Keeping your docker containers updated with Watchtower
Who needs this?⌗
I for one have found myself guilty of neglecting my containers once they’re up and running. Not only am I missing out on critical security patches, but many quality of life improvements made to my programs since I initially set them up.
However I didn’t want to cause downtime for my users by updating during peak usage hours, or even break something by doing something sloppily.
That’s where Watchtower comes in. Watchtower constantly checks docker containers for updates to their image. What it does next is up to you. By default, it will stop, update, and restart the containers. It can also be set to simply download the image and notify you.
Setting it up⌗
This is one of the most painless setups I’ve experienced. This
docker-compose file contains everything I used to get it working.,
version: '3' services: watchtower: image: containrrr/watchtower container_name: watchtower volumes: - /var/run/docker.sock:/var/run/docker.sock command: --schedule "0 0 3 * * ?"
You have to mount the
docker socket in order for Watchtower to be able see the other containers. I added an optional
--schedule command, which takes a
cron expression as its
input. Here I have Watchtower scheduled to do its business at 3am, a time when I expect little to no traffic.
Learn more about the configuration options here.
One great use case is if you’re working with your own docker images/registries, you can integrate watchtower into your CI/CD pipeline to have the newest image pulled into production as soon as it is deployed.