Run a Docker container.
type: "io.kestra.plugin.docker.Run"Examples
Run the docker/whalesay container with the command 'cowsay hello'
id: docker_run
namespace: company.team
tasks:
- id: run
type: io.kestra.plugin.docker.Run
containerImage: docker/whalesay
commands:
- cowsay
- hello
Run the docker/whalesay container with no command
id: docker_run
namespace: company.team
tasks:
- id: run
type: io.kestra.plugin.docker.Run
containerImage: docker/whalesay
Run the docker/opentelemetry with commands and config file
id: docker_run
namespace: company.team
tasks:
- id: write
type: io.kestra.plugin.core.storage.Write
content: |
extensions:
health_check: {}
receivers:
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
exporters:
debug: {}
service:
pipelines:
logs:
receivers: [otlp]
exporters: [debug]
extension: .yaml
- id: run
type: io.kestra.plugin.docker.Run
containerImage: otel/opentelemetry-collector:latest
inputFiles:
otel.yaml: "{{ outputs.write.uri }}"
commands:
- --config
- otel.yaml
portBindings:
- "4318:4318"
wait: false
Run Docker with Ubuntu image, run shell commands to create a file, log the output in Kestra
id: docker_run_with_output_file
namespace: company.team
inputs:
- id: greetings
type: STRING
defaults: HELLO WORLD !!
tasks:
- id: docker_run_output_file
type: io.kestra.plugin.docker.Run
containerImage: ubuntu:22.04
commands:
- "/bin/sh"
- "-c"
- echo {{ inputs.greetings }} > file.txt
outputFiles:
- file.txt
- id: log
type: io.kestra.plugin.core.log.Log
message: "{{ read(outputs.docker_run_output_file.outputFiles['file.txt']) }}"
Properties
containerImage *Requiredstring
Docker image to use.
commands array
[]The commands to run
config stringobject
Docker configuration file.
Docker configuration file that can set access credentials to private container registries. Usually located in ~/.docker/config.json.
cpu Non-dynamicCpu
Limits the CPU usage to a given maximum threshold value.
By default, each container’s access to the host machine’s CPU cycles is unlimited. You can set various constraints to limit a given container’s access to the host machine’s CPU cycles.
credentials Credentials
entryPoint array
Docker entrypoint to use.
env object
Additional environment variables for the Docker container.
extraHosts array
Extra hostname mappings to the container network interface configuration.
host string
The URI of your Docker host e.g. localhost
inputFiles objectstring
The files to create on the working. It can be a map or a JSON object.
Each file can be defined:
- Inline with its content
- As a URI, supported schemes are
kestrafor internal storage files,filefor host local files, andnsfilefor namespace files.
memory Non-dynamicMemory
Limits memory usage to a given maximum threshold value.
Docker can enforce hard memory limits, which allow the container to use no more than a given amount of user or system memory, or soft limits, which allow the container to use as much memory as it needs unless certain conditions are met, such as when the kernel detects low memory or contention on the host machine. Some of these options have different effects when used alone or when more than one option is set.
namespaceFiles Non-dynamicNamespaceFiles
Inject namespace files.
Inject namespace files to this task. When enabled, it will, by default, load all namespace files into the working directory. However, you can use the include or exclude properties to limit which namespace files will be injected.
networkMode string
Docker network mode to use e.g. host, none, etc.
outputFiles array
The files from the local filesystem to send to Kestra's internal storage.
Must be a list of glob expressions relative to the current working directory, some examples: my-dir/**, my-dir/*/** or my-dir/my-file.txt.
portBindings array
List of port bindings.
Corresponds to the --publish (-p) option of the docker run CLI command using the format ip: dockerHostPort: containerPort/protocol.
Possible example :
8080: 80/udp-127.0.0.1: 8080: 80-127.0.0.1: 8080: 80/udp
privileged booleanstring
Give extended privileges to this container.
pullPolicy string
IF_NOT_PRESENTIF_NOT_PRESENTALWAYSNEVERThe pull policy for an image.
Pull policy can be used to prevent pulling of an already existing image IF_NOT_PRESENT, or can be set to ALWAYS to pull the latest version of the image even if an image with the same tag already exists.
shmSize string
Size of /dev/shm in bytes.
The size must be greater than 0. If omitted, the system uses 64MB.
user string
User in the Docker container.
volumes array
List of volumes to mount.
