Docker

Run a task in a Docker container.

This task runner executes tasks in a container-based Docker-compatible engine. Use the containerImage property to configure the image for the task.

To access the task's working directory, use the {{workingDir}} Pebble expression or the WORKING_DIR environment variable. Input files and namespace files added to the task will be accessible from that directory.

To generate output files, we recommend using the outputFiles task's property. This allows you to explicitly define which files from the task's working directory should be saved as output files.

Alternatively, when writing files in your task, you can leverage the {{outputDir}} Pebble expression or the OUTPUT_DIR environment variable. All files written to that directory will be saved as output files automatically.

yaml
type: "io.kestra.plugin.scripts.runner.docker.Docker"

Execute a Shell command.

yaml
id: simple_shell_example
namespace: company.team

tasks:
  - id: shell
    type: io.kestra.plugin.scripts.shell.Commands
    taskRunner:
      type: io.kestra.plugin.scripts.runner.docker.Docker
    commands:
    - echo "Hello World"

Pass input files to the task, execute a Shell command, then retrieve output files.

yaml
id: shell_example_with_files
namespace: company.team

inputs:
  - id: file
    type: FILE

tasks:
  - id: shell
    type: io.kestra.plugin.scripts.shell.Commands
    inputFiles:
      data.txt: "{{ inputs.file }}"
    outputFiles:
      - "*.txt"
    containerImage: centos
    taskRunner:
      type: io.kestra.plugin.scripts.runner.docker.Docker
    commands:
    - cp {{ workingDir }}/data.txt {{ workingDir }}/out.txt

Run a Python script in Docker and allocate a specific amount of memory.

yaml
id: allocate_memory_to_python_script
namespace: company.team

tasks:
  - id: script
    type: io.kestra.plugin.scripts.python.Script
    taskRunner:
      type: io.kestra.plugin.scripts.runner.docker.Docker
      pullPolicy: IF_NOT_PRESENT
      cpu:
        cpus: 1
      memory: 
        memory: "512Mb"
    containerImage: ghcr.io/kestra-io/kestrapy:latest
    script: |
      from kestra import Kestra
      
      data = dict(message="Hello from Kestra!")
      Kestra.outputs(data)

Dynamic YES

Default VOLUME

Possible Values

MOUNTVOLUME

File handling strategy.

How to handle local files (input files, output files, namespace files, ...). By default, we create a volume and copy the file into the volume bind path. Configuring it to MOUNT will mount the working directory instead.

Dynamic YES

Docker configuration file.

Docker configuration file that can set access credentials to private container registries. Usually located in ~/.docker/config.json.

Dynamic NO

Limits the CPU usage to a given maximum threshold value.

By default, each container’s access to the host machine’s CPU cycles is unlimited. You can set various constraints to limit a given container’s access to the host machine’s CPU cycles.

Dynamic YES

Default true

SubType

Dynamic NO

A list of device requests to be sent to device drivers.

SubType string

Dynamic YES

Default

[
  ""
]

Docker entrypoint to use.

SubType string

Dynamic YES

Extra hostname mappings to the container network interface configuration.

Dynamic YES

Docker API URI.

Dynamic NO

Limits memory usage to a given maximum threshold value.

Docker can enforce hard memory limits, which allow the container to use no more than a given amount of user or system memory, or soft limits, which allow the container to use as much memory as it needs unless certain conditions are met, such as when the kernel detects low memory or contention on the host machine. Some of these options have different effects when used alone or when more than one option is set.

Dynamic YES

Docker network mode to use e.g. host, none, etc.

SubType string

Dynamic YES

List of port bindings.

Corresponds to the --publish (-p) option of the docker run CLI command using the format ip: dockerHostPort: containerPort/protocol. Possible example :

8080: 80/udp- 127.0.0.1: 8080: 80- 127.0.0.1: 8080: 80/udp

Dynamic YES

Default ALWAYS

Possible Values

IF_NOT_PRESENTALWAYSNEVER

The pull policy for a container image.

Use the IF_NOT_PRESENT pull policy to avoid pulling already existing images. Use the ALWAYS pull policy to pull the latest version of an image even if an image with the same tag already exists.

Dynamic YES

Size of /dev/shm in bytes.

The size must be greater than 0. If omitted, the system uses 64MB.

Dynamic YES

User in the Docker container.

SubType string

Dynamic YES

List of volumes to mount.

Make sure to provide a map of a local path to a container path in the format: /home/local/path:/app/container/path. Volume mounts are disabled by default for security reasons — if you are sure you want to use them, enable that feature in the plugin configuration by setting volume-enabled to true.

Here is how you can add that setting to your kestra configuration:

text

kestra: 
  plugins: 
    configurations: 
      - type: io.kestra.plugin.scripts.runner.docker.Docker
        values: 
          volume-enabled: true

Dynamic YES

Default true

Dynamic YES

The maximum amount of kernel memory the container can use.

The minimum allowed value is 4MB. Because kernel memory cannot be swapped out, a container which is starved of kernel memory may block host machine resources, which can have side effects on the host machine and on other containers. See the kernel-memory docs for more details.

Dynamic YES

The maximum amount of memory resources the container can use.

Make sure to use the format number + unit (regardless of the case) without any spaces. The unit can be KB (kilobytes), MB (megabytes), GB (gigabytes), etc.

Given that it's case-insensitive, the following values are equivalent:

"512MB"
"512Mb"
"512mb"
"512000KB"
"0.5GB"

It is recommended that you allocate at least 6MB.

Dynamic YES

Allows you to specify a soft limit smaller than memory which is activated when Docker detects contention or low memory on the host machine.

If you use memoryReservation, it must be set lower than memory for it to take precedence. Because it is a soft limit, it does not guarantee that the container doesn’t exceed the limit.

Dynamic YES

The total amount of memory and swap that can be used by a container.

If memory and memorySwap are set to the same value, this prevents containers from using any swap. This is because memorySwap includes both the physical memory and swap space, while memory is only the amount of physical memory that can be used.

Dynamic YES

A setting which controls the likelihood of the kernel to swap memory pages.

By default, the host kernel can swap out a percentage of anonymous pages used by a container. You can set memorySwappiness to a value between 0 and 100 to tune this percentage.

Dynamic YES

The registry authentication.

The auth field is a base64-encoded authentication string of username: password or a token.

Dynamic YES

The identity token.

Dynamic YES

The registry password.

Dynamic YES

The registry URL.

If not defined, the registry will be extracted from the image name.

Dynamic YES

The registry token.

Dynamic YES

The registry username.

SubType array

Dynamic YES

A list of capabilities; an OR list of AND lists of capabilities.

Dynamic YES

SubType string

Dynamic YES

SubType string

Dynamic YES

Driver-specific options, specified as key/value pairs.

These options are passed directly to the driver.

​Docker

Docker