diff --git a/_data/buildx/docker_buildx.yaml b/_data/buildx/docker_buildx.yaml index fb100ccfad..d03487be85 100644 --- a/_data/buildx/docker_buildx.yaml +++ b/_data/buildx/docker_buildx.yaml @@ -35,6 +35,7 @@ options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_bake.yaml b/_data/buildx/docker_buildx_bake.yaml index 016572afd2..88daea3e0b 100644 --- a/_data/buildx/docker_buildx_bake.yaml +++ b/_data/buildx/docker_buildx_bake.yaml @@ -22,6 +22,7 @@ options: description: Build definition file details_url: '#file' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -31,6 +32,7 @@ options: default_value: "false" description: Shorthand for `--set=*.output=type=docker` deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -39,6 +41,7 @@ options: value_type: string description: Write build result metadata to the file deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -49,6 +52,7 @@ options: description: Do not use cache when building the image details_url: '#no-cache' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -59,6 +63,7 @@ options: description: Print the options without building details_url: '#print' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -70,6 +75,7 @@ options: Set type of progress output (`auto`, `plain`, `tty`). Use plain to show container output details_url: '#progress' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -77,9 +83,10 @@ options: - option: pull value_type: bool default_value: "false" - description: Always attempt to pull a newer version of the image + description: Always attempt to pull all referenced images details_url: '#pull' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -89,6 +96,7 @@ options: default_value: "false" description: Shorthand for `--set=*.output=type=registry` deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -99,6 +107,7 @@ options: description: Override target value (e.g., `targetpattern.key=value`) details_url: '#set' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -109,6 +118,7 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -170,10 +180,10 @@ examples: |- You can also use a remote `git` bake definition: ```console - $ docker buildx bake "git://github.com/docker/cli#v20.10.11" --print - #1 [internal] load git source git://github.com/docker/cli#v20.10.11 + $ docker buildx bake "https://github.com/docker/cli.git#v20.10.11" --print + #1 [internal] load git source https://github.com/docker/cli.git#v20.10.11 #1 0.745 e8f1871b077b64bcb4a13334b7146492773769f7 refs/tags/v20.10.11 - #1 2.022 From git://github.com/docker/cli + #1 2.022 From https://github.com/docker/cli #1 2.022 * [new tag] v20.10.11 -> v20.10.11 #1 DONE 2.9s { @@ -186,7 +196,7 @@ examples: |- }, "target": { "binary": { - "context": "git://github.com/docker/cli#v20.10.11", + "context": "https://github.com/docker/cli.git#v20.10.11", "dockerfile": "Dockerfile", "args": { "BASE_VARIANT": "alpine", @@ -205,7 +215,7 @@ examples: |- } ``` - As you can see the context is fixed to `git://github.com/docker/cli` even if + As you can see the context is fixed to `https://github.com/docker/cli.git` even if [no context is actually defined](https://github.com/docker/cli/blob/2776a6d694f988c0c1df61cad4bfac0f54e481c8/docker-bake.hcl#L17-L26) in the definition. @@ -226,7 +236,7 @@ examples: |- ``` ```console - $ docker buildx bake "git://github.com/tonistiigi/buildx#remote-test" --print + $ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" --print { "target": { "default": { @@ -240,7 +250,7 @@ examples: |- ```console $ touch foo bar - $ docker buildx bake "git://github.com/tonistiigi/buildx#remote-test" + $ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" ... > [4/4] RUN ls -l && stop: #8 0.101 total 0 @@ -250,14 +260,14 @@ examples: |- ``` ```console - $ docker buildx bake "git://github.com/tonistiigi/buildx#remote-test" "git://github.com/docker/cli#v20.10.11" --print - #1 [internal] load git source git://github.com/tonistiigi/buildx#remote-test + $ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" "https://github.com/docker/cli.git#v20.10.11" --print + #1 [internal] load git source https://github.com/tonistiigi/buildx.git#remote-test #1 0.429 577303add004dd7efeb13434d69ea030d35f7888 refs/heads/remote-test #1 CACHED { "target": { "default": { - "context": "git://github.com/docker/cli#v20.10.11", + "context": "https://github.com/docker/cli.git#v20.10.11", "dockerfile": "Dockerfile", "dockerfile-inline": "FROM alpine\nWORKDIR /src\nCOPY . .\nRUN ls -l \u0026\u0026 stop\n" } @@ -266,7 +276,7 @@ examples: |- ``` ```console - $ docker buildx bake "git://github.com/tonistiigi/buildx#remote-test" "git://github.com/docker/cli#v20.10.11" + $ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" "https://github.com/docker/cli.git#v20.10.11" ... > [4/4] RUN ls -l && stop: #8 0.136 drwxrwxrwx 5 root root 4096 Jul 27 18:31 kubernetes @@ -335,7 +345,6 @@ examples: |- ... ``` - ### Always attempt to pull a newer version of the image (--pull) {#pull} Same as `build --pull`. @@ -349,9 +358,6 @@ examples: |- Override target configurations from command line. The pattern matching syntax is defined in https://golang.org/pkg/path/#Match. - - **Examples** - ```console $ docker buildx bake --set target.args.mybuildarg=value $ docker buildx bake --set target.platform=linux/arm64 @@ -384,8 +390,7 @@ examples: |- Note: Design of bake command is work in progress, the user experience may change based on feedback. - - **Example HCL definition** + HCL definition example: ```hcl group "default" { @@ -410,8 +415,8 @@ examples: |- Complete list of valid target fields: - `args`, `cache-from`, `cache-to`, `context`, `dockerfile`, `inherits`, `labels`, - `no-cache`, `output`, `platform`, `pull`, `secrets`, `ssh`, `tags`, `target` + `args`, `cache-from`, `cache-to`, `context`, `contexts`, `dockerfile`, `inherits`, `labels`, + `no-cache`, `no-cache-filter`, `output`, `platform`, `pull`, `secrets`, `ssh`, `tags`, `target` ### Global scope attributes @@ -521,6 +526,28 @@ examples: |- } ``` + alternatively, in json format: + + ```json + { + "variable": { + "TAG": { + "default": "latest" + } + } + "group": { + "default": { + "targets": ["webapp"] + } + }, + "target": { + "webapp": { + "tags": ["docker.io/username/webapp:${TAG}"] + } + } + } + ``` + ```console $ docker buildx bake --print webapp { @@ -848,6 +875,77 @@ examples: |- } ``` + ### Defining additional build contexts and linking targets + + In addition to the main `context` key that defines the build context each target can also define additional named contexts with a map defined with key `contexts`. These values map to the `--build-context` flag in the [build command](buildx_build.md#build-context). + + Inside the Dockerfile these contexts can be used with the `FROM` instruction or `--from` flag. + + The value can be a local source directory, container image (with docker-image:// prefix), Git URL, HTTP URL or a name of another target in the Bake file (with target: prefix). + + #### Pinning alpine image + + ```Dockerfile + # Dockerfile + FROM alpine + RUN echo "Hello world" + ``` + + ```hcl + # docker-bake.hcl + target "app" { + contexts = { + alpine = "docker-image://alpine:3.13" + } + } + ``` + + #### Using a secondary source directory + + ```Dockerfile + # Dockerfile + + FROM scratch AS src + + FROM golang + COPY --from=src . . + ``` + + ```hcl + # docker-bake.hcl + target "app" { + contexts = { + src = "../path/to/source" + } + } + ``` + + #### Using a result of one target as a base image in another target + + To use a result of one target as a build context of another, specity the target name with `target:` prefix. + + ```Dockerfile + # Dockerfile + FROM baseapp + RUN echo "Hello world" + ``` + + ```hcl + # docker-bake.hcl + + target "base" { + dockerfile = "baseapp.Dockerfile" + } + + target "app" { + contexts = { + baseapp = "target:base" + } + } + ``` + + Please note that in most cases you should just use a single multi-stage Dockerfile with multiple targets for similar behavior. This case is recommended when you have multiple Dockerfiles that can't be easily merged into one. + ### Extension field with Compose [Special extension](https://github.com/compose-spec/compose-spec/blob/master/spec.md#extension) @@ -959,7 +1057,7 @@ examples: |- Complete list of valid fields for `x-bake`: `tags`, `cache-from`, `cache-to`, `secret`, `ssh`, `platforms`, `output`, - `pull`, `no-cache` + `pull`, `no-cache`, `no-cache-filter` ### Built-in variables diff --git a/_data/buildx/docker_buildx_build.yaml b/_data/buildx/docker_buildx_build.yaml index c46da69a11..381064e5a5 100644 --- a/_data/buildx/docker_buildx_build.yaml +++ b/_data/buildx/docker_buildx_build.yaml @@ -7,7 +7,7 @@ long: |- For documentation on most of these flags, refer to the [`docker build` documentation](/engine/reference/commandline/build/). In - here we’ll document a subset of the new flags. + here we'll document a subset of the new flags. usage: docker buildx build [OPTIONS] PATH | URL | - pname: docker buildx plink: docker_buildx.yaml @@ -18,6 +18,7 @@ options: description: 'Add a custom host-to-IP mapping (format: `host:ip`)' details_url: /engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -29,6 +30,7 @@ options: Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`) details_url: '#allow' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -37,8 +39,20 @@ options: value_type: stringArray default_value: '[]' description: Set build-time variables - details_url: /engine/reference/commandline/build/#set-build-time-variables---build-arg + details_url: '#build-arg' deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +- option: build-context + value_type: stringArray + default_value: '[]' + description: Additional build contexts (e.g., name=path) + details_url: '#build-context' + deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -50,6 +64,7 @@ options: External cache sources (e.g., `user/app:cache`, `type=local,src=path/to/dir`) details_url: '#cache-from' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -61,6 +76,7 @@ options: Cache export destinations (e.g., `user/app:cache`, `type=local,dest=path/to/dir`) details_url: '#cache-to' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -70,6 +86,7 @@ options: description: Optional parent cgroup for the container details_url: /engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -79,6 +96,7 @@ options: default_value: "false" description: Compress the build context using gzip deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -88,6 +106,7 @@ options: default_value: "0" description: Limit the CPU CFS (Completely Fair Scheduler) period deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -97,6 +116,7 @@ options: default_value: "0" description: Limit the CPU CFS (Completely Fair Scheduler) quota deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -107,6 +127,7 @@ options: default_value: "0" description: CPU shares (relative weight) deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -115,6 +136,7 @@ options: value_type: string description: CPUs in which to allow execution (`0-3`, `0,1`) deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -123,6 +145,7 @@ options: value_type: string description: MEMs in which to allow execution (`0-3`, `0,1`) deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -133,6 +156,7 @@ options: description: 'Name of the Dockerfile (default: `PATH/Dockerfile`)' details_url: /engine/reference/commandline/build/#specify-a-dockerfile--f deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -142,6 +166,7 @@ options: default_value: "false" description: Always remove intermediate containers deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -150,6 +175,7 @@ options: value_type: string description: Write the image ID to the file deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -158,6 +184,7 @@ options: value_type: string description: Container isolation technology deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -167,6 +194,7 @@ options: default_value: '[]' description: Set metadata for an image deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -177,6 +205,7 @@ options: description: Shorthand for `--output=type=docker` details_url: '#load' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -186,6 +215,7 @@ options: value_type: string description: Memory limit deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -195,6 +225,7 @@ options: description: | Swap limit equal to memory plus swap: `-1` to enable unlimited swap deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -202,7 +233,9 @@ options: - option: metadata-file value_type: string description: Write build result metadata to the file + details_url: '#metadata-file' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -210,8 +243,9 @@ options: - option: network value_type: string default_value: default - description: Set the networking mode for the RUN instructions during build + description: Set the networking mode for the `RUN` instructions during build deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -221,6 +255,17 @@ options: default_value: "false" description: Do not use cache when building the image deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +- option: no-cache-filter + value_type: stringArray + default_value: '[]' + description: Do not cache specified stages + deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -232,6 +277,7 @@ options: description: 'Output destination (format: `type=local,dest=path`)' details_url: '#output' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -242,6 +288,7 @@ options: description: Set target platform for build details_url: '#platform' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -253,6 +300,7 @@ options: Set type of progress output (`auto`, `plain`, `tty`). Use plain to show container output details_url: '#progress' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -260,8 +308,9 @@ options: - option: pull value_type: bool default_value: "false" - description: Always attempt to pull a newer version of the image + description: Always attempt to pull all referenced images deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -272,6 +321,7 @@ options: description: Shorthand for `--output=type=registry` details_url: '#push' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -282,6 +332,7 @@ options: default_value: "false" description: Suppress the build output and print image ID on success deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -291,6 +342,7 @@ options: default_value: "true" description: Remove intermediate containers after a successful build deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -299,8 +351,10 @@ options: value_type: stringArray default_value: '[]' description: | - Secret file to expose to the build (format: `id=mysecret,src=/local/secret`) + Secret to expose to the build (format: `id=mysecret[,src=/local/secret]`) + details_url: '#secret' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -310,6 +364,7 @@ options: default_value: '[]' description: Security options deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -320,6 +375,7 @@ options: description: Size of `/dev/shm` details_url: '#shm-size' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -329,6 +385,7 @@ options: default_value: "false" description: Squash newly built layers into a single new layer deprecated: false + hidden: true experimental: false experimentalcli: false kubernetes: false @@ -338,7 +395,9 @@ options: default_value: '[]' description: | SSH agent socket or keys to expose to the build (format: `default|[=|[,]]`) + details_url: '#ssh' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -350,15 +409,17 @@ options: description: 'Name and optionally a tag (format: `name:tag`)' details_url: /engine/reference/commandline/build/#tag-an-image--t deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false - option: target value_type: string - description: Set the target build stage to build. + description: Set the target build stage to build details_url: /engine/reference/commandline/build/#specifying-target-build-stage---target deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -369,6 +430,7 @@ options: description: Ulimit options details_url: '#ulimit' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -379,81 +441,202 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false examples: |- - ### Override the configured builder instance (--builder) {#builder} - - Same as [`buildx --builder`](buildx.md#builder). - - ### Set the target platforms for the build (--platform) {#platform} + ### Allow extra privileged entitlement (--allow) {#allow} ``` - --platform=value[,value] + --allow=ENTITLEMENT ``` - Set the target platform for the build. All `FROM` commands inside the Dockerfile - without their own `--platform` flag will pull base images for this platform and - this value will also be the platform of the resulting image. The default value - will be the current platform of the buildkit daemon. + Allow extra privileged entitlement. List of entitlements: - When using `docker-container` driver with `buildx`, this flag can accept multiple - values as an input separated by a comma. With multiple values the result will be - built for all of the specified platforms and joined together into a single manifest - list. + - `network.host` - Allows executions with host networking. + - `security.insecure` - Allows executions without sandbox. See + [related Dockerfile extensions](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/experimental.md#run---securityinsecuresandbox). - If the `Dockerfile` needs to invoke the `RUN` command, the builder needs runtime - support for the specified platform. In a clean setup, you can only execute `RUN` - commands for your system architecture. - If your kernel supports [`binfmt_misc`](https://en.wikipedia.org/wiki/Binfmt_misc) - launchers for secondary architectures, buildx will pick them up automatically. - Docker desktop releases come with `binfmt_misc` automatically configured for `arm64` - and `arm` architectures. You can see what runtime platforms your current builder - instance supports by running `docker buildx inspect --bootstrap`. - - Inside a `Dockerfile`, you can access the current platform value through - `TARGETPLATFORM` build argument. Please refer to the [`docker build` - documentation](/engine/reference/builder/#automatic-platform-args-in-the-global-scope) - for the full description of automatic platform argument variants . - - The formatting for the platform specifier is defined in the [containerd source - code](https://github.com/containerd/containerd/blob/v1.4.3/platforms/platforms.go#L63). + For entitlements to be enabled, the `buildkitd` daemon also needs to allow them + with `--allow-insecure-entitlement` (see [`create --buildkitd-flags`](buildx_create.md#buildkitd-flags)) **Examples** ```console - $ docker buildx build --platform=linux/arm64 . - $ docker buildx build --platform=linux/amd64,linux/arm64,linux/arm/v7 . - $ docker buildx build --platform=darwin . + $ docker buildx create --use --name insecure-builder --buildkitd-flags '--allow-insecure-entitlement security.insecure' + $ docker buildx build --allow security.insecure . ``` - ### Set type of progress output (--progress) {#progress} + ### Set build-time variables (--build-arg) {#build-arg} - ``` - --progress=VALUE - ``` + Same as [`docker build` command](/engine/reference/commandline/build/#set-build-time-variables---build-arg). - Set type of progress output (auto, plain, tty). Use plain to show container - output (default "auto"). + There are also useful built-in build args like: - > You can also use the `BUILDKIT_PROGRESS` environment variable to set - > its value. - - The following example uses `plain` output during the build: + * `BUILDKIT_CONTEXT_KEEP_GIT_DIR=` trigger git context to keep the `.git` directory + * `BUILDKIT_INLINE_BUILDINFO_ATTRS=` inline build info attributes in image config or not + * `BUILDKIT_INLINE_CACHE=` inline cache metadata to image config or not + * `BUILDKIT_MULTI_PLATFORM=` opt into determnistic output regardless of multi-platform output or not ```console - $ docker buildx build --load --progress=plain . + $ docker buildx build --build-arg BUILDKIT_MULTI_PLATFORM=1 . + ``` - #1 [internal] load build definition from Dockerfile - #1 transferring dockerfile: 227B 0.0s done - #1 DONE 0.1s + More built-in build args can be found in [dockerfile frontend docs](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#built-in-build-args). - #2 [internal] load .dockerignore - #2 transferring context: 129B 0.0s done - #2 DONE 0.0s - ... + ### Additional build contexts (--build-context) {#build-context} + + ``` + --build-context=name=VALUE + ``` + + Define additional build context with specified contents. In Dockerfile the context can be accessed when `FROM name` or `--from=name` is used. + When Dockerfile defines a stage with the same name it is overwritten. + + The value can be a local source directory, container image (with docker-image:// prefix), Git or HTTP URL. + + Replace `alpine:latest` with a pinned one: + + ```console + $ docker buildx build --build-context alpine=docker-image://alpine@sha256:0123456789 . + ``` + + Expose a secondary local source directory: + + ```console + $ docker buildx build --build-context project=path/to/project/source . + # docker buildx build --build-context project=https://github.com/myuser/project.git . + ``` + + ```Dockerfile + FROM alpine + COPY --from=project myfile / + ``` + + ### Override the configured builder instance (--builder) {#builder} + + Same as [`buildx --builder`](buildx.md#builder). + + ### Use an external cache source for a build (--cache-from) {#cache-from} + + ``` + --cache-from=[NAME|type=TYPE[,KEY=VALUE]] + ``` + + Use an external cache source for a build. Supported types are `registry`, + `local` and `gha`. + + - [`registry` source](https://github.com/moby/buildkit#registry-push-image-and-cache-separately) + can import cache from a cache manifest or (special) image configuration on the + registry. + - [`local` source](https://github.com/moby/buildkit#local-directory-1) can + import cache from local files previously exported with `--cache-to`. + - [`gha` source](https://github.com/moby/buildkit#github-actions-cache-experimental) + can import cache from a previously exported cache with `--cache-to` in your + GitHub repository + + If no type is specified, `registry` exporter is used with a specified reference. + + `docker` driver currently only supports importing build cache from the registry. + + ```console + $ docker buildx build --cache-from=user/app:cache . + $ docker buildx build --cache-from=user/app . + $ docker buildx build --cache-from=type=registry,ref=user/app . + $ docker buildx build --cache-from=type=local,src=path/to/cache . + $ docker buildx build --cache-from=type=gha . + ``` + + More info about cache exporters and available attributes: https://github.com/moby/buildkit#export-cache + + ### Export build cache to an external cache destination (--cache-to) {#cache-to} + + ``` + --cache-to=[NAME|type=TYPE[,KEY=VALUE]] + ``` + + Export build cache to an external cache destination. Supported types are + `registry`, `local`, `inline` and `gha`. + + - [`registry` type](https://github.com/moby/buildkit#registry-push-image-and-cache-separately) exports build cache to a cache manifest in the registry. + - [`local` type](https://github.com/moby/buildkit#local-directory-1) type + exports cache to a local directory on the client. + - [`inline` type](https://github.com/moby/buildkit#inline-push-image-and-cache-together) + type writes the cache metadata into the image configuration. + - [`gha` type](https://github.com/moby/buildkit#github-actions-cache-experimental) + type exports cache through the [Github Actions Cache service API](https://github.com/tonistiigi/go-actions-cache/blob/master/api.md#authentication). + + `docker` driver currently only supports exporting inline cache metadata to image + configuration. Alternatively, `--build-arg BUILDKIT_INLINE_CACHE=1` can be used + to trigger inline cache exporter. + + Attribute key: + + - `mode` - Specifies how many layers are exported with the cache. `min` on only + exports layers already in the final build stage, `max` exports layers for + all stages. Metadata is always exported for the whole build. + + ```console + $ docker buildx build --cache-to=user/app:cache . + $ docker buildx build --cache-to=type=inline . + $ docker buildx build --cache-to=type=registry,ref=user/app . + $ docker buildx build --cache-to=type=local,dest=path/to/cache . + $ docker buildx build --cache-to=type=gha . + ``` + + More info about cache exporters and available attributes: https://github.com/moby/buildkit#export-cache + + ### Load the single-platform build result to `docker images` (--load) {#load} + + Shorthand for [`--output=type=docker`](#docker). Will automatically load the + single-platform build result to `docker images`. + + ### Write build result metadata to the file (--metadata-file) {#metadata-file} + + To output build metadata such as the image digest, pass the `--metadata-file` flag. + The metadata will be written as a JSON object to the specified file. The + directory of the specified file must already exist and be writable. + + ```console + $ docker buildx build --load --metadata-file metadata.json . + $ cat metadata.json + ``` + ```json + { + "containerimage.buildinfo": { + "frontend": "dockerfile.v0", + "attrs": { + "context": "https://github.com/crazy-max/buildkit-buildsources-test.git#master", + "filename": "Dockerfile", + "source": "docker/dockerfile:master" + }, + "sources": [ + { + "type": "docker-image", + "ref": "docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0", + "pin": "sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0" + }, + { + "type": "docker-image", + "ref": "docker.io/library/alpine:3.13", + "pin": "sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c" + } + ] + }, + "containerimage.config.digest": "sha256:2937f66a9722f7f4a2df583de2f8cb97fc9196059a410e7f00072fc918930e66", + "containerimage.descriptor": { + "annotations": { + "config.digest": "sha256:2937f66a9722f7f4a2df583de2f8cb97fc9196059a410e7f00072fc918930e66", + "org.opencontainers.image.created": "2022-02-08T21:28:03Z" + }, + "digest": "sha256:19ffeab6f8bc9293ac2c3fdf94ebe28396254c993aea0b5a542cfb02e0883fa3", + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "size": 506 + }, + "containerimage.digest": "sha256:19ffeab6f8bc9293ac2c3fdf94ebe28396254c993aea0b5a542cfb02e0883fa3" + } ``` ### Set the export action for the build result (-o, --output) {#output} @@ -474,8 +657,6 @@ examples: |- with this path as the destination. If the value is "-", `buildx` will use `tar` exporter and write to `stdout`. - **Examples** - ```console $ docker buildx build -o . . $ docker buildx build -o outdir . @@ -529,7 +710,7 @@ examples: |- Attribute keys: - `dest` - destination path where tarball will be written. If not specified the - tar will be loaded automatically to the current docker instance. + tar will be loaded automatically to the current docker instance. - `context` - name for the docker context where to import the result #### `image` @@ -547,118 +728,163 @@ examples: |- The `registry` exporter is a shortcut for `type=image,push=true`. + ### Set the target platforms for the build (--platform) {#platform} + + ``` + --platform=value[,value] + ``` + + Set the target platform for the build. All `FROM` commands inside the Dockerfile + without their own `--platform` flag will pull base images for this platform and + this value will also be the platform of the resulting image. The default value + will be the current platform of the buildkit daemon. + + When using `docker-container` driver with `buildx`, this flag can accept multiple + values as an input separated by a comma. With multiple values the result will be + built for all of the specified platforms and joined together into a single manifest + list. + + If the `Dockerfile` needs to invoke the `RUN` command, the builder needs runtime + support for the specified platform. In a clean setup, you can only execute `RUN` + commands for your system architecture. + If your kernel supports [`binfmt_misc`](https://en.wikipedia.org/wiki/Binfmt_misc) + launchers