Portal Community
  API compatibility: The ApiVersion and MinAPIVersion fields are particularly important. If your workflow uses Docker API features introduced in a specific API version, check that ApiVersion meets the minimum requirement before proceeding.

When to Use

Configuration

Connection

FieldTypeDefaultDescription
dockerHoststringunix:///var/run/docker.sockDocker daemon socket path or TCP endpoint.
connectionTypestringunixsocketOne of: unixsocket, tcp, tcptls.
tlsCertPathstringTLS certificate directory. Required for tcptls. optional
timeoutSecondsint30Operation timeout. optional

Operation Fields

This operation requires no additional input fields. Set resource to system and operation to version.

Sample Configuration

{
  "resource": "system",
  "operation": "version",
  "connection": {
    "dockerHost": "unix:///var/run/docker.sock",
    "connectionType": "unixsocket"
  }
}

Validation Errors

Error CodeConditionResolution
CONFIG_ERRORConnection settings malformed.Check dockerHost and connectionType.
AUTH_FAILEDTLS handshake failed.Verify tlsCertPath certificates.
DOCKER_API_ERRORDaemon unreachable or returned an error.Use system/ping for a lightweight connectivity test first.

Output

Success Port

FieldTypeDescription
statusstring"ok" on success.
resourcestring"system"
operationstring"version"
versionInfo.VersionstringDocker daemon version (e.g., "26.1.3").
versionInfo.ApiVersionstringMaximum Docker API version supported by this daemon.
versionInfo.MinAPIVersionstringMinimum Docker API version supported.
versionInfo.GitCommitstringShort git commit hash of the daemon build.
versionInfo.GoVersionstringGo runtime version used to build the daemon.
versionInfo.OsstringOperating system (e.g., "linux").
versionInfo.ArchstringCPU architecture (e.g., "amd64", "arm64").
versionInfo.KernelVersionstringHost kernel version.
versionInfo.BuildTimestringISO 8601 build timestamp of the daemon.

Error Port

Fires when the operation fails. Output contains status: "error", errorCode, and errorMessage.

Sample Output

{
  "status": "ok",
  "resource": "system",
  "operation": "version",
  "versionInfo": {
    "Version": "26.1.3",
    "ApiVersion": "1.45",
    "MinAPIVersion": "1.24",
    "GitCommit": "b72abbb",
    "GoVersion": "go1.21.10",
    "Os": "linux",
    "Arch": "amd64",
    "KernelVersion": "6.8.0-40-generic",
    "BuildTime": "2024-05-16T08:33:35.000000000+00:00"
  }
}

Expression Reference

ExpressionReturns
{{ $output.versionInfo.Version }}Docker daemon version string.
{{ $output.versionInfo.ApiVersion }}Maximum API version — compare to minimum required.
{{ $output.versionInfo.MinAPIVersion }}Minimum supported API version.
{{ $output.versionInfo.Arch }}CPU architecture — use to select the correct image variant.
{{ $output.versionInfo.Os }}Operating system — validate expected OS before deployment.

Node Policies & GuardRails

PolicyEnforcement
Never expose Docker daemon TCP without TLSUse tcptls for remote connections. Plain tcp is blocked in production GuardRail profiles.
Store TLS certificates in Credentials ManagerReference tlsCertPath via {{ $credentials.dockerTlsCertPath }}.
Check ApiVersion before using new API featuresAlways gate workflows using advanced Docker API features on a version check node to prevent DOCKER_API_ERROR on older daemons.
Never interpolate user input into connection fieldsThe dockerHost value must come from credentials or fixed configuration.
Always handle the error portWire the error port to alerting nodes — daemon unavailability routes here.
Restrict container/exec to approved commandsArbitrary exec access is root-equivalent. GuardRail exec policies restrict allowed command prefixes.

Examples

Example 1 — API Version Compatibility Gate

Before running a workflow that uses API features introduced in Docker API v1.43 (e.g., container/stats streaming), verify the daemon supports it.

// After system/version:
{{ parseFloat($output.versionInfo.ApiVersion) >= 1.43 }}
// false → abort with error: "Docker API version too old — upgrade daemon to 24.0+"

Example 2 — Scheduled Compliance Audit

Weekly workflow collects Docker version data from all hosts and records it in a compliance database.

{
  "host": "{{ $loopItem.hostname }}",
  "dockerVersion": "{{ $output.versionInfo.Version }}",
  "apiVersion": "{{ $output.versionInfo.ApiVersion }}",
  "arch": "{{ $output.versionInfo.Arch }}",
  "os": "{{ $output.versionInfo.Os }}",
  "auditDate": "{{ new Date().toISOString() }}"
}

Example 3 — Architecture-Aware Image Selection

Read the host architecture to pull the correct image variant (e.g., arm64 vs amd64).

// After system/version:
{{ `myapp:v2.0-${$output.versionInfo.Arch}` }}
// Results in "myapp:v2.0-arm64" or "myapp:v2.0-amd64"
// Pass this to image/pull Repository field