Andreas/watchtower
1
0
Fork 0
mirror of https://github.com/containrrr/watchtower.git synced 2026-02-10 09:24:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Consolidated all post-fork updates including dependency bumps and workflow changes

Browse source
This commit is contained in:
dependabot[bot] 2023-10-04 12:17:38 +02:00 committed by Nick Fedor
parent 2abaa47fd3
commit 6b62d53797
No known key found for this signature in database
GPG key ID: A167CBEDE64D29CB
100 changed files with 1503 additions and 1264 deletions
Download patch file Download diff file Expand all files Collapse all files

76
docs/arguments.md
View file

@ -7,7 +7,7 @@ launching watchtower.
$ docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower \
nickfedor/watchtower \
nginx redis
```
@ -18,7 +18,7 @@ the watchtower container after its execution.
```bash
$ docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower \
nickfedor/watchtower \
--run-once \
nginx redis
```
@ -33,14 +33,16 @@ Some arguments can also reference a file, in which case the contents of the file
This can be used to avoid putting secrets in the configuration file or command line.
The following arguments are currently supported (including their corresponding `WATCHTOWER_` environment variables):
- `notification-url`
- `notification-email-server-password`
- `notification-slack-hook-url`
- `notification-msteams-hook`
- `notification-gotify-token`
- `http-api-token`
- `notification-url`
- `notification-email-server-password`
- `notification-slack-hook-url`
- `notification-msteams-hook`
- `notification-gotify-token`
- `http-api-token`
### Example docker-compose usage
```yaml
secrets:
access_token:
@ -55,6 +57,7 @@ services:
```
## Help
Shows documentation about the supported flags.
```text
@ -65,6 +68,7 @@ Environment Variable: N/A
```
## Time Zone
Sets the time zone to be used by WatchTower's logs and the optional Cron scheduling argument (--schedule). If this environment variable is not set, Watchtower will use the default time zone: UTC.
To find out the right value, see [this list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), find your location and use the value in _TZ Database Name_, e.g _Europe/Rome_. The timezone can alternatively be set by volume mounting your hosts /etc/localtime file. `-v /etc/localtime:/etc/localtime:ro`
@ -76,6 +80,7 @@ Environment Variable: TZ
```
## Cleanup
Removes old images after updating. When this flag is specified, watchtower will remove the old image after restarting a container with a new image. Use this option to prevent the accumulation of orphaned images on your system as containers are updated.
```text
@ -86,6 +91,7 @@ Environment Variable: WATCHTOWER_CLEANUP
```
## Remove anonymous volumes
Removes anonymous volumes after updating. When this flag is specified, watchtower will remove all anonymous volumes from the container before restarting with a new image. Named volumes will not be removed!
```text
@ -96,6 +102,7 @@ Environment Variable: WATCHTOWER_REMOVE_VOLUMES
```
## Debug
Enable debug mode with verbose logging.
!!! note "Notes"
@ -110,6 +117,7 @@ Environment Variable: WATCHTOWER_DEBUG
```
## Trace
Enable trace mode with very verbose logging. Caution: exposes credentials!
!!! note "Notes"
@ -146,6 +154,7 @@ Environment Variable: WATCHTOWER_LOG_FORMAT
```
## ANSI colors
Disable ANSI color escape codes in log output.
```text
@ -156,6 +165,7 @@ Environment Variable: NO_COLOR
```
## Docker host
Docker daemon socket to connect to. Can be pointed at a remote Docker host by specifying a TCP endpoint as "tcp://hostname:port".
```text
@ -166,6 +176,7 @@ Environment Variable: DOCKER_HOST
```
## Docker API version
The API version to use by the Docker client for connecting to the Docker daemon. The minimum supported version is 1.24.
```text
@ -176,6 +187,7 @@ Environment Variable: DOCKER_API_VERSION
```
## Include restarting
Will also include restarting containers.
```text
@ -186,6 +198,7 @@ Environment Variable: WATCHTOWER_INCLUDE_RESTARTING
```
## Include stopped
Will also include created and exited containers.
```text
@ -196,6 +209,7 @@ Environment Variable: WATCHTOWER_INCLUDE_STOPPED
```
## Revive stopped
Start any stopped containers that have had their image updated. This argument is only usable with the `--include-stopped` argument.
```text
@ -206,6 +220,7 @@ Environment Variable: WATCHTOWER_REVIVE_STOPPED
```
## Poll interval
Poll interval (in seconds). This value controls how frequently watchtower will poll for new images. Either `--schedule` or a poll interval can be defined, but not both.
```text
@ -216,6 +231,7 @@ Environment Variable: WATCHTOWER_POLL_INTERVAL
```
## Filter by enable label
Monitor and update containers that have a `com.centurylinklabs.watchtower.enable` label set to true.
```text
@ -226,11 +242,13 @@ Environment Variable: WATCHTOWER_LABEL_ENABLE
```
## Filter by disable label
__Do not__ Monitor and update containers that have `com.centurylinklabs.watchtower.enable` label set to false and
no `--label-enable` argument is passed. Note that only one or the other (targeting by enable label) can be
**Do not** Monitor and update containers that have `com.centurylinklabs.watchtower.enable` label set to false and
no `--label-enable` argument is passed. Note that only one or the other (targeting by enable label) can be
used at the same time to target containers.
## Filter by disabling specific container names
Monitor and update containers whose names are not in a given set of names.
This can be used to exclude specific containers, when setting labels is not an option.
@ -244,8 +262,9 @@ Environment Variable: WATCHTOWER_DISABLE_CONTAINERS
```
## Without updating containers
Will only monitor for new images, send notifications and invoke
the [pre-check/post-check hooks](https://containrrr.dev/watchtower/lifecycle-hooks/), but will __not__ update the
the [pre-check/post-check hooks](https://containrrr.dev/watchtower/lifecycle-hooks/), but will **not** update the
containers.
!!! note
@ -262,7 +281,7 @@ Environment Variable: WATCHTOWER_MONITOR_ONLY
Note that monitor-only can also be specified on a per-container basis with the `com.centurylinklabs.watchtower.monitor-only` label set on those containers.
See [With label taking precedence over arguments](#With-label-taking-precedence-over-arguments) for behavior when both argument and label are set
See [With label taking precedence over arguments](#with-label-taking-precedence-over-arguments) for behavior when both argument and label are set
## With label taking precedence over arguments
@ -276,8 +295,10 @@ Environment Variable: WATCHTOWER_LABEL_TAKE_PRECEDENCE
```
## Without restarting containers
Do not restart containers after updating. This option can be useful when the start of the containers
is managed by an external system such as systemd.
```text
Argument: --no-restart
Environment Variable: WATCHTOWER_NO_RESTART
@ -286,6 +307,7 @@ Environment Variable: WATCHTOWER_NO_RESTART
```
## Without pulling new images
Do not pull new images. When this flag is specified, watchtower will not attempt to pull
new images from the registry. Instead it will only monitor the local image cache for changes.
Use this option if you are building new images directly on the Docker host without pushing
@ -301,9 +323,10 @@ Environment Variable: WATCHTOWER_NO_PULL
Note that no-pull can also be specified on a per-container basis with the
`com.centurylinklabs.watchtower.no-pull` label set on those containers.
See [With label taking precedence over arguments](#With-label-taking-precedence-over-arguments) for behavior when both argument and label are set
See [With label taking precedence over arguments](#with-label-taking-precedence-over-arguments) for behavior when both argument and label are set
## Without sending a startup message
Do not send a message after watchtower started. Otherwise there will be an info-level notification.
```text
@ -314,6 +337,7 @@ Environment Variable: WATCHTOWER_NO_STARTUP_MESSAGE
```
## Run once
Run an update attempt against a container name list one time immediately and exit.
```text
@ -324,7 +348,8 @@ Environment Variable: WATCHTOWER_RUN_ONCE
```
## HTTP API Mode
Runs Watchtower in HTTP API mode, only allowing image updates to be triggered by an HTTP request.
Runs Watchtower in HTTP API mode, only allowing image updates to be triggered by an HTTP request.
For details see [HTTP API](https://containrrr.dev/watchtower/http-api-mode).
```text
@ -335,6 +360,7 @@ Environment Variable: WATCHTOWER_HTTP_API_UPDATE
```
## HTTP API Token
Sets an authentication token to HTTP API requests.
Can also reference a file, in which case the contents of the file are used.
@ -346,6 +372,7 @@ Environment Variable: WATCHTOWER_HTTP_API_TOKEN
```
## HTTP API periodic polls
Keep running periodic updates if the HTTP API mode is enabled, otherwise the HTTP API would prevent periodic polls.
```text
@ -356,17 +383,23 @@ Environment Variable: WATCHTOWER_HTTP_API_PERIODIC_POLLS
```
## Filter by scope
Update containers that have a `com.centurylinklabs.watchtower.scope` label set with the same value as the given argument.
Update containers that have a `com.centurylinklabs.watchtower.scope` label set with the same value as the given argument.
This enables [running multiple instances](https://containrrr.dev/watchtower/running-multiple-instances).
!!! note "Filter by lack of scope"
If you want other instances of watchtower to ignore the scoped containers, set this argument to `none`.
When omitted, watchtower will update all containers regardless of scope.
```text
Argument: --scope
Environment Variable: WATCHTOWER_SCOPE
Type: String
Default: -
```
```
## HTTP API Metrics
Enables a metrics endpoint, exposing prometheus metrics via HTTP. See [Metrics](metrics.md) for details.
```text
@ -377,6 +410,7 @@ Environment Variable: WATCHTOWER_HTTP_API_METRICS
```
## Scheduling
[Cron expression](https://pkg.go.dev/github.com/robfig/cron@v1.2.0?tab=doc#hdr-CRON_Expression_Format) in 6 fields (rather than the traditional 5) which defines when and how often to check for new images. Either `--interval` or the schedule expression
can be defined, but not both. An example: `--schedule "0 0 4 * * *"`
@ -388,6 +422,7 @@ Environment Variable: WATCHTOWER_SCHEDULE
```
## Rolling restart
Restart one image at time instead of stopping and starting all at once. Useful in conjunction with lifecycle hooks
to implement zero-downtime deploy.
@ -399,6 +434,7 @@ Environment Variable: WATCHTOWER_ROLLING_RESTART
```
## Wait until timeout
Timeout before the container is forcefully stopped. When set, this option will change the default (`10s`) wait time to the given value. An example: `--stop-timeout 30s` will set the timeout to 30 seconds.
```text
@ -450,10 +486,10 @@ Writes the session results to STDOUT using a stable, machine-readable format (in
Alias for:
```text
--notification-url logger://
--notification-log-stdout
--notification-report
--notification-template porcelain.VERSION.summary-no-log
--notification-url logger://
--notification-log-stdout
--notification-report
--notification-template porcelain.VERSION.summary-no-log
Argument: --porcelain, -P
Environment Variable: WATCHTOWER_PORCELAIN

