From c246a53fed5bce9a8d48a4b38e7fb71e3f8b8a9d Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Tue, 25 Feb 2025 16:19:41 +0000 Subject: [PATCH 1/6] HD-2362 --- .../manuals/build-cloud/builder-settings.md | 56 +++++++++++++++++++ content/manuals/build-cloud/usage.md | 10 +--- 2 files changed, 57 insertions(+), 9 deletions(-) create mode 100644 content/manuals/build-cloud/builder-settings.md diff --git a/content/manuals/build-cloud/builder-settings.md b/content/manuals/build-cloud/builder-settings.md new file mode 100644 index 00000000000..20c28127fea --- /dev/null +++ b/content/manuals/build-cloud/builder-settings.md @@ -0,0 +1,56 @@ +--- +title: Builder settings +description: Set your builder settings relating to private registries, disk allocation . +keywords: build, cloud build, optimize, remote, local, cloud, registry, package repository, vpn +--- + +The **Builder settings** page in Docker Build Cloud lets you configure disk allocation, private resource access, and firewall settings for your cloud builders in your organization. These configurations help optimize storage, enable access to private registries, and secure outbound network traffic. + +## Disk allocation + +The **Disk allocation** setting lets you control how much of the available storage is dedicated to the build cache. A lower allocation increases storage available for active builds. + +To make disk allocation changes, navigate Builder settings in Docker Build Cloud and then adjust the Disk Allocation slider to specify the percentage of storage used for build caching. + +Any changes take effect immediately. + +> [!TIP] +> +> If you build very large images, consider allocating more storage for caching. + +## Private resource access + +Private resource access lets cloud builders pull images and packages from private registries that are not publicly accessible. This feature is useful when builds rely on self-hosted artifact repositories or private OCI registries. + +For example, if your organization hosts a private [PyPI](https://pypi.org/) repository on a VPN, Docker Build Cloud would not be able to access it by default, since it isn't on the same network as your VPN. + +To enable your cloud builders to access your private registries, enter the host name and port of your private registry and then select **Add** to allow your cloud builders to access it. + +### Authentication + +If your internal artifacts require authentication, make sure that you +authenticate with the repository either before or during the build. For +internal packages like npm or PyPI, use [build secrets](/manuals/build/building/secrets.md) +to authenticate during the build. For internal OCI registries, use `docker +login` to authenticate before building. + +Note that if you use a private registry that requires authentication, you will +need to authenticate with `docker login` twice before building. This is because +the cloud builder needs to authenticate with Docker to use the cloud builder, +and then again to authenticate with the private registry. + +```console +$ echo $DOCKER_PAT | docker login docker.io -u --password-stdin +$ echo $REGISTRY_PASSWORD | docker login registry.example.com -u --password-stdin +$ docker build --builder --tag registry.example.com/ --push . +``` + +## Firewall + +Firewall settings let you restrict cloud builder egress traffic to specific IP addresses. This helps enhance security by limiting external access. + +1. Select the **Enable firewall: Restrict cloud builder egress to specific public IP Address** checkbox. + +2. Enter the IP address you want to allow. + +3. Select **Add** to apply the restriction. diff --git a/content/manuals/build-cloud/usage.md b/content/manuals/build-cloud/usage.md index 83bdde6ed03..d7e09983890 100644 --- a/content/manuals/build-cloud/usage.md +++ b/content/manuals/build-cloud/usage.md @@ -186,13 +186,5 @@ It only changes the builder that's automatically selected to run your builds. ## Registries on internal networks -It isn't possible to use Docker Build Cloud with a private registry +It is possible to use Docker Build Cloud with a [private registry](/manuals/build-cloud/builder-settings.md#private-resource-access) or registry mirror on an internal network behind a VPN. -All endpoints that a cloud builder interacts with, -including OCI registries, must be accessible over the internet. - -> **Interested in trying out an experimental feature?