for secondary architectures, buildx will pick them up automatically. + Docker desktop releases come with `binfmt_misc` automatically configured for `arm64` + and `arm` architectures. You can see what runtime platforms your current builder + instance supports by running `docker buildx inspect --bootstrap`. + + Inside a `Dockerfile`, you can access the current platform value through + `TARGETPLATFORM` build argument. Please refer to the [`docker build` + documentation](/engine/reference/builder/#automatic-platform-args-in-the-global-scope) + for the full description of automatic platform argument variants . + + The formatting for the platform specifier is defined in the [containerd source + code](https://github.com/containerd/containerd/blob/v1.4.3/platforms/platforms.go#L63). + + ```console + $ docker buildx build --platform=linux/arm64 . + $ docker buildx build --platform=linux/amd64,linux/arm64,linux/arm/v7 . + $ docker buildx build --platform=darwin . + ``` + + ### Set type of progress output (--progress) {#progress} + + ``` + --progress=VALUE + ``` + + Set type of progress output (auto, plain, tty). Use plain to show container + output (default "auto"). + + > You can also use the `BUILDKIT_PROGRESS` environment variable to set + > its value. + + The following example uses `plain` output during the build: + + ```console + $ docker buildx build --load --progress=plain . + + #1 [internal] load build definition from Dockerfile + #1 transferring dockerfile: 227B 0.0s done + #1 DONE 0.1s + + #2 [internal] load .dockerignore + #2 transferring context: 129B 0.0s done + #2 DONE 0.0s + ... + ``` ### Push the build result to a registry (--push) {#push} Shorthand for [`--output=type=registry`](#registry). Will automatically push the build result to registry. - ### Load the single-platform build result to `docker images` (--load) {#load} - - Shorthand for [`--output=type=docker`](#docker). Will automatically load the - single-platform build result to `docker images`. - - ### Use an external cache source for a build (--cache-from) {#cache-from} + ### Secret to expose to the build (--secret) {#secret} ``` - --cache-from=[NAME|type=TYPE[,KEY=VALUE]] + --secret=[type=TYPE[,KEY=VALUE] ``` - Use an external cache source for a build. Supported types are `registry`, - `local` and `gha`. + Exposes secret to the build. The secret can be used by the build using + [`RUN --mount=type=secret` mount](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#run---mounttypesecret). - - [`registry` source](https://github.com/moby/buildkit#registry-push-image-and-cache-separately) - can import cache from a cache manifest or (special) image configuration on the - registry. - - [`local` source](https://github.com/moby/buildkit#local-directory-1) can - import cache from local files previously exported with `--cache-to`. - - [`gha` source](https://github.com/moby/buildkit#github-actions-cache-experimental) - can import cache from a previously exported cache with `--cache-to` in your - GitHub repository + If `type` is unset it will be detected. Supported types are: - If no type is specified, `registry` exporter is used with a specified reference. + #### `file` - `docker` driver currently only supports importing build cache from the registry. + Attribute keys: - **Examples** + - `id` - ID of the secret. Defaults to basename of the `src` path. + - `src`, `source` - Secret filename. `id` used if unset. + + ```dockerfile + # syntax=docker/dockerfile:1.3 + FROM python:3 + RUN pip install awscli + RUN --mount=type=secret,id=aws,target=/root/.aws/credentials \ + aws s3 cp s3://... ... + ``` ```console - $ docker buildx build --cache-from=user/app:cache . - $ docker buildx build --cache-from=user/app . - $ docker buildx build --cache-from=type=registry,ref=user/app . - $ docker buildx build --cache-from=type=local,src=path/to/cache . - $ docker buildx build --cache-from=type=gha . + $ docker buildx build --secret id=aws,src=$HOME/.aws/credentials . ``` - More info about cache exporters and available attributes: https://github.com/moby/buildkit#export-cache + #### `env` - ### Export build cache to an external cache destination (--cache-to) {#cache-to} + Attribute keys: + - `id` - ID of the secret. Defaults to `env` name. + - `env` - Secret environment variable. `id` used if unset, otherwise will look for `src`, `source` if `id` unset. + + ```dockerfile + # syntax=docker/dockerfile:1.3 + FROM node:alpine + RUN --mount=type=bind,target=. \ + --mount=type=secret,id=SECRET_TOKEN \ + SECRET_TOKEN=$(cat /run/secrets/SECRET_TOKEN) yarn run test ``` - --cache-to=[NAME|type=TYPE[,KEY=VALUE]] - ``` - - Export build cache to an external cache destination. Supported types are - `registry`, `local`, `inline` and `gha`. - - - [`registry` type](https://github.com/moby/buildkit#registry-push-image-and-cache-separately) exports build cache to a cache manifest in the registry. - - [`local` type](https://github.com/moby/buildkit#local-directory-1) type - exports cache to a local directory on the client. - - [`inline` type](https://github.com/moby/buildkit#inline-push-image-and-cache-together) - type writes the cache metadata into the image configuration. - - [`gha` type](https://github.com/moby/buildkit#github-actions-cache-experimental) - type exports cache through the [Github Actions Cache service API](https://github.com/tonistiigi/go-actions-cache/blob/master/api.md#authentication). - - `docker` driver currently only supports exporting inline cache metadata to image - configuration. Alternatively, `--build-arg BUILDKIT_INLINE_CACHE=1` can be used - to trigger inline cache exporter. - - Attribute key: - - - `mode` - Specifies how many layers are exported with the cache. `min` on only - exports layers already in the final build stage, `max` exports layers for - all stages. Metadata is always exported for the whole build. - - **Examples** ```console - $ docker buildx build --cache-to=user/app:cache . - $ docker buildx build --cache-to=type=inline . - $ docker buildx build --cache-to=type=registry,ref=user/app . - $ docker buildx build --cache-to=type=local,dest=path/to/cache . - $ docker buildx build --cache-to=type=gha . + $ SECRET_TOKEN=token docker buildx build --secret id=SECRET_TOKEN . ``` - More info about cache exporters and available attributes: https://github.com/moby/buildkit#export-cache - - ### Allow extra privileged entitlement (--allow) {#allow} - - ``` - --allow=ENTITLEMENT - ``` - - Allow extra privileged entitlement. List of entitlements: - - - `network.host` - Allows executions with host networking. - - `security.insecure` - Allows executions without sandbox. See - [related Dockerfile extensions](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/experimental.md#run---securityinsecuresandbox). - - For entitlements to be enabled, the `buildkitd` daemon also needs to allow them - with `--allow-insecure-entitlement` (see [`create --buildkitd-flags`](buildx_create.md#buildkitd-flags)) - - **Examples** - - ```console - $ docker buildx create --use --name insecure-builder --buildkitd-flags '--allow-insecure-entitlement security.insecure' - $ docker buildx build --allow security.insecure . - ``` - - ### Size of `/dev/shm` (--shm-size) {#shm-size} + ### Size of /dev/shm (--shm-size) {#shm-size} The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. + ### SSH agent socket or keys to expose to the build (--ssh) {#ssh} + + ``` + --ssh=default|[=|[,]] + ``` + + This can be useful when some commands in your Dockerfile need specific SSH + authentication (e.g., cloning a private repository). + + `--ssh` exposes SSH agent socket or keys to the build and can be used with the + [`RUN --mount=type=ssh` mount](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#run---mounttypessh). + + Example to access Gitlab using an SSH agent socket: + + ```dockerfile + # syntax=docker/dockerfile:1.3 + FROM alpine + RUN apk add --no-cache openssh-client + RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts + RUN --mount=type=ssh ssh -q -T git@gitlab.com 2>&1 | tee /hello + # "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here + # with the type of build progress is defined as `plain`. + ``` + + ```console + $ eval $(ssh-agent) + $ ssh-add ~/.ssh/id_rsa + (Input your passphrase here) + $ docker buildx build --ssh default=$SSH_AUTH_SOCK . + ``` + ### Set ulimits (--ulimit) {#ulimit} `--ulimit` is specified with a soft and hard limit as such: diff --git a/_data/buildx/docker_buildx_create.yaml b/_data/buildx/docker_buildx_create.yaml index 3a9a629372..1e763c0129 100644 --- a/_data/buildx/docker_buildx_create.yaml +++ b/_data/buildx/docker_buildx_create.yaml @@ -20,6 +20,7 @@ options: description: Append a node to builder instead of changing it details_url: '#append' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -29,6 +30,7 @@ options: default_value: "false" description: Boot builder after creation deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -38,6 +40,7 @@ options: description: Flags for buildkitd daemon details_url: '#buildkitd-flags' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -47,6 +50,7 @@ options: description: BuildKit config file details_url: '#config' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -57,6 +61,7 @@ options: Driver to use (available: `docker`, `docker-container`, `kubernetes`) details_url: '#driver' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -67,6 +72,7 @@ options: description: Options for the driver details_url: '#driver-opt' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -77,6 +83,7 @@ options: description: Remove a node from builder instead of changing it details_url: '#leave' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -86,6 +93,7 @@ options: description: Builder instance name details_url: '#name' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -95,6 +103,7 @@ options: description: Create/modify node with given name details_url: '#node' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -105,6 +114,7 @@ options: description: Fixed platforms for current node details_url: '#platform' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -115,6 +125,7 @@ options: description: Set the current builder instance details_url: '#use' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -124,6 +135,7 @@ inherited_options: value_type: string description: Override the configured builder instance deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -135,8 +147,6 @@ examples: |- existing builder specified by `--name`. Buildx will choose an appropriate node for a build based on the platforms it supports. - **Examples** - ```console $ docker buildx create mycontext1 eager_beaver @@ -155,8 +165,6 @@ examples: |- configuration file specified by [`--config`](#config). See `buildkitd --help` for the available flags. - **Example** - ``` --buildkitd-flags '--debug --debugaddr 0.0.0.0:6666' ``` @@ -220,46 +228,22 @@ examples: |- - `docker` - No driver options - `docker-container` - - `image=IMAGE` - Sets the container image to be used for running buildkit. - - `network=NETMODE` - Sets the network mode for running the buildkit container. - - `cgroup-parent=CGROUP` - Sets the cgroup parent of the buildkit container if docker is using the "cgroupfs" driver. Defaults to `/docker/buildx`. + - `image=IMAGE` - Sets the container image to be used for running buildkit. + - `network=NETMODE` - Sets the network mode for running the buildkit container. + - `cgroup-parent=CGROUP` - Sets the cgroup parent of the buildkit container if docker is using the "cgroupfs" driver. Defaults to `/docker/buildx`. - `kubernetes` - - `image=IMAGE` - Sets the container image to be used for running buildkit. - - `namespace=NS` - Sets the Kubernetes namespace. Defaults to the current namespace. - - `replicas=N` - Sets the number of `Pod` replicas. Defaults to 1. - - `requests.cpu` - Sets the request CPU value specified in units of Kubernetes CPU. Example `requests.cpu=100m`, `requests.cpu=2` - - `requests.memory` - Sets the request memory value specified in bytes or with a valid suffix. Example `requests.memory=500Mi`, `requests.memory=4G` - - `limits.cpu` - Sets the limit CPU value specified in units of Kubernetes CPU. Example `limits.cpu=100m`, `limits.cpu=2` - - `limits.memory` - Sets the limit memory value specified in bytes or with a valid suffix. Example `limits.memory=500Mi`, `limits.memory=4G` - - `nodeselector="label1=value1,label2=value2"` - Sets the kv of `Pod` nodeSelector. No Defaults. Example `nodeselector=kubernetes.io/arch=arm64` - - `rootless=(true|false)` - Run the container as a non-root user without `securityContext.privileged`. [Using Ubuntu host kernel is recommended](https://github.com/moby/buildkit/blob/master/docs/rootless.md). Defaults to false. - - `loadbalance=(sticky|random)` - Load-balancing strategy. If set to "sticky", the pod is chosen using the hash of the context path. Defaults to "sticky" - - `qemu.install=(true|false)` - Install QEMU emulation for multi platforms support. - - `qemu.image=IMAGE` - Sets the QEMU emulation image. Defaults to `tonistiigi/binfmt:latest` - - **Examples** - - #### Use a custom network - - ```console - $ docker network create foonet - $ docker buildx create --name builder --driver docker-container --driver-opt network=foonet --use - $ docker buildx inspect --bootstrap - $ docker inspect buildx_buildkit_builder0 --format={{.NetworkSettings.Networks}} - map[foonet:0xc00018c0c0] - ``` - - #### OpenTelemetry support - - To capture the trace to [Jaeger](https://github.com/jaegertracing/jaeger), set - `JAEGER_TRACE` environment variable to the collection address using the `driver-opt`: - - ```console - $ docker run -d --name jaeger -p 6831:6831/udp -p 16686:16686 jaegertracing/all-in-one - $ docker buildx create --name builder --driver docker-container --driver-opt network=host --driver-opt env.JAEGER_TRACE=localhost:6831 --use - $ docker buildx inspect --bootstrap - # buildx command should be traced at http://127.0.0.1:16686/ - ``` + - `image=IMAGE` - Sets the container image to be used for running buildkit. + - `namespace=NS` - Sets the