1
docs/container-selection.md
View file

@ -58,6 +58,7 @@ If instead you want to [only include containers with the enable label](https://c
If you wish to create a monitoring scope, you will need to [run multiple instances and set a scope for each of them](https://containrrr.github.io/watchtower/running-multiple-instances).
Watchtower filters running containers by testing them against each configured criteria. A container is monitored if all criteria are met. For example:
- If a container's name is on the monitoring name list (not empty `--name` argument) but it is not enabled (_centurylinklabs.watchtower.enable=false_), it won't be monitored;
- If a container's name is not on the monitoring name list (not empty `--name` argument), even if it is enabled (_centurylinklabs.watchtower.enable=true_ and `--label-enable` flag is set), it won't be monitored;

12
docs/http-api-mode.md
View file

@ -1,6 +1,6 @@
Watchtower provides an HTTP API mode that enables an HTTP endpoint that can be requested to trigger container updating. The current available endpoint list is:
- `/v1/update` - triggers an update for all of the containers monitored by this Watchtower instance.
- `/v1/update` - triggers an update for all of the containers monitored by this Watchtower instance.
---
@ -16,7 +16,7 @@ services:
- "com.centurylinklabs.watchtower.enable=true"
watchtower:
image: containrrr/watchtower
image: nickfedor/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --debug --http-api-update
@ -35,3 +35,11 @@ Notice that there is an environment variable named WATCHTOWER_HTTP_API_TOKEN. To
```bash
curl -H "Authorization: Bearer mytoken" localhost:8080/v1/update
```
---
In order to update only certain images, the image names can be provided as URL query parameters. The following `curl` command would trigger an update for the images `foo/bar` and `foo/baz`:
```bash
curl -H "Authorization: Bearer mytoken" localhost:8080/v1/update?image=foo/bar,foo/baz
```

