Andreas/watchtower
1
0
Fork 0
mirror of https://github.com/containrrr/watchtower.git synced 2025-12-16 15:10:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Deployed a7a28ec with MkDocs version: 1.1.2

Browse source
This commit is contained in:
2020-10-03 20:26:43 +00:00
parent 7b8d536f73
commit 53c402703e
37 changed files with 1207 additions and 452 deletions
Download patch file Download diff file Expand all files Collapse all files

278
private-registries/index.html
View file

@ -1,6 +1,4 @@
<!doctype html>
<html lang="en" class="no-js">
<head>
@ -13,7 +11,7 @@
<link rel="shortcut icon" href="../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.1.2, mkdocs-material-5.2.2">
<meta name="generator" content="mkdocs-1.1.2, mkdocs-material-6.0.1">
@ -21,13 +19,17 @@
<link rel="stylesheet" href="../assets/stylesheets/main.a2408e81.min.css">
<link rel="stylesheet" href="../assets/stylesheets/main.38780c08.min.css">
<link rel="stylesheet" href="../assets/stylesheets/palette.3f72e892.min.css">
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style>
@ -42,7 +44,13 @@
</head>
<body dir="ltr">
<body dir="ltr" data-md-color-scheme="" data-md-color-primary="none" data-md-color-accent="none">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
@ -134,8 +142,6 @@
<div class="md-container" data-md-component="container">
@ -255,76 +261,13 @@
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Private registries
<span class="md-nav__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 9h14V7H3v2m0 4h14v-2H3v2m0 4h14v-2H3v2m16 0h2v-2h-2v2m0-10v2h2V7h-2m0 6h2v-2h-2v2z"/></svg>
</span>
</label>
<a href="./" title="Private registries" class="md-nav__link md-nav__link--active">
Private registries
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</span>
Table of contents
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#create_the_configuration_file_manually" class="md-nav__link">
Create the configuration file manually
</a>
</li>
<li class="md-nav__item">
<a href="#i_username_and_password_for_gcloud" class="md-nav__link">
Username and Password for GCloud
</a>
</li>
<li class="md-nav__item">
<a href="#share_the_docker_configuration_file" class="md-nav__link">
Share the Docker configuration file
</a>
</li>
<li class="md-nav__item">
<a href="#credential_helpers" class="md-nav__link">
Credential helpers
</a>
<nav class="md-nav" aria-label="Credential helpers">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
Example
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
@ -388,6 +331,18 @@
</li>
<li class="md-nav__item">
<a href="../running-multiple-instances/" title="Running multiple instances" class="md-nav__link">
Running multiple instances
</a>
</li>
</ul>
</nav>
</div>
@ -402,57 +357,8 @@
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</span>
Table of contents
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#create_the_configuration_file_manually" class="md-nav__link">
Create the configuration file manually
</a>
</li>
<li class="md-nav__item">
<a href="#i_username_and_password_for_gcloud" class="md-nav__link">
Username and Password for GCloud
</a>
</li>
<li class="md-nav__item">
<a href="#share_the_docker_configuration_file" class="md-nav__link">
Share the Docker configuration file
</a>
</li>
<li class="md-nav__item">
<a href="#credential_helpers" class="md-nav__link">
Credential helpers
</a>
<nav class="md-nav" aria-label="Credential helpers">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
Example
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
@ -469,11 +375,6 @@
</a>
<h1>Private registries</h1>
<p>Watchtower supports private Docker image registries. In many cases, accessing a private registry
requires a valid username and password (i.e., <em>credentials</em>). In order to operate in such an
environment, watchtower needs to know the credentials to access the registry. </p>
@ -503,11 +404,13 @@ password <code>auth</code> string:</p>
<blockquote>
<h3 id="i_username_and_password_for_gcloud"> Username and Password for GCloud<a class="headerlink" href="#i_username_and_password_for_gcloud" title="Permanent link">&para;</a></h3>
<p>For gcloud, we'll use <code>__json_key</code> as our username and the content
of <code>gcloudauth.json</code> as the password.</p>
</blockquote>
<p>When the watchtower Docker container is started, the created configuration file
<p>For gcloud, we'll use <code>_json_key</code> as our username and the content
of <code>gcloudauth.json</code> as the password.
