From 2044ec0a3d954720d2bf46aac1a508b3e4adb97d Mon Sep 17 00:00:00 2001 From: Codex Date: Wed, 6 May 2026 09:22:28 +0200 Subject: [PATCH] docs: add ECI Kubernetes version requirement (closes #24957) The ECI limitations page recommended the KinD provisioner without the Docker Desktop version where Kubernetes protection applies. Added the Docker Desktop 4.38 and later requirement to match the ECI FAQ. Co-Authored-By: Codex y: Codex oreply@openai.com> --- .../enhanced-container-isolation/limitations.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/content/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/limitations.md b/content/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/limitations.md index f1c86c0b0c7b..9deccf405417 100644 --- a/content/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/limitations.md +++ b/content/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/limitations.md @@ -75,7 +75,13 @@ The integrated Kubernetes feature, when used with the legacy Kubeadm provisioner ### Recommendation -Use the newer Docker Desktop Kubernetes "KinD" provisioner (see [Cluster provisioning method](/manuals/desktop/use-desktop/kubernetes.md#cluster-provisioning-method)). In this mode, and with ECI turned on, each Kubernetes node runs in an ECI-protected container, providing stronger isolation from the Docker Desktop VM. The KinD provisioner is also faster and allows for multi-node Kubernetes clusters. +Use the Docker Desktop Kubernetes "KinD" provisioner, available in Docker +Desktop 4.38 and later (see [Cluster provisioning +method](/manuals/desktop/use-desktop/kubernetes.md#cluster-provisioning-method)). +In this mode, and with ECI turned on, each Kubernetes node runs in an +ECI-protected container, providing stronger isolation from the Docker Desktop +VM. The KinD provisioner is also faster and supports multi-node Kubernetes +clusters. ## Unprotected container types