36
docs/index.md
View file

@ -8,32 +8,32 @@
<p align="center">
A container-based solution for automating Docker container base image updates.
<br/><br/>
<a href="https://circleci.com/gh/containrrr/watchtower">
<img alt="Circle CI" src="https://circleci.com/gh/containrrr/watchtower.svg?style=shield" />
<a href="https://circleci.com/gh/nicholas-fedor/watchtower">
<img alt="Circle CI" src="https://circleci.com/gh/nicholas-fedor/watchtower.svg?style=shield" />
</a>
<a href="https://codecov.io/gh/containrrr/watchtower">
<img alt="Codecov" src="https://codecov.io/gh/containrrr/watchtower/branch/main/graph/badge.svg">
<a href="https://codecov.io/gh/nicholas-fedor/watchtower">
<img alt="Codecov" src="https://codecov.io/gh/nicholas-fedor/watchtower/branch/main/graph/badge.svg">
</a>
<a href="https://godoc.org/github.com/containrrr/watchtower">
<img alt="GoDoc" src="https://godoc.org/github.com/containrrr/watchtower?status.svg" />
<a href="https://godoc.org/github.com/nicholas-fedor/watchtower">
<img alt="GoDoc" src="https://godoc.org/github.com/nicholas-fedor/watchtower?status.svg" />
</a>
<a href="https://goreportcard.com/report/github.com/containrrr/watchtower">
<img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/containrrr/watchtower" />
<a href="https://goreportcard.com/report/github.com/nicholas-fedor/watchtower">
<img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/nicholas-fedor/watchtower" />
</a>
<a href="https://github.com/containrrr/watchtower/releases">
<img alt="latest version" src="https://img.shields.io/github/tag/containrrr/watchtower.svg" />
<a href="https://github.com/nicholas-fedor/watchtower/releases">
<img alt="latest version" src="https://img.shields.io/github/tag/nicholas-fedor/watchtower.svg" />
</a>
<a href="https://www.apache.org/licenses/LICENSE-2.0">
<img alt="Apache-2.0 License" src="https://img.shields.io/github/license/containrrr/watchtower.svg" />
<img alt="Apache-2.0 License" src="https://img.shields.io/github/license/nicholas-fedor/watchtower.svg" />
</a>
<a href="https://www.codacy.com/gh/containrrr/watchtower/dashboard?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=containrrr/watchtower&amp;utm_campaign=Badge_Grade">
<a href="https://www.codacy.com/gh/nicholas-fedor/watchtower/dashboard?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=nicholas-fedor/watchtower&amp;utm_campaign=Badge_Grade">
<img alt="Codacy Badge" src="https://app.codacy.com/project/badge/Grade/1c48cfb7646d4009aa8c6f71287670b8"/>
</a>
<a href="https://github.com/containrrr/watchtower/#contributors">
<img alt="All Contributors" src="https://img.shields.io/github/all-contributors/containrrr/watchtower" />
<a href="https://github.com/nicholas-fedor/watchtower/#contributors">
<img alt="All Contributors" src="https://img.shields.io/github/all-contributors/nicholas-fedor/watchtower" />
</a>
<a href="https://hub.docker.com/r/containrrr/watchtower">
<img alt="Pulls from DockerHub" src="https://img.shields.io/docker/pulls/containrrr/watchtower.svg" />
<a href="https://hub.docker.com/r/nickfedor/watchtower">
<img alt="Pulls from DockerHub" src="https://img.shields.io/docker/pulls/nickfedor/watchtower.svg" />
</a>
</p>
@ -50,7 +50,7 @@ the following command:
$ docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower
nickfedor/watchtower
```
=== "docker-compose.yml"
@ -59,7 +59,7 @@ the following command:
version: "3"
services:
watchtower:
image: containrrr/watchtower
image: nickfedor/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
```

