Update for early Dec 22 minio release (#671)

## Updates for `console` early Dec22 releases

- Updated the instructions for registering for SUBNET from an airgapped
Console environment
- Minor typo in IAM doc.

Closes #664

Two of the items in that issue did not actually impact the docs. One
item is just a screenshot update that will be addressed later.

## Updates for `minio` early Dec22 releases
    
- Adds info about `mc` installed with container images
- Adds new envvar for KES enclaves
    
Closes #665

- Updates `mc support inspect` to correct alias to target in command
syntax

source/includes/common/common-minio-kes.rst

@@ -149,6 +149,9 @@ See the tutorials for :ref:`minio-snsd`, :ref:`minio-snmd`, or :ref:`minio-mnmd`
    # Sets the default KMS key for the backend and SSE-KMS/SSE-S3 Operations)
    MINIO_KMS_KES_KEY_NAME=minio-backend-default-key
 
+   # Optional, defines the name for the KES server enclave to use.
+   MINIO_KMS_KES_ENCLAVE=<name>
+
 Replace ``HOSTNAME`` with the IP address or hostname of the KES server.
 If the MinIO server host machines cannot resolve or reach the specified ``HOSTNAME``, the deployment may return errors or fail to start.
 
@@ -162,6 +165,14 @@ MinIO uses the :envvar:`MINIO_KMS_KES_KEY_NAME` key for the following cryptograp
   include a specific |EK|.
 - Encrypting objects using :ref:`SSE-S3 <minio-encryption-sse-s3>`.
 
+MinIO uses the :envvar:`MINIO_KMS_KES_ENCLAVE` key to define the name of the KES enclave to use.
+
+- Replace ``<name>`` with the name of the :term:`enclave` to use.
+- If not defined, MinIO does not send any enclave information.
+  This may result in using the default enclave for stateful KES servers.
+
+  A KES :term:`enclave` provides an isolated space for its associated keys separate from other enclaves on a stateful KES server.
+
 The ``minio-kes`` certificates enable mTLS between the MinIO deployment and the KES server *only*.
 They do not otherwise enable TLS for other client connections to MinIO.
 

source/includes/container/common-minio-kes.rst

@@ -106,6 +106,7 @@ This command assumes the ``minio-kes.cert``, ``minio-kes.key``, and ``kes-server
    MINIO_KMS_KES_KEY_FILE=/certs/minio-kes.key
    MINIO_KMS_KES_CAPATH=/certs/server.cert
    MINIO_KMS_KES_KEY_NAME=minio-backend-default-key
+   MINIO_KMS_KES_ENCLAVE=<name>
 
 MinIO uses the :envvar:`MINIO_KMS_KES_KEY_NAME` key for the following cryptographic operations:
 
@@ -114,6 +115,14 @@ MinIO uses the :envvar:`MINIO_KMS_KES_KEY_NAME` key for the following cryptograp
   include a specific |EK|.
 - Encrypting objects using :ref:`SSE-S3 <minio-encryption-sse-s3>`.
 
+MinIO uses the :envvar:`MINIO_KMS_KES_ENCLAVE` key to define the name of the KES enclave to use.
+
+- Replace ``<name>`` with the name of the :term:`enclave` to use.
+- If not defined, MinIO does not send any enclave information.
+  This may result in using the default enclave for stateful KES servers.
+
+  A KES :term:`enclave` isolates its associated keys from other enclaves on a stateful KES server.
+
 The ``minio-kes`` certificates enable for mTLS between the MinIO deployment and the KES server *only*.
 They do not otherwise enable TLS for other client connections to MinIO.
 

source/includes/container/installation.rst

@@ -46,6 +46,11 @@ MinIO provides container images at the following repositories:
 - https://hub.docker.com/r/minio/minio
 - https://quay.io/repository/minio/minio?tab=info
 
+.. versionchanged:: RELEASE.2022-12-02T19-19-22Z
+
+   These images include the :ref:`MinIO Client <minio-client>` command line tool built in for container-level debugging.
+   However, to regularly interact with a container MinIO install, :ref:`install the MinIO Client <mc-install>` on your computer and define an :mc-cmd:`mc alias set <alias>` to the container instead.
+
 Use of MinIO images from any other repository, host, or organization is at your own risk.
 
 The :ref:`Single-Node Single-Drive <minio-snsd>` and :ref:`Single-Node Multi-Drive <minio-snmd>` tutorials provide instructions for the `Docker <https://www.docker.com/>`__ and :podman-docs:`Podman <>` container managers.

source/includes/windows/common-minio-kes.rst

@@ -133,6 +133,7 @@ This command assumes the ``minio-kes.cert``, ``minio-kes.key``, and ``kes-server
    MINIO_KMS_KES_KEY_FILE=|miniocertpath|\minio-kes.key
    MINIO_KMS_KES_CAPATH=|miniocertpath|\kes-server.cert
    MINIO_KMS_KES_KEY_NAME=minio-backend-default-key
+   MINIO_KMS_KES_ENCLAVE=<name>
 
 MinIO uses the :envvar:`MINIO_KMS_KES_KEY_NAME` key for the following cryptographic operations:
 
@@ -141,6 +142,14 @@ MinIO uses the :envvar:`MINIO_KMS_KES_KEY_NAME` key for the following cryptograp
   include a specific |EK|.
 - Encrypting objects using :ref:`SSE-S3 <minio-encryption-sse-s3>`.
 
+MinIO uses the :envvar:`MINIO_KMS_KES_ENCLAVE` key to define the name of the KES enclave to use for stateful KES servers.
+
+- Replace ``<name>`` with the name of the :term:`enclave` to use.
+- If not defined, MinIO does not send any enclave information.
+  This may result in using the default enclave for stateful KES servers.
+
+  A KES :term:`enclave` provides an isolated space for its associated keys separate from other enclaves on a stateful KES server.
+
 The ``minio-kes`` certificates enable mTLS between the MinIO deployment and the KES server *only*.
 They do not otherwise enable TLS for other client connections to MinIO.