diff --git a/_vale/Docker/Acronyms.yml b/_vale/Docker/Acronyms.yml index 512319cdf37..9eb5e8b1442 100644 --- a/_vale/Docker/Acronyms.yml +++ b/_vale/Docker/Acronyms.yml @@ -5,7 +5,7 @@ level: warning ignorecase: false # Ensures that the existence of 'first' implies the existence of 'second'. first: '\b([A-Z]{2,5})\b' -second: '(?:\b[A-Z][a-z]+ )+\(([A-Z]{2,5})\)' +second: '(?:\b[A-Z][a-z]+ )+\(([A-Z]{2,5})s?\)' # ... with the exception of these: exceptions: - AGPL diff --git a/_vale/config/vocabularies/Docker/accept.txt b/_vale/config/vocabularies/Docker/accept.txt index 205fcac3ab8..6caaf6f20c1 100644 --- a/_vale/config/vocabularies/Docker/accept.txt +++ b/_vale/config/vocabularies/Docker/accept.txt @@ -97,6 +97,7 @@ Windows WireMock Zscaler Zsh +[Aa]nonymized? [Aa]utobuild [Aa]llowlist [Bb]uildpack(s)? diff --git a/content/manuals/desktop/features/gordon.md b/content/manuals/desktop/features/gordon.md new file mode 100644 index 00000000000..469a9ac6ee6 --- /dev/null +++ b/content/manuals/desktop/features/gordon.md @@ -0,0 +1,292 @@ +--- +title: Ask Gordon +description: Learn how to streamline your workflow with Docker's AI-powered assistant. +weight: 10 +params: + sidebar: + badge: + color: blue + text: Beta +--- + +{{% restricted title=Beta %}} +Ask Gordon is a [Beta](/manuals/release-lifecycle.md) feature, and only members +of the Ask Gordon beta program can access it. Features, user interface, and +behavior are subject to change in future releases. + +{{< button text="Apply for access" url="https://docker.qualtrics.com/jfe/form/SV_dmVHFjQ4fZlrEOy" >}} +{{% /restricted %}} + +Ask Gordon is your personal AI assistant embedded in Docker Desktop and the +Docker CLI. It's designed to streamline your workflow and help you make the +most of the Docker ecosystem. + +## What is Ask Gordon? + +Ask Gordon is a suite of AI-powered capabilities integrated into Docker's +tools. These features, currently in Beta, are not enabled by default, and are +not production-ready. You may also encounter the term "Docker AI" as a broader +reference to this technology. + +The goal of Ask Gordon is to make Docker's tools for managing images and +containers more intuitive and accessible. It provides contextual assistance +tailored to your local environment, including Dockerfiles, containers, and +applications. + +Ask Gordon integrates directly with Docker's tools to help you perform specific +tasks. It understands your local setup, such as your local source code and +images. For example, you can ask Gordon to help you identify vulnerabilities in +your project or how to optimize a Dockerfile in your local repository. This +tight integration ensures responses are practical and actionable. + +> [!NOTE] +> Ask Gordon is powered by Large Language Models (LLMs). Like all LLM-based +> tools, its responses may sometimes be inaccurate. Always verify the +> information provided. + +### What data does Gordon access? + +When you use Ask Gordon, the data it accesses depends on the context of your +query: + +- Local files: If you use the `docker ai` command, Ask Gordon can access + files and directories in the current working directory where the command is + executed. In Docker Desktop, if you ask about a specific file or directory in + the **Ask Gordon** view, you'll be prompted to select the relevant context. +- Local images: Gordon integrates with Docker Desktop and can view all images + in your local image store. This includes images you've built or pulled from a + registry. + +To provide accurate responses, Ask Gordon may send relevant files, directories, +or image metadata to the Gordon backend along with your query. This data +transfer occurs over the network but is never stored persistently or shared +with third parties. It is used exclusively to process your request and +formulate a response. + +All data transferred is encrypted in transit. + +### How your data is collected and used + +Docker collects anonymized data from your interactions with Ask Gordon to +enhance