3
docs/introduction.md
View file

@ -8,8 +8,7 @@ For example, let's say you were running watchtower along with an instance of _ce
$ docker ps
CONTAINER ID IMAGE STATUS PORTS NAMES
967848166a45 centurylink/wetty-cli Up 10 minutes 0.0.0.0:8080->3000/tcp wetty
6cc4d2a9d1a5 containrrr/watchtower Up 15 minutes watchtower
6cc4d2a9d1a5 nickfedor/watchtower Up 15 minutes watchtower
```
Every day watchtower will pull the latest _centurylink/wetty-cli_ image and compare it to the one that was used to run the "wetty" container. If it sees that the image has changed it will stop/remove the "wetty" container and then restart it using the new image and the same `docker run` options that were used to start the container initially (in this case, that would include the `-p 8080:3000` port mapping).

96
docs/notifications.md
View file

@ -1,10 +1,10 @@
# Notifications
Watchtower can send notifications when containers are updated. Notifications are sent via hooks in the logging
system, [logrus](http://github.com/sirupsen/logrus).
system, [logrus](http://github.com/sirupsen/logrus).
!!! note "Using multiple notifications with environment variables"
There is currently a bug in Viper (https://github.com/spf13/viper/issues/380), which prevents comma-separated slices to
There is currently a bug in Viper (<https://github.com/spf13/viper/issues/380>), which prevents comma-separated slices to
be used when using the environment variable.
A workaround is available where we instead put quotes around the environment variable value and replace the commas with
spaces:
@ -16,20 +16,19 @@ system, [logrus](http://github.com/sirupsen/logrus).
## Settings
- `--notifications-level` (env. `WATCHTOWER_NOTIFICATIONS_LEVEL`): Controls the log level which is used for the notifications. If omitted, the default log level is `info`. Possible values are: `panic`, `fatal`, `error`, `warn`, `info`, `debug` or `trace`.
- `--notifications-hostname` (env. `WATCHTOWER_NOTIFICATIONS_HOSTNAME`): Custom hostname specified in subject/title. Useful to override the operating system hostname.
- `--notifications-delay` (env. `WATCHTOWER_NOTIFICATIONS_DELAY`): Delay before sending notifications expressed in seconds.
- Watchtower will post a notification every time it is started. This behavior [can be changed](https://containrrr.github.io/watchtower/arguments/#without_sending_a_startup_message) with an argument.
- `--notification-title-tag` (env. `WATCHTOWER_NOTIFICATION_TITLE_TAG`): Prefix to include in the title. Useful when running multiple watchtowers.
- `--notification-skip-title` (env. `WATCHTOWER_NOTIFICATION_SKIP_TITLE`): Do not pass the title param to notifications. This will not pass a dynamic title override to notification services. If no title is configured for the service, it will remove the title all together.
- `--notification-log-stdout` (env. `WATCHTOWER_NOTIFICATION_LOG_STDOUT`): Enable output from `logger://` shoutrrr service to stdout.
- `--notifications-level` (env. `WATCHTOWER_NOTIFICATIONS_LEVEL`): Controls the log level which is used for the notifications. If omitted, the default log level is `info`. Possible values are: `panic`, `fatal`, `error`, `warn`, `info`, `debug` or `trace`.
- `--notifications-hostname` (env. `WATCHTOWER_NOTIFICATIONS_HOSTNAME`): Custom hostname specified in subject/title. Useful to override the operating system hostname.
- `--notifications-delay` (env. `WATCHTOWER_NOTIFICATIONS_DELAY`): Delay before sending notifications expressed in seconds.
- Watchtower will post a notification every time it is started. This behavior [can be changed](https://containrrr.github.io/watchtower/arguments/#without_sending_a_startup_message) with an argument.
- `--notification-title-tag` (env. `WATCHTOWER_NOTIFICATION_TITLE_TAG`): Prefix to include in the title. Useful when running multiple watchtowers.
- `--notification-skip-title` (env. `WATCHTOWER_NOTIFICATION_SKIP_TITLE`): Do not pass the title param to notifications. This will not pass a dynamic title override to notification services. If no title is configured for the service, it will remove the title all together.
- `--notification-log-stdout` (env. `WATCHTOWER_NOTIFICATION_LOG_STDOUT`): Enable output from `logger://` shoutrrr service to stdout.
## [shoutrrr](https://github.com/containrrr/shoutrrr) notifications
## [Shoutrrr](https://github.com/containrrr/shoutrrr) notifications
To send notifications via shoutrrr, the following command-line options, or their corresponding environment variables, can be set:
- `--notification-url` (env. `WATCHTOWER_NOTIFICATION_URL`): The shoutrrr service URL to be used. This option can also reference a file, in which case the contents of the file are used.
- `--notification-url` (env. `WATCHTOWER_NOTIFICATION_URL`): The shoutrrr service URL to be used. This option can also reference a file, in which case the contents of the file are used.
Go to [containrrr.dev/shoutrrr/v0.8/services/overview](https://containrrr.dev/shoutrrr/v0.8/services/overview) to
learn more about the different service URLs you can use. You can define multiple services by space separating the
@ -37,14 +36,14 @@ URLs. (See example below)
You can customize the message posted by setting a template.
- `--notification-template` (env. `WATCHTOWER_NOTIFICATION_TEMPLATE`): The template used for the message.
- `--notification-template` (env. `WATCHTOWER_NOTIFICATION_TEMPLATE`): The template used for the message.
The template is a Go [template](https://golang.org/pkg/text/template/) that either format a list
of [log entries](https://pkg.go.dev/github.com/sirupsen/logrus?tab=doc#Entry) or a `notification.Data` struct.
Simple templates are used unless the `notification-report` flag is specified:
- `--notification-report` (env. `WATCHTOWER_NOTIFICATION_REPORT`): Use the session report as the notification template data.
- `--notification-report` (env. `WATCHTOWER_NOTIFICATION_REPORT`): Use the session report as the notification template data.
## Simple templates
@ -57,6 +56,9 @@ outputs timestamp and log level.
custom format.
i.e., The day of the year has to be 1, the month has to be 2 (february), the hour 3 (or 15 for 24h time) etc.
!!! note "Skipping notifications"
To skip sending notifications that do not contain any information, you can wrap your template with `{{if .}}` and `{{end}}`.
Example:
```bash
@ -65,12 +67,13 @@ docker run -d \
-v /var/run/docker.sock:/var/run/docker.sock \
-e WATCHTOWER_NOTIFICATION_URL="discord://token@channel slack://watchtower@token-a/token-b/token-c" \
-e WATCHTOWER_NOTIFICATION_TEMPLATE="{{range .}}{{.Time.Format \"2006-01-02 15:04:05\"}} ({{.Level}}): {{.Message}}{{println}}{{end}}" \
containrrr/watchtower
nickfedor/watchtower
```
## Report templates
The default template for report notifications are the following:
```go
{{- if .Report -}}
{{- with .Report -}}
@ -81,13 +84,13 @@ The default template for report notifications are the following:
{{- end -}}
{{- range .Fresh}}
- {{.Name}} ({{.ImageName}}): {{.State}}
{{- end -}}
{{- range .Skipped}}
{{- end -}}
{{- range .Skipped}}
- {{.Name}} ({{.ImageName}}): {{.State}}: {{.Error}}
{{- end -}}
{{- range .Failed}}
{{- end -}}
{{- range .Failed}}
- {{.Name}} ({{.ImageName}}): {{.State}}: {{.Error}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
@ -134,7 +137,7 @@ Example using a custom report template that always sends a session report after
{{range .Entries -}}{{.Message}}{{\"\n\"}}{{- end -}}
{{- end -}}
" \
containrrr/watchtower
nickfedor/watchtower
```
=== "docker-compose"
@ -143,7 +146,7 @@ Example using a custom report template that always sends a session report after
version: "3"
services:
watchtower:
image: containrrr/watchtower
image: nickfedor/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env:
@ -179,12 +182,13 @@ For backwards compatibility, the notifications can also be configured using lega
The types of notifications to send are set by passing a comma-separated list of values to the `--notifications` option