<code>bash
echo -n "_json_key:$(cat gcloudauth.json)" | base64 -w0</code>
When the watchtower Docker container is started, the created configuration file
(<code>&lt;PATH&gt;/config.json</code> in this example) needs to be passed to the container:</p>
</blockquote>
<pre><code class="bash">docker run [...] -v &lt;PATH&gt;/config.json:/config.json containrrr/watchtower
</code></pre>
@ -521,14 +424,29 @@ additional configuration file is not necessary.</p>
</code></pre>
<p>When creating the watchtower container via docker-compose, use the following lines:</p>
<pre><code class="yaml">version: &quot;3&quot;
[...]
watchtower:
image: index.docker.io/containrrr/watchtower:latest
volumes:
<pre><code class="yaml">version: &quot;3.4&quot;
services:
watchtower:
image: index.docker.io/containrrr/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- &lt;PATH_TO_HOME_DIR&gt;/.docker/config.json:/config.json
[...]
...
</code></pre>
<h4 id="docker_config_path">Docker Config path<a class="headerlink" href="#docker_config_path" title="Permanent link">&para;</a></h4>
<p>By default, watchtower will look for the <code>config.json</code> file in <code>/</code>, but this can be changed by setting the <code>DOCKER_CONFIG</code> environment variable to the directory path where your config is located. This is useful for setups where the config.json file is changed while the watchtower instance is running, as the changes will not be picked up for a mounted file if the inode changes.
Example usage:</p>
<pre><code class="yaml">version: &quot;3.4&quot;
services:
watchtower:
image: containrrr/watchtower
environment:
DOCKER_CONFIG: /config
volumes:
- /etc/watchtower/config/:/config/
- /var/run/docker.sock:/var/run/docker.sock
</code></pre>
<h2 id="credential_helpers">Credential helpers<a class="headerlink" href="#credential_helpers" title="Permanent link">&para;</a></h2>
@ -538,6 +456,11 @@ To be able to use this together with watchtower, we need to use a credential hel
helper in a separate container and mount it using volumes.</p>
<h3 id="example">Example<a class="headerlink" href="#example" title="Permanent link">&para;</a></h3>
<p>Example implementation for use with <a href="https://github.com/awslabs/amazon-ecr-credential-helper">amazon-ecr-credential-helper</a>:</p>
<p>Use the dockerfile below to build the <a href="https://github.com/awslabs/amazon-ecr-credential-helper">amazon-ecr-credential-helper</a>,
in a volume that may be mounted onto your watchtower container.</p>
<ol>
<li>Create the Dockerfile (contents below): </li>
</ol>
<pre><code class="Dockerfile">FROM golang:latest
ENV CGO_ENABLED 0
@ -554,44 +477,69 @@ RUN go build \
WORKDIR /go/bin/
</code></pre>
<p>and the docker-compose definition:</p>
<pre><code class="yaml">version: &quot;3&quot;
<ol>
<li>Use the following commands to build the aws-ecr-dock-cred-helper and store it's output in a volume:</li>
</ol>
<p>```shell script</p>
<h1 id="create_a_volume_to_store_the_command_once_built">Create a volume to store the command (once built)<a class="headerlink" href="#create_a_volume_to_store_the_command_once_built" title="Permanent link">&para;</a></h1>
<p>docker volume create helper </p>
<h1 id="build_the_container">Build the container<a class="headerlink" href="#build_the_container" title="Permanent link">&para;</a></h1>
<p>docker build -t aws-ecr-dock-cred-helper .</p>
<h1 id="build_the_command_and_store_it_in_the_new_volume_in_the_gobin_directory">Build the command and store it in the new volume in the /go/bin directory.<a class="headerlink" href="#build_the_command_and_store_it_in_the_new_volume_in_the_gobin_directory" title="Permanent link">&para;</a></h1>
<p>docker run -d --rm --name aws-cred-helper --volume helper:/go/bin aws-ecr-dock-cred-helper</p>
<pre><code>
3. Create a configuration file for docker, and store it in $HOME/.docker/config.json (replace the &lt;AWS_ACCOUNT_ID&gt;
placeholders with your AWS Account ID):
```json
{
&quot;credsStore&quot; : &quot;ecr-login&quot;,
&quot;HttpHeaders&quot; : {
&quot;User-Agent&quot; : &quot;Docker-Client/19.03.1 (XXXXXX)&quot;
},
&quot;auths&quot; : {
&quot;&lt;AWS_ACCOUNT_ID&gt;.dkr.ecr.us-west-1.amazonaws.com&quot; : {}
},
&quot;credHelpers&quot;: {
&quot;&lt;AWS_ACCOUNT_ID&gt;.dkr.ecr.us-west-1.amazonaws.com&quot; : &quot;ecr-login&quot;
}
}
</code></pre>
<ol>
<li>Create a docker-compose file (as an example) to help launch the container:</li>
</ol>
<p>and the docker-compose definition:</p>
<pre><code class="yaml">version: &quot;3.4&quot;
services:
