Automatic Container Updates – Watchtower Docker GitOps

18 thoughts on “Automatic Container Updates – Watchtower Docker GitOps”

• so my Server runs Unraid I have a plugin called CA Auto Update Applications it checks on a set time or day for updated dockers and plugins on my box and auto updates them and removes the old image of the docker, kind of does the same thing watchtower does. i love this plugin i don't have to do the checks 🙂

• That's very helpful, thx for the video! 👍

• Thanks for the video – good stuff. I decided to disable the schedule and just use the HTTP API and setup a button in HomeAssistant to update all the container when I want so I'm not caught off guard if an update goes bad.

• Watchtower is neat. That said, if you need to keep a small handful of application up to date, don't be afraid to roll your own solution! A shell script that compares the image digest before and after a `pull` is all you really need to get started.

• Updating containers was the reason I avoided docker. Now I have no excuse.

• I use Hotio's Pullio bash script. I put labels on anything i want updated. It runs daily and sends me a discord notification via notifiarr. I discovered this from Trash Guides and works quite well.

• Watchtower is great, but I do not let it run automatically. Run it weekly or so, observe behavior, I don't want to be surprised if it breaks something by grabbing a docker image that an upstream broke.

  Also, be aware, watchtower stops all, then restarts all. This means your containers are down for that interval. If you have linked containers, this is even worse, as they'll be turned down in some order, then brought back in some order, possibly with waits for health check successes, actual pulls (downloads), et al. (And it actually performs worse at times than you'd expect, many minutes of downtime when nothing seemingly would require it.)

  So I've taken to running two passes with watchtower, one that only specifically targets linked containers, and a second pass which specifically does any non-linked containers. This is done via some "interesting" docker inspect calls before calling watchtower. It'd be nice if watchtower made this an option directly.

  EDIT: typo, clarity.

• github dgongut / docker-controller-bot

• I have been using Watchtower for a few years as well with Gotify notifications. I was updating my containers and stacks manually for a year while learning docker. Once I got up to where I am now with multiple docker instances to split up workloads and on different physical hosts to minimize downtime, I had to implement Watchtower. I have almost 100 containers so updating would take forever. I use Commafeed to pull RSS/ATOM notifications of new release notifications from GitHub pages to know if there were any breaking changes after updates that I will need to fix. I also utilize Monocker (MONitor dOCKER) to monitor the containers to let me know when they are rebooted or are in a boot loop or stuck in some way after updating automatically. I do have a few containers that don't get updated automatically so I can control the updates that may have breaking changes on each update (Tube Archivist).

• No thanks. Been burned twice too many times by this. I prefer to be present when my stuff breaks in those instances when latest is not greatest.

• By the way, I haven't seen people using Portainer for docker orchestration this much. Pretty much most people are using it for just monitoring. Lately some people are recommending to move away from it altogether. Something about the code owners' direction with features and licensing, I believe.
  Recently I migrated many of my docker apps to individual LXC containers. I have more fine grain control over them and also if one app goes ape, it does not collapse the whole eco-system.
  In this case of watchtower is not playing role, but there is the tteck helper script for updates.

• One cool use for the API call I found that the watchtower is only being called when I am (my phone) detected to be at home in Home assistant. No updates when I am away, in case something goes ape.

• @6:15 watch the lamp!

• I started using this a few weeks ago, was fine until suddenly my link to heimdall stopped working. Looks like it kept changing the port on that and I believe another container as well. Otherwise I loved having something to help manage this.

• I’ve seen so many people say watchtower broke their system by doing some update that had breaking changes or major update in config files and then borked their system. That’s why I haven’t started using it. I wish there was a way that developers and update containers like docker could say “hey, don’t update until you change some things” to keep this from happening.

• I have definitely been using watchtower in my docker environment. I will say though, that I dont do any of the fancy stuff you do, I just let it run for all my containers, take periodic backups of my portainer instance to revert if anything goes wrong. I haven't ran into any issues over the past 18 months or so using it, but the devs do disclaimer that watchtower is not best practice, I don't care though.

• Hello! Please, note that diun is recommended app by linuxserver instead of watchtower. However diun does not update the apps, just notifying user about new images. But it is much safer to know about update than just download update with sume bugs in it

• Been using this for a few years, with pushover notifications, but still learnt a few new tricks for the video 🎉

Comments are closed.