> ## Documentation Index > Fetch the complete documentation index at: https://docs.kubiya.ai/llms.txt > Use this file to discover all available pages before exploring further. # Docker Skill > Manage Docker containers, images, volumes, and networks with configurable permissions and security controls. `docker` Containers Only, Full Control **Purpose:** The Docker skill enables agents to interact with Docker daemon to manage containers, images, volumes, and networks programmatically. *** ## Common Use Cases **Container lifecycle management** Start, stop, restart, and monitor Docker containers **Image building and deployment** Build container images and push to registries **Volume and network operations** Manage persistent storage and container networking **Container health monitoring** Check container status, logs, and resource usage *** ## Variants Overview | Variant | Security | Key Permissions | Best For | Create Command | | ---------------------- | ------------ | ------------------------------- | --------------------------------------- | --------------------------- | | **Containers Only** 🟡 | Recommended | Start, stop, restart, logs only | Container management, deployment | `--variant containers_only` | | **Full Control** 🔴 | Unrestricted | All Docker operations | CI/CD pipelines, infrastructure as code | `--variant full_control` | **Choosing a variant:** Use Containers Only for production environments. Only upgrade to Full Control when image building or infrastructure management is required. See [Variant Configuration](/core-concepts/skills/variant-configuration) for detailed differences. *** ## Configuration **Example Configuration:** ```json theme={null} { "docker_host": "unix:///var/run/docker.sock", "allowed_operations": ["start", "stop", "restart", "logs", "inspect"], "network_access": false, "default_memory_limit": "512MB" } ``` | Parameter | Type | Default | Description | | ---------------------- | ------- | ----------------------------- | ----------------------------------- | | `docker_host` | string | "unix:///var/run/docker.sock" | Docker daemon socket | | `api_version` | string | "auto" | Docker API version | | `allowed_operations` | array | variant-specific | Whitelist of Docker operations | | `network_access` | boolean | variant-specific | Allow network operations | | `volume_management` | boolean | variant-specific | Allow volume management | | `registry_auth` | object | {} | Registry authentication credentials | | `default_memory_limit` | string | "512MB" | Default container memory limit | | `default_cpu_limit` | number | 1.0 | Default CPU limit | **Containers Only:** * `allowed_operations`: \["start", "stop", "restart", "logs", "inspect", "ps", "stats"] * `network_access`: false (locked) * `volume_management`: false (locked) **Full Control:** * `allowed_operations`: \["\*"] (all operations) * `network_access`: true * `volume_management`: true * Higher default limits **See:** [Variant Configuration Guide](/core-concepts/skills/variant-configuration) *** ## Quick Start ```bash theme={null} # Create skill with variant kubiya skill create --name "Container Manager" --type docker --variant containers_only --enabled # Associate with agent kubiya skill associate agent

``` See full CI/CD pipeline configurations, Docker Compose integration, and troubleshooting guides *** ## Docker Operations ### Container Management ```bash theme={null} # Start/stop containers docker start my-app docker stop my-app docker restart my-app # View logs and status docker logs my-app --tail 100 docker inspect my-app docker ps ``` ### Image Operations (Full Control Only) ```bash theme={null} # Build and push images docker build -t my-app:latest . docker push myregistry.com/my-app:latest # Pull and manage images docker pull nginx:latest docker images docker rmi my-app:old ``` ### Volume & Network (Full Control Only) ```bash theme={null} # Create resources docker volume create my-data docker network create my-network # List and inspect docker volume ls docker network inspect bridge ``` *** ## Security Best Practices In production, restrict to container lifecycle operations only. ```json theme={null} variant: containers_only allowed_operations: ["start", "stop", "restart", "logs"] ``` Docker socket provides root-equivalent access. Use proper permissions and consider socket proxies. ```json theme={null} docker_host: "unix:///var/run/docker.sock" # Ensure worker user is in docker group # Consider rootless Docker for added security ``` Define default memory and CPU limits to prevent resource exhaustion. ```json theme={null} default_memory_limit: "512MB" default_cpu_limit: 1.0 ``` **Requirements:** Docker daemon must be installed and running on the worker. Worker user needs access to the Docker socket (typically by being in the `docker` group). *** ## Docker Compose Integration Agents can work with Docker Compose for multi-container applications: ```json theme={null} # docker-compose.yml version: '3.8' services: web: image: nginx:latest ports: - "80:80" api: image: myapp/api:latest ``` With Full Control variant: ```bash theme={null} # Start/stop all services docker-compose up -d docker-compose down # View logs and scale docker-compose logs -f docker-compose up -d --scale api=3 ``` *** ## Troubleshooting & Related Skills **Solutions:** * Verify Docker daemon is running: `systemctl status docker` * Add worker user to docker group: `sudo usermod -aG docker worker-user` * Check Docker socket permissions: `ls -la /var/run/docker.sock` **Solutions:** * Ensure worker user is in docker group * Verify Docker socket permissions * Review `allowed_operations` in configuration **Solutions:** * Verify network connectivity from worker * Check registry authentication credentials * Ensure `network_access: true` in configuration ### Related Skills Execute docker CLI commands via shell Access Dockerfiles and configurations Orchestrate multi-step Docker operations Return to built-in skills overview