Must be a valid mount expression as string, example : /home/user:/app.
Volumes mount are disabled by default for security reasons; you must enable them on server configuration by setting kestra.tasks.scripts.docker.volume-enabled to true.
wait booleanstring
trueWhether to wait for the container to exit, or simply start it.
Outputs
exitCode integer
0The exit code of the entire flow execution.
outputFiles object
The output files' URIs in Kestra's internal storage.
taskRunner TaskRunnerDetailResult
vars object
The value extracted from the output of the executed commands.
Definitions
io.kestra.core.models.tasks.NamespaceFiles
enabled booleanstring
trueWhether to enable namespace files to be loaded into the working directory. If explicitly set to true in a task, it will load all Namespace Files into the task's working directory. Note that this property is by default set to true so that you can specify only the include and exclude properties to filter the files to load without having to explicitly set enabled to true.
exclude array
A list of filters to exclude matching glob patterns. This allows you to exclude a subset of the Namespace Files from being downloaded at runtime. You can combine this property together with include to only inject a subset of files that you need into the task's working directory.
folderPerNamespace booleanstring
falseWhether to mount file into the root of the working directory, or create a folder per namespace
ifExists string
OVERWRITEOVERWRITEFAILWARNIGNOREComportment of the task if a file already exist in the working directory.
include array
A list of filters to include only matching glob patterns. This allows you to only load a subset of the Namespace Files into the working directory.
namespaces array
["{{flow.namespace}}"]A list of namespaces in which searching files. The files are loaded in the namespace order, and only the latest version of a file is kept. Meaning if a file is present in the first and second namespace, only the file present on the second namespace will be loaded.
io.kestra.plugin.scripts.runner.docker.Cpu
cpus numberstring
The maximum amount of CPU resources a container can use.
Make sure to set that to a numeric value e.g. cpus: "1.5" or cpus: "4" or For instance, if the host machine has two CPUs and you set cpus: "1.5", the container is guaranteed at most one and a half of the CPUs.
io.kestra.plugin.scripts.runner.docker.Memory
kernelMemory string
The maximum amount of kernel memory the container can use.
The minimum allowed value is 4MB. Because kernel memory cannot be swapped out, a container which is starved of kernel memory may block host machine resources, which can have side effects on the host machine and on other containers. See the kernel-memory docs for more details.
memory string
The maximum amount of memory resources the container can use.
Make sure to use the format number + unit (regardless of the case) without any spaces.
The unit can be KB (kilobytes), MB (megabytes), GB (gigabytes), etc.
Given that it's case-insensitive, the following values are equivalent:
"512MB""512Mb""512mb""512000KB""0.5GB"
It is recommended that you allocate at least 6MB.
memoryReservation string
Allows you to specify a soft limit smaller than memory which is activated when Docker detects contention or low memory on the host machine.
If you use memoryReservation, it must be set lower than memory for it to take precedence. Because it is a soft limit, it does not guarantee that the container doesn’t exceed the limit.
memorySwap string
The total amount of memory and swap that can be used by a container.
If memory and memorySwap are set to the same value, this prevents containers from using any swap. This is because memorySwap includes both the physical memory and swap space, while memory is only the amount of physical memory that can be used.
memorySwappiness string
A setting which controls the likelihood of the kernel to swap memory pages.
By default, the host kernel can swap out a percentage of anonymous pages used by a container. You can set memorySwappiness to a value between 0 and 100 to tune this percentage.
oomKillDisable booleanstring
By default, if an out-of-memory (OOM) error occurs, the kernel kills processes in a container.
To change this behavior, use the oomKillDisable option. Only disable the OOM killer on containers where you have also set the memory option. If the memory flag is not set, the host can run out of memory, and the kernel may need to kill the host system’s processes to free the memory.
Credentials for a private container registry.
auth string
The registry authentication.
The auth field is a base64-encoded authentication string of username: password or a token.
identityToken string
The identity token.
password string
The registry password.
registry string
The registry URL.
If not defined, the registry will be extracted from the image name.
registryToken string
The registry token.
username string
The registry username.
io.kestra.core.models.tasks.runners.TaskRunnerDetailResult
A request for devices to be sent to device drivers.
capabilities array
A list of capabilities; an OR list of AND lists of capabilities.
count integerstring
deviceIds array
driver string
options object
Driver-specific options, specified as key/value pairs.
These options are passed directly to the driver.