telegraf/docs/DOCKER.md

# Docker Images

Telegraf is available as an [Official image][] on DockerHub. Official images
are a curated set of Docker Images that also automatically get security updates
from Docker, follow a set of best practices, and are available via a shortcut
syntax which omits the organization.

InfluxData maintains Debian and Alpine based images across the last three
minor releases. To pull the latest Telegraf images:

```shell
# latest Debian-based image
docker pull telegraf
# latest Alpine-based image
docker pull telegraf:alpine
```

See the [Telegraf DockerHub][] page for complete details on available images,
versions, and tags.

[official image]: https://docs.docker.com/trusted-content/official-images/
[Telegraf DockerHub]: https://hub.docker.com/_/telegraf

## Nightly Images

[Nightly builds][] are available and are generated from the master branch each
day at around midnight UTC. The artifacts include both binary packages, RPM &
DEB packages, as well as nightly Docker images that are hosted on [quay.io][].

[Nightly builds]: /docs/NIGHTLIES.md
[quay.io]: https://quay.io/repository/influxdb/telegraf-nightly?tab=tags&tag=latest

## Dockerfiles

The [Dockerfiles][] for these images are available for users to use as well.

[Dockerfiles]: https://github.com/influxdata/influxdata-docker

## Lockable Memory

Telegraf does require the ability to use lockable memory when running by default. In some
deployments for Docker a container may not have enough lockable memory, which
results in the following warning:

```text
W! Insufficient lockable memory 64kb when 72kb is required. Please increase the limit for Telegraf in your Operating System!
```

or this error:

```text
panic: could not acquire lock on 0x7f7a8890f000, limit reached? [Err: cannot allocate memory]
```

Users have two options:

1. Increase the ulimit in the container. The user does this with the `ulimit -l`
  command. To both see and set the value. For docker, there is a `--ulimit` flag
  that could be used, like `--ulimit memlock=8192:8192` as well.
2. Add the `--unprotected` flag to the command arguments to not use locked
  memory and instead store secrets in unprotected memory. This is less secure
  as secrets could find their way into paged out memory and can be written to
  disk unencrypted, therefore this is opt-in. For docker look at updating the
  `CMD` used to include this flag.
Adding upstream version 1.34.4. Signed-off-by: Daniel Baumann <daniel@debian.org> 2025-05-24 07:26:29 +02:00			`# Docker Images`

			`Telegraf is available as an [Official image][] on DockerHub. Official images`
			`are a curated set of Docker Images that also automatically get security updates`
			`from Docker, follow a set of best practices, and are available via a shortcut`
			`syntax which omits the organization.`

			`InfluxData maintains Debian and Alpine based images across the last three`
			`minor releases. To pull the latest Telegraf images:`

			```shell
			`# latest Debian-based image`
			`docker pull telegraf`
			`# latest Alpine-based image`
			`docker pull telegraf:alpine`
			```

			`See the [Telegraf DockerHub][] page for complete details on available images,`
			`versions, and tags.`

			`[official image]: https://docs.docker.com/trusted-content/official-images/`
			`[Telegraf DockerHub]: https://hub.docker.com/_/telegraf`

			`## Nightly Images`

			`[Nightly builds][] are available and are generated from the master branch each`
			`day at around midnight UTC. The artifacts include both binary packages, RPM &`
			`DEB packages, as well as nightly Docker images that are hosted on [quay.io][].`

			`[Nightly builds]: /docs/NIGHTLIES.md`
			`[quay.io]: https://quay.io/repository/influxdb/telegraf-nightly?tab=tags&tag=latest`

			`## Dockerfiles`

			`The [Dockerfiles][] for these images are available for users to use as well.`

			`[Dockerfiles]: https://github.com/influxdata/influxdata-docker`

			`## Lockable Memory`

			`Telegraf does require the ability to use lockable memory when running by default. In some`
			`deployments for Docker a container may not have enough lockable memory, which`
			`results in the following warning:`

			```text
			`W! Insufficient lockable memory 64kb when 72kb is required. Please increase the limit for Telegraf in your Operating System!`
			```

			`or this error:`

			```text
			`panic: could not acquire lock on 0x7f7a8890f000, limit reached? [Err: cannot allocate memory]`
			```

			`Users have two options:`

			1. Increase the ulimit in the container. The user does this with the `ulimit -l`
			command. To both see and set the value. For docker, there is a `--ulimit` flag
			that could be used, like `--ulimit memlock=8192:8192` as well.
			2. Add the `--unprotected` flag to the command arguments to not use locked
			`memory and instead store secrets in unprotected memory. This is less secure`
			`as secrets could find their way into paged out memory and can be written to`
			`disk unencrypted, therefore this is opt-in. For docker look at updating the`
			`CMD` used to include this flag.