Kubernetes namespace. Defaults to the current namespace. + - `replicas=N` - Sets the number of `Pod` replicas. Defaults to 1. + - `requests.cpu` - Sets the request CPU value specified in units of Kubernetes CPU. Example `requests.cpu=100m`, `requests.cpu=2` + - `requests.memory` - Sets the request memory value specified in bytes or with a valid suffix. Example `requests.memory=500Mi`, `requests.memory=4G` + - `limits.cpu` - Sets the limit CPU value specified in units of Kubernetes CPU. Example `limits.cpu=100m`, `limits.cpu=2` + - `limits.memory` - Sets the limit memory value specified in bytes or with a valid suffix. Example `limits.memory=500Mi`, `limits.memory=4G` + - `nodeselector="label1=value1,label2=value2"` - Sets the kv of `Pod` nodeSelector. No Defaults. Example `nodeselector=kubernetes.io/arch=arm64` + - `rootless=(true|false)` - Run the container as a non-root user without `securityContext.privileged`. [Using Ubuntu host kernel is recommended](https://github.com/moby/buildkit/blob/master/docs/rootless.md). Defaults to false. + - `loadbalance=(sticky|random)` - Load-balancing strategy. If set to "sticky", the pod is chosen using the hash of the context path. Defaults to "sticky" + - `qemu.install=(true|false)` - Install QEMU emulation for multi platforms support. + - `qemu.image=IMAGE` - Sets the QEMU emulation image. Defaults to `tonistiigi/binfmt:latest` ### Remove a node from a builder (--leave) {#leave} @@ -267,8 +251,6 @@ examples: |- builder. The builder needs to be specified with `--name` and node that is removed is set with `--node`. - **Examples** - ```console $ docker buildx create --name mybuilder --node mybuilder0 --leave ``` @@ -292,7 +274,7 @@ examples: |- none is specified, it is the name of the builder it belongs to, with an index number suffix. - ### Set the platforms supported by the node {#platform} + ### Set the platforms supported by the node (--platform) {#platform} ``` --platform PLATFORMS @@ -304,14 +286,12 @@ examples: |- priority over the detected ones and can be used when multiple nodes support building for the same platform. - **Examples** - ```console $ docker buildx create --platform linux/amd64 $ docker buildx create --platform linux/arm64,linux/arm/v8 ``` - ### Automatically switch to the newly created builder {#use} + ### Automatically switch to the newly created builder (--use) {#use} The `--use` flag automatically switches the current builder to the newly created one. Equivalent to running `docker buildx use $(docker buildx create ...)`. diff --git a/_data/buildx/docker_buildx_du.yaml b/_data/buildx/docker_buildx_du.yaml index d675447d0b..32350b084f 100644 --- a/_data/buildx/docker_buildx_du.yaml +++ b/_data/buildx/docker_buildx_du.yaml @@ -9,6 +9,7 @@ options: value_type: filter description: Provide filter values deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -18,6 +19,7 @@ options: default_value: "false" description: Provide a more verbose output deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -28,6 +30,7 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_imagetools.yaml b/_data/buildx/docker_buildx_imagetools.yaml index dbe01e3c0f..3b44ae53db 100644 --- a/_data/buildx/docker_buildx_imagetools.yaml +++ b/_data/buildx/docker_buildx_imagetools.yaml @@ -17,6 +17,7 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_imagetools_create.yaml b/_data/buildx/docker_buildx_imagetools_create.yaml index da5b39e70f..5d319cd3d9 100644 --- a/_data/buildx/docker_buildx_imagetools_create.yaml +++ b/_data/buildx/docker_buildx_imagetools_create.yaml @@ -1,9 +1,6 @@ command: docker buildx imagetools create short: Create a new image based on source images long: |- - Imagetools contains commands for working with manifest lists in the registry. - These commands are useful for inspecting multi-platform build results. - Create a new manifest list based on source manifests. The source manifests can be manifest lists or single platform distribution manifests and must already exist in the registry where the new manifest is created. If only one source is @@ -18,6 +15,7 @@ options: description: Append to existing manifest details_url: '#append' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -28,6 +26,7 @@ options: description: Show final image instead of pushing details_url: '#dry-run' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -39,6 +38,7 @@ options: description: Read source descriptor from file details_url: '#file' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -50,6 +50,7 @@ options: description: Set reference for new image details_url: '#tag' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -60,6 +61,7 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -90,16 +92,15 @@ examples: |- In order to define annotations or additional platform properties like `os.version` and `os.features` you need to add them in the OCI descriptor object encoded in JSON. - ``` - docker buildx imagetools inspect --raw alpine | jq '.manifests[0] | .platform."os.version"="10.1"' > descr.json - docker buildx imagetools create -f descr.json myuser/image + ```console + $ docker buildx imagetools inspect --raw alpine | jq '.manifests[0] | .platform."os.version"="10.1"' > descr.json + $ docker buildx imagetools create -f descr.json myuser/image ``` The descriptor in the file is merged with existing descriptor in the registry if it exists. The supported fields for the descriptor are defined in [OCI spec](https://github.com/opencontainers/image-spec/blob/master/descriptor.md#properties) . - ### Set reference for new image (-t, --tag) {#tag} ``` @@ -108,11 +109,8 @@ examples: |- Use the `-t` or `--tag` flag to set the name of the image to be created. - **Examples** - ```console $ docker buildx imagetools create --dry-run alpine@sha256:5c40b3c27b9f13c873fefb2139765c56ce97fd50230f1f2d5c91e55dec171907 sha256:c4ba6347b0e4258ce6a6de2401619316f982b7bcc529f73d2a410d0097730204 - $ docker buildx imagetools create -t tonistiigi/myapp -f image1 -f image2 ``` deprecated: false diff --git a/_data/buildx/docker_buildx_imagetools_inspect.yaml b/_data/buildx/docker_buildx_imagetools_inspect.yaml index 4469d4f15f..ad16409f54 100644 --- a/_data/buildx/docker_buildx_imagetools_inspect.yaml +++ b/_data/buildx/docker_buildx_imagetools_inspect.yaml @@ -1,37 +1,65 @@ command: docker buildx imagetools inspect -short: Show details of image in the registry +short: Show details of an image in the registry long: |- - Show details of image in the registry. - - Example: + Show details of an image in the registry. ```console $ docker buildx imagetools inspect alpine - Name: docker.io/library/alpine:latest MediaType: application/vnd.docker.distribution.manifest.list.v2+json - Digest: sha256:28ef97b8686a0b5399129e9b763d5b7e5ff03576aa5580d6f4182a49c5fe1913 + Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300 Manifests: - Name: docker.io/library/alpine:latest@sha256:5c40b3c27b9f13c873fefb2139765c56ce97fd50230f1f2d5c91e55dec171907 + Name: docker.io/library/alpine:latest@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3 MediaType: application/vnd.docker.distribution.manifest.v2+json Platform: linux/amd64 - Name: docker.io/library/alpine:latest@sha256:c4ba6347b0e4258ce6a6de2401619316f982b7bcc529f73d2a410d0097730204 + Name: docker.io/library/alpine:latest@sha256:e047bc2af17934d38c5a7fa9f46d443f1de3a7675546402592ef805cfa929f9d MediaType: application/vnd.docker.distribution.manifest.v2+json Platform: linux/arm/v6 - ... + + Name: docker.io/library/alpine:latest@sha256:8483ecd016885d8dba70426fda133c30466f661bb041490d525658f1aac73822 + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/arm/v7 + + Name: docker.io/library/alpine:latest@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060 + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/arm64/v8 + + Name: docker.io/library/alpine:latest@sha256:2689e157117d2da668ad4699549e55eba1ceb79cb7862368b30919f0488213f4 + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/386 + + Name: docker.io/library/alpine:latest@sha256:2042a492bcdd847a01cd7f119cd48caa180da696ed2aedd085001a78664407d6 + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/ppc64le + + Name: docker.io/library/alpine:latest@sha256:49e322ab6690e73a4909f787bcbdb873631264ff4a108cddfd9f9c249ba1d58e + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/s390x ``` usage: docker buildx imagetools inspect [OPTIONS] NAME pname: docker buildx imagetools plink: docker_buildx_imagetools.yaml options: +- option: format + value_type: string + default_value: '`{{.Manifest}}`' + description: Format the output using the given Go template + details_url: '#format' + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: raw value_type: bool default_value: "false" - description: Show original JSON manifest + description: Show original, unformatted JSON manifest details_url: '#raw' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -42,6 +70,7 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -51,10 +80,572 @@ examples: |- Same as [`buildx --builder`](buildx.md#builder). + ### Format the output (--format) {#format} + + Format the output using the given Go template. Defaults to `{{.Manifest}}` if + unset. Following fields are available: + + * `.Name`: provides the reference of the image + * `.Manifest`: provides the manifest or manifest list + * `.Image`: provides the image config + * `.BuildInfo`: provides [build info from image config](https://github.com/moby/buildkit/blob/master/docs/build-repro.md#image-config) + + #### `.Name` + + ```console + $ docker buildx imagetools inspect alpine --format "{{.Name}}" + Name: docker.io/library/alpine:latest + ``` + + #### `.Manifest` + + ```console + $ docker buildx imagetools inspect crazymax/loop --format "{{.Manifest}}" + Name: docker.io/crazymax/loop:latest + MediaType: application/vnd.docker.distribution.manifest.v2+json + Digest: sha256:08602e7340970e92bde5e0a2e887c1fde4d9ae753d1e05efb4c8ef3b609f97f1 + ``` + + ```console + $ docker buildx imagetools inspect moby/buildkit:master --format "{{.Manifest}}" + Name: docker.io/moby/buildkit:master + MediaType: application/vnd.docker.distribution.manifest.list.v2+json + Digest: sha256:3183f7ce54d1efb44c34b84f428ae10aaf141e553c6b52a7ff44cc7083a05a66 + + Manifests: + Name: docker.io/moby/buildkit:master@sha256:667d28c9fb33820ce686887a717a148e89fa77f9097f9352996bbcce99d352b1 + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/amd64 + + Name: docker.io/moby/buildkit:master@sha256:71789527b64ab3d7b3de01d364b449cd7f7a3da758218fbf73b9c9aae05a6775 + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/arm/v7 + + Name: docker.io/moby/buildkit:master@sha256:fb64667e1ce6ab0d05478f3a8402af07b27737598dcf9a510fb1d792b13a66be + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/arm64 + + Name: docker.io/moby/buildkit:master@sha256:1c3ddf95a0788e23f72f25800c05abc4458946685e2b66788c3d978cde6da92b + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/s390x + + Name: docker.io/moby/buildkit:master@sha256:05bcde6d460a284e5bc88026cd070277e8380355de3126cbc8fe8a452708c6b1 + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/ppc64le + + Name: docker.io/moby/buildkit:master@sha256:c04c57765304ab84f4f9807fff3e11605c3a60e16435c734b02c723680f6bd6e + MediaType: application/vnd.docker.distribution.manifest.v2+json + Platform: linux/riscv64 + ``` + + #### `.BuildInfo` + + ```console + $ docker buildx imagetools inspect crazymax/buildx:buildinfo --format "{{.BuildInfo}}" + Name: docker.io/crazymax/buildx:buildinfo + Frontend: dockerfile.v0 + Attrs: + filename: Dockerfile + source: docker/dockerfile-upstream:master-labs + build-arg:bar: foo + build-arg:foo: bar + Sources: + Type: docker-image + Ref: docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0 + Pin: sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0 + + Type: docker-image + Ref: docker.io/library/alpine:3.13 + Pin: sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c + + Type: docker-image + Ref: docker.io/moby/buildkit:v0.9.0 + Pin: sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab + + Type: docker-image + Ref: docker.io/tonistiigi/xx@sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04 + Pin: sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04 + + Type: http + Ref: https://raw.githubusercontent.com/moby/moby/master/README.md + Pin: sha256:419455202b0ef97e480d7f8199b26a721a417818bc0e2d106975f74323f25e6c + ``` + + #### JSON output + + A `json` go template func is also available if you want to render fields as + JSON bytes: + + ```console + $ docker buildx imagetools inspect crazymax/loop --format "{{json .Manifest}}" + ``` + ```json + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:08602e7340970e92bde5e0a2e887c1fde4d9ae753d1e05efb4c8ef3b609f97f1", + "size": 949 + } + ``` + + ```console + $ docker buildx imagetools inspect moby/buildkit:master --format "{{json .Manifest}}" + ``` + ```json + { + "schemaVersion": 2, + "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", + "digest": "sha256:79d97f205e2799d99a3a8ae2a1ef17acb331e11784262c3faada847dc6972c52", + "size": 2010, + "manifests": [ + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:bd1e78f06de26610fadf4eb9d04b1a45a545799d6342701726e952cc0c11c912", + "size": 1158, + "platform": { + "architecture": "amd64", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:d37dcced63ec0965824fca644f0ac9efad8569434ec15b4c83adfcb3dcfc743b", + "size": 1158, + "platform": { + "architecture": "arm", + "os": "linux", + "variant": "v7" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:ce142eb2255e6af46f2809e159fd03081697c7605a3de03b9cbe9a52ddb244bf", + "size": 1158, + "platform": { + "architecture": "arm64", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:f59bfb5062fff76ce464bfa4e25ebaaaac887d6818238e119d68613c456d360c", + "size": 1158, + "platform": { + "architecture": "s390x", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:cc96426e0c50a78105d5637d31356db5dd6ec594f21b24276e534a32da09645c", + "size": 1159, + "platform": { + "architecture": "ppc64le", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:39f9c1e2878e6c333acb23187d6b205ce82ed934c60da326cb2c698192631478", + "size": 1158, + "platform": { + "architecture": "riscv64", + "os": "linux" + } + } + ] + } + ``` + + ```console + $ docker buildx imagetools inspect crazymax/buildx:buildinfo --format "{{json .BuildInfo}}" + ``` + ```json + { + "frontend": "dockerfile.v0", + "attrs": { + "build-arg:bar": "foo", + "build-arg:foo": "bar", + "filename": "Dockerfile", + "source": "crazymax/dockerfile:buildattrs" + }, + "sources": [ + { + "type": "docker-image", + "ref": "docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0", + "pin": "sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0" + }, + { + "type": "docker-image", + "ref": "docker.io/library/alpine:3.13@sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c", + "pin": "sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c" + }, + { + "type": "docker-image", + "ref": "docker.io/moby/buildkit:v0.9.0@sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab", + "pin": "sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab" + }, + { + "type": "docker-image", + "ref": "docker.io/tonistiigi/xx@sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04", + "pin": "sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04" + }, + { + "type": "http", + "ref": "https://raw.githubusercontent.com/moby/moby/master/README.md", + "pin": "sha256:419455202b0ef97e480d7f8199b26a721a417818bc0e2d106975f74323f25e6c" + } + ] + } + ``` + + ```console + $ docker buildx imagetools inspect crazymax/buildx:buildinfo --format "{{json .