(or corresponding environment variable `WATCHTOWER_NOTIFICATIONS`), which has the following valid values:
- `email` to send notifications via e-mail
- `slack` to send notifications through a Slack webhook
- `msteams` to send notifications via MSTeams webhook
- `gotify` to send notifications via Gotify
- `email` to send notifications via e-mail
- `slack` to send notifications through a Slack webhook
- `msteams` to send notifications via MSTeams webhook
- `gotify` to send notifications via Gotify
### `notify-upgrade`
If watchtower is started with `notify-upgrade` as it's first argument, it will generate a .env file with your current legacy notification options converted to shoutrrr URLs.
=== "docker run"
@ -195,7 +199,7 @@ If watchtower is started with `notify-upgrade` as it's first argument, it will g
-v /var/run/docker.sock:/var/run/docker.sock \
-e WATCHTOWER_NOTIFICATIONS=slack \
-e WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL="https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy" \
containrrr/watchtower \
nickfedor/watchtower \
notify-upgrade
```
@ -205,7 +209,7 @@ If watchtower is started with `notify-upgrade` as it's first argument, it will g
version: "3"
services:
watchtower:
image: containrrr/watchtower
image: nickfedor/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env:
@ -214,7 +218,6 @@ If watchtower is started with `notify-upgrade` as it's first argument, it will g
command: notify-upgrade
```
You can then copy this file from the container (a message with the full command to do so will be logged) and use it with your current setup:
=== "docker run"
@ -224,7 +227,7 @@ You can then copy this file from the container (a message with the full command
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
--env-file watchtower-notifications.env \
containrrr/watchtower
nickfedor/watchtower
```
=== "docker-compose.yml"
@ -233,7 +236,7 @@ You can then copy this file from the container (a message with the full command
version: "3"
services:
watchtower:
image: containrrr/watchtower
image: nickfedor/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env_file:
@ -244,15 +247,15 @@ You can then copy this file from the container (a message with the full command
To receive notifications by email, the following command-line options, or their corresponding environment variables, can be set:
- `--notification-email-from` (env. `WATCHTOWER_NOTIFICATION_EMAIL_FROM`): The e-mail address from which notifications will be sent.
- `--notification-email-to` (env. `WATCHTOWER_NOTIFICATION_EMAIL_TO`): The e-mail address to which notifications will be sent.
- `--notification-email-server` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER`): The SMTP server to send e-mails through.
- `--notification-email-server-tls-skip-verify` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY`): Do not verify the TLS certificate of the mail server. This should be used only for testing.
- `--notification-email-server-port` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT`): The port used to connect to the SMTP server to send e-mails through. Defaults to `25`.
- `--notification-email-server-user` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER`): The username to authenticate with the SMTP server with.
- `--notification-email-server-password` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD`): The password to authenticate with the SMTP server with. Can also reference a file, in which case the contents of the file are used.
- `--notification-email-delay` (env. `WATCHTOWER_NOTIFICATION_EMAIL_DELAY`): Delay before sending notifications expressed in seconds.
- `--notification-email-subjecttag` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SUBJECTTAG`): Prefix to include in the subject tag. Useful when running multiple watchtowers. **NOTE:** This will affect all notification types.
- `--notification-email-from` (env. `WATCHTOWER_NOTIFICATION_EMAIL_FROM`): The e-mail address from which notifications will be sent.
- `--notification-email-to` (env. `WATCHTOWER_NOTIFICATION_EMAIL_TO`): The e-mail address to which notifications will be sent.
- `--notification-email-server` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER`): The SMTP server to send e-mails through.
- `--notification-email-server-tls-skip-verify` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY`): Do not verify the TLS certificate of the mail server. This should be used only for testing.
- `--notification-email-server-port` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT`): The port used to connect to the SMTP server to send e-mails through. Defaults to `25`.
- `--notification-email-server-user` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER`): The username to authenticate with the SMTP server with.
- `--notification-email-server-password` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD`): The password to authenticate with the SMTP server with. Can also reference a file, in which case the contents of the file are used.
- `--notification-email-delay` (env. `WATCHTOWER_NOTIFICATION_EMAIL_DELAY`): Delay before sending notifications expressed in seconds.
- `--notification-email-subjecttag` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SUBJECTTAG`): Prefix to include in the subject tag. Useful when running multiple watchtowers. **NOTE:** This will affect all notification types.
Example:
@ -268,7 +271,7 @@ docker run -d \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=fromaddress@gmail.com \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=app_password \
-e WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2 \
containrrr/watchtower
nickfedor/watchtower
```
The previous example assumes, that you already have an SMTP server up and running you can connect to. If you don't or you want to bring up watchtower with your own simple SMTP relay the following `docker-compose.yml` might be a good start for you.
@ -281,7 +284,7 @@ Example including an SMTP relay:
version: '3.8'
services:
watchtower:
image: containrrr/watchtower:latest
image: nickfedor/watchtower:latest
container_name: watchtower
environment:
WATCHTOWER_MONITOR_ONLY: 'true'
@ -331,7 +334,7 @@ By default, watchtower will send messages under the name `watchtower`, you can c
Other, optional, variables include:
- `--notification-slack-channel` (env. `WATCHTOWER_NOTIFICATION_SLACK_CHANNEL`): A string which overrides the webhook's default channel. Example: #my-custom-channel.
- `--notification-slack-channel` (env. `WATCHTOWER_NOTIFICATION_SLACK_CHANNEL`): A string which overrides the webhook's default channel. Example: #my-custom-channel.
Example:
@ -343,7 +346,7 @@ docker run -d \
-e WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL="https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy" \
-e WATCHTOWER_NOTIFICATION_SLACK_IDENTIFIER=watchtower-server-1 \
-e WATCHTOWER_NOTIFICATION_SLACK_CHANNEL=#my-custom-channel \
containrrr/watchtower
nickfedor/watchtower
```
### Microsoft Teams
@ -363,7 +366,7 @@ docker run -d \
-e WATCHTOWER_NOTIFICATIONS=msteams \
-e WATCHTOWER_NOTIFICATION_MSTEAMS_HOOK_URL="https://outlook.office.com/webhook/xxxxxxxx@xxxxxxx/IncomingWebhook/yyyyyyyy/zzzzzzzzzz" \
-e WATCHTOWER_NOTIFICATION_MSTEAMS_USE_LOG_DATA=true \
containrrr/watchtower
nickfedor/watchtower
```
### Gotify
@ -377,10 +380,9 @@ docker run -d \
-e WATCHTOWER_NOTIFICATIONS=gotify \
-e WATCHTOWER_NOTIFICATION_GOTIFY_URL="https://my.gotify.tld/" \
-e WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN="SuperSecretToken" \
containrrr/watchtower
nickfedor/watchtower
```
`-e WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN` or `--notification-gotify-token` can also reference a file, in which case the contents of the file are used.
If you want to disable TLS verification for the Gotify instance, you can use either `-e WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true` or `--notification-gotify-tls-skip-verify`.

