1:ffS62aKWupCWdvcee7nBU9fhnmknOqDPaJAMtfK0ImQ= +github.com/docker/docker v28.3.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -46,10 +58,18 @@ github.com/docker/model-cli v0.1.26-0.20250527144806-15d0078a3c01 h1:UL/07fs6IEd github.com/docker/model-cli v0.1.26-0.20250527144806-15d0078a3c01/go.mod h1:1YlKTiA19vEhbmM8EiJVPUFvRifBBI1S3sBpOt6Gbl4= github.com/docker/model-cli v0.1.26-0.20250529165100-f4b458125149 h1:uOLJ8d/isN/mqvr5rEFHVL3pBAWvnjfEEcvPLHJ2JSI= github.com/docker/model-cli v0.1.26-0.20250529165100-f4b458125149/go.mod h1:1YlKTiA19vEhbmM8EiJVPUFvRifBBI1S3sBpOt6Gbl4= +github.com/docker/model-cli v0.1.32 h1:iBYi2SS8ubv18wbhN04cKlds6Bc7VoEKJ11S+R0eFGo= +github.com/docker/model-cli v0.1.32/go.mod h1:2w/B+oBs0aEPbmfdGM+NKy/HURJGDAzECTIKiRaj5Rg= +github.com/docker/model-cli v0.1.33-0.20250703103301-d4e4936a9eb2 h1:gYGGGdufX1uPWCYUDYO05nKWKBsJxvwvYlxMT0Yk74Y= +github.com/docker/model-cli v0.1.33-0.20250703103301-d4e4936a9eb2/go.mod h1:2w/B+oBs0aEPbmfdGM+NKy/HURJGDAzECTIKiRaj5Rg= github.com/docker/model-distribution v0.0.0-20250512190053-b3792c042d57 h1:ZqfKknb+0/uJid8XLFwSl/osjE+WuS6o6I3dh3ZqO4U= github.com/docker/model-distribution v0.0.0-20250512190053-b3792c042d57/go.mod h1:dThpO9JoG5Px3i+rTluAeZcqLGw8C0qepuEL4gL2o/c= +github.com/docker/model-distribution v0.0.0-20250627163720-aff34abcf3e0 h1:bve4JZI06Admw+NewtPfrpJXsvRnGKTQvBOEICNC1C0= +github.com/docker/model-distribution v0.0.0-20250627163720-aff34abcf3e0/go.mod h1:dThpO9JoG5Px3i+rTluAeZcqLGw8C0qepuEL4gL2o/c= github.com/docker/model-runner v0.0.0-20250512190413-96af7b750f88 h1:NkiizYL67HsCnnlEU6BQVoeiC1bAAyJFxw02bO7JC4E= github.com/docker/model-runner v0.0.0-20250512190413-96af7b750f88/go.mod h1:Nw+rx6RRPNdProEb9/BVJyAQn63px6WWlOv+eEpkV7Q= +github.com/docker/model-runner v0.0.0-20250627142917-26a0a73fbbc0 h1:yajuhlGe1xhpWW3eMehQi2RrqiBQiGoi6c6OWiPxMaQ= +github.com/docker/model-runner v0.0.0-20250627142917-26a0a73fbbc0/go.mod h1:vZJiUZH/7O1CyNsEGi1o4khUT4DVRjcwluuamU9fhuM= github.com/docker/scout-cli v1.15.0 h1:VhA9niVftEyZ9f5KGwKnrSfQOp2X3uIU3VbE/gTVMTM= github.com/docker/scout-cli v1.15.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -57,17 +77,26 @@ github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= +github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw= github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= +github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE= +github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/google/go-containerregistry v0.20.3 h1:oNx7IdTI936V8CQRveCjaxOiegWwvM7kqkbXTpyiovI= github.com/google/go-containerregistry v0.20.3/go.mod h1:w00pIgBRDVUDFM6bq+Qx8lwNWK+cxgCuX1vd3PIBDNI= +github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU= +github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -79,21 +108,32 @@ github.com/henvic/httpretty v0.1.4 h1:Jo7uwIRWVFxkqOnErcoYfH90o3ddQyVrSANeS4cxYm github.com/henvic/httpretty v0.1.4/go.mod h1:Dn60sQTZfbt2dYsdUSNsCljyF4AfdqnuJFDLJA1I4AM= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jaypipes/ghw v0.17.0 h1:EVLJeNcy5z6GK/Lqby0EhBpynZo+ayl8iJWY0kbEUJA= +github.com/jaypipes/ghw v0.17.0/go.mod h1:In8SsaDqlb1oTyrbmTC14uy+fbBMvp+xdqX51MidlD8= +github.com/jaypipes/pcidb v1.0.1 h1:WB2zh27T3nwg8AE8ei81sNRb9yWBii3JGNJtT7K9Oic= +github.com/jaypipes/pcidb v1.0.1/go.mod h1:6xYUz/yYEyOkIkUt2t2J2folIuZ4Yg6uByCGFXMCeE4= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk= +github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/moby/buildkit v0.22.0 h1:aWN06w1YGSVN1XfeZbj2ZbgY+zi5xDAjEFI8Cy9fTjA= github.com/moby/buildkit v0.22.0/go.mod h1:j4pP5hxiTWcz7xuTK2cyxQislHl/N2WWHzOy43DlLJw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= +github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/moby v28.2.1+incompatible h1:UYmHExYP8S0uGKDozhYw7RJ+LpANL51g4fa3qT0Q2GA= github.com/moby/moby v28.2.1+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc= github.com/moby/moby v28.3.0+incompatible h1:BnZpCciB9dCnfNC+MerxqsHV4I6/gLiZIzzbRFJIhUY= @@ -111,6 +151,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= @@ -122,6 +164,10 @@ github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgr github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= +github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= +github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE= +github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -147,8 +193,12 @@ go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJyS go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 