}}" + ``` + ```json + { + "name": "crazymax/buildx:buildinfo", + "manifest": { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:899d2c7acbc124d406820857bb51d9089717bbe4e22b97eb4bc5789e99f09f83", + "size": 2628 + }, + "image": { + "created": "2022-02-24T12:27:43.627154558Z", + "architecture": "amd64", + "os": "linux", + "config": { + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "DOCKER_TLS_CERTDIR=/certs", + "DOCKER_CLI_EXPERIMENTAL=enabled" + ], + "Entrypoint": [ + "docker-entrypoint.sh" + ], + "Cmd": [ + "sh" + ] + }, + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:7fcb75871b2101082203959c83514ac8a9f4ecfee77a0fe9aa73bbe56afdf1b4", + "sha256:d3c0b963ff5684160641f936d6a4aa14efc8ff27b6edac255c07f2d03ff92e82", + "sha256:3f8d78f13fa9b1f35d3bc3f1351d03a027c38018c37baca73f93eecdea17f244", + "sha256:8e6eb1137b182ae0c3f5d40ca46341fda2eaeeeb5fa516a9a2bf96171238e2e0", + "sha256:fde4c869a56b54dd76d7352ddaa813fd96202bda30b9dceb2c2f2ad22fa2e6ce", + "sha256:52025823edb284321af7846419899234b3c66219bf06061692b709875ed0760f", + "sha256:50adb5982dbf6126c7cf279ac3181d1e39fc9116b610b947a3dadae6f7e7c5bc", + "sha256:9801c319e1c66c5d295e78b2d3e80547e73c7e3c63a4b71e97c8ca357224af24", + "sha256:dfbfac44d5d228c49b42194c8a2f470abd6916d072f612a6fb14318e94fde8ae", + "sha256:3dfb74e19dedf61568b917c19b0fd3ee4580870027ca0b6054baf239855d1322", + "sha256:b182e707c23e4f19be73f9022a99d2d1ca7bf1ca8f280d40e4d1c10a6f51550e" + ] + }, + "history": [ + { + "created": "2021-11-12T17:19:58.698676655Z", + "created_by": "/bin/sh -c #(nop) ADD file:5a707b9d6cb5fff532e4c2141bc35707593f21da5528c9e71ae2ddb6ba4a4eb6 in / " + }, + { + "created": "2021-11-12T17:19:58.948920855Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + }, + { + "created": "2022-02-24T12:27:38.285594601Z", + "created_by": "RUN /bin/sh -c apk --update --no-cache add bash ca-certificates openssh-client \u0026\u0026 rm -rf /tmp/* /var/cache/apk/* # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:41.061874167Z", + "created_by": "COPY /opt/docker/ /usr/local/bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:41.174098947Z", + "created_by": "COPY /usr/bin/buildctl /usr/local/bin/buildctl # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:41.320343683Z", + "created_by": "COPY /usr/bin/buildkit* /usr/local/bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:41.447149933Z", + "created_by": "COPY /buildx /usr/libexec/docker/cli-plugins/docker-buildx # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:43.057722191Z", + "created_by": "COPY /opt/docker-compose /usr/libexec/docker/cli-plugins/docker-compose # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:43.145224134Z", + "created_by": "ADD https://raw.githubusercontent.com/moby/moby/master/README.md / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:43.422212427Z", + "created_by": "ENV DOCKER_TLS_CERTDIR=/certs", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2022-02-24T12:27:43.422212427Z", + "created_by": "ENV DOCKER_CLI_EXPERIMENTAL=enabled", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2022-02-24T12:27:43.422212427Z", + "created_by": "RUN /bin/sh -c docker --version \u0026\u0026 buildkitd --version \u0026\u0026 buildctl --version \u0026\u0026 docker buildx version \u0026\u0026 docker compose version \u0026\u0026 mkdir /certs /certs/client \u0026\u0026 chmod 1777 /certs /certs/client # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:43.514320155Z", + "created_by": "COPY rootfs/modprobe.sh /usr/local/bin/modprobe # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:43.627154558Z", + "created_by": "COPY rootfs/docker-entrypoint.sh /usr/local/bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T12:27:43.627154558Z", + "created_by": "ENTRYPOINT [\"docker-entrypoint.sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2022-02-24T12:27:43.627154558Z", + "created_by": "CMD [\"sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ] + }, + "buildinfo": { + "frontend": "dockerfile.v0", + "attrs": { + "build-arg:bar": "foo", + "build-arg:foo": "bar", + "filename": "Dockerfile", + "source": "docker/dockerfile-upstream:master-labs" + }, + "sources": [ + { + "type": "docker-image", + "ref": "docker.io/docker/buildx-bin:0.6.1@sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0", + "pin": "sha256:a652ced4a4141977c7daaed0a074dcd9844a78d7d2615465b12f433ae6dd29f0" + }, + { + "type": "docker-image", + "ref": "docker.io/library/alpine:3.13", + "pin": "sha256:026f721af4cf2843e07bba648e158fb35ecc876d822130633cc49f707f0fc88c" + }, + { + "type": "docker-image", + "ref": "docker.io/moby/buildkit:v0.9.0", + "pin": "sha256:8dc668e7f66db1c044aadbed306020743516a94848793e0f81f94a087ee78cab" + }, + { + "type": "docker-image", + "ref": "docker.io/tonistiigi/xx@sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04", + "pin": "sha256:21a61be4744f6531cb5f33b0e6f40ede41fa3a1b8c82d5946178f80cc84bfc04" + }, + { + "type": "http", + "ref": "https://raw.githubusercontent.com/moby/moby/master/README.md", + "pin": "sha256:419455202b0ef97e480d7f8199b26a721a417818bc0e2d106975f74323f25e6c" + } + ] + } + } + ``` + + #### Multi-platform + + Multi-platform images are supported for `.Image` and `.BuildInfo` fields. If + you want to pick up a specific platform, you can specify it using the `index` + go template function: + + ```console + $ docker buildx imagetools inspect --format '{{json (index .Image "linux/s390x")}}' moby/buildkit:master + ``` + ```json + { + "created": "2022-02-25T17:13:27.89891722Z", + "architecture": "s390x", + "os": "linux", + "config": { + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Entrypoint": [ + "buildkitd" + ], + "Volumes": { + "/var/lib/buildkit": {} + } + }, + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:41048e32d0684349141cf05f629c5fc3c5915d1f3426b66dbb8953a540e01e1e", + "sha256:2651209b9208fff6c053bc3c17353cb07874e50f1a9bc96d6afd03aef63de76a", + "sha256:6741ed7e73039d853fa8902246a4c7e8bf9dd09652fd1b08251bc5f9e8876a7f", + "sha256:92ac046adeeb65c86ae3f0b458dee04ad4a462e417661c04d77642c66494f69b" + ] + }, + "history": [ + { + "created": "2021-11-24T20:41:23.709681315Z", + "created_by": "/bin/sh -c #(nop) ADD file:cd24c711a2ef431b3ff94f9a02bfc42f159bc60de1d0eceecafea4e8af02441d in / " + }, + { + "created": "2021-11-24T20:41:23.94211262Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + }, + { + "created": "2022-01-26T18:15:21.449825391Z", + "created_by": "RUN /bin/sh -c apk add --no-cache fuse3 git openssh pigz xz \u0026\u0026 ln -s fusermount3 /usr/bin/fusermount # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-24T00:34:00.924540012Z", + "created_by": "COPY examples/buildctl-daemonless/buildctl-daemonless.sh /usr/bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-25T17:13:27.89891722Z", + "created_by": "VOLUME [/var/lib/buildkit]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2022-02-25T17:13:27.89891722Z", + "created_by": "COPY / /usr/bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-02-25T17:13:27.89891722Z", + "created_by": "ENTRYPOINT [\"buildkitd\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ] + } + ``` + ### Show original, unformatted JSON manifest (--raw) {#raw} - Use the `--raw` option to print the original JSON bytes instead of the formatted - output. + Use the `--raw` option to print the unformatted JSON manifest bytes. + + > `jq` is used here to get a better rendering of the output result. + + ```console + $ docker buildx imagetools inspect --raw crazymax/loop | jq + ``` + ```json + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "schemaVersion": 2, + "config": { + "mediaType": "application/vnd.docker.container.image.v1+json", + "digest": "sha256:7ace7d324e79b360b2db8b820d83081863d96d22e734cdf297a8e7fd83f6ceb3", + "size": 2298 + }, + "layers": [ + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:5843afab387455b37944e709ee8c78d7520df80f8d01cf7f861aae63beeddb6b", + "size": 2811478 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:726d3732a87e1c430d67e8969de6b222a889d45e045ebae1a008a37ba38f3b1f", + "size": 1776812 + }, + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:5d7cf9b33148a8f220c84f27dd2cfae46aca019a3ea3fbf7274f6d6dbfae8f3b", + "size": 382855 + } + ] + } + ``` + + ```console + $ docker buildx imagetools inspect --raw moby/buildkit:master | jq + ``` + ```json + { + "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", + "schemaVersion": 2, + "manifests": [ + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:667d28c9fb33820ce686887a717a148e89fa77f9097f9352996bbcce99d352b1", + "size": 1158, + "platform": { + "architecture": "amd64", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:71789527b64ab3d7b3de01d364b449cd7f7a3da758218fbf73b9c9aae05a6775", + "size": 1158, + "platform": { + "architecture": "arm", + "os": "linux", + "variant": "v7" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:fb64667e1ce6ab0d05478f3a8402af07b27737598dcf9a510fb1d792b13a66be", + "size": 1158, + "platform": { + "architecture": "arm64", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:1c3ddf95a0788e23f72f25800c05abc4458946685e2b66788c3d978cde6da92b", + "size": 1158, + "platform": { + "architecture": "s390x", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:05bcde6d460a284e5bc88026cd070277e8380355de3126cbc8fe8a452708c6b1", + "size": 1159, + "platform": { + "architecture": "ppc64le", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:c04c57765304ab84f4f9807fff3e11605c3a60e16435c734b02c723680f6bd6e", + "size": 1158, + "platform": { + "architecture": "riscv64", + "os": "linux" + } + } + ] + } + ``` deprecated: false experimental: false experimentalcli: false diff --git a/_data/buildx/docker_buildx_inspect.yaml b/_data/buildx/docker_buildx_inspect.yaml index c4a1e234cd..a47bba0dcf 100644 --- a/_data/buildx/docker_buildx_inspect.yaml +++ b/_data/buildx/docker_buildx_inspect.yaml @@ -11,6 +11,7 @@ options: description: Ensure builder has booted before inspecting details_url: '#bootstrap' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -21,6 +22,7 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_install.yaml b/_data/buildx/docker_buildx_install.yaml index 0f771a6c9f..4505430685 100644 --- a/_data/buildx/docker_buildx_install.yaml +++ b/_data/buildx/docker_buildx_install.yaml @@ -9,6 +9,7 @@ inherited_options: value_type: string description: Override the configured builder instance deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_ls.yaml b/_data/buildx/docker_buildx_ls.yaml index b248c2b772..bbe0509043 100644 --- a/_data/buildx/docker_buildx_ls.yaml +++ b/_data/buildx/docker_buildx_ls.yaml @@ -3,21 +3,20 @@ short: List builder instances long: |- Lists all builder instances and the nodes for each instance - **Example** - ```console $ docker buildx ls NAME/NODE DRIVER/ENDPOINT STATUS PLATFORMS elated_tesla * docker-container elated_tesla0 unix:///var/run/docker.sock running linux/amd64 - elated_tesla1 ssh://ubuntu@1.2.3.4 running linux/arm64, linux/arm/v7, linux/arm/v6 + elated_tesla1 ssh://ubuntu@1.2.3.4 running linux/arm64*, linux/arm/v7, linux/arm/v6 default docker default default running linux/amd64 ``` Each builder has one or more nodes associated with it. The current builder's - name is marked with a `*`. + name is marked with a `*` in `NAME/NODE` and explicit node to build against for + the target platform marked with a `*` in the `PLATFORMS` column. usage: docker buildx ls pname: docker buildx plink: docker_buildx.yaml @@ -26,6 +25,7 @@ inherited_options: value_type: string description: Override the configured builder instance deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_prune.yaml b/_data/buildx/docker_buildx_prune.yaml index 8c41fa9ecd..43ca9074fd 100644 --- a/_data/buildx/docker_buildx_prune.yaml +++ b/_data/buildx/docker_buildx_prune.yaml @@ -11,6 +11,7 @@ options: default_value: "false" description: Remove all unused images, not just dangling ones deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -19,6 +20,7 @@ options: value_type: filter description: Provide filter values (e.g., `until=24h`) deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -29,6 +31,7 @@ options: default_value: "false" description: Do not prompt for confirmation deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -38,6 +41,7 @@ options: default_value: "0" description: Amount of disk space to keep for cache deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -47,6 +51,7 @@ options: default_value: "false" description: Provide a more verbose output deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -57,6 +62,7 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_rm.yaml b/_data/buildx/docker_buildx_rm.yaml index c0c12905ba..2c730bba46 