Conversation
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
/review |
![docker-agent[bot]](https://avatars.githubusercontent.com/in/2787757?s=60&v=4){kind=small}
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
This PR updates Hardened Desktop documentation for freshness. All changes follow Docker's documentation style guidelines and maintain consistency with existing content.
Changes reviewed:
- Updated descriptions and keywords for better SEO
- Removed version-specific callouts for older Docker Desktop versions
- Improved clarity in prerequisites and configuration steps
- Standardized terminology (e.g., "allowlist" instead of "allow list")
- Added navigation aids ("Next steps" sections)
- Updated front matter weights for better organization
No issues found. The documentation is clear, accurate, and follows the style guide.
| - A Docker Business subscription | ||
|
|
||
| Docker Desktop only applies settings from the `admin-settings.json` file when both authentication and Docker Business license checks succeed. | ||
| The presence of the `admin-settings.json` file enforces sign-in on Docker Desktop. This is intended for business features that require authentication. |
There was a problem hiding this comment.
Do we want to link out to the enforce sign in doc? not sure if these are the same mechanisms, or different mechanisms for the same outcome (or entirely unrelated)
There was a problem hiding this comment.
Tis the same as the enforce sign-in bullet point linked above, so I think we're good here
|
|
||
| - `FindProxyForURL` function URL parameter format is http://host_or_ip:port or https://host_or_ip:port | ||
| - If you have an internal container trying to access https://docs.docker.com/enterprise/security/hardened-desktop/air-gapped-containers the docker proxy service will submit docs.docker.com for the host value and https://docs.docker.com:443 for the url value to FindProxyForURL, if you are using `shExpMatch` function in your PAC file as follows: | ||
| - If you have an internal container trying to access https://docs.docker.com/enterprise/security/hardened-desktop/air-gapped-containers the Docker proxy service will submit docs.docker.com for the host value and https://docs.docker.com:443 for the url value to `FindProxyForURL`, if you are using `shExpMatch` function in your PAC file as follows: |
There was a problem hiding this comment.
Is this meant to be a value, or a link? Maybe put in `s or link...ify it?
|
|
||
| > [!NOTE] | ||
| > | ||
| > Image Access Management is turned off by default. Organization owners have access to all images regardless of policy settings. |
There was a problem hiding this comment.
Is it tuned off by default, but Org owners still have access regardless of policy settings? Does this mean it's only tuned off to org members?
There was a problem hiding this comment.
oo have clarified!
| ## Best practices | ||
|
|
||
| - Start with the most restrictive policy and gradually expand based on legitimate business needs: | ||
| 1. Start with Docker Official Images and Organization images |
There was a problem hiding this comment.
Should this be
?
(I see this pattern in the docs i edit and the fussy ai bot yells at me when i don't use it lol)
There was a problem hiding this comment.
oh this is a list of just 1s....anyway
| When namespace access control is enabled, organization members can still view and pull images | ||
| from their personal namespaces and continue accessing all existing repositories | ||
| and content. However, they will no longer be able to create new repositories or | ||
| and content. However, they are no longer able to create new repositories or |
There was a problem hiding this comment.
| and content. However, they are no longer able to create new repositories or | |
| and content. However, they're unable to create new repositories or |
akristen
left a comment
akristen
left a comment
There was a problem hiding this comment.
a few fussy comments; otherwise lgtm
| - Data loss prevention: Block containers from uploading sensitive data to external services | ||
| - Supply chain security: Control which external resources containers can access during builds | ||
| - Corporate network policies: Enforce existing network security policies for containerized applications | ||
| - Your organisation requires containers to communicate only with approved internal services |
There was a problem hiding this comment.
| - Your organisation requires containers to communicate only with approved internal services | |
| - Your organization requires containers to communicate only with approved internal services |
There was a problem hiding this comment.
ok im not trying to assert the US spelling i think we have it in our style guide but i could be mistaken...
There was a problem hiding this comment.
you're not wrong...weird how the ai bot didn't pick this up
2 participants
Description
Related issues or tickets
Reviews