Running an Octopus Tentacle inside a container may be preferable in some environments where installing one directly on the host is not an option.
Octopus publishes both windows/amd64 and linux/amd64 Docker images for Tentacle and they are available on DockerHub.
The Octopus Tentacle Docker image can be run in either polling or listening mode.
Tentacles set up this way will run inside a container and script execution will not happen on the host itself. For this reason, Octopus Tentacles inside a container may not be appropriate for many deployment tasks.
When an Octopus Tentacle container starts up, it will attempt to invoke the register-with command to connect and add itself as a machine to that server with the provided roles and environments. This registration will occur on every startup and you may end up with multiple instances if you stop/start a container. Our goal is to update this image to de-register the Tentacle when the container SIGKILL signal is passed in. In the meantime you may want to use machine policies to remove the duplicated targets.
Deployment Target
docker run --interactive --detach `
--name OctopusTentacle `
--publish 10933:10933 `
--env ACCEPT_EULA="Y" `
--env ListeningPort="10933" `
--env ServerApiKey="API-XXXXXXXX" `
--env TargetEnvironment="Development" `
--env TargetRole="container-server" `
--env ServerUrl="http://10.0.0.1:8080" `
octopusdeploy/tentacleWorker
docker run --interactive --detach `
--name OctopusWorker `
--publish 10933:10933 `
--env ACCEPT_EULA="Y" `
--env ListeningPort="10933" `
--env ServerApiKey="API-XXXXXXXX" `
--env TargetWorkerPool="LinuxWorkers" `
--env ServerUrl="http://10.0.0.1:8080" `
octopusdeploy/tentacleConfiguration
When running an Octopus Tentacle Image, the following values can be provided to configure the running Octopus Tentacle instance.
Environment Variables
Read Docker docs about setting environment variables.
| Name | |
|---|---|
| DISABLE_DIND | Setting DISABLE_DIND to Y will disable Docker-in-Docker (used for execution containers for workers) when the container is run. Note: This requires the image to be launched with privileged permissions. See this section for more information |
| ServerApiKey | The API Key of the Octopus Server the Tentacle should register with |
| ServerUsername | If not using an API key, the user to use when registering the Tentacle with the Octopus Server |
| ServerPassword | If not using an API key, the password to use when registering the Tentacle |
| ServerUrl | The Url of the Octopus Server the Tentacle should register with |
| Space | The name of the space which the Tentacle will be added to. Defaults to the default space |
| TargetEnvironment | Comma delimited list of environments to add this target to |
| TargetRole | Comma delimited list of roles to add to this target |
| TargetWorkerPool | Comma delimited list of worker pools to add to this target to (not to be used with environments or role variable). |
| TargetName | Optional Target name, defaults to container generated host name |
| TargetTenant | Comma delimited list of tenants to add to this target |
| TargetTenantTag | Comma delimited list of tenant tags to add to this target |
| TargetTenantedDeploymentParticipation | The tenanted deployment mode of the target. Allowed values are Untenanted, TenantedOrUntenanted, and Tenanted. Defaults to Untenanted |
| MachinePolicy | The name of the machine policy that will apply to this Tentacle. Defaults to the default machine policy |
| ServerCommsAddress | The URL of the Octopus Server that the Tentacle will poll for work. Defaults to ServerUrl. Implies a polling Tentacle |
| ServerPort | The port on the Octopus Server that the Tentacle will poll for work. Defaults to 10943. Implies a Polling Tentacle |
| ListeningPort | The port that the Octopus Server will connect back to the Tentacle with. Defaults to 10933. Implies a listening Tentacle |
| PublicHostNameConfiguration | How the url that the Octopus Server will use to communicate with the Tentacle is determined. Can be PublicIp, FQDN, ComputerName or Custom. Defaults to PublicIp |
| CustomPublicHostName | If PublicHostNameConfiguration is set to Custom, the host name that the Octopus Server should use to communicate with the Tentacle |
Exposed Container Ports
Read the Docker docs about exposing ports.
Listening Port Breaking Change:
On Linux containers, prior to version 6.1.1271 the internal listening port was set by the ListeningPort environment variable. Any containers which previously exposed Tentacle on a port other than 10933 will need to have their port configuration updated if updating to a version >=6.1.1271. For example if the container was run with -p 10934:10934 this should be updated to -p 10934:10933.
| Name | |
|---|---|
| 10933 | Port Tentacle will be listening on (if in listening mode) |
Volume Mounts
Read the Docker docs about mounting volume.
| Name | |
|---|---|
| C:\Applications | Default directory to deploy applications to |
Using execution containers for Workers
By default, Docker containers are “unprivileged” and cannot run a Docker daemon inside a Docker container.
Unless disabled, the Octopus Tentacle image attempts to run Docker-in-Docker to support execution containers for workers. This requires the image to be launched with privileged permissions:
docker run --privilegedIf you plan to host Octopus Tentacle in Kubernetes, you should set the privileged flag to true in the containers YAML section:
containers:
- name: octopus_tentacle
image: octopusdeploy/tentacle
securityContext:
privileged: trueSetting the environment variable DISABLE_DIND to Y prevents Docker-in-Docker from being run when the container is booted, and will prevent the execution containers feature working successfully.
Learn more
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Sunday, January 1, 2023