h1:Hf9xI/XLML9ElpiHVDNwvqI0hIFlzV8dgIr35kV1kRU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0/go.mod h1:NfchwuyNoMcZ5MLHwPrODwUF1HWCXWrL31s8gSAdIKY= go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= +go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= +go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.34.0 h1:ajl4QczuJVA2TU9W9AGw++86Xga/RKt//16z/yxPgdk= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.34.0/go.mod h1:Vn3/rlOJ3ntf/Q3zAI0V5lDnTbHGaUsNUeF6nZmm7pA= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw= @@ -157,12 +207,20 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 h1:m639+ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0/go.mod h1:LjReUci/F4BUyv+y4dwnq3h/26iNOeC3wAIqgvTIZVo= go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= +go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= +go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= +go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= +go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= +go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= +go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= +go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= +go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -170,41 +228,56 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE= golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 h1:R84qjqJb5nVJMxqWYb3np9L5ZsaDtB+a39EqjV0JSUM= golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:S9Xr4PYopiDyqSyp5NjCrhFrqg6A5zA2E/iPHPhqnS8= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= +golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY= golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ= golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= +golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0= golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU= +golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= +golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU= golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s= +golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= +golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -213,14 +286,26 @@ gonum.org/v1/gonum v0.15.1 h1:FNy7N6OUZVUaWG9pTiD+jlhdQ3lMP+/LcTpJ6+a8sQ0= gonum.org/v1/gonum v0.15.1/go.mod h1:eZTZuRFrzu5pcyjN5wJhcIhnUdNijYxX1T2IcrOGY0o= google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2 h1:35ZFtrCgaAjF7AFAK0+lRSf+4AyYnWRbH7og13p7rZ4= google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2/go.mod h1:W9ynFDP/shebLB1Hl/ESTOap2jHd6pmLXPNZC7SVDbA= +google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 h1:hE3bRWtU6uceqlh4fhrSnUyjKHMKB9KrTLLG+bc0ddM= +google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463/go.mod h1:U90ffi8eUL9MwPcrJylN5+Mk2v3vuPDptd5yyNUiRR8= google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2 h1:DMTIbak9GhdaSxEjvVzAeNZvyc03I61duqNbnm3SU0M= google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 h1:e0AIkUUhxyBKh6ssZNrAMeqhA7RKUj42346d1y02i2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e h1:ztQaXfzEXTmCBvbtWYRhJxW+0iJcz2qXfd38/e9l7bA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA= google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= +google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= +google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +howett.net/plist v1.0.1 h1:37GdZ8tP09Q35o9ych3ehygcsL+HqKSwzctveSlarvM= +howett.net/plist v1.0.1/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= diff --git a/hugo.yaml b/hugo.yaml index 9235e5a6e689..6b5f68109081 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -140,7 +140,7 @@ params: # (Used to show e.g., "latest" and "latest"-1 in engine install examples docker_ce_version_prev: "28.3.0" # Latest Docker Compose version - compose_version: "v2.38.1" + compose_version: "v2.38.2" # Latest BuildKit version buildkit_version: "0.23.2" diff --git a/layouts/partials/breadcrumbs.html b/layouts/partials/breadcrumbs.html index 1b2a0ea2f053..fc893af263e2 100644 --- a/layouts/partials/breadcrumbs.html +++ b/layouts/partials/breadcrumbs.html @@ -2,7 +2,7 @@ id="breadcrumbs" {{- $breadcrumbTitles := slice }} data-pagefind-ignore - class="mb-4 flex min-w-0 items-center gap-2 text-gray-400 dark:text-gray-300" + class="breadcrumbs mb-4 flex min-w-0 items-center gap-2 text-gray-400 dark:text-gray-300" > {{ range .Ancestors.Reverse }} {{ $breadcrumbTitles = $breadcrumbTitles | append .LinkTitle }} diff --git a/layouts/partials/content-default.html b/layouts/partials/content-default.html index 3492323720a2..24dbbbce5a5c 100644 --- a/layouts/partials/content-default.html +++ b/layouts/partials/content-default.html @@ -13,7 +13,7 @@

