Octopus Tentacle in a Container
Running an Octopus Tentacle inside a container may be preferable in some environments where installing one directly on the host is not an option.
Octopus publishes both
linux/amd64 Docker images for Tentacle and they are available on DockerHub.
The Octopus Tentacle Docker image can be run in either polling or listening mode.
Tentacles set up this way will run inside a container and script execution will not happen on the host itself. For this reason, Octopus Tentacles inside a container may not be appropriate for many deployment tasks.
When an Octopus Tentacle container starts up, it will attempt to invoke the
register-with command to connect and add itself as a machine to that server with the provided roles and environments. This registration will occur on every startup and you may end up with multiple instances if you stop/start a container. Our goal is to update this image to de-register the Tentacle when the container
SIGKILL signal is passed in. In the meantime you may want to use machine policies to remove the duplicated targets.
docker run --interactive --detach ` --name OctopusTentacle ` --publish 10933:10933 ` --env ACCEPT_EULA="Y" ` --env ListeningPort="10933" ` --env ServerApiKey="API-MZKUUUMK3EYX7TBJP6FAKIFHIEO" ` --env TargetEnvironment="Development" ` --env TargetRole="container-server" ` --env ServerUrl="http://10.0.0.1:8080" ` octopusdeploy/tentacle:6.3.429
docker run --interactive --detach ` --name OctopusWorker ` --publish 10933:10933 ` --env ACCEPT_EULA="Y" ` --env ListeningPort="10933" ` --env ServerApiKey="API-MZKUUUMK3EYX7TBJP6FAKIFHIEO" ` --env TargetWorkerPool="LinuxWorkers" ` --env ServerUrl="http://10.0.0.1:8080" ` octopusdeploy/tentacle:6.3.429
When running an Octopus Tentacle Image, the following values can be provided to configure the running Octopus Tentacle instance.
Read Docker docs about setting environment variables.
|ServerApiKey||The API Key of the Octopus Server the Tentacle should register with|
|ServerUsername||If not using an API key, the user to use when registering the Tentacle with the Octopus Server|
|ServerPassword||If not using an API key, the password to use when registering the Tentacle|
|ServerUrl||The Url of the Octopus Server the Tentacle should register with|
|Space||The name of the space which the Tentacle will be added to. Defaults to the default space|
|TargetEnvironment||Comma delimited list of environments to add this target to|
|TargetRole||Comma delimited list of roles to add to this target|
|TargetWorkerPool||Comma delimited list of worker pools to add to this target to (not to be used with environments or role variable).|
|TargetName||Optional Target name, defaults to container generated host name|
|TargetTenant||Comma delimited list of tenants to add to this target|
|TargetTenantTag||Comma delimited list of tenant tags to add to this target|
|TargetTenantedDeploymentParticipation||The tenanted deployment mode of the target. Allowed values are
|MachinePolicy||The name of the machine policy that will apply to this Tentacle. Defaults to the default machine policy|
|ServerPort||The port on the Octopus Server that the Tentacle will poll for work. Defaults to
|ListeningPort||The port that the Octopus Server will connect back to the Tentacle with. Defaults to
|PublicHostNameConfiguration||How the url that the Octopus Server will use to communicate with the Tentacle is determined. Can be
|CustomPublicHostName||If PublicHostNameConfiguration is set to
Exposed Container Ports
Read the Docker docs about exposing ports.
Listening Port Breaking Change:
On Linux containers, prior to version
6.1.1271 the internal listening port was set by the
ListeningPort environment variable. Any containers which previously exposed Tentacle on a port other than
10933 will need to have their port configuration updated if updating to a version
>=6.1.1271. For example if the container was run with
-p 10934:10934 this should be updated to
|10933||Port Tentacle will be listening on (if in listening mode)|
Read the Docker docs about mounting volume.
|C:\Applications||Default directory to deploy applications to|
Using execution containers for Workers
By default, Docker containers are "unprivileged" and cannot run a Docker daemon inside a Docker container.
Unless disabled, the Octopus Tentacle image attempts to run Docker-in-Docker to support execution containers for workers. This requires the image to be launched with privileged permissions:
docker run --privileged
If you plan to host Octopus Tentacle in Kubernetes, you should set the
privileged flag to
true in the
containers YAML section:
containers: - name: octopus_tentacle image: octopusdeploy/tentacle:6.3.429 securityContext: privileged: true
Setting the environment variable
Y prevents Docker-in-Docker from being run when the container is booted, and will prevent the execution containers feature working successfully.
Need support? We're here to help.