46
docs/private-registries.md
View file

@ -1,14 +1,15 @@
Watchtower supports private Docker image registries. In many cases, accessing a private registry
requires a valid username and password (i.e., _credentials_). In order to operate in such an
environment, watchtower needs to know the credentials to access the registry.
environment, watchtower needs to know the credentials to access the registry.
The credentials can be provided to watchtower in a configuration file called `config.json`.
There are two ways to generate this configuration file:
* The configuration file can be created manually.
* Call `docker login <REGISTRY_NAME>` and share the resulting configuration file.
* The configuration file can be created manually.
* Call `docker login <REGISTRY_NAME>` and share the resulting configuration file.
### Create the configuration file manually
Create a new configuration file with the following syntax and a base64 encoded username and
password `auth` string:
@ -31,7 +32,7 @@ password `auth` string:
In this special case, the registry domain does not have to be specified
in `docker run` or `docker-compose`. Like Docker, Watchtower will use the
Docker Hub registry and its credentials when no registry domain is specified.
<sub>Watchtower will recognize credentials with `<REGISTRY_NAME>` `index.docker.io`,
but the Docker CLI will not.</sub>
@ -40,7 +41,7 @@ password `auth` string:
in both `config.json` and the `docker run` command or `docker-compose` file.
Valid hosts are `localhost[:PORT]`, `HOST:PORT`,
or any multi-part `domain.name` or IP-address with or without a port.
Examples:
* `localhost` -> `localhost/myimage`
* `127.0.0.1` -> `127.0.0.1/myimage:mytag`
@ -63,7 +64,7 @@ When the watchtower Docker container is started, the created configuration file
(`<PATH>/config.json` in this example) needs to be passed to the container:
```bash
docker run [...] -v <PATH>/config.json:/config.json containrrr/watchtower
docker run [...] -v <PATH>/config.json:/config.json nickfedor/watchtower
```
### Share the Docker configuration file
@ -76,7 +77,7 @@ additional configuration file is not necessary.
When the Docker container is started, pass the configuration file to watchtower:
```bash
docker run [...] -v <PATH_TO_HOME_DIR>/.docker/config.json:/config.json containrrr/watchtower
docker run [...] -v <PATH_TO_HOME_DIR>/.docker/config.json:/config.json nickfedor/watchtower
```
When creating the watchtower container via docker-compose, use the following lines:
@ -85,7 +86,7 @@ When creating the watchtower container via docker-compose, use the following lin
version: "3.4"
services:
watchtower:
image: containrrr/watchtower:latest
image: nickfedor/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- <PATH_TO_HOME_DIR>/.docker/config.json:/config.json
@ -93,6 +94,7 @@ services:
```
#### Docker Config path
By default, watchtower will look for the `config.json` file in `/`, but this can be changed by setting the `DOCKER_CONFIG` environment variable to the directory path where your config is located. This is useful for setups where the config.json file is changed while the watchtower instance is running, as the changes will not be picked up for a mounted file if the inode changes.
Example usage:
@ -101,7 +103,7 @@ version: "3.4"
services:
watchtower:
image: containrrr/watchtower
image: nickfedor/watchtower
environment:
DOCKER_CONFIG: /config
volumes:
@ -110,6 +112,7 @@ services:
```
## Credential helpers
Some private Docker registries (the most prominent probably being AWS ECR) use non-standard ways of authentication.
To be able to use this together with watchtower, we need to use a credential helper.
@ -117,14 +120,16 @@ To keep the image size small we've decided to not include any helpers in the wat
helper in a separate container and mount it using volumes.
### Example
Example implementation for use with [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper):
Use the dockerfile below to build the [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper),
in a volume that may be mounted onto your watchtower container.
1. Create the Dockerfile (contents below):
1. Create the Dockerfile (contents below):
```Dockerfile
FROM golang:1.17
FROM golang:1.20
ENV GO111MODULE off
ENV CGO_ENABLED 0
@ -141,7 +146,8 @@ in a volume that may be mounted onto your watchtower container.
WORKDIR /go/bin/
```
2. Use the following commands to build the aws-ecr-dock-cred-helper and store it's output in a volume:
2. Use the following commands to build the aws-ecr-dock-cred-helper and store it's output in a volume:
```bash
# Create a volume to store the command (once built)
docker volume create helper
@ -154,8 +160,9 @@ in a volume that may be mounted onto your watchtower container.
--volume helper:/go/bin aws-ecr-dock-cred-helper
```
3. Create a configuration file for docker, and store it in $HOME/.docker/config.json (replace the <AWS_ACCOUNT_ID>
3. Create a configuration file for docker, and store it in $HOME/.docker/config.json (replace the <AWS_ACCOUNT_ID>
placeholders with your AWS Account ID and <AWS_ECR_REGION> with your AWS ECR Region):
```json
{
"credsStore" : "ecr-login",
@ -171,14 +178,15 @@ in a volume that may be mounted onto your watchtower container.
}
```
4. Create a docker-compose file (as an example) to help launch the container:
4. Create a docker-compose file (as an example) to help launch the container:
```yaml
version: "3.4"
services:
# Check for new images and restart things if a new image exists
# for any of our containers.
watchtower:
image: containrrr/watchtower:latest
image: nickfedor/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- .docker/config.json:/config.json
@ -194,14 +202,14 @@ in a volume that may be mounted onto your watchtower container.
A few additional notes:
1. With docker-compose the volume (helper, in this case) MUST be set to `external: true`, otherwise docker-compose
1. With docker-compose the volume (helper, in this case) MUST be set to `external: true`, otherwise docker-compose
will preface it with the directory name.
2. Note that "credsStore" : "ecr-login" is needed - and in theory if you have that you can remove the
2. Note that "credsStore" : "ecr-login" is needed - and in theory if you have that you can remove the
credHelpers section
3. I have this running on an EC2 instance that has credentials assigned to it - so no keys are needed; however,
3. I have this running on an EC2 instance that has credentials assigned to it - so no keys are needed; however,
you may need to include the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables as well.
4. An alternative to adding the various variables is to create a ~/.aws/config and ~/.aws/credentials files and
4. An alternative to adding the various variables is to create a ~/.aws/config and ~/.aws/credentials files and
place the settings there, then mount the ~/.aws directory to / in the container.

4
docs/remote-hosts.md
View file

@ -3,7 +3,7 @@ By default, watchtower is set-up to monitor the local Docker daemon (the same da
```bash
docker run -d \
--name watchtower \
containrrr/watchtower --host "tcp://10.0.1.2:2375"
nickfedor/watchtower --host "tcp://10.0.1.2:2375"
```
or
@ -12,7 +12,7 @@ or
docker run -d \
--name watchtower \
-e DOCKER_HOST="tcp://10.0.1.2:2375" \
containrrr/watchtower
nickfedor/watchtower
```
Note in both of the examples above that it is unnecessary to mount the _/var/run/docker.sock_ into the watchtower container.