100644 --- a/_data/buildx/docker_buildx_rm.yaml +++ b/_data/buildx/docker_buildx_rm.yaml @@ -7,12 +7,47 @@ usage: docker buildx rm [NAME] pname: docker buildx plink: docker_buildx.yaml options: +- option: all-inactive + value_type: bool + default_value: "false" + description: Remove all inactive builders + details_url: '#all-inactive' + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +- option: force + shorthand: f + value_type: bool + default_value: "false" + description: Do not prompt for confirmation + details_url: '#force' + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +- option: keep-daemon + value_type: bool + default_value: "false" + description: Keep the buildkitd daemon running + details_url: '#keep-daemon' + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: keep-state value_type: bool default_value: "false" description: Keep BuildKit state details_url: '#keep-state' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -23,15 +58,38 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false examples: |- + ### Remove all inactive builders (--all-inactive) {#all-inactive} + + Remove builders that are not in running state. + + ```console + $ docker buildx rm --all-inactive + WARNING! This will remove all builders that are not in running state. Are you sure you want to continue? [y/N] y + ``` + ### Override the configured builder instance (--builder) {#builder} Same as [`buildx --builder`](buildx.md#builder). + ### Do not prompt for confirmation (--force) {#force} + + Do not prompt for confirmation before removing inactive builders. + + ```console + $ docker buildx rm --all-inactive --force + ``` + + ### Keep the buildkitd daemon running (--keep-daemon) {#keep-daemon} + + Keep the buildkitd daemon running after the buildx context is removed. This is useful when you manage buildkitd daemons and buildx contexts independently. + Currently, only supported by the [`docker-container` and `kubernetes` drivers](buildx_create.md#driver). + ### Keep BuildKit state (--keep-state) {#keep-state} Keep BuildKit state, so it can be reused by a new builder with the same name. diff --git a/_data/buildx/docker_buildx_stop.yaml b/_data/buildx/docker_buildx_stop.yaml index d67e473c20..a020c63289 100644 --- a/_data/buildx/docker_buildx_stop.yaml +++ b/_data/buildx/docker_buildx_stop.yaml @@ -12,6 +12,7 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_uninstall.yaml b/_data/buildx/docker_buildx_uninstall.yaml index 802544c435..f223be2ba0 100644 --- a/_data/buildx/docker_buildx_uninstall.yaml +++ b/_data/buildx/docker_buildx_uninstall.yaml @@ -9,6 +9,7 @@ inherited_options: value_type: string description: Override the configured builder instance deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_use.yaml b/_data/buildx/docker_buildx_use.yaml index ba6aa21dd4..a68847cd2e 100644 --- a/_data/buildx/docker_buildx_use.yaml +++ b/_data/buildx/docker_buildx_use.yaml @@ -13,6 +13,7 @@ options: default_value: "false" description: Set builder as default for current context deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -22,6 +23,7 @@ options: default_value: "false" description: Builder persists context changes deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false @@ -32,6 +34,7 @@ inherited_options: description: Override the configured builder instance details_url: '#builder' deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false diff --git a/_data/buildx/docker_buildx_version.yaml b/_data/buildx/docker_buildx_version.yaml index b3eff7cbbe..09b6052e1d 100644 --- a/_data/buildx/docker_buildx_version.yaml +++ b/_data/buildx/docker_buildx_version.yaml @@ -1,6 +1,12 @@ command: docker buildx version short: Show buildx version information -long: Show buildx version information +long: |- + View version information + + ```console + $ docker buildx version + github.com/docker/buildx v0.5.1-docker 11057da37336192bfc57d81e02359ba7ba848e4a + ``` usage: docker buildx version pname: docker buildx plink: docker_buildx.yaml @@ -9,18 +15,11 @@ inherited_options: value_type: string description: Override the configured builder instance deprecated: false + hidden: false experimental: false experimentalcli: false kubernetes: false swarm: false -examples: |- - ### View version information - - - ```console - $ docker buildx version - github.com/docker/buildx v0.5.1-docker 11057da37336192bfc57d81e02359ba7ba848e4a - ``` deprecated: false experimental: false experimentalcli: false diff --git a/desktop/mac/images/whale-x.png b/desktop/mac/images/whale-x.png index 60981c9e5c..4bf96240b9 100644 Binary files a/desktop/mac/images/whale-x.png and b/desktop/mac/images/whale-x.png differ diff --git a/desktop/mac/index.md b/desktop/mac/index.md index 180fc96d8b..74dbe9ea89 100644 --- a/desktop/mac/index.md +++ b/desktop/mac/index.md @@ -93,6 +93,8 @@ File share settings are: - **Add a Directory**: Click `+` and navigate to the directory you want to add. +- **Remove a Directory**: Click `-` next to the directory you want to remove + - **Apply & Restart** makes the directory available to containers using Docker's bind mount (`-v`) feature. @@ -132,6 +134,8 @@ propagates these to Docker. For example, if you set your proxy settings to `http://proxy.example.com`, Docker uses this proxy when pulling containers. +If you want to configure proxies manually, turn on the **Manual proxy configuration** setting. + Your proxy settings, however, will not be propagated into the containers you start. If you wish to set the proxy settings for your containers, you need to define environment variables for them, just like you would do on Linux, for example: @@ -162,56 +166,40 @@ Type a JSON configuration file in the box to configure the daemon settings. For Click **Apply & Restart** to save your settings and restart Docker Desktop. -### Command Line +### Experimental Features -On the Command Line page, you can specify whether or not to enable experimental features. +On the **Experimental Features** page, you can specify whether or not to enable experimental features. -{% include experimental.md %} +Experimental features provide early access to future product functionality. These features are intended for testing and feedback only as they may change between releases without warning or can be removed entirely from a future release. Experimental features must not be used in production environments. Docker does not offer support for experimental features. -You can toggle the experimental features on and off in Docker Desktop. If you toggle the experimental features off, Docker Desktop uses the current generally available release of Docker Engine. +#### Enable the new Apple Virtualization framework -You can see whether you are running experimental mode at the command line. If -`Experimental` is `true`, then Docker is running in experimental mode, as shown -here. (If `false`, Experimental mode is off.) +Select **Use the new Virtualization framework** to allow Docker Desktop to use the new `virtualization.framework` instead of the ‘hypervisor.framework’. Ensure to reset your Kubernetes cluster when you enable the new Virtualization framework for the first time. -```console -$ docker version +#### Enable VirtioFS -Client: Docker Engine - Community - Version: 19.03.1 - API version: 1.40 - Go version: go1.12.5 - Git commit: 74b1e89 - Built: Thu Jul 25 21:18:17 2019 - OS/Arch: darwin/amd64 - Experimental: true + Docker Desktop for Mac lets developers use a new experimental file-sharing implementation called [virtiofS](https://virtio-fs.gitlab.io/){: target='_blank' rel='noopener' class='_'}; the current default is gRPC-FUSE. virtiofs has been found to significantly improve file sharing performance on macOS. For more details, see our blog post [Speed boost achievement unlocked on Docker Desktop 4.6 for Mac](https://www.docker.com/blog/speed-boost-achievement-unlocked-on-docker-desktop-4-6-for-mac/){:target="_blank" rel="noopener" class="_"}. -Server: Docker Engine - Community - Engine: - Version: 19.03.1 - API version: 1.40 (minimum version 1.12) - Go version: go1.12.5 - Git commit: 74b1e89 - Built: Thu Jul 25 21:17:52 2019 - OS/Arch: linux/amd64 - Experimental: true - containerd: - Version: v1.2.6 - GitCommit: 894b81a4b802e4eb2a91d1ce216b8817763c29fb - runc: - Version: 1.0.0-rc8 - GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f - docker-init: - Version: 0.18.0 - GitCommit: fec3683 -``` +To enable virtioFS: + +1. Verify that you are on the following macOS version: + - macOS 12.2 or later (for Apple Silicon) + - macOS 12.3 or later (for Intel) + +2. Select **Enable VirtioFS accelerated directory sharing** to enable virtioFS. + +3. Click **Apply & Restart**. ### Kubernetes Docker Desktop includes a standalone Kubernetes server that runs on your Mac, so that you can test deploying your Docker workloads on Kubernetes. To enable Kubernetes support and install a standalone instance of Kubernetes running as a Docker container, select **Enable Kubernetes**. -For more information about using the Kubernetes integration with Docker Desktop, see [Deploy on Kubernetes](../kubernetes.md){:target="_blank" rel="noopener" class="_"}. +- Select **Show system containers (advanced)** to view internal containers when using Docker commands. + +- Select **Reset Kubernetes cluster** to delete all stacks and Kubernetes resources. For more information, see [Kubernetes](../kubernetes.md){:target="_blank" rel="noopener" class="_"}. + +- Click **Apply & Restart** for your changes to take effect. ### Reset @@ -230,7 +218,7 @@ The **Software Updates** section notifies you of any updates available to Docker > Starting with Docker Desktop 4.2.0, the option to turn off the automatic check for updates is available for users on all Docker subscriptions, including Docker Personal and Docker Pro. Update to [Docker Desktop 4.2.0](../mac/release-notes/index.md) to start using this feature. {: .important} -Turn off the check for updates by clearing the **Automatically Check for Updates** check box. This disables notifications in the Docker menu and also the notification badge that appears on the Docker Dashboard. To check for updates manually, select the **Check for updates** option in the Docker menu. +Turn off the check for updates by clearing the **Automatically check for updates** check box. This disables notifications in the Docker menu and also the notification badge that appears on the Docker Dashboard. To check for updates manually, select the **Check for updates** option in the Docker menu. To allow Docker Desktop to automatically download new updates in the background, select **Always download updates**. This downloads newer versions of Docker Desktop when an update becomes available. After downloading the update, click **Apply and Restart** to install the update. You can do this either through the Docker menu or in the **Updates** section in the Docker Dashboard. diff --git a/desktop/mac/release-notes/index.md b/desktop/mac/release-notes/index.md index 6cbb46d6de..c4ab400062 100644 --- a/desktop/mac/release-notes/index.md +++ b/desktop/mac/release-notes/index.md @@ -23,8 +23,8 @@ This page contains information about the new features, improvements, known issue Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/projects/1){: target="_blank" rel="noopener" class="_"} to see what's coming next. -## Docker Desktop 4.5.0 -2022-02-10 +## Docker Desktop 4.6.1 +2022-03-22 > Download Docker Desktop > @@ -33,6 +33,67 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro > chip](https://desktop.docker.com/mac/main/arm64/Docker.dmg?utm_source=docker&utm_medium=webreferral&utm_campaign=docs-driven-download-mac-arm64){: > .button .primary-btn } +### Upgrades + +- [Buildx 0.8.1](https://github.com/docker/buildx/releases/tag/v0.8.1) + +### Bug fixes and minor changes + +- Fixed diagnostics upload when there is no HTTP proxy set. Fixes [docker/for-mac#6234](https://github.com/docker/for-mac/issues/6234). +- Removed a false positive "vm is not running" error from self-diagnose. Fixes [docker/for-mac#6233](https://github.com/docker/for-mac/issues/6233). +- Prevented spinning in vpnkit-forwarder filling the logs with error messages. + +## Docker Desktop 4.6.0 +2022-03-14 + +> Download Docker Desktop +> +> [Mac with Intel chip](https://desktop.docker.com/mac/main/amd64/75818/Docker.dmg) | +> [Mac with Apple chip](https://desktop.docker.com/mac/main/arm64/75818/Docker.dmg) + +### Security + +- Fixed [CVE-2022-0847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847){: target="_blank" rel="noopener" class="_"}, aka “Dirty Pipe”, an issue that could enable attackers to modify files in container images on the host, from inside a container. + +### New + +- Docker Desktop 4.6.0 gives macOS users the option of enabling a new experimental file sharing technology called VirtioFS. During testing VirtioFS has been shown to drastically reduce the time taken to sync changes between the host and VM, leading to substantial performance improvements. For more information, see [VirtioFS](../index.md#experimental-features). +- The Docker Dashboard Volume Management feature now offers the ability to efficiently clean up volumes using multi-select checkboxes. + +### Upgrades + +- [Docker Engine v20.10.13](https://docs.docker.com/engine/release-notes/#201013) +- [Compose v2.3.3](https://github.com/docker/compose/releases/tag/v2.3.3) +- [Buildx 0.8.0](https://github.com/docker/buildx/releases/tag/v0.8.0) +- [containerd v1.4.13](https://github.com/containerd/containerd/releases/tag/v1.4.13) +- [runc v1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3) +- [Go 1.17.8](https://golang.org/doc/go1.17) +- [Linux kernel 5.10.104](https://hub.docker.com/layers/docker/for-desktop-kernel/5.10.104-379cadd2e08e8b25f932380e9fdaab97755357b3/images/sha256-7753b60f4544e5c5eed629d12151a49c8a4b48d98b4fb30e4e65cecc20da484d?context=explore) +- [Qemu 6.2.0](https://wiki.qemu.org/ChangeLog/6.2) + +### Bug fixes and minor changes + +- Fixed uploading diagnostics when an HTTPS proxy is set. +- Fixed the systray menu not displaying all menu items after starting Docker Desktop. Fixes [docker/for-mac#6192](https://github.com/docker/for-mac/issues/6192). +- Fixed a regression about Docker Desktop not starting in background anymore. Fixes [docker/for-mac#6167](https://github.com/docker/for-mac/issues/6167). +- Fixed missing Docker Desktop Dock icon. Fixes [docker/for-mac#6173](https://github.com/docker/for-mac/issues/6173). +- Made checking for updates from the systray menu open the Software updates settings section. +- Used speed up block device access when using the experimental `virtualization.framework`. See [benchmarks](https://github.com/docker/roadmap/issues/7#issuecomment-1050626886). +- Increased default VM memory allocation to half of physical memory (min 2 GB, max 8 GB) for better out-of-the-box performances. +- Fixed copying text from terminal in Quick Start Guide. Fixes [docker/for-win#12444](https://github.com/docker/for-win/issues/12444). + +### Known issues + +- After enabling VirtioFS, containers with processes running with different Unix user IDs may experience caching issues. For example if a process running as `root` queries a file and another process running as user `nginx` tries to access the same file immediately, the `nginx` process will get a "Permission Denied" error. + +## Docker Desktop 4.5.0 +2022-02-10 + +> Download Docker Desktop +> +> [Mac with Intel chip](https://desktop.docker.com/mac/main/amd64/74594/Docker.dmg) | +> [Mac with Apple chip](https://desktop.docker.com/mac/main/arm64/74594/Docker.dmg) + ### Security - Fixed [CVE-2021-44719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44719){: target="_blank" rel="noopener" class="_"} where Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. @@ -63,7 +124,6 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro > [Mac with Intel chip](https://desktop.docker.com/mac/main/amd64/73305/Docker.dmg) | > [Mac with Apple chip](https://desktop.docker.com/mac/main/arm64/73305/Docker.dmg) - ### Security - Fixed [CVE-2021-45449](https://docs.docker.com/security/#cve-2021-45449) that affects users currently on Docker Desktop version 4.3.0 or 4.3.1. diff --git a/desktop/windows/index.md b/desktop/windows/index.md index 8cacce2cf3..d73e41f8ec 100644 --- a/desktop/windows/index.md +++ b/desktop/windows/index.md @@ -192,12 +192,11 @@ Updating these settings requires a reconfiguration and reboot of the Linux VM. In WSL 2 mode, you can configure which WSL 2 distributions will have the Docker WSL integration. -By default, the integration will be enabled on your default WSL distribution. +By default, the integration will be enabled on your default WSL distribution. To change your default WSL distro, run `wsl --set-default `. (For example, to set Ubuntu as your default WSL distro, run `wsl --set-default ubuntu`). -You can also select any additional distributions you would like to enable the WSL 2 -integration on. +You can also select any additional distributions you would like to enable the WSL 2 integration on. For more details on configuring Docker Desktop to use WSL 2, see [Docker Desktop WSL 2 backend](wsl.md). diff --git a/desktop/windows/release-notes/index.md b/desktop/windows/release-notes/index.md index 9163ebe01c..0a34afa3f6 100644 --- a/desktop/windows/release-notes/index.md +++ b/desktop/windows/release-notes/index.md @@ -23,8 +23,8 @@ This page contains information about the new features, improvements, known issue Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/projects/1){: target="_blank" rel="noopener" class="_"} to see what's coming next. -## Docker Desktop 4.5.1 -2022-02-15 +## Docker Desktop 4.6.1 +2022-03-22 > Download Docker Desktop > @@ -32,6 +32,59 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro > Windows](https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe?utm_source=docker&utm_medium=webreferral&utm_campaign=docs-driven-download-win-amd64){: > .button .primary-btn } +### Upgrades + +- [Buildx 0.8.1](https://github.com/docker/buildx/releases/tag/v0.8.1) + +### Bug fixes and minor changes + +- Fixed diagnostics upload when there is no HTTP proxy set. Fixes [docker/for-mac#6234](https://github.com/docker/for-mac/issues/6234). +- Removed a false positive "vm is not running" error from self-diagnose. Fixes [docker/for-mac#6233](https://github.com/docker/for-mac/issues/6233). +- Prevented spinning in vpnkit-forwarder filling the logs with error messages. + +## Docker Desktop 4.6.0 +2022-03-14 + +> Download Docker Desktop +> +> [For Windows](https://desktop.docker.com/win/main/amd64/75818/Docker%20Desktop%20Installer.exe) + +### Security + +- Fixed [CVE-2022-0847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847){: target="_blank" rel="noopener" class="_"}, aka “Dirty Pipe”, an issue that could enable attackers to modify files in container images on the host, from inside a container. +- Fixed [CVE-2022-26659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26659){: target="_blank" rel="noopener" class="_"}, which could allow an attacker to overwrite any administrator writable file on the system during the installation or the update of Docker Desktop. + +### New + +- The Docker Dashboard Volume Management feature now offers the ability to efficiently clean up volumes using multi-select checkboxes. + +### Upgrades + +- [Docker Engine v20.10.13](https://docs.docker.com/engine/release-notes/#201013) +- [Compose v2.3.3](https://github.com/docker/compose/releases/tag/v2.3.3) +- [Buildx 0.8.0](https://github.com/docker/buildx/releases/tag/v0.8.0) +- [containerd v1.4.13](https://github.com/containerd/containerd/releases/tag/v1.4.13) +- [runc v1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3) +- [Go 1.17.8](https://golang.org/doc/go1.17) +- [Linux kernel 5.10.104](https://hub.docker.com/layers/docker/for-desktop-kernel/5.10.104-379cadd2e08e8b25f932380e9fdaab97755357b3/images/sha256-7753b60f4544e5c5eed629d12151a49c8a4b48d98b4fb30e4e65cecc20da484d?context=explore) + +### Bug fixes and minor changes + +- Fixed uploading diagnostics when an HTTPS proxy is set. +- Fixed the UI stuck in `starting` state forever although Docker Desktop is working fine from the command line. +- Fixed missing Docker Desktop systray icon [docker/for-win#12573](https://github.com/docker/for-win/issues/12573) +- Made checking for updates from the systray menu open the Software updates settings section. +- Fixed Registry Access Management under WSL 2 with latest 5.10.60.1 kernel. +- Fixed a UI crash when selecting the containers of a Compose application started from a WSL 2 environment. Fixes [docker/for-win#12567](https://github.com/docker/for-win/issues/12567). +- Fixed copying text from terminal in Quick Start Guide. Fixes [docker/for-win#12444](https://github.com/docker/for-win/issues/12444). + +## Docker Desktop 4.5.1 +2022-02-15 + +> Download Docker Desktop +> +> [For Windows](https://desktop.docker.com/win/main/amd64/74721/Docker%20Desktop%20Installer.exe) + ### Bug fixes and minor changes - Fixed an issue that caused new installations to default to the Hyper-V backend instead of WSL 2. diff --git a/docker-hub/registry-access-management.md b/docker-hub/registry-access-management.md index 4a7180635e..bc436e34e7 100644 --- a/docker-hub/registry-access-management.md +++ b/docker-hub/registry-access-management.md @@ -8,7 +8,7 @@ Registry Access Management is a feature available to organizations with a Docker > **Note** > -> Registry Access Management is currently offered as a Tech Preview to a closed group of Docker Business customers. +> Registry Access Management is currently offered as a closed beta to a closed group of Docker Business customers. {: .important} ## Configure Registry Access Management permissions @@ -60,7 +60,6 @@ Download Docker Desktop 4.5 or a later release. * Builds such as `docker buildx` using a Kubernetes driver are not restricted * Builds such as `docker buildx` using a custom docker-container driver are not restricted * Blocking is DNS-based; you must use a registry's access control mechanisms to distinguish between “push” and “pull” - * You must disable HTTP proxy or use a corporate proxy which also blocks the registries * WSL 2 requires at least a 5.4 series Linux kernel (this does not apply to earlier Linux kernel series) * Under the WSL 2 network, traffic from all Linux distributions is restricted (this will be resolved in the updated 5.15 series Linux kernel) diff --git a/engine/release-notes/index.md b/engine/release-notes/index.md index c7cd703be3..e2be29d763 100644 --- a/engine/release-notes/index.md +++ b/engine/release-notes/index.md @@ -22,6 +22,27 @@ for Docker Engine. # Version 20.10 +## 20.10.14 +2022-03-23 + +This release of Docker Engine updates the default inheritable capabilities for +containers to address [CVE-2022-24769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769), +a new version of the `containerd.io` runtime is also included to address the same +issue. + +### Daemon + +- Update the default inheritable capabilities. + +### Builder + +- Update the default inheritable capabilities for containers used during build. + +### Packaging + +- Update containerd (`containerd.io` package) to [v1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11). +- Update `docker buildx` to [v0.8.1](https://github.com/docker/buildx/releases/tag/v0.8.1). + ## 20.10.13 2022-03-10 diff --git a/go/storage-driver.md b/go/storage-driver.md new file mode 100644 index 0000000000..7281b67b63 --- /dev/null +++ b/go/storage-driver.md @@ -0,0 +1,6 @@ +--- +title: Information on how configure storage drivers +description: Instructions for configuring (or switching between) storage-drivers. +keywords: Docker, Engine, Daemon, storage-driver +redirect_to: /storage/storagedriver/select-storage-driver/ +--- diff --git a/language/java/run-containers.md b/language/java/run-containers.md index f102375c66..baf210f8f7 100644 --- a/language/java/run-containers.md +++ b/language/java/run-containers.md @@ -143,7 +143,7 @@ $ docker stop trusting_beaver trusting_beaver ``` -Now that our container is stopped, let’s remove it. When you remove a container, the process inside the container will be stopped and the metadata for the container will been removed. +Now that our container is stopped, let’s remove it. When you remove a container, the process inside the container will be stopped and the metadata for the container will be removed. To remove a container, simple run the `docker rm` command passing the container name. You can pass multiple container names to the command using a single command. Again, replace the container names in the following command with the container names from your system. diff --git a/language/nodejs/develop.md b/language/nodejs/develop.md index b0e4b77223..7e5e975bb1 100644 --- a/language/nodejs/develop.md +++ b/language/nodejs/develop.md @@ -86,7 +86,7 @@ $ docker run \ node-docker ``` -The `yoda_notes` at the end of the connection string is the desired name for our database. +The `notes` at the end of the connection string is the desired name for our database. Let’s test that our application is connected to the database and is able to add a note. diff --git a/language/nodejs/run-containers.md b/language/nodejs/run-containers.md index f0ed48a538..c61529050a 100644 --- a/language/nodejs/run-containers.md +++ b/language/nodejs/run-containers.md @@ -14,7 +14,7 @@ Work through the steps to build a Node JS image in [Build your Node image](build ## Overview -In the previous module we created our sample application and then we created a Dockerfile that we used to create an image. We created our image using the command `docker build`. Now that we have an image, we can run that image and see if our application is running correctly. +In the previous module we created our sample application and then we created a Dockerfile that we used to create an image. We created our image using the command `docker build`. Now that we have an image, we can run that image and see if our application is running correctly. A container is a normal operating system process except that this process is isolated and has its own file system, its own networking, and its own isolated process tree separate from the host. @@ -162,7 +162,7 @@ ec45285c456d node-docker "docker-entrypoint.s…" 31 minutes ag fb7a41809e5d node-docker "docker-entrypoint.s…" 40 minutes ago Exited (0) 39 minutes ago goofy_khayyam ``` -To remove a container, simple run the `docker rm` command passing the container name. You can pass multiple container names to the command in one command. +To remove a container, simply run the `docker rm` command passing the container name. You can pass multiple container names to the command in one command. Again, make sure you replace the containers names in the below command with the container names from your system. @@ -175,7 +175,7 @@ goofy_khayyam Run the `docker ps --all` command again to see that all containers are gone. -Now let’s address the pesky random name issue. Standard practice is to name your containers for the simple reason that it is easier to identify what is running in the container and what application or service it is associated with. Just like good naming conventions for variables in your code makes it simpler to read. So goes naming your containers. +Now let’s address the pesky random name issue. Standard practice is to name your containers for the simple reason that it is easier to identify what is running in the container and what application or service it is associated with. Just like good naming conventions for variables in your code make it simpler to read, so does naming your containers. To name a container, we just need to pass the `--name` flag to the run command. diff --git a/single-sign-on/faqs.md b/single-sign-on/faqs.md index 7462bee1d0..4d6927fcb8 100644 --- a/single-sign-on/faqs.md +++ b/single-sign-on/faqs.md @@ -39,7 +39,7 @@ You can create a test organization. Companies can set up a new five-seat Busines ### Q: Does SAML authentication require additional attributes? -You must provide an email address as an attribute to authenticate via SAML. The ‘Name’ attribute is currently optional. +You must provide an email address as an attribute to authenticate