Octopus Tentacle in a Container

Running an Octopus Tentacle inside a container may be preferable in some environments where installing one directly on the host is not an option.

Octopus publishes both windows/amd64 and linux/amd64 Docker images for Tentacle and they are available on DockerHub.

The Octopus Tentacle Docker image can be run in either polling or listening mode.

Tentacles set up this way will run inside a container and script execution will not happen on the host itself. For this reason, Octopus Tentacles inside a container may not be appropriate for many deployment tasks.

When an Octopus Tentacle container starts up, it will attempt to invoke the register-with command to connect and add itself as a machine to that server with the provided target tags and environments. This registration will occur on every startup and you may end up with multiple instances if you stop/start a container. Our goal is to update this image to de-register the Tentacle when the container SIGKILL signal is passed in. In the meantime you may want to use machine policies to remove the duplicated targets.

Deployment Target
docker run --interactive --detach `
 --name OctopusTentacle `
 --publish 10933:10933 `
 --env ACCEPT_EULA="Y" `
 --env ListeningPort="10933" `
 --env ServerApiKey="API-XXXXXXXX" `
 --env TargetEnvironment="Development" `
 --env TargetRole="container-server" `
 --env ServerUrl="" `
docker run --interactive --detach `
 --name OctopusWorker `
 --publish 10933:10933 `
 --env ACCEPT_EULA="Y" `
 --env ListeningPort="10933" `
 --env ServerApiKey="API-XXXXXXXX" `
 --env TargetWorkerPool="LinuxWorkers" `
 --env ServerUrl="" `


When running an Octopus Tentacle Image, the following values can be provided to configure the running Octopus Tentacle instance.

Environment Variables

Read Docker docs about setting environment variables.

DISABLE_DINDSetting DISABLE_DIND to Y will disable Docker-in-Docker (used for execution containers for workers) when the container is run. Note: This requires the image to be launched with privileged permissions. See this section for more information
ServerApiKeyThe API Key of the Octopus Server the Tentacle should register with
ServerUsernameIf not using an API key, the user to use when registering the Tentacle with the Octopus Server
ServerPasswordIf not using an API key, the password to use when registering the Tentacle
ServerUrlThe Url of the Octopus Server the Tentacle should register with
SpaceThe name of the space which the Tentacle will be added to. Defaults to the default space
TargetEnvironmentComma delimited list of environments to add this target to
TargetRoleComma delimited list of target tags to add to this target
TargetWorkerPoolComma delimited list of worker pools to add to this target to (not to be used with the environment or target tag variables).
TargetNameOptional Target name, defaults to container generated host name
TargetTenantComma delimited list of tenants to add to this target
TargetTenantTagComma delimited list of tenant tags to add to this target
TargetTenantedDeploymentParticipationThe tenanted deployment mode of the target. Allowed values are Untenanted, TenantedOrUntenanted, and Tenanted. Defaults to Untenanted
MachinePolicyThe name of the machine policy that will apply to this Tentacle. Defaults to the default machine policy
ServerCommsAddressThe URL of the Octopus Server that the Tentacle will poll for work. Defaults to ServerUrl. Implies a polling Tentacle
ServerPortThe port on the Octopus Server that the Tentacle will poll for work. Defaults to 10943. Implies a Polling Tentacle
ListeningPortThe port that the Octopus Server will connect back to the Tentacle with. Defaults to 10933. Implies a listening Tentacle
PublicHostNameConfigurationHow the url that the Octopus Server will use to communicate with the Tentacle is determined. Can be PublicIp, FQDN, ComputerName or Custom. Defaults to PublicIp
CustomPublicHostNameIf PublicHostNameConfiguration is set to Custom, the host name that the Octopus Server should use to communicate with the Tentacle

Exposed Container Ports

Read the Docker docs about exposing ports.

Listening Port Breaking Change: On Linux containers, prior to version 6.1.1271 the internal listening port was set by the ListeningPort environment variable. Any containers which previously exposed Tentacle on a port other than 10933 will need to have their port configuration updated if updating to a version >=6.1.1271. For example if the container was run with -p 10934:10934 this should be updated to -p 10934:10933.

10933Port Tentacle will be listening on (if in listening mode)

Volume Mounts

Read the Docker docs about mounting volume.

C:\ApplicationsDefault directory to deploy applications to

Using execution containers for Workers

By default, Docker containers are “unprivileged” and cannot run a Docker daemon inside a Docker container.

Unless disabled, the Octopus Tentacle image attempts to run Docker-in-Docker to support execution containers for workers. This requires the image to be launched with privileged permissions:

docker run --privileged

If you plan to host Octopus Tentacle in Kubernetes, you should set the privileged flag to true in the containers YAML section:

- name: octopus_tentacle
  image: octopusdeploy/tentacle
    privileged: true

Setting the environment variable DISABLE_DIND to Y prevents Docker-in-Docker from being run when the container is booted, and will prevent the execution containers feature working successfully.

Learn more

Help us continuously improve

Please let us know if you have any feedback about this page.

Send feedback

Page updated on Thursday, June 27, 2024