the service. This includes the following: + +- Your queries: Questions you ask Gordon. +- Responses: Answers provided by Gordon. +- Feedback: Thumbs-up and thumbs-down ratings. + +To ensure privacy and security: + +- Data is anonymized and cannot be traced back to you or your account. +- Docker does not use this data to train AI models or share it with third + parties. + +By using Ask Gordon, you help improve Docker AI's reliability and accuracy, +making it more effective for all users. + +If you have concerns about data collection or usage, you can +[disable](#disable-ask-gordon) the feature at any time. + +## Setup + +To use this feature, you must have: + +- [Access to the Ask Gordon beta program](https://docker.qualtrics.com/jfe/form/SV_dmVHFjQ4fZlrEOy). + +- Docker Desktop version 4.37 or later. + +Ask Gordon is not enabled by default. After having received access to the beta +program, you must enable the feature: + +1. [Sign in](#sign-in) to your Docker account. +2. [Enable the feature](#enable-the-feature) in the Docker Desktop settings. +3. [Accept the terms of service](#accept-the-terms-of-service). + +### Sign in + +1. Open Docker Desktop. +2. Select the **Sign in** button. +3. Complete the sign-in process in your web browser. + +### Enable the feature + +After signing in to your Docker Account, enable the Docker AI feature: + +1. Open the **Settings** view in Docker Desktop. +2. Navigate to **Features in development**. +3. Check the **Enable Docker AI** checkbox. +4. Select **Apply & restart**. + +### Accept the terms of service + +To start using Docker AI, you need to accept the terms of service. You can do +this in one of two ways: + +- Open the **Ask Gordon** view in Docker Desktop and ask a question. +- Use the `docker ai` CLI command to issue a query. + +The first time you interact with Docker AI, you'll see a prompt to accept the +terms of service. For example: + +```console +$ docker ai what can you do? + + Before using Gordon, please accept the terms of service +``` + +After accepting the terms, you can begin using Ask Gordon. + +## Using Ask Gordon + +The primary interfaces to Docker's AI capabilities are through the **Ask +Gordon** view in Docker Desktop, or if you prefer to use the CLI: the `docker +ai` CLI command. + +If you've used an AI chatbot before, these interfaces will be pretty familiar +to you. You can chat with the Docker AI to get help with your Docker tasks. + +### Contextual help + +Once you've enabled the Docker AI features, you'll also find references to +**Ask Gordon** in various other places throughout the Docker Desktop user +interface. Whenever you encounter a button with the "sparkles" (✨) icon in the +user interface, you can use the button to get contextual support from Ask +Gordon. + +## Example workflows + +Ask Gordon is a general-purpose AI assistant created to help you with all your +Docker-related tasks and workflows. If you need some inspiration, here are a +few ways things you can try: + +- [Troubleshoot a crashed container](#troubleshoot-a-crashed-container) +- [Get help with running a container](#get-help-with-running-a-container) +- [Improve a Dockerfile](#improve-a-dockerfile) + +For more examples, try asking Gordon directly. For example: + +```console +$ docker ai "What can you do?" +``` + +### Troubleshoot a crashed container + +If you try to start a container with an invalid configuration or command, you +can use Ask Gordon to troubleshoot the error. For example, try starting a +Postgres container without specifying a database password: + +```console +$ docker run postgres +Error: Database is uninitialized and superuser password is not specified. + You must specify POSTGRES_PASSWORD to a non-empty value for the + superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". + + You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all + connections without a password. This is *not* recommended. + + See PostgreSQL documentation about "trust": + https://www.postgresql.org/docs/current/auth-trust.html +``` + +In the **Containers** view in Docker Desktop, select the ✨ icon next to the +container's name, or inspect the container and open the **Ask Gordon** tab. + +### Get help with running a container + +If you want to run a specific image but you're not sure how, Gordon might be +able to help you get set up: + +1. Pull an image from Docker Hub (for example, `postgres`). +2. Open the **Images** view in Docker Desktop and select the image. +3. Select the **Run** button. + +In the _Run a new container_ dialog that opens, you should see a message about +**Ask Gordon**. + +![Ask Gordon hint in Docker Desktop](../images/gordon-run-ctr.png) + +The linked text in the hint is a suggested prompt to start a conversation with +Ask Gordon. + +### Improve a Dockerfile + +Gordon can analyze your Dockerfile and suggest improvements. To have Gordon +evaluate your Dockerfile using the `docker ai` command: + +1. Navigate to your project directory: + + ```console + $ cd path/to/my/project + ``` + +2. Use the `docker ai` command to rate your Dockerfile: + + ```console + $ docker ai rate my Dockerfile + ``` + +Gordon will analyze your Dockerfile and identify opportunities for improvement +across several dimensions: + +- Build cache optimization +- Security +- Image size efficiency +- Best practices compliance +- Maintainability +- Reproducibility +- Portability +- Resource efficiency + +## Disable Ask Gordon + +If you've enabled Ask Gordon and you want to disable it again: + +1. Open the **Settings** view in Docker Desktop. +2. Navigate to **Features in development**. +3. Clear the **Enable Docker AI** checkbox. +4. Select **Apply & restart**. + +If you want to disable Ask Gordon for your entire Docker organization, using +[Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md), +add the following property to your `admin-settings.json` file: + +```json +{ + "enableDockerAI": { + "value": false, + "locked": true + } +} +``` + +Alternatively, you can disable all Beta features by setting `allowBetaFeatures` to false: + +```json +{ + "allowBetaFeatures": { + "value": false, + "locked": true + } +} +``` + +## Feedback + + + +We value your input on Ask Gordon and encourage you to share your experience. +Your feedback helps us improve and refine Ask Gordon for all users. If you +encounter issues, have suggestions, or simply want to share what you like, +here's how you can get in touch: + +- Thumbs-up and thumbs-down buttons + + Rate Ask Gordon's responses using the thumbs-up or thumbs-down buttons in the + response. + +- Feedback survey + + You can access the Ask Gordon survey by following the _Give feedback_ link in + the **Ask Gordon** view in Docker Desktop, or from the CLI by running the + `docker ai feedback` command. + +Thank you for helping us improve Ask Gordon. diff --git a/content/manuals/desktop/images/gordon-run-ctr.png b/content/manuals/desktop/images/gordon-run-ctr.png new file mode 100644 index 00000000000..5369a82a7b0 Binary files /dev/null and b/content/manuals/desktop/images/gordon-run-ctr.png differ diff --git a/content/manuals/engine/storage/tmpfs.md b/content/manuals/engine/storage/tmpfs.md index 299103c080f..b4e186acb3d 100644 --- a/content/manuals/engine/storage/tmpfs.md +++ b/content/manuals/engine/storage/tmpfs.md @@ -60,10 +60,67 @@ $ docker run --tmpfs ``` In general, `--mount` is preferred. The main difference is that the `--mount` -flag is more explicit and supports all the available options. +flag is more explicit. On the other hand, `--tmpfs` is less verbose and gives +you more flexibility as it lets you set more mount options. The `--tmpfs` flag cannot be used with swarm services. You must use `--mount`. +### Options for --tmpfs + +The `--tmpfs` flag consists of two fields, separated by a colon character +(`:`). + +```console +$ docker run --tmpfs [:opts] +``` + +The first field is the container path to mount into a tmpfs. The second field +is optional and lets you set mount options. Valid mount options for `--tmpfs` +include: + +| Option | Description | +| ------------ | ------------------------------------------------------------------------------------------- | +| `ro` | Creates a read-only tmpfs mount. | +| `rw` | Creates a read-write tmpfs mount (default behavior). | +| `nosuid` | Prevents `setuid` and `setgid` bits from being honored during execution. | +| `suid` | Allows `setuid` and `setgid` bits to be honored during execution (default behavior). | +| `nodev` | Device files can be created but are not functional (access results in an error). | +| `dev` | Device files can be created and are fully functional. | +| `exec` | Allows the execution of executable binaries in the mounted file system. | +| `noexec` | Does not allow the execution of executable binaries in the mounted file system. | +| `sync` | All I/O to the file system is done synchronously. | +| `async` | All I/O to the file system is done asynchronously (default behavior). | +| `dirsync` | Directory updates within the file system are done synchronously. | +| `atime` | Updates file access time each time the file is accessed. | +| `noatime` | Does not update file access times when the file is accessed. | +| `diratime` | Updates directory access times each time the directory is accessed. | +| `nodiratime` | Does not update directory access times when the directory is accessed. | +| `size` | Specifies the size of the tmpfs mount, for example, `size=64m`. | +| `mode` | Specifies the file mode (permissions) for the tmpfs mount (for example, `mode=1777`). | +| `uid` | Specifies the user ID for the owner of the tmpfs mount (for example, `uid=1000`). | +| `gid` | Specifies the group ID for the owner of the tmpfs mount (for example, `gid=1000`). | +| `nr_inodes` | Specifies the maximum number of inodes for the tmpfs mount (for example, `nr_inodes=400k`). | +| `nr_blocks` | Specifies the maximum number of blocks for the tmpfs mount (for example, `nr_blocks=1024`). | + +```console {title="Example"} +$ docker run --tmpfs /data:noexec,size=1024,mode=1777 +``` + +Not all tmpfs mount features available in the Linux mount command are supported +with the `--tmpfs` flag. If you require advanced tmpfs options or features, you +may need to use a privileged container or configure the mount outside of +Docker. + +> [!CAUTION] +> Running containers with `--privileged` grants elevated permissions and can +> expose the host system to security risks. Use this option only when +> absolutely necessary and in trusted environments. + +```console +$ docker run --privileged -it debian sh +/# mount -t tmpfs -o tmpfs /data +``` + ### Options for --mount The `--mount` flag consists of multiple key-value pairs, separated by commas @@ -86,10 +143,6 @@ Valid options for `--mount type=tmpfs` include: $ docker run --mount type=tmpfs,dst=/app,tmpfs-size=21474836480,tmpfs-mode=1770 ``` -### Options for --tmpfs - -The `--tmpfs` flag does not let you specify any options. - ## Use a tmpfs mount in a container To use a `tmpfs` mount in a container, use the `--tmpfs` flag, or use the @@ -109,6 +162,14 @@ $ docker run -d \ nginx:latest ``` +Verify that the mount is a `tmpfs` mount by looking in the `Mounts` section of +the `docker inspect` output: + +```console +$ docker inspect tmptest --format '{{ json .Mounts }}' +[{"Type":"tmpfs","Source":"","Destination":"/app","Mode":"","RW":true,"Propagation":""}] +``` + {{< /tab >}} {{< tab name="`--tmpfs`" >}} @@ -120,17 +181,17 @@ $ docker run -d \ nginx:latest ``` -{{< /tab >}} -{{< /tabs >}} - Verify that the mount is a `tmpfs` mount by looking in the `Mounts` section of the `docker inspect` output: ```console $ docker inspect tmptest --format '{{ json .Mounts }}' -[{"Type":"tmpfs","Source":"","Destination":"/app","Mode":"","RW":true,"Propagation":""}] +{"/app":""} ``` +{{< /tab >}} +{{< /tabs >}} + Stop and remove the container: ```console diff --git a/content/manuals/scout/install.md b/content/manuals/scout/install.md index eeb546ad4e5..078f5db791a 100644 --- a/content/manuals/scout/install.md +++ b/content/manuals/scout/install.md @@ -46,11 +46,16 @@ $ sh install-scout.sh ```json { "cliPluginsExtraDirs": [ - "$HOME/.docker/scout" + "/home//.docker/scout" ] } ``` + Substitute `` with your username on the system. + + > [!NOTE] + > The path for `cliPluginsExtraDirs` must be an absolute path. + {{< /tab >}} {{< tab name="macOS" >}} @@ -65,13 +70,13 @@ $ sh install-scout.sh 4. Make the binary executable: ```console - $ chmod +x $HOME/.docker/scout/docker-scout` + $ chmod +x $HOME/.docker/scout/docker-scout ``` 5. Authorize the binary to be executable on macOS: ```console - xattr -d com.apple.quarantine $HOME/.docker/scout/docker-scout`. + xattr -d com.apple.quarantine $HOME/.docker/scout/docker-scout. ``` 6. Add the `scout` subdirectory to your `.docker/config.json` as a plugin directory: @@ -79,11 +84,16 @@ $ sh install-scout.sh ```json { "cliPluginsExtraDirs": [ - "$HOME/.docker/scout" + "/Users//.docker/scout" ] } ``` + Substitute `` with your username on the system. + + > [!NOTE] + > The path for `cliPluginsExtraDirs` must be an absolute path. + {{< /tab >}} {{< tab name="Windows" >}} @@ -100,11 +110,16 @@ $ sh install-scout.sh ```json { "cliPluginsExtraDirs": [ - "C:\Users\MobyWhale\.docker\scout" + "C:\Users\\.docker\scout" ] } ``` + Substitute `` with your username on the system. + + > [!NOTE] + > The path for `cliPluginsExtraDirs` must be an absolute path. + {{< /tab >}} {{< /tabs >}} diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md index 2d5b2051474..cb08fa970c9 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md @@ -46,6 +46,7 @@ Using the `admin-settings.json` file, you can: - Turn off Docker Extensions - Turn off Docker Scout SBOM indexing - Turn off beta and experimental features +- Turn off Docker AI ([Ask Gordon](../../../../desktop/features/gordon.md)) - Turn off Docker Desktop's onboarding survey - Control whether developers can use the Docker terminal - Control the file sharing implementation for your developers on macOS @@ -79,4 +80,4 @@ In addition, if Enhanced Container Isolation is enforced, developers can't use p ## What's next? - [Configure Settings Management with a `.json` file](configure-json-file.md) -- [Configure Settings Management with the Docker Admin Console](configure-admin-console.md) \ No newline at end of file +- [Configure Settings Management with the Docker Admin Console](configure-admin-console.md) diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md index d52ff4315e7..b59e1293881 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md @@ -258,6 +258,7 @@ The following `admin-settings.json` code and table provides an example of the re |:-------------------------------|---|:-------------------------------|---| | `allowExperimentalFeatures`| | If `value` is set to `false`, experimental features are disabled.| | | `allowBetaFeatures`| | If `value` is set to `false`, beta features are disabled.| | +| `enableDockerAI` | | If `value` is set to `false`, Docker AI (Ask Gordon) features are disabled. | | ### Enhanced Container Isolation diff --git a/layouts/index.html b/layouts/index.html index cc4cb02097f..04ee028ae60 100644 --- a/layouts/index.html +++ b/layouts/index.html @@ -161,23 +161,26 @@

Gen AI catalog {{ partial
-

Research

+

+ Ask Gordon + {{ partial "components/badge.html" (dict "color" "blue" "content" "Beta") }} +

- Docker State of Application Development survey + Your personal Docker expert, built right into Docker Desktop.

- Help us better understand and support the application development - community by answering our community survey. -

-

- The survey takes approximately 20-30 minutes to complete, and - you can save your progress and return at any time. As a thank - you, you can opt into a raffle for Docker swag and other - prizes! + Boost your productivity with Ask Gordon, an AI-powered + assistant designed to optimize your Docker workflows. From + improving Dockerfiles to troubleshooting containers, Gordon + is here to help.

- Take the survey +