{{ .Title }}

{{ .Content }} - diff --git a/layouts/partials/github-links.html b/layouts/partials/github-links.html index 8e4694ca37f8..cea019c11548 100644 --- a/layouts/partials/github-links.html +++ b/layouts/partials/github-links.html @@ -7,7 +7,7 @@ {{ with .File }} {{ if not (in .Filename "/_vendor/") }}

- + {{ partial "utils/svg.html" "theme/icons/edit.svg" }} - + {{ partial "utils/svg.html" "theme/icons/issue.svg" }} +

[!NOTE] -> -> Docker retains the activity data for a period of three months. - -### Customize the activity logs - -By default, all activities that occur are displayed on the **Activity** tab. Use the calendar option to select a date range and customize your results. After you have selected a date range, the activity logs of all the activities that occurred during that period are displayed. - -> [!NOTE] -> -> Activities created by the Docker Support team as part of resolving customer issues appear in the activity logs as **dockersupport**. - -Select the **All Activities** drop-down to view activities that are specific to an organization, repository, or billing. In Docker Hub, if you select the **Activities** tab from the **Repository** view, you can only filter repository-level activities. - -After choosing **Organization**, **Repository**, or **Billing**, you can further refine the results using the **All Actions** drop-down. diff --git a/layouts/shortcodes/admin-users.html b/layouts/shortcodes/admin-users.html deleted file mode 100644 index 66d946d3e111..000000000000 --- a/layouts/shortcodes/admin-users.html +++ /dev/null @@ -1,150 +0,0 @@ -{{ $invite_button := "**Invite members**" }} -{{ $export_button := "**Export members**" }} -{{ $member_navigation := "Select **My Hub**, your organization, and then **Members**." }} -{{ $remove_button := "**Remove member**" }} -{{ $product_link := "[Docker Hub](https://hub.docker.com)" }} -{{ $role_mapping_link := "[SCIM for role mapping](/security/for-admins/provisioning/scim/)" }} -{{ $export_fields := `The CSV file for an organization contains the following fields: -* **Name**: The user's name. -* **Username**: The user's Docker ID. -* **Email**: The user's email address. -* **Type**: The type of user. For example, **Invitee** for users who have not accepted the organization's invite, - or **User** for users who are members of the organization. -* **Role**: The user's role in the organization. For example, **Member** or **Owner**. -* **Teams**: The teams where the user is a member. A team is not listed for invitees. -* **Date Joined**: The time and date when the user was invited to the organization.` }} - -{{ if eq (.Get "product") "admin" }} -{{ $invite_button = "**Invite**" }} -{{ $export_button = "the **Action** icon and then select **Export users as CSV**" }} -{{ $member_navigation = "Select **Members**." }} -{{ $remove_button = "**Remove member**" }} -{{ $product_link = "[Docker Home](https://app.docker.com) and select your organization." }} -{{ $role_mapping_link = "[SCIM for role mapping](/security/for-admins/provisioning/scim/)" }} -{{ if eq (.Get "layer") "company" }} -{{ $export_fields = `The CSV file for a company contains the following fields: -* **Name**: The user's name. -* **Username**: The user's Docker ID. -* **Email**: The user's email address. -* **Member of Organizations**: All organizations the user is a member of within a company. -* **Invited to Organizations**: All organizations the user is an invitee of within a company. -* **Account Created**: The time and date when the user account was created.` }} -{{ $member_navigation = "Select your organization from the **Choose profile** page, and then select **Members**." }} -{{ $remove_button = "**Remove user**" }} -{{ $role_mapping_link = "[SCIM for role mapping](/security/for-admins/provisioning/scim/)"}} -{{ end }} -{{ end }} - -Owners can invite new members to an organization via Docker ID, email address, or with a CSV file containing email -addresses. If an invitee does not have a Docker account, they must create an account and verify their email address -before they can accept an invitation to join the organization. When inviting members, their pending invitation occupies -a seat. - -### Invite members via Docker ID or email address - -Use the following steps to invite members to your organization via Docker ID or email address. To invite