github.com/influxdata/telegraf@v1.30.3/docs/DOCKER.md (about) 1 # Docker Images 2 3 Telegraf is available as an [Official image][] on DockerHub. Official images 4 are a curated set of Docker Images that also automatically get security updates 5 from Docker, follow a set of best practices, and are available via a shortcut 6 syntax which omits the organization. 7 8 InfluxData maintains Debian and Alpine based images across the last three 9 minor releases. To pull the latest Telegraf images: 10 11 ```shell 12 # latest Debian-based image 13 docker pull telegraf 14 # latest Alpine-based image 15 docker pull telegraf:alpine 16 ``` 17 18 See the [Telegraf DockerHub][] page for complete details on available images, 19 versions, and tags. 20 21 [official image]: https://docs.docker.com/trusted-content/official-images/ 22 [Telegraf DockerHub]: https://hub.docker.com/_/telegraf 23 24 ## Nightly Images 25 26 [Nightly builds][] are available and are generated from the master branch each 27 day at around midnight UTC. The artifacts include both binary packages, RPM & 28 DEB packages, as well as nightly Docker images that are hosted on [quay.io][]. 29 30 [Nightly builds]: /docs/NIGHTLIES.md 31 [quay.io]: https://quay.io/repository/influxdb/telegraf-nightly?tab=tags&tag=latest 32 33 ## Dockerfiles 34 35 The [Dockerfiles][] for these images are available for users to use as well. 36 37 [Dockerfiles]: https://github.com/influxdata/influxdata-docker 38 39 ## Lockable Memory 40 41 Telegraf does require the ability to use lockable memory when running by default. In some 42 deployments for Docker a container may not have enough lockable memory, which 43 results in the following warning: 44 45 ```text 46 W! Insufficient lockable memory 64kb when 72kb is required. Please increase the limit for Telegraf in your Operating System! 47 ``` 48 49 or this error: 50 51 ```text 52 panic: could not acquire lock on 0x7f7a8890f000, limit reached? [Err: cannot allocate memory] 53 ``` 54 55 Users have two options: 56 57 1. Increase the ulimit in the container. The user does this with the `ulimit -l` 58 command. To both see and set the value. For docker, there is a `--ulimit` flag 59 that could be used, like `--ulimit memlock=8192:8192` as well. 60 2. Add the `--unprotected` flag to the command arguments to not use locked 61 memory and instead store secrets in unprotected memory. This is less secure 62 as secrets could find their way into paged out memory and can be written to 63 disk unencrypted, therefore this is opt-in. For docker look at updating the 64 `CMD` used to include this flag.