42
docs/running-multiple-instances.md
View file

@ -1,10 +1,11 @@
By default, Watchtower will clean up other instances and won't allow multiple instances running on the same Docker host or swarm. It is possible to override this behavior by defining a [scope](https://containrrr.github.io/watchtower/arguments/#filter_by_scope) to each running instance.
By default, Watchtower will clean up other instances and won't allow multiple instances running on the same Docker host or swarm. It is possible to override this behavior by defining a [scope](https://containrrr.github.io/watchtower/arguments/#filter_by_scope) to each running instance.
Notice that:
- Multiple instances can't run with the same scope;
- An instance without a scope will clean up other running instances, even if they have a defined scope;
!!! note
- Multiple instances can't run with the same scope;
- An instance without a scope will clean up other running instances, even if they have a defined scope;
- Supplying `none` as the scope will treat `com.centurylinklabs.watchtower.scope=none`, `com.centurylinklabs.watchtower.scope=` and the lack of a `com.centurylinklabs.watchtower.scope` label as the scope `none`. This effectly enables you to run both scoped and unscoped watchtower instances on the same machine.
To define an instance monitoring scope, use the `--scope` argument or the `WATCHTOWER_SCOPE` environment variable on startup and set the _com.centurylinklabs.watchtower.scope_ label with the same value for the containers you want to include in this instance's scope (including the instance itself).
To define an instance monitoring scope, use the `--scope` argument or the `WATCHTOWER_SCOPE` environment variable on startup and set the `com.centurylinklabs.watchtower.scope` label with the same value for the containers you want to include in this instance's scope (including the instance itself).
For example, in a Docker Compose config file:
@ -12,16 +13,29 @@ For example, in a Docker Compose config file:
version: '3'
services:
app-monitored-by-watchtower:
app-with-scope:
image: myapps/monitored-by-watchtower
labels:
- "com.centurylinklabs.watchtower.scope=myscope"
labels: [ "com.centurylinklabs.watchtower.scope=myscope" ]
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
scoped-watchtower:
image: nickfedor/watchtower
volumes: [ "/var/run/docker.sock:/var/run/docker.sock" ]
command: --interval 30 --scope myscope
labels:
- "com.centurylinklabs.watchtower.scope=myscope"
labels: [ "com.centurylinklabs.watchtower.scope=myscope" ]
unscoped-app-a:
image: myapps/app-a
unscoped-app-b:
image: myapps/app-b
labels: [ "com.centurylinklabs.watchtower.scope=none" ]
unscoped-app-c:
image: myapps/app-b
labels: [ "com.centurylinklabs.watchtower.scope=" ]
unscoped-watchtower:
image: nickfedor/watchtower
volumes: [ "/var/run/docker.sock:/var/run/docker.sock" ]
command: --interval 30 --scope none
```

2
docs/secure-connections.md
View file

@ -10,5 +10,5 @@ docker run -d \
-e DOCKER_HOST=$DOCKER_HOST \
-e DOCKER_CERT_PATH=/etc/ssl/docker \
-v $DOCKER_CERT_PATH:/etc/ssl/docker \
containrrr/watchtower --tlsverify
nickfedor/watchtower --tlsverify
```

