From ab13eb51879c3cad5cef802ed7e32182905938c9 Mon Sep 17 00:00:00 2001
From: Cesar Talledo <cesar.talledo@docker.com>
Date: Tue, 15 Apr 2025 11:58:20 -0700
Subject: [PATCH 1/2] admin-settings: add note regarding KinD + ECI config.

In the admin-settings docs, in the section that describes settings for Docker
Desktop Kubernetes, add a note indicating that if a custom repository is used
for Kubernetes node images, and if Enhanced Container Isolation (ECI) is
enabled, the custom repository images must also be added to the ECI Docker
Socket image list setting.

Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
---
 .../configure-json-file.md                    | 21 +++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
index 3fdcf7b0054..332c1b5e0d1 100644
--- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
+++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
@@ -182,7 +182,7 @@ The following `admin-settings.json` code and table provides an example of the re
 }
 ```
 
-### General 
+### General
 
 |Parameter|OS|Description|Version|
 |:-------------------------------|---|:-------------------------------|---|
@@ -195,7 +195,7 @@ The following `admin-settings.json` code and table provides an example of the re
 | `desktopTerminalEnabled` |  | If `value` is set to `false`, developers cannot use the Docker terminal to interact with the host machine and execute commands directly from Docker Desktop. |  |
 |`exposeDockerAPIOnTCP2375`| Windows only| Exposes the Docker API on a specified port. If `value` is set to true, the Docker API is exposed on port 2375. Note: This is unauthenticated and should only be enabled if protected by suitable firewall rules.|  |
 
-### File sharing and emulation 
+### File sharing and emulation
 
 |Parameter|OS|Description|Version|
 |:-------------------------------|---|:-------------------------------|---|
@@ -241,7 +241,7 @@ The following `admin-settings.json` code and table provides an example of the re
 | &nbsp; &nbsp; &nbsp; &nbsp;`dockerDaemonOptions` |  | Overrides the options in the Linux daemon config file. See the [Docker Engine reference](/reference/cli/dockerd/#daemon-configuration-file).|  |
 
 > [!NOTE]
-> 
+>
 > This setting is not available to configure via the Docker Admin Console.
 
 ### Kubernetes
@@ -250,7 +250,16 @@ The following `admin-settings.json` code and table provides an example of the re
 |:-------------------------------|---|:-------------------------------|---|
 |`kubernetes`|  | If `enabled` is set to true, a Kubernetes single-node cluster is started when Docker Desktop starts. If `showSystemContainers` is set to true, Kubernetes containers are displayed in the Docker Desktop Dashboard and when you run `docker ps`.  `imagesRepository` lets you specify which repository Docker Desktop pulls the Kubernetes images from. For example, `"imagesRepository": "registry-1.docker.io/docker"`.  |  |
 
-### Features in development 
+> [!NOTE]
+>
+> When using a custom image repository via the `imagesRepository` setting, and if Enhanced Container Isolation (ECI) is enabled, add the following images to the [ECI Docker socket mount image list](#enhanced-container-isolation):
+>
+> `<custom-image-repo>/desktop-cloud-provider-kind:*`
+> `<custom-image-repo>/desktop-containerd-registry-mirror:*`
+>
+> The containers based on these images mount the Docker socket, so the images must be added to the ECI images list as otherwise ECI will block the mount and Kubernetes will fail to start.
+
+### Features in development
 
 |Parameter|OS|Description|Version|
 |:-------------------------------|---|:-------------------------------|---|
@@ -258,7 +267,7 @@ The following `admin-settings.json` code and table provides an example of the re
 | `allowBetaFeatures`| | If `value` is set to `false`, beta features are disabled.|  |
 | `enableDockerAI` | | If `value` is set to `false`, Docker AI (Ask Gordon) features are disabled. |  |
 
-### Enhanced Container Isolation 
+### Enhanced Container Isolation
 
 |Parameter|OS|Description|Version|
 |:-------------------------------|---|:-------------------------------|---|
@@ -282,4 +291,4 @@ For settings to take effect:
 
 So as not to disrupt your developers' workflow, Docker doesn't automatically mandate that developers re-launch and re-authenticate once a change has been made.
 
-In Docker Desktop, developers see the relevant settings grayed out.
\ No newline at end of file
+In Docker Desktop, developers see the relevant settings grayed out.

From ae497836eeaf7702036e2a8578b3c16e44c2c282 Mon Sep 17 00:00:00 2001
From: Cesar Talledo <cesar.talledo@docker.com>
Date: Tue, 15 Apr 2025 12:40:50 -0700
Subject: [PATCH 2/2] Improve wording in admin-settings Kubernetes note.

Co-authored-by: Sarah Sanders <sarah.sanders@docker.com>
---
 .../settings-management/configure-json-file.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
index 332c1b5e0d1..9b61004cf50 100644
--- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
+++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
@@ -252,12 +252,12 @@ The following `admin-settings.json` code and table provides an example of the re
 
 > [!NOTE]
 >
-> When using a custom image repository via the `imagesRepository` setting, and if Enhanced Container Isolation (ECI) is enabled, add the following images to the [ECI Docker socket mount image list](#enhanced-container-isolation):
+> When using the `imagesRepository` setting and Enhanced Container Isolation (ECI), add the following images to the [ECI Docker socket mount image list](#enhanced-container-isolation):
 >
 > `<custom-image-repo>/desktop-cloud-provider-kind:*`
 > `<custom-image-repo>/desktop-containerd-registry-mirror:*`
 >
-> The containers based on these images mount the Docker socket, so the images must be added to the ECI images list as otherwise ECI will block the mount and Kubernetes will fail to start.
+> These containers mount the Docker socket, so you must add the images to the ECI images list. If not, ECI will block the mount and Kubernetes won't start.
 
 ### Features in development