system/version
Get Docker version details for the daemon including API version, Go version, OS, and architecture.
API compatibility: The
ApiVersion and MinAPIVersion fields are particularly important. If your workflow uses Docker API features introduced in a specific API version, check that ApiVersion meets the minimum requirement before proceeding.
When to Use
- API compatibility check: Verify that the daemon's
ApiVersionmeets the minimum version required by the Docker API features your workflow depends on — abort with a clear error if it doesn't. - Compliance audit: Record the Docker version on each host in an asset management database as part of a scheduled compliance scan.
- Upgrade readiness: Compare the current daemon version against the minimum supported version defined in your platform runbook to identify hosts requiring upgrade.
- Incident reporting: Include Docker version, Go version, and architecture in incident reports to provide full context when debugging daemon-level issues.
Configuration
Connection
| Field | Type | Default | Description |
|---|---|---|---|
dockerHost | string | unix:///var/run/docker.sock | Docker daemon socket path or TCP endpoint. |
connectionType | string | unixsocket | One of: unixsocket, tcp, tcptls. |
tlsCertPath | string | — | TLS certificate directory. Required for tcptls. optional |
timeoutSeconds | int | 30 | Operation timeout. optional |
Operation Fields
This operation requires no additional input fields. Set resource to system and operation to version.
Sample Configuration
{
"resource": "system",
"operation": "version",
"connection": {
"dockerHost": "unix:///var/run/docker.sock",
"connectionType": "unixsocket"
}
}
Validation Errors
| Error Code | Condition | Resolution |
|---|---|---|
CONFIG_ERROR | Connection settings malformed. | Check dockerHost and connectionType. |
AUTH_FAILED | TLS handshake failed. | Verify tlsCertPath certificates. |
DOCKER_API_ERROR | Daemon unreachable or returned an error. | Use system/ping for a lightweight connectivity test first. |
Output
Success Port
| Field | Type | Description |
|---|---|---|
status | string | "ok" on success. |
resource | string | "system" |
operation | string | "version" |
versionInfo.Version | string | Docker daemon version (e.g., "26.1.3"). |
versionInfo.ApiVersion | string | Maximum Docker API version supported by this daemon. |
versionInfo.MinAPIVersion | string | Minimum Docker API version supported. |
versionInfo.GitCommit | string | Short git commit hash of the daemon build. |
versionInfo.GoVersion | string | Go runtime version used to build the daemon. |
versionInfo.Os | string | Operating system (e.g., "linux"). |
versionInfo.Arch | string | CPU architecture (e.g., "amd64", "arm64"). |
versionInfo.KernelVersion | string | Host kernel version. |
versionInfo.BuildTime | string | ISO 8601 build timestamp of the daemon. |
Error Port
Fires when the operation fails. Output contains status: "error", errorCode, and errorMessage.
Sample Output
{
"status": "ok",
"resource": "system",
"operation": "version",
"versionInfo": {
"Version": "26.1.3",
"ApiVersion": "1.45",
"MinAPIVersion": "1.24",
"GitCommit": "b72abbb",
"GoVersion": "go1.21.10",
"Os": "linux",
"Arch": "amd64",
"KernelVersion": "6.8.0-40-generic",
"BuildTime": "2024-05-16T08:33:35.000000000+00:00"
}
}
Expression Reference
| Expression | Returns |
|---|---|
{{ $output.versionInfo.Version }} | Docker daemon version string. |
{{ $output.versionInfo.ApiVersion }} | Maximum API version — compare to minimum required. |
{{ $output.versionInfo.MinAPIVersion }} | Minimum supported API version. |
{{ $output.versionInfo.Arch }} | CPU architecture — use to select the correct image variant. |
{{ $output.versionInfo.Os }} | Operating system — validate expected OS before deployment. |
Node Policies & GuardRails
| Policy | Enforcement |
|---|---|
| Never expose Docker daemon TCP without TLS | Use tcptls for remote connections. Plain tcp is blocked in production GuardRail profiles. |
| Store TLS certificates in Credentials Manager | Reference tlsCertPath via {{ $credentials.dockerTlsCertPath }}. |
| Check ApiVersion before using new API features | Always gate workflows using advanced Docker API features on a version check node to prevent DOCKER_API_ERROR on older daemons. |
| Never interpolate user input into connection fields | The dockerHost value must come from credentials or fixed configuration. |
| Always handle the error port | Wire the error port to alerting nodes — daemon unavailability routes here. |
| Restrict container/exec to approved commands | Arbitrary exec access is root-equivalent. GuardRail exec policies restrict allowed command prefixes. |
Examples
Example 1 — API Version Compatibility Gate
Before running a workflow that uses API features introduced in Docker API v1.43 (e.g., container/stats streaming), verify the daemon supports it.
// After system/version:
{{ parseFloat($output.versionInfo.ApiVersion) >= 1.43 }}
// false → abort with error: "Docker API version too old — upgrade daemon to 24.0+"
Example 2 — Scheduled Compliance Audit
Weekly workflow collects Docker version data from all hosts and records it in a compliance database.
{
"host": "{{ $loopItem.hostname }}",
"dockerVersion": "{{ $output.versionInfo.Version }}",
"apiVersion": "{{ $output.versionInfo.ApiVersion }}",
"arch": "{{ $output.versionInfo.Arch }}",
"os": "{{ $output.versionInfo.Os }}",
"auditDate": "{{ new Date().toISOString() }}"
}
Example 3 — Architecture-Aware Image Selection
Read the host architecture to pull the correct image variant (e.g., arm64 vs amd64).
// After system/version:
{{ `myapp:v2.0-${$output.versionInfo.Arch}` }}
// Results in "myapp:v2.0-arm64" or "myapp:v2.0-amd64"
// Pass this to image/pull Repository field