Red Hat SummitChapter 2. The managed configuration approach
In enterprise environments, administrators can enforce specific configuration values that users cannot override. This capability allows them to manage configurations, such as proxy servers, telemetry policies, and security policies, ensuring users operate within a controlled environment. Administrators can review and edit the configurations in the user settings file before applying the changes globally to all enterprise users. This managed configuration approach improves operational consistency and compliance while reducing security risks.
Also, administrators can implement default configurations that follow the company’s internal registries, workflows, and settings. These configurations accelerate the adoption of Red Hat build of Podman Desktop among users.
2.1. Purpose
Managed configuration enables enterprise administrators to do the following:
- Enforce corporate policies across all user installations
- Control proxy settings for network compliance
- Manage telemetry and privacy settings
- Apply consistent security policies
- Prevent users from overriding critical settings
- Define an internal mirror for container images
2.2. Benefits
- Centralized Management: Apply configuration changes globally across the enterprise
- Policy Enforcement: Ensure compliance with corporate policies
- Security: Lock critical settings to prevent unauthorized changes
- Transparency: Users are notified when settings are managed by administrators
2.3. Configuration file types and their purpose
Red Hat build of Podman Desktop stores configuration values in three separate JSON files:
-
User configuration (
settings.jsonfile): Editable values for user customization. Users can modify these settings through the Red Hat build of Podman Desktop UI or by editing the file directly. The file is stored in the user’s home directory. Managed defaults configuration (
default-settings.jsonfile): Read-only administrator-enforced default values that cannot be edited by the user. These values serve as fallback values when a setting is not configured in the user configuration file. On startup, Red Hat build of Podman Desktop checks thedefault-settings.jsonfile and automatically does the following:-
Applies only those default settings that do not exist in the user’s
settings.jsonfile. -
Does not apply a setting if it is already defined or set to the default value in the user’s
settings.jsonfile. This allows administrators to preconfigure settings for new users while respecting existing user preferences.
-
Applies only those default settings that do not exist in the user’s
Locked configuration (
locked.jsonfile): Read-only administrator-enforced list of keys that must use values from the managed defaults configuration file. When a key is locked, users cannot override its value, even if they attempt to modify it in their user configurationsettings.jsonfile or through the UI.-
If a setting is locked in the
locked.jsonfile, its value is always read from thedefault-settings.jsonfile, ignoring the user’s file. - Administrators use the locked settings to enforce compliance.
-
If a setting is locked in the
When a configuration changes, Red Hat build of Podman Desktop returns a value after checking the user configuration files in the following priority order:
- Locked keys - Return a value from the managed defaults configuration file, which is of highest priority
- Unlocked keys - Return a value from the user configuration file
- Default value - Return the default value built into Red Hat build of Podman Desktop
2.3.1. Locked configuration impact on users
In Red Hat build of Podman Desktop, a setting locked by an administrator restricts user interaction with that setting.
User interface impact
When a setting is locked, users can see its impact in the following aspects:
- Red Hat build of Podman Desktop UI: The setting appears grayed out or displays a lock icon.
-
settings.jsonfile: Changes to locked keys in the user’s settings file are ignored. - Log output: Log messages indicate when locked values, with a Managed label or lock icon next to the setting, are being used. This ensures transparency about which settings users can and cannot control.
Other constraints
- Locked settings cannot be modified through the Red Hat build of Podman Desktop UI.
- Attempts to edit locked keys in the user configuration file are ignored.
- Red Hat build of Podman Desktop always uses the value from the managed defaults configuration file for locked keys.
- Users can view the locked values but cannot change them.
2.4. Configuration file locations for your operating system
This reference provides a quick lookup table for all configuration file locations across different operating systems.
| Configuration Type | Linux | macOS | Windows |
|---|---|---|---|
| User configuration |
|
|
|
| Managed defaults |
|
|
|
| Locked configuration |
|
|
|
2.4.1. Permissions
| Configuration Type | Required Permissions |
|---|---|
| User configuration | User read/write |
| Managed defaults | Root/Administrator only |
| Locked configuration | Root/Administrator only |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}