PluginsPlugin Docker

Build​Build

Build a Docker image and optionally push it to a remote container registry.

yaml
type: "io.kestra.plugin.docker.Build"

Build and push a Docker image to a registry

yaml
id: docker_build
namespace: company.team

tasks:
  - id: build
    type: io.kestra.plugin.docker.Build
    push: true
    dockerfile: |
      FROM ubuntu
      ARG APT_PACKAGES=""
      RUN apt-get update && apt-get install -y --no-install-recommends ${APT_PACKAGES};
    platforms:
      - linux/amd64
    tags:
      - private-registry.io/unit-test:latest
    buildArgs:
      APT_PACKAGES: curl
    labels:
      unit-test: "true"
    credentials:
      registry: <registry.url.com>
      username: "{{ secret('DOCKERHUB_USERNAME') }}"
      password: "{{ secret('DOCKERHUB_PASSWORD') }}"

Build and push a docker image to DockerHub

yaml
id: build_dockerhub_image
namespace: company.team

tasks:
  - id: build
    type: io.kestra.plugin.docker.Build
    dockerfile: |
      FROM python:3.10
      RUN pip install --upgrade pip
      RUN pip install --no-cache-dir kestra requests "polars[all]"
    tags:
      - kestra/polars:latest
    push: true
    credentials:
      registry: https://index.docker.io/v1/ # for now only V1 is supported until https://github.com/kestra-io/plugin-docker/issues/66
      username: "{{ secret('DOCKERHUB_USERNAME') }}"
      password: "{{ secret('DOCKERHUB_PASSWORD') }}"

Build a Docker image and push it to GitHub Container Registry (ghcr.io)

yaml
id: build_github_container_image
namespace: company.team

tasks:
  - id: build
    type: io.kestra.plugin.docker.Build
    dockerfile: |
      FROM python:3.10
      RUN pip install --upgrade pip
      RUN pip install --no-cache-dir kestra requests "polars[all]"
    tags:
      - ghcr.io/kestra/polars:latest
    push: true
    credentials:
      username: kestra
      password: "{{ secret('GITHUB_ACCESS_TOKEN') }}"

Build a Docker image and use it with Python script using a Docker Task Runner

yaml
id: build_task_runner_image
namespace: company.team

tasks:
  - id: build
    type: io.kestra.plugin.docker.Build
    tags:
      - my-py-data-app
    dockerfile: |
      FROM python:3.12-slim
      WORKDIR /app
      RUN pip install --no-cache-dir pandas
      COPY . /app

  - id: python
    type: io.kestra.plugin.scripts.python.Commands
    containerImage: "{{ outputs.build.imageId }}"
    taskRunner:
      type: io.kestra.plugin.scripts.runner.docker.Docker
      pullPolicy: NEVER
    namespaceFiles:
      enabled: true
    commands:
      - python main.py
Properties
SubType string

The list of tag of this image.

If pushing to a custom registry, the tag should include the registry URL. Note that if you want to push to an insecure registry (HTTP), you need to edit the /etc/docker/daemon.json file on your Kestra host to this and restart docker service (sudo systemctl daemon-reload && sudo systemctl restart docker).

SubType string

Optional build arguments in a key: value format.

Docker configuration file.

Docker configuration file that can set access credentials to private container registries. Usually located in ~/.docker/config.json.

The contents of your Dockerfile passed as a string, or a path to the Dockerfile

The URI of your Docker host e.g. localhost

The files to create on the working. It can be a map or a JSON object.

Each file can be defined:

  • Inline with its content
  • As a URI, supported schemes are kestra for internal storage files, file for host local files, and nsfile for namespace files.
SubType string

Additional metadata for the image in a key: value format.

Inject namespace files.

Inject namespace files to this task. When enabled, it will, by default, load all namespace files into the working directory. However, you can use the include or exclude properties to limit which namespace files will be injected.

SubType string

The target platform for the image e.g. linux/amd64.

Default true

Always attempt to pull the latest version of the base image.

Default false

Whether to push the image to a remote container registry.

The generated image id.

Default true

Whether to enable namespace files to be loaded into the working directory. If explicitly set to true in a task, it will load all Namespace Files into the task's working directory. Note that this property is by default set to true so that you can specify only the include and exclude properties to filter the files to load without having to explicitly set enabled to true.

SubType string

A list of filters to exclude matching glob patterns. This allows you to exclude a subset of the Namespace Files from being downloaded at runtime. You can combine this property together with include to only inject a subset of files that you need into the task's working directory.

Default false

Whether to mount file into the root of the working directory, or create a folder per namespace

Default OVERWRITE
Possible Values
OVERWRITEFAILWARNIGNORE

Comportment of the task if a file already exist in the working directory.

SubType string

A list of filters to include only matching glob patterns. This allows you to only load a subset of the Namespace Files into the working directory.

SubType string
Default ["{{flow.namespace}}"]

A list of namespaces in which searching files. The files are loaded in the namespace order, and only the latest version of a file is kept. Meaning if a file is present in the first and second namespace, only the file present on the second namespace will be loaded.

The registry authentication.

The auth field is a base64-encoded authentication string of username: password or a token.

The identity token.

The registry password.

The registry URL.

If not defined, the registry will be extracted from the image name.

The registry token.

The registry username.