Home Docker How To Automatically Update Running Docker Containers Using Watchtower

How To Automatically Update Running Docker Containers Using Watchtower

Automating Docker container base image updates using Watchtower

By sk
5.9K views

Keeping the Docker containers up-to-date is one of the important job of a DevOps engineer. Manually updating Docker containers is a quite time consuming task. This guide explains what is Watchtower, how to install Watchtower, and how to automatically update running Docker containers using Watchtower in Linux.

What Is Watchtower?

Watchtower is a free, open source application that allows you to monitor the running Docker containers and updates them automatically when it finds any changes in their base images.

When watchtower finds if a running container needs to be updated, it will gracefully stop the running container by sending it a SIGTERM signal.

It will then download the new image, and finally restart the Container with the same options that were used when it was deployed initially. Everything will be done automatically on the background, so the user intervention is not required. I

n this guide, we will see how to automatically update running Docker containers using Watchtower in Unix-like operating systems.

I tested this guide in CentOS and Ubuntu system, however the procedure is same for all Linux distributions.

Install Watchtower In Linux

Watchtower itself is available as a Docker image. So, deploying it is not a big deal. Install Docker on your Linux box, and start running Watchtower to monitor the Docker containers in no time.

Refer the following guides to install Docker on RPM-based and DEB-based systems.

Once Docker installed, you can deploy the Watchtower container using the following command as root user:

# docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower

If you have installed Docker Desktop, run the Watchtower container as normal user.

$ docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower

This command will pull the latest image of watchtower, and start watchtower container.

Sample output:

Unable to find image 'containrrr/watchtower:latest' locally
latest: Pulling from containrrr/watchtower
1045b2f97fda: Pull complete 
35a104a262d3: Pull complete 
1a0671483169: Pull complete 
Digest: sha256:bbf9794a691b59ed2ed3089fec53844f14ada249ee5e372ff0e595b73f4e9ab3
Status: Downloaded newer image for containrrr/watchtower:latest
91c104ef0e9896e8cd5ff30d9f13e728dbfad66443830ec2ac85dde6d7d37564
Run Watchtower Docker Container
Run Watchtower Docker Container

Automatically Update Running Docker Containers Using Watchtower

Watchtower has now started with other running containers on your system. You can view the list of running Docker containers using command:

$ docker ps

Sample output:

CONTAINER ID   IMAGE                       COMMAND                  CREATED          STATUS          PORTS                                         NAMES
91c104ef0e98   containrrr/watchtower       "/watchtower"            14 minutes ago   Up 14 minutes   8080/tcp                                      watchtower
f90b462b0712   bitnami/wordpress-nginx:6   "/opt/bitnami/script…"   19 minutes ago   Up 19 minutes   0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp   ostechnix-wordpress-1

As you see in the above output, Watchtower container is running along with another container named "ostechnix-wordpress-1". From now on, Watchtower will start watching this container every few minutes.

If it finds any changes in the this container's base image, it will gracefully shutdown the "ostechnix-wordpress-1" container, and restart it with new image with same options that were used when it was started initially.

Similarly, it will automatically check for updates for all running containers every few minutes, and updates them automatically.

How Does Watchtower Update Multiple-linked Containers?

Watchtower is smart enough when it comes to monitoring multiple linked containers.

Let us say we are running two containers now.

$ docker ps

Sample output:

CONTAINER ID   IMAGE                       COMMAND                  CREATED          STATUS          PORTS                                         NAMES
91c104ef0e98   containrrr/watchtower       "/watchtower"            14 minutes ago   Up 14 minutes   8080/tcp                                      watchtower
f90b462b0712   bitnami/wordpress-nginx:6   "/opt/bitnami/script…"   19 minutes ago   Up 19 minutes   0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp   ostechnix-wordpress-1
a895f082438a   bitnami/mariadb:10.6        "/opt/bitnami/script…"   20 minutes ago   Up 19 minutes   3306/tcp                                      ostechnix-mariadb-1
View Running Docker Containers
View Running Docker Containers

As you see in the above output, we are running two containers i.e. "ostechnix-wordpress-1" and "ostechnix-mariadb-1". The mariadb container is linked to wordpress container.

If Watchtower finds an update for "wordpress" container, it will first shutdown the linked container i.e "mariadb", and then stop the wordpress container.

After updating the wordpress container, Watchtower will restart both containers in correct order with the same options that were used when they were deployed initially, so that the application comes back up correctly. In our case, the mariadb container will be started first, followed by wordpress container to ensure that the link continued to work.

Monitor A Specific Container

By default, Watchtower will monitor all Docker containers running within the Docker daemon to which it is pointed.

However, you can limit watchtower to monitor a particular Docker container by specifying the container's name as shown below.

$ docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower ostechnix-wordpress-1

In the above example, watchtower will only monitor the container named "ostechnix-wordpress-1" for updates, and other running containers will be ignored.

If you don't specify any arguments, then watchtower will monitor all running Docker Containers as usual.

Sending Notifications

You may want to receive a notification whenever the containers are updated. You can send notifications via Email, Slack, MSTeams, and Gotify etc.

The following example shows how to send notification via Email. I assume you already have setup SMTP server.

docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e WATCHTOWER_NOTIFICATIONS=email \
  -e WATCHTOWER_NOTIFICATION_EMAIL_FROM=fromaddress@gmail.com \
  -e WATCHTOWER_NOTIFICATION_EMAIL_TO=toaddress@gmail.com \
  -e WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.gmail.com \
  -e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587 \
  -e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=fromaddress@gmail.com \
  -e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=app_password \
  -e WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2 \
  containrrr/watchtower

For more details, refer the Watchtower GitHub repository and Watchtower official website links provided below.

Resources:

Recommended Download - Free eBook: "Docker Containerization Cookbook"

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More