through SAML. The ‘Name’ attribute is currently optional. ### Q: Does the application recognize the NameID/Unique Identifier in the SAMLResponse Subject? @@ -111,7 +111,7 @@ You can add a bot account to your IDP and create an access token for it to repla ### Q: Does Docker plan to release SAML just in time provisioning? -Our SSO implementation is already "just in time". Admins don't have to create users’ accounts on Hub, they can just enable it on the IdP and have the users log in via their domain email on Hub. +Our SSO implementation is already "just in time". Admins don't have to create users’ accounts on Hub, they can just enable it on the IdP and have the users log in through their domain email on Hub. ### Q: Will there be IdP initiated logins? Does Docker plan to support SSO logins outside of Hub and Desktop? @@ -123,7 +123,7 @@ Yes, generally bot accounts need to be a seat, similar to a regular end user, ha ### Q: Is it possible to connect Docker Hub directly with a Microsoft Azure Active Directory Group? -Yes, Azure AD is supported with SSO for Docker Business, both via a direct integration and via SAML. +Yes, Azure AD is supported with SSO for Docker Business, both through a direct integration and through SAML. ## Adding domain and domain verification @@ -138,7 +138,7 @@ They can do it one time to add it to a connection. If they ever change idPs and ### Q: Is adding Domain required to configure SSO? What domains should I be adding? And how do I add it? -Adding and verifying Domain is required to enable and enforce SSO. Click Add Domain and specify the email domains that are allowed to authenticate via your server. This should include all email domains users will use to access Docker. Public domains are not permitted, such as gmail.com, outlook.com, etc. Also, the email domain should be set as the primary email. +Adding and verifying Domain is required to enable and enforce SSO. Click Add Domain and specify the email domains that are allowed to authenticate through your server. This should include all email domains users will use to access Docker. Public domains are not permitted, such as gmail.com, outlook.com, etc. Also, the email domain should be set as the primary email. ### Q: If users are using their personal email, do they have to convert to using the Org’s domain before they can be invited to join an Org? Is this just a quick change in their Hub account? @@ -179,7 +179,7 @@ Yes. When SSO is enabled, you can access the Docker CLI through Personal Access Before enforcing SSO, you must create PATs for automation systems and CI/CD pipelines and use the tokens instead of a password. -### Q: I have a user working on projects within Docker Desktop but authenticated with personal or no email. After they purchase Docker Business licenses, they will implement and enforce SSO via Okta to manage their users. When this user signs on SSO, is their work on DD compromised/impacted with the migration to the new account? +### Q: I have a user working on projects within Docker Desktop but authenticated with personal or no email. After they purchase Docker Business licenses, they will implement and enforce SSO through Okta to manage their users. When this user signs on SSO, is their work on DD compromised/impacted with the migration to the new account? If they already have their organization email on their account, then it will be migrated to SSO. @@ -191,7 +191,7 @@ SSO enforcement will apply to any domain email user, and automatically add that Yes, they can choose to not enforce, and users have the option to use either Docker ID (standard email/password) or email address (SSO) at the sign-in screen. -### Q: We have enforced SSO, but one of our users is connected to several organizations (and several email-addresses) and is able to bypass SSO and login via userid and password. Why is this happening? +### Q: We have enforced SSO, but one of our users is connected to several organizations (and several email-addresses) and is able to bypass SSO and login through userid and password. Why is this happening? They can bypass SSO if the email they are using to log in doesn't match the organization email being used when SSO is enforced. @@ -206,21 +206,21 @@ However, if you **enforce** SSO: * Service Account domain email addresses must be unaliased and enabled in their IdP * Username/password and personal access token will still work (but only if they exist, which they won't for new accounts) -* Those who know the IdP credentials can sign in as that Service Account via SSO on Hub and create or change the personal access token for that service account. +* Those who know the IdP credentials can sign in as that Service Account through SSO on Hub and create or change the personal access token for that service account. ## Managing users ### Q: How do I manage users when using SSO? -Users are managed through organizations in Docker Hub. When you configure SSO in Docker, you need to make sure an account exists for each user in your IdP account. When a user signs into Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication. +Users are managed through organizations in Docker Hub. When you configure SSO in Docker, you need to make sure an account exists for each user in your IdP account. When a user signs in to Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication. ### Q: Do I need to manually add users to my organization? -No, you don’t need to manually add users to your organization in Docker Hub. You just need to make sure an account for your users exists in your IdP and then invite them to your organization using the Invite Member option in Docker Hub. +No, you don’t need to manually add users to your organization in Docker Hub. You just need to make sure an account for your users exists in your IdP. When users sign in to Docker Hub, they're automatically assigned to the organization using their domain email address. When a user signs into Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication. -### Q: Can users in my organization use different email addresses to authenticate via SSO? +### Q: Can users in my organization use different email addresses to authenticate through SSO? During the SSO setup, you’ll have to specify the company email domains that are allowed to authenticate. All users in your organization must authenticate using the email domain specified during SSO setup. Some of your users may want to maintain a different account for their personal projects. @@ -269,9 +269,9 @@ Additionally, you can use our APIs to complete this process. Admins in the Owners group in the orgs can invite users through Docker Hub UI, by email address (for any user) or by Docker ID (assuming the user has created a user account on Hub already). -### Q: If we add a user manually for the first time, can I register in the dashboard and will the user get an invitation link via email? For example, max.mustermann@zeiss.com. +### Q: If we add a user manually for the first time, can I register in the dashboard and will the user get an invitation link through email? -Yes, if the user is added via email address to an org, they will receive an email invite. If invited via docker ID as an existing user instead, they'll be added to the organization automatically. We'll be adding a new invite flow in the near future that will require an email invite in this situation as well (so the user can choose to opt out). If the org later sets up SSO for [zeiss.com](https://www.zeiss.com/) domain, the user will automatically be added to the domain SSO org next sign in which requires SSO auth with the identity provider (Hub login will automatically redirect to the identity provider). +Yes, if the user is added through email address to an org, they will receive an email invite. If invited through docker ID as an existing user instead, they'll be added to the organization automatically. We'll be adding a new invite flow in the near future that will require an email invite in this situation as well (so the user can choose to opt out). If the org later sets up SSO for [zeiss.com](https://www.zeiss.com/) domain, the user will automatically be added to the domain SSO org next sign in which requires SSO auth with the identity provider (Hub login will automatically redirect to the identity provider). ### Q: Can someone join the organization without an invitation? Is it possible to put specific users to an organization with existing email accounts? diff --git a/single-sign-on/index.md b/single-sign-on/index.md index 76b66efe4c..05b19c4059 100644 --- a/single-sign-on/index.md +++ b/single-sign-on/index.md @@ -3,11 +3,11 @@ description: Single Sign-on keywords: Single Sign-on, SSO, sign-on title: Configure Single Sign-on --- -This section is for administrators who want to enable Docker Single Sign-on (SSO) for their businesses. Docker SSO allows users to authenticate using their identity providers (IdPs) to access Docker. Docker currently supports SAML 2.0 and Azure AD IdPs through Auth0. You can enable SSO on organization's that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](../subscription/upgrade/){:target="blank" rel="noopener" class=""}. +This section is for administrators who want to enable Docker Single Sign-on (SSO) for their businesses. Docker SSO allows users to authenticate using their identity providers (IdPs) to access Docker. Docker currently supports SAML 2.0 and Azure AD authentication methods. You can enable SSO on organizations that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](../subscription/upgrade/){:target="blank" rel="noopener" class=""}. -When SSO is enabled, users are redirected to your provider’s authentication page to authenticate using SSO. They cannot authenticate using their personal login credentials (Docker ID and password). Docker currently supports Service Provider Initiated SSO flow. Your users must sign into Docker Hub or Docker Desktop to initiate the SSO authentication process. +When SSO is enabled, users are redirected to your provider’s authentication page to log in. They cannot authenticate using their Docker login credentials (Docker ID and password). Docker currently supports Service Provider Initiated SSO flow. Your users must sign into Docker Hub or Docker Desktop to initiate the SSO authentication process. -Before enabling SSO in Docker Hub, administrators must work with their identity provider to configure their IdP to work with Docker Hub. Docker provides the Assertion Consumer Service (ACS) URL and the Entity ID. Administrators use this information to establish a connection between their IdP server and Docker Hub. +Before enabling SSO in Docker Hub, administrators must configure their identity provider to configure their IdP to work with Docker Hub. Docker provides the Assertion Consumer Service (ACS) URL and the Entity ID. Administrators use this information to establish a connection between their IdP server and Docker Hub. After establishing the connection between the IdP server and Docker Hub, administrators log into the organization in Docker Hub and complete the SSO enablement process. See the section **Enable SSO in Docker Hub** for detailed instructions. @@ -16,7 +16,7 @@ To enable SSO in Docker Hub, you need the following information from your identi * **SAML 2.0**: Single Sign-On URL and the X.509 signing certificate * **Azure AD**: Client ID (a unique identifier for your registered AD application), Client Secret (a string used to gain access to your registered Azure AD application), and AD Domain details -We currently support enabling SSO on a single organization. However, we do not support single logout. If you have any users in your organization with a different domain (including social domains), they will be added to the organization as guests. +We currently support enabling SSO on a single organization. However, we do not support single logout. If you have any users in your organization with a different domain (including social domains), they will be added to the organization as guests. Guests will continue to authenticate through Docker with their Docker login credentials (Docker ID and password). ## Prerequisites @@ -109,7 +109,7 @@ The following video walks you through the process of configuring SSO. ### Domain control -Click **Add Domain** and specify the corporate domain you’d like to manage with SSO. Domains should be formatted without protocol or www information, for example, yourcompany.com. Docker currently supports one email domain for each organization. +Click **Add Domain** and specify the corporate domain you’d like to manage with SSO. Domains should be formatted without protocol or www information, for example, yourcompany.com. Docker currently supports multiple domains that are part of your IdP. > **Note** > @@ -145,8 +145,8 @@ To verify ownership of a domain, add a TXT record to your Domain Name System (DN After you’ve completed the SSO configuration process in Docker Hub, you can test the configuration when you log into Docker Hub using an incognito browser. Login using your domain email address and IdP password. You will then get redirected to your identity provider’s login page to authenticate. -1. Authenticate via email instead of using your Docker ID, and test the login process. -2. To authenticate via CLI, your users must have a PAT before you enforce SSO for CLI users. +1. Authenticate through email instead of using your Docker ID, and test the login process. +2. To authenticate through CLI, your users must have a PAT before you enforce SSO for CLI users. ## Enforce SSO in Docker Hub @@ -169,9 +169,7 @@ Admins can force users to authenticate with Docker Desktop by provisioning a reg ## Manage users when SSO is enabled -To add a member to your organization: -1. Create an account for your members in your IdP. -2. Add and invite your members to your organization. +You don’t need to add users to your organization in Docker Hub manually. You just need to make sure an account for your users exists in your IdP. When users sign in to Docker Hub, they're automatically assigned to the organization using their domain email address. > **Note:** >