56
docs/template-preview.md
View file

@ -40,7 +40,7 @@
}
#tplprev button {
border-radius: 0.1rem;
color: var(--md-typeset-color);
color: var(--md-primary-bg-color);
background-color: var(--md-primary-fg-color);
flex:1;
min-width: 12ch;
@ -78,6 +78,8 @@
flex:1;
width:100%
}
#result b {color: var(--md-code-hl-special-color)}
#result i {color: var(--md-code-hl-keyword-color)}
#tplprev .loading {
position: absolute;
inset: 0;
@ -90,12 +92,14 @@
</style>
<script src="../assets/wasm_exec.js"></script>
<script>
let wasmLoaded = false;
const updatePreview = () => {
if (!wasmLoaded) return;
const form = document.querySelector('#tplprev');
const input = form.template.value;
console.log('Input: %o', input);
const arrFromCount = (key) => Array.from(Array(form[key]?.valueAsNumber ?? 0), () => key);
const states = form.enablereport.checked ? [
const states = form.report.value === "yes" ? [
...arrFromCount("skipped"),
...arrFromCount("scanned"),
...arrFromCount("updated"),
@ -104,7 +108,7 @@
...arrFromCount("stale" ),
] : [];
console.log("States: %o", states);
const levels = form.enablelog.checked ? [
const levels = form.log.value === "yes" ? [
...arrFromCount("error"),
...arrFromCount("warning"),
...arrFromCount("info"),
@ -113,15 +117,17 @@
console.log("Levels: %o", levels);
const output = WATCHTOWER.tplprev(input, states, levels);
console.log('Output: \n%o', output);
if (output.length) {
if (output.startsWith('Error: ')) {
document.querySelector('#result').innerHTML = `<b>Error</b>: ${output.substring(7)}`;
} else if (output.length) {
document.querySelector('#result').innerText = output;
} else {
document.querySelector('#result').innerHTML = '<i>empty (would not be sent as a notification)</i>';
}
}
const formSubmitted = (e) => {
e.preventDefault();
updatePreview();
//e.preventDefault();
//updatePreview();
}
let debounce;
const inputUpdated = () => {
@ -130,18 +136,24 @@
}
const formChanged = (e) => {
console.log('form changed: %o', e);
const targetToggle = e.target.dataset['toggle'];
if (targetToggle) {
e.target.form[targetToggle].value = e.target.checked ? "yes" : "no";
}
updatePreview()
}
const go = new Go();
WebAssembly.instantiateStreaming(fetch("../assets/tplprev.wasm"), go.importObject).then((result) => {
document.querySelector('#tplprev .loading').style.display = "none";
go.run(result.instance);
document.querySelector('#tplprev .loading').style.display = "none";
wasmLoaded = true;
updatePreview();
});
</script>
<form id="tplprev" onchange="updatePreview()" onsubmit="formSubmitted(event)">
<form id="tplprev" onchange="formChanged(event)" onsubmit="formSubmitted(event)">
<pre class="loading">loading wasm...</pre>
<div class="template-wrapper">
<textarea name="template" type="text" style="flex: 1" onkeyup="inputUpdated()">{{- with .Report -}}
<textarea name="template" type="text" onkeyup="inputUpdated()">{{- with .Report -}}
{{- if ( or .Updated .Failed ) -}}
{{len .Scanned}} Scanned, {{len .Updated}} Updated, {{len .Failed}} Failed
{{- range .Updated}}
@ -166,7 +178,8 @@ Logs:
</div>
<div class="controls">
<fieldset>
<legend><label><input type="checkbox" name="enablereport" checked /> Container report</label></legend>
<input type="hidden" name="report" value="yes" />
<legend><label><input type="checkbox" data-toggle="report" checked /> Container report</label></legend>
<label class="numfield">
Skipped:
<input type="number" name="skipped" value="3" />
@ -193,7 +206,8 @@ Logs:
</label>
</fieldset>
<fieldset>
<legend><label><input type="checkbox" name="enablelog" checked /> Log entries</label></legend>
<input type="hidden" name="log" value="yes" />
<legend><label><input type="checkbox" data-toggle="log" checked /> Log entries</label></legend>
<label class="numfield">
Error:
<input type="number" name="error" value="1" />
@ -216,4 +230,22 @@ Logs:
<div style="result-wrapper">
<pre id="result"></pre>
</div>
</form>
</form>
<script>
const loadQueryVals = () => {
const form = document.querySelector('#tplprev');
const params = new URLSearchParams(location.search);
for(const [key, value] of params){
form[key].value = value;
const toggleInput = form.querySelector(`[data-toggle="${key}"]`);
if (toggleInput) {
toggleInput.checked = value === "yes";
}
}
}
if (document.readyState === "loading") {
document.addEventListener("DOMContentLoaded", loadQueryVals());
} else {
loadQueryVals();
}
</script>

4
docs/updating.md
View file

@ -1,6 +1,6 @@
## Updating Watchtower
If watchtower is monitoring the same Docker daemon under which the watchtower container itself is running (i.e. if you
If watchtower is monitoring the same Docker daemon under which the watchtower container itself is running (i.e. if you
volume-mounted `/var/run/docker.sock` into the watchtower container) then it has the ability to update itself.
If a new version of the `containrrr/watchtower` image is pushed to the Docker Hub, your watchtower will pull down the
If a new version of the `nickfedor/watchtower` image is pushed to the Docker Hub, your watchtower will pull down the
new image and restart itself automatically.

12
docs/usage-overview.md
View file

@ -1,4 +1,4 @@
Watchtower is itself packaged as a Docker container so installation is as simple as pulling the `containrrr/watchtower` image. If you are using ARM based architecture, pull the appropriate `containrrr/watchtower:armhf-<tag>` image from the [containrrr Docker Hub](https://hub.docker.com/r/containrrr/watchtower/tags/).
Watchtower is itself packaged as a Docker container so installation is as simple as pulling the `nickfedor/watchtower` image. If you are using ARM based architecture, pull the appropriate `nickfedor/watchtower:armhf-<tag>` image from the [containrrr Docker Hub](https://hub.docker.com/r/nickfedor/watchtower/tags/).
Since the watchtower code needs to interact with the Docker API in order to monitor the running containers, you need to mount _/var/run/docker.sock_ into the container with the `-v` flag when you run it.
@ -8,7 +8,7 @@ Run the `watchtower` container with the following command:
docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower
nickfedor/watchtower
```
If pulling images from private Docker registries, supply registry authentication credentials with the environment variables `REPO_USER` and `REPO_PASS`
@ -22,7 +22,7 @@ docker run -d \
-e REPO_USER=username \
-e REPO_PASS=password \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower container_to_watch --debug
nickfedor/watchtower container_to_watch --debug
```
Also check out [this Stack Overflow answer](https://stackoverflow.com/a/30494145/7872793) for more options on how to pass environment variables.
@ -34,7 +34,7 @@ docker run -d \
--name watchtower \
-v $HOME/.docker/config.json:/config.json \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower container_to_watch --debug
nickfedor/watchtower container_to_watch --debug
```
!!! note "Changes to config.json while running"
@ -42,7 +42,7 @@ docker run -d \
running container. Mounting files into the Docker daemon uses bind mounts, which are based on inodes. Most
applications (including `docker login` and `vim`) will not directly edit the file, but instead make a copy and replace
the original file, which results in a new inode which in turn _breaks_ the bind mount.
**As a workaround**, you can create a symlink to your `config.json` file and then mount the symlink in the container.
**As a workaround**, you can create a symlink to your `config.json` file and then mount the symlink in the container.
The symlinked file will always have the same inode, which keeps the bind mount intact and will ensure changes
to the original file are propagated to the running container (regardless of the inode of the source file!).
@ -60,7 +60,7 @@ services:
- "443:3443"
- "80:3080"
watchtower:
image: containrrr/watchtower
image: nickfedor/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/.docker/config.json:/config.json