Docker is a containerization tool used for packaging, distributing, and running applications in lightweight containers. However, manually updating containers across multiple environments can lead to productivity loss, security vulnerabilities, and frustration.
Enter Watchtower, an ingenious tool that automates container updates silently in the background. Acting as a vigilant sentry, Watchtower monitors and seamlessly updates containers with fresh images, ensuring your applications run on the latest code.
Watchtower: Your Automated Update Guardian
Watchtower is an open-source application, functioning as a Docker image, seamlessly integrating into your setup for automated container updates.
- Monitoring: Constantly watches containers for image version changes.
- Detecting Updates: Prompts alerts on new container image versions to prevent outdated releases.
- Updating Containers: Swiftly fetches and updates containers with fresh images, ensuring code stays current.
Embrace Watchtower for reduced overhead, increased security, and improved stability:
- Reduced Overhead: Eliminate tedious manual updates and focus on building instead.
- Increased Security: Patches vulnerabilities by ensuring containers run on the latest versions.
- Improved Stability: Ensures applications benefit from performance optimizations and bug fixes.
Getting Started with Watchtower: Embrace the Automation
docker stop <container_name>
docker rm <container_name>
docker pull <container_image>
docker run <container_name>
Manually updating numerous Docker images becomes challenging. Install Watchtower as a Docker container:
docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower
Alternatively, add to your docker-compose.yml
:
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
The Watchtower container is now initiated and actively monitoring all host containers for Docker image updates, including itself.
Option B: Docker Compose
Checking Logs
Inspect Watchtower container actions in logs with docker logs watchtower
command.
Allow Sufficient Time for Information Accumulation
Depending on the configured checking interval, ensure ample time for information accumulation.
Changing the Polling Interval
The default check period for new Docker images is 86400 seconds (24 hours). Watchtower provides two options for polling frequency: “WATCHTOWER_POLL_INTERVAL” and “WATCHTOWER_SCHEDULE.”
Set a default interval of 12 hours (42200 seconds) using the Docker command:
docker run -d \
--name watchtower \
-e WATCHTOWER_POLL_INTERVAL=42200 \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower
Or use Docker Compose:
version: "3"
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
WATCHTOWER_POLL_INTERVAL: 42200
Alternatively, employ “WATCHTOWER_SCHEDULE” for daily 12 AM checks:
docker run -d \
--name watchtower \
-e WATCHTOWER_SCHEDULE="0 0 0 * * *" \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower
Or with Docker Compose:
version: "3"
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
WATCHTOWER_SCHEDULE: "0 0 0 * * *"
Remove Outdated Docker Images
Prevent accumulation of old Docker images by setting “WATCHTOWER_CLEANUP” to “true” in the Docker command:
docker run -d \
--name watchtower \
-e WATCHTOWER_CLEANUP=true \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower
Or with Docker Compose:
version: "3"
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
WATCHTOWER_CLEANUP: true
Specify Containers for Exclusion or Inclusion
By default, Watchtower monitors all containers. Specify automatic updates by setting “com.centurylinklabs.watchtower.enable” label to “true” for selected containers:
docker run -d --label=com.centurylinklabs.watchtower.enable=true someimage
Initiate Watchtower with “WATCHTOWER_LABEL_ENABLE” set to “true”:
docker run -d \
--name watchtower \
-e WATCHTOWER_LABEL_ENABLE=true \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower
To exclude specific containers, label them with “com.centurylinklabs.watchtower.enable=false” and run Watchtower without “WATCHTOWER_LABEL_ENABLE”:
For Docker Compose:
version: "3"
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
WATCHTOWER_LABEL_ENABLE: true
Monitoring Watchtower’s Activities
Balance automatic Docker image updates with vigilant monitoring. Regularly check Watchtower logs with “docker logs watchtower,” or configure email notifications:
docker run -d --name watchtower \
-e WATCHTOWER_NOTIFICATIONS=email \
-e WATCHTOWER_NOTIFICATIONS_HOSTNAME="Lab1 Server" \
-e WATCHTOWER_NOTIFICATION_EMAIL_FROM=enteryouradresss@yourdomain.com \
-e WATCHTOWER_NOTIFICATION_EMAIL_TO=enteryouradress@yourdomain.com \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.yourdomain.com \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587 \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=enteryouradress@yourdomain.com \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=setyourpassword \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower
Or with Docker Compose:
version: "3"
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
WATCHTOWER_NOTIFICATIONS: email
WATCHTOWER_NOTIFICATIONS_HOSTNAME: "Lab1 Server"
WATCHTOWER_NOTIFICATION_EMAIL_FROM: enteryouradress@yourdomain.com
WATCHTOWER_NOTIFICATION_EMAIL_TO: enteryouradress@yourdomain.com
WATCHTOWER_NOTIFICATION_EMAIL_SERVER: mail.yourdomain.com
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: 587
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: enteryouradress@yourdomain.com
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: setyourpassword
Goodbye Tedious Work, Hello Automation!
We’ve reached the end of this guide. Explore Watchtower’s magic and learn to unleash its power on your Docker containers. Recap the incredible value it offers:
- Updates Made Easy: Watchtower handles tasks, saving time for bigger challenges.
- Security Boost: Keeps containers updated, patching vulnerabilities for system and data safety.
- Stability Improvement: Ensures applications benefit from optimizations, reducing hiccups.
- Peace of Mind: Stay confident with Watchtower’s vigilant monitoring, freeing you to build amazing things.
Explore in-depth on the project’s website or on GitHub.
We hope this guide was helpful. Any comments or suggestions are welcome.
P.S: Docker Desktop users can use the Watchtower Docker extension for even greater convenience. This official extension integrates Watchtower directly into the Docker interface, allowing you to monitor, configure, and trigger container updates with ease. Check it out on GitHub.