# For ubuntu 24.04+ users, to make dind work properly with apparmor, you might need to disable the restriction on unprivileged user namespaces. # if `sudo sysctl kernel.apparmor_restrict_unprivileged_userns` returns `1`, you need to disable it to start dind: # echo 'kernel.apparmor_restrict_unprivileged_userns=0' | sudo tee /etc/sysctl.d/99-apparmor-userns.conf # sudo sysctl --system volumes: postgres-data: driver: local kestra-data: driver: local dind-socket: driver: local tmp-data: driver: local services: postgres: image: postgres:18 volumes: - postgres-data:/var/lib/postgresql environment: POSTGRES_DB: kestra POSTGRES_USER: kestra POSTGRES_PASSWORD: k3str4 healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] interval: 30s timeout: 10s retries: 10 dind: image: docker:dind-rootless privileged: true user: "1000" environment: DOCKER_HOST: unix:///home/rootless/docker.sock command: - --log-level=fatal - --group=1000 volumes: - dind-socket:/home/rootless/ - tmp-data:/tmp/kestra-wd kestra: image: kestra/kestra:latest pull_policy: always # Kestra, by default, has a termination grace period of 5m. We need to wait a little more to be sure no active tasks are running. stop_grace_period: 6m # Note that this is meant for development only. Refer to the documentation for production deployments of Kestra which runs without a root user. user: "root" command: server standalone volumes: - kestra-data:/app/storage - dind-socket:/dind - tmp-data:/tmp/kestra-wd environment: KESTRA_CONFIGURATION: | datasources: postgres: url: jdbc:postgresql://postgres:5432/kestra driverClassName: org.postgresql.Driver username: kestra password: k3str4 kestra: repository: type: postgres storage: type: local local: base-path: "/app/storage" queue: type: postgres tasks: tmp-dir: path: /tmp/kestra-wd/tmp url: http://localhost:8080/ ports: - "8080:8080" - "8081:8081" depends_on: postgres: condition: service_started dind: condition: service_started