a large amount -of members to your organization via CSV file, see the next section. - -1. Sign in to {{ $product_link }}. -2. {{ $member_navigation }} -3. Select {{ $invite_button }}. -4. Select **Emails or usernames**. -5. Follow the on-screen instructions to invite members. - Invite a maximum of 1000 members and separate multiple entries by comma, semicolon, or space. - - > [!NOTE] - > - > When you invite members, you assign them a role. - > See [Roles and permissions](/security/for-admins/roles-and-permissions/) - > for details about the access permissions for each role. - - Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept - or decline the invitation. - -### Invite members via CSV file - -To invite multiple members to an organization via a CSV file containing email addresses: - -1. Sign in to {{ $product_link }}. -2. {{ $member_navigation }} -3. Select {{ $invite_button }}. -4. Select **CSV upload**. -5. Select **Download the template CSV file** to optionally download an example CSV file. - The following is an example of the contents of a valid CSV file. - - ```text - email - docker.user-0@example.com - docker.user-1@example.com - ``` - - CSV file requirements: - - - The file must contain a header row with at least one heading named `email`. Additional columns are allowed and are - ignored in the import. - - The file must contain a maximum of 1000 email addresses (rows). To invite more than 1000 users, create multiple CSV - files and perform all steps in this task for each file. - -6. Create a new CSV file or export a CSV file from another application. - - - To export a CSV file from another application, see the application’s documentation. - - To create a new CSV file, open a new file in a text editor, type `email` on the first line, type the user email - addresses one per line on the following lines, and then save the file with a .csv extension. - -7. Select **Browse files** and then select your CSV file, or drag and drop the CSV file into the **Select a CSV file to - upload** box. You can only select one CSV file at a time. - - > [!NOTE] - > - > If the amount of email addresses in your CSV file exceeds the number of available seats in your organization, you - > cannot continue to invite members. To invite members, you can purchase more seats, or remove some email addresses from - > the CSV file and re-select the new file. To purchase more seats, see [Add seats to your - > subscription](/subscription/add-seats/) or [Contact sales](https://www.docker.com/pricing/contact-sales/). - -8. After the CSV file has been uploaded, select **Review**. - - Valid email addresses and any email addresses that have issues appear. - Email addresses may have the following issues: - - - Invalid email: The email address is not a valid address. - The email address will be ignored if you send invites. - You can correct the email address in the CSV file and re-import the file. - - Already invited: The user has already been sent an invite email and another invite email will not be sent. - - Member: The user is already a member of your organization and an invite email will not be sent. - - Duplicate: The CSV file has multiple occurrences of the same email address. - The user will be sent only one invite email. - -9. Follow the on-screen instructions to invite members. - - > [!NOTE] - > - > When you invite members, you assign them a role. - > See [Roles and permissions](/security/for-admins/roles-and-permissions/) - > for details about the access permissions for each role. - -Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept -or decline the invitation. - -### Resend invitations to users - -You can send individual invitations, or bulk invitations from the Admin Console. - -To resend an individual invitation: - -1. In [Docker Home](https://app.docker.com/), select your company. -2. Select **Admin Console**, then **Users**. -3. Select the **action menu** next to the invitee and select **Resend**. -4. Select **Invite** to confirm. - -To bulk resend invitations: - -1. In [Docker Home](https://app.docker.com/), select your company. -2. Select **Admin Console**, then **Users**. -3. Use the **checkboxes** next to **Usernames** to bulk select users. -4. Select **Resend invites**. -5. Select **Resend** to confirm. - -### Invite members via API - -You can bulk invite members using the Docker Hub API. For more information, see -the [Bulk create invites](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1bulk/post) API endpoint. \ No newline at end of file