Skip to main content

Type

docker

Variants

Containers Only, Full Control
Purpose: The Docker skill enables agents to interact with Docker daemon to manage containers, images, volumes, and networks programmatically.

Common Use Cases

Container lifecycle managementStart, stop, restart, and monitor Docker containers

Image building and deploymentBuild container images and push to registries

Volume and network operationsManage persistent storage and container networking

Container health monitoringCheck container status, logs, and resource usage

Variants Overview

VariantSecurityKey PermissionsBest ForCreate Command
Containers Only 🟡RecommendedStart, stop, restart, logs onlyContainer management, deployment--variant containers_only
Full Control 🔴UnrestrictedAll Docker operationsCI/CD pipelines, infrastructure as code--variant full_control
Choosing a variant: Use Containers Only for production environments. Only upgrade to Full Control when image building or infrastructure management is required. See Variant Configuration for detailed differences.

Configuration

Example Configuration: 
{
  "docker_host": "unix:///var/run/docker.sock",
  "allowed_operations": ["start", "stop", "restart", "logs", "inspect"],
  "network_access": false,
  "default_memory_limit": "512MB"
}
ParameterTypeDefaultDescription
docker_hoststring”unix:///var/run/docker.sock”Docker daemon socket
api_versionstring”auto”Docker API version
allowed_operationsarrayvariant-specificWhitelist of Docker operations
network_accessbooleanvariant-specificAllow network operations
volume_managementbooleanvariant-specificAllow volume management
registry_authobjectRegistry authentication credentials
default_memory_limitstring”512MB”Default container memory limit
default_cpu_limitnumber1.0Default CPU limit
Containers Only:
  • allowed_operations: [“start”, “stop”, “restart”, “logs”, “inspect”, “ps”, “stats”]
  • network_access: false (locked)
  • volume_management: false (locked)
Full Control:
  • allowed_operations: [”*”] (all operations)
  • network_access: true
  • volume_management: true
  • Higher default limits
See: Variant Configuration Guide

Quick Start

# Create skill with variant
kubiya skill create --name "Container Manager" --type docker --variant containers_only --enabled

# Associate with agent
kubiya skill associate agent <agent-id> <skill-id>

View Complete Examples

See full CI/CD pipeline configurations, Docker Compose integration, and troubleshooting guides

Docker Operations

Container Management

# Start/stop containers
docker start my-app
docker stop my-app
docker restart my-app

# View logs and status
docker logs my-app --tail 100
docker inspect my-app
docker ps

Image Operations (Full Control Only)

# Build and push images
docker build -t my-app:latest .
docker push myregistry.com/my-app:latest

# Pull and manage images
docker pull nginx:latest
docker images
docker rmi my-app:old

Volume & Network (Full Control Only)

# Create resources
docker volume create my-data
docker network create my-network

# List and inspect
docker volume ls
docker network inspect bridge

Security Best Practices

In production, restrict to container lifecycle operations only.
variant: containers_only
allowed_operations: ["start", "stop", "restart", "logs"]
Docker socket provides root-equivalent access. Use proper permissions and consider socket proxies.
docker_host: "unix:///var/run/docker.sock"
# Ensure worker user is in docker group
# Consider rootless Docker for added security
Define default memory and CPU limits to prevent resource exhaustion.
default_memory_limit: "512MB"
default_cpu_limit: 1.0
Requirements: Docker daemon must be installed and running on the worker. Worker user needs access to the Docker socket (typically by being in the docker group).

Docker Compose Integration

Agents can work with Docker Compose for multi-container applications: 
# docker-compose.yml
version: '3.8'
services:
  web:
    image: nginx:latest
    ports:
      - "80:80"
  api:
    image: myapp/api:latest
With Full Control variant: 
# Start/stop all services
docker-compose up -d
docker-compose down

# View logs and scale
docker-compose logs -f
docker-compose up -d --scale api=3
Solutions:
  • Verify Docker daemon is running: systemctl status docker
  • Add worker user to docker group: sudo usermod -aG docker worker-user
  • Check Docker socket permissions: ls -la /var/run/docker.sock
Solutions:
  • Ensure worker user is in docker group
  • Verify Docker socket permissions
  • Review allowed_operations in configuration
Solutions:
  • Verify network connectivity from worker
  • Check registry authentication credentials
  • Ensure network_access: true in configuration

Shell Skill

Execute docker CLI commands via shell

File System Skill

Access Dockerfiles and configurations

Workflow Executor

Orchestrate multi-step Docker operations

View All Skills

Return to built-in skills overview