** -> ->We are currently testing an experimental feature which lets cloud builders access internal resources. -> -> If you're interested in trying this feature, contact us using the [Support form](https://hub.docker.com/support/contact?topic=Docker+Build+Cloud&subject=Private+registry+access). From 74fab225d7d2877ea06139a487f34dad80e1f13b Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Wed, 26 Feb 2025 08:33:22 +0000 Subject: [PATCH 2/6] sme review --- content/manuals/build-cloud/builder-settings.md | 14 +++++++------- content/manuals/build-cloud/usage.md | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/content/manuals/build-cloud/builder-settings.md b/content/manuals/build-cloud/builder-settings.md index 20c28127fea..5d61c493f5b 100644 --- a/content/manuals/build-cloud/builder-settings.md +++ b/content/manuals/build-cloud/builder-settings.md @@ -16,21 +16,21 @@ Any changes take effect immediately. > [!TIP] > -> If you build very large images, consider allocating more storage for caching. +> If you build very large images, consider allocating less storage for caching. ## Private resource access -Private resource access lets cloud builders pull images and packages from private registries that are not publicly accessible. This feature is useful when builds rely on self-hosted artifact repositories or private OCI registries. +Private resource access lets cloud builders pull images and packages from private resources. This feature is useful when builds rely on self-hosted artifact repositories or private OCI registries. -For example, if your organization hosts a private [PyPI](https://pypi.org/) repository on a VPN, Docker Build Cloud would not be able to access it by default, since it isn't on the same network as your VPN. +For example, if your organization hosts a private [PyPI](https://pypi.org/) repository on a private network, Docker Build Cloud would not be able to access it by default, since the DBC builder is not connected to your private network. -To enable your cloud builders to access your private registries, enter the host name and port of your private registry and then select **Add** to allow your cloud builders to access it. +To enable your cloud builders to access your private resources, enter the host name and port of your private rescource and then select **Add** to allow your cloud builders to access it. ### Authentication If your internal artifacts require authentication, make sure that you authenticate with the repository either before or during the build. For -internal packages like npm or PyPI, use [build secrets](/manuals/build/building/secrets.md) +internal package repositories for npm or PyPI, use [build secrets](/manuals/build/building/secrets.md) to authenticate during the build. For internal OCI registries, use `docker login` to authenticate before building. @@ -47,9 +47,9 @@ $ docker build --builder --tag registry.example.com/ --pu ## Firewall -Firewall settings let you restrict cloud builder egress traffic to specific IP addresses. This helps enhance security by limiting external access. +Firewall settings let you restrict cloud builder egress traffic to specific IP addresses. This helps enhance security by limiting external network egress from the builder. -1. Select the **Enable firewall: Restrict cloud builder egress to specific public IP Address** checkbox. +1. Select the **Enable firewall: Restrict cloud builder egress to specific public IP address** checkbox. 2. Enter the IP address you want to allow. diff --git a/content/manuals/build-cloud/usage.md b/content/manuals/build-cloud/usage.md index d7e09983890..891bb7df9cf 100644 --- a/content/manuals/build-cloud/usage.md +++ b/content/manuals/build-cloud/usage.md @@ -187,4 +187,4 @@ It only changes the builder that's automatically selected to run your builds. ## Registries on internal networks It is possible to use Docker Build Cloud with a [private registry](/manuals/build-cloud/builder-settings.md#private-resource-access) -or registry mirror on an internal network behind a VPN. +or registry mirror on an internal network. From 158d790bda5d0e80aa7ca728d261f7cf6b2e0efe Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Wed, 26 Feb 2025 08:37:23 +0000 Subject: [PATCH 3/6] add link --- content/manuals/build-cloud/builder-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/build-cloud/builder-settings.md b/content/manuals/build-cloud/builder-settings.md index 5d61c493f5b..e9fae5f73a4 100644 --- a/content/manuals/build-cloud/builder-settings.md +++ b/content/manuals/build-cloud/builder-settings.md @@ -4,7 +4,7 @@ description: Set your builder settings relating to private registries, disk allo keywords: build, cloud build, optimize, remote, local, cloud, registry, package repository, vpn --- -The **Builder settings** page in Docker Build Cloud lets you configure disk allocation, private resource access, and firewall settings for your cloud builders in your organization. These configurations help optimize storage, enable access to private registries, and secure outbound network traffic. +The [**Builder settings** page](https://app.docker.com/build/settings/builder) in Docker Build Cloud lets you configure disk allocation, private resource access, and firewall settings for your cloud builders in your organization. These configurations help optimize storage, enable access to private registries, and secure outbound network traffic. ## Disk allocation From 6015a6e4f4f8a8391f1c6ac7f6a83d144586e6ac Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Wed, 26 Feb 2025 08:40:38 +0000 Subject: [PATCH 4/6] edits --- content/manuals/build-cloud/builder-settings.