How To Automatically Update Docker Containers With Watchtower

Docker is a containerization tool used for packaging, distributing, and running applications in lightweight containers. However, manually updating containers across multiple environments can lead to productivity loss, security vulnerabilities, and frustration.

Enter Watchtower, an ingenious tool that automates container updates silently in the background. Acting as a vigilant sentry, Watchtower monitors and seamlessly updates containers with fresh images, ensuring your applications run on the latest code.

Watchtower: Your Automated Update Guardian

Watchtower is an open-source application, functioning as a Docker image, seamlessly integrating into your setup for automated container updates.

• Monitoring: Constantly watches containers for image version changes.
• Detecting Updates: Prompts alerts on new container image versions to prevent outdated releases.
• Updating Containers: Swiftly fetches and updates containers with fresh images, ensuring code stays current.

Embrace Watchtower for reduced overhead, increased security, and improved stability:

• Reduced Overhead: Eliminate tedious manual updates and focus on building instead.
• Increased Security: Patches vulnerabilities by ensuring containers run on the latest versions.
• Improved Stability: Ensures applications benefit from performance optimizations and bug fixes.

Getting Started with Watchtower: Embrace the Automation

docker stop <container_name>
docker rm <container_name>
docker pull <container_image>
docker run <container_name>

Manually updating numerous Docker images becomes challenging. Install Watchtower as a Docker container:

docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower

Alternatively, add to your docker-compose.yml:

services:
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

The Watchtower container is now initiated and actively monitoring all host containers for Docker image updates, including itself.

Option B: Docker Compose

Checking Logs

Inspect Watchtower container actions in logs with docker logs watchtower command.

Allow Sufficient Time for Information Accumulation

Depending on the configured checking interval, ensure ample time for information accumulation.

Changing the Polling Interval

The default check period for new Docker images is 86400 seconds (24 hours). Watchtower provides two options for polling frequency: “WATCHTOWER_POLL_INTERVAL” and “WATCHTOWER_SCHEDULE.”

Set a default interval of 12 hours (42200 seconds) using the Docker command:

docker run -d \
  --name watchtower \
  -e WATCHTOWER_POLL_INTERVAL=42200 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower

Or use Docker Compose:

version: "3"
services:
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      WATCHTOWER_POLL_INTERVAL: 42200

Alternatively, employ “WATCHTOWER_SCHEDULE” for daily 12 AM checks:

docker run -d \
  --name watchtower \
  -e WATCHTOWER_SCHEDULE="0 0 0 * * *" \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower

Or with Docker Compose:

version: "3"
services:
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      WATCHTOWER_SCHEDULE: "0 0 0 * * *"

Remove Outdated Docker Images

Prevent accumulation of old Docker images by setting “WATCHTOWER_CLEANUP” to “true” in the Docker command:

docker run -d \
  --name watchtower \
  -e WATCHTOWER_CLEANUP=true \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower

Or with Docker Compose:

version: "3"
services:
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      WATCHTOWER_CLEANUP: true

Specify Containers for Exclusion or Inclusion

By default, Watchtower monitors all containers. Specify automatic updates by setting “com.centurylinklabs.watchtower.enable” label to “true” for selected containers:

docker run -d --label=com.centurylinklabs.watchtower.enable=true someimage

Initiate Watchtower with “WATCHTOWER_LABEL_ENABLE” set to “true”:

docker run -d \
  --name watchtower \
  -e WATCHTOWER_LABEL_ENABLE=true \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower

To exclude specific containers, label them with “com.centurylinklabs.watchtower.enable=false” and run Watchtower without “WATCHTOWER_LABEL_ENABLE”:

For Docker Compose:

version: "3"
services:
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      WATCHTOWER_LABEL_ENABLE: true

Monitoring Watchtower’s Activities

Balance automatic Docker image updates with vigilant monitoring. Regularly check Watchtower logs with “docker logs watchtower,” or configure email notifications:

docker run -d --name watchtower \
    -e WATCHTOWER_NOTIFICATIONS=email \
    -e WATCHTOWER_NOTIFICATIONS_HOSTNAME="Lab1 Server" \
    -e WATCHTOWER_NOTIFICATION_EMAIL_FROM=enteryouradresss@yourdomain.com \
    -e WATCHTOWER_NOTIFICATION_EMAIL_TO=enteryouradress@yourdomain.com \
    -e WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.yourdomain.com \
    -e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587 \
    -e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=enteryouradress@yourdomain.com \
    -e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=setyourpassword \
    -v /var/run/docker.sock:/var/run/docker.sock \
    containrrr/watchtower

Or with Docker Compose:

version: "3"
services:
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      WATCHTOWER_NOTIFICATIONS: email
      WATCHTOWER_NOTIFICATIONS_HOSTNAME: "Lab1 Server"
      WATCHTOWER_NOTIFICATION_EMAIL_FROM: enteryouradress@yourdomain.com
      WATCHTOWER_NOTIFICATION_EMAIL_TO: enteryouradress@yourdomain.com
      WATCHTOWER_NOTIFICATION_EMAIL_SERVER: mail.yourdomain.com
      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: 587
      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: enteryouradress@yourdomain.com
      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: setyourpassword

Goodbye Tedious Work, Hello Automation!

We’ve reached the end of this guide. Explore Watchtower’s magic and learn to unleash its power on your Docker containers. Recap the incredible value it offers:

• Updates Made Easy: Watchtower handles tasks, saving time for bigger challenges.
• Security Boost: Keeps containers updated, patching vulnerabilities for system and data safety.
• Stability Improvement: Ensures applications benefit from optimizations, reducing hiccups.
• Peace of Mind: Stay confident with Watchtower’s vigilant monitoring, freeing you to build amazing things.

Explore in-depth on the project’s website or on GitHub.

We hope this guide was helpful. Any comments or suggestions are welcome.

P.S: Docker Desktop users can use the Watchtower Docker extension for even greater convenience. This official extension integrates Watchtower directly into the Docker interface, allowing you to monitor, configure, and trigger container updates with ease. Check it out on GitHub.

Resources

• Watchtower Project
• Watch