# Check for new images and restart things if a new image exists
# for any of our containers.
watchtower:
image: index.docker.io/containrrr/watchtower:latest
image: containrrr/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- &lt;PATH_TO_HOME_DIR&gt;/.docker/config.json:/config.json
- .docker/config.json:/config.json
- helper:/go/bin
environment:
- HOME=/
- PATH=$PATH:/go/bin
- AWS_REGION=&lt;AWS_REGION&gt;
- AWS_ACCESS_KEY_ID=&lt;AWS_ACCESS_KEY&gt;
- AWS_SECRET_ACCESS_KEY=&lt;AWS_SECRET_ACCESS_KEY&gt;
- AWS_REGION=us-west-1
volumes:
helper: {}
helper:
external: true
</code></pre>
<p>and for <code>&lt;PATH_TO_HOME_DIR&gt;/.docker/config.json</code>:</p>
<pre><code class="json"> {
&quot;HttpHeaders&quot; : {
&quot;User-Agent&quot; : &quot;Docker-Client/19.03.1 (XXXXXX)&quot;
},
&quot;credsStore&quot; : &quot;osxkeychain&quot;,
&quot;auths&quot; : {
&quot;xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com&quot; : {},
&quot;https://index.docker.io/v1/&quot;: {}
},
&quot;credHelpers&quot;: {
&quot;xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com&quot; : &quot;ecr-login&quot;,
&quot;index.docker.io&quot;: &quot;osxkeychain&quot;
}
}
</code></pre>
<p><em>Note:</em> <code>osxkeychain</code> can be changed to your preferred credentials helper.</p>
<p>A few additional notes:</p>
<ol>
<li>With docker-compose the volume (helper, in this case) MUST be set to <code>external: true</code>, otherwise docker-compose
will preface it with the directory name.</li>
<li>Note that "credsStore" : "ecr-login" is needed - and in theory if you have that you can remove the
credHelpers section </li>
<li>I have this running on an EC2 instance that has credentials assigned to it - so no keys are needed; however,
you may need to include the <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code> environment variables as well.</li>
<li>An alternative to adding the various variables is to create a ~/.aws/config and ~/.aws/credentials files and
place the settings there, then mount the ~/.aws directory to / in the container.</li>
</ol>
@ -658,15 +606,15 @@ volumes:
</div>
<script src="../assets/javascripts/vendor.d710d30a.min.js"></script>
<script src="../assets/javascripts/bundle.5f27aba8.min.js"></script><script id="__lang" type="application/json">{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents"}</script>
<script src="../assets/javascripts/vendor.77e55a48.min.js"></script>
<script src="../assets/javascripts/bundle.aa3f9871.min.js"></script><script id="__lang" type="application/json">{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script>
<script>
app = initialize({
base: "..",
features: [],
search: Object.assign({
worker: "../assets/javascripts/worker/search.27c6a5e6.min.js"
worker: "../assets/javascripts/worker/search.4ac00218.min.js"
}, typeof search !== "undefined" && search)
})
</script>