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/manuals/build-cloud/builder-settings.md b/content/manuals/build-cloud/builder-settings.md index e9fae5f73a4..65770b72a5b 100644 --- a/content/manuals/build-cloud/builder-settings.md +++ b/content/manuals/build-cloud/builder-settings.md @@ -10,7 +10,7 @@ The [**Builder settings** page](https://app.docker.com/build/settings/builder) i The **Disk allocation** setting lets you control how much of the available storage is dedicated to the build cache. A lower allocation increases storage available for active builds. -To make disk allocation changes, navigate Builder settings in Docker Build Cloud and then adjust the Disk Allocation slider to specify the percentage of storage used for build caching. +To make disk allocation changes, navigate to [**Builder settings**](https://app.docker.com/build/settings/builder) in Docker Build Cloud and then adjust the **Disk allocation** slider to specify the percentage of storage used for build caching. Any changes take effect immediately. @@ -22,9 +22,9 @@ Any changes take effect immediately. Private resource access lets cloud builders pull images and packages from private resources. This feature is useful when builds rely on self-hosted artifact repositories or private OCI registries. -For example, if your organization hosts a private [PyPI](https://pypi.org/) repository on a private network, Docker Build Cloud would not be able to access it by default, since the DBC builder is not connected to your private network. +For example, if your organization hosts a private [PyPI](https://pypi.org/) repository on a private network, Docker Build Cloud would not be able to access it by default, since the cloud builder is not connected to your private network. -To enable your cloud builders to access your private resources, enter the host name and port of your private rescource and then select **Add** to allow your cloud builders to access it. +To enable your cloud builders to access your private resources, enter the host name and port of your private rescource and then select **Add**. ### Authentication From 4b19a617c1a0f01688180cbf8e86059d59cfca8b Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Wed, 26 Feb 2025 08:50:52 +0000 Subject: [PATCH 5/6] edits --- content/manuals/build-cloud/builder-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/manuals/build-cloud/builder-settings.md b/content/manuals/build-cloud/builder-settings.md index 65770b72a5b..164b1284e8a 100644 --- a/content/manuals/build-cloud/builder-settings.md +++ b/content/manuals/build-cloud/builder-settings.md @@ -4,13 +4,13 @@ description: Set your builder settings relating to private registries, disk allo keywords: build, cloud build, optimize, remote, local, cloud, registry, package repository, vpn --- -The [**Builder settings** page](https://app.docker.com/build/settings/builder) in Docker Build Cloud lets you configure disk allocation, private resource access, and firewall settings for your cloud builders in your organization. These configurations help optimize storage, enable access to private registries, and secure outbound network traffic. +The **Builder settings** page in Docker Build Cloud lets you configure disk allocation, private resource access, and firewall settings for your cloud builders in your organization. These configurations help optimize storage, enable access to private registries, and secure outbound network traffic. ## Disk allocation The **Disk allocation** setting lets you control how much of the available storage is dedicated to the build cache. A lower allocation increases storage available for active builds. -To make disk allocation changes, navigate to [**Builder settings**](https://app.docker.com/build/settings/builder) in Docker Build Cloud and then adjust the **Disk allocation** slider to specify the percentage of storage used for build caching. +To make disk allocation changes, navigate to **Builder settings** in Docker Build Cloud and then adjust the **Disk allocation** slider to specify the percentage of storage used for build caching. Any changes take effect immediately. From 8f9d7aaeea4a8b7801a4a38c5de08adcce7ed92a Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Thu, 27 Feb 2025 09:25:15 +0000 Subject: [PATCH 6/6] Update content/manuals/build-cloud/builder-settings.md Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com> --- content/manuals/build-cloud/builder-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/build-cloud/builder-settings.md b/content/manuals/build-cloud/builder-settings.md index 164b1284e8a..a77402c7c45 100644 --- a/content/manuals/build-cloud/builder-settings.md +++ b/content/manuals/build-cloud/builder-settings.md @@ -24,7 +24,7 @@ Private resource access lets cloud builders pull images and packages from privat For example, if your organization hosts a private [PyPI](https://pypi.org/) repository on a private network, Docker Build Cloud would not be able to access it by default, since the cloud builder is not connected to your private network. -To enable your cloud builders to access your private resources, enter the host name and port of your private rescource and then select **Add**. +To enable your cloud builders to access your private resources, enter the host name and port of your private resource and then select **Add**. ### Authentication