{"id":333325,"date":"2021-09-01T17:00:05","date_gmt":"2021-09-01T14:00:05","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-upgrade-docker-containers-to-apply-image-updates-cloudsavvy-it\/"},"modified":"2021-09-01T17:00:05","modified_gmt":"2021-09-01T14:00:05","slug":"how-to-upgrade-docker-containers-to-apply-image-updates-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-upgrade-docker-containers-to-apply-image-updates-cloudsavvy-it\/","title":{"rendered":"#How to Upgrade Docker Containers to Apply Image Updates \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a4188561644d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a4188561644d\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-upgrade-docker-containers-to-apply-image-updates-cloudsavvy-it\/#Pulling_New_Images\" >Pulling New Images<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-upgrade-docker-containers-to-apply-image-updates-cloudsavvy-it\/#Replacing_Containers_With_Docker_Compose\" >Replacing Containers With Docker Compose<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-upgrade-docker-containers-to-apply-image-updates-cloudsavvy-it\/#Rebuilding_Images\" >Rebuilding Images<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-upgrade-docker-containers-to-apply-image-updates-cloudsavvy-it\/#Software_Inside_Containers\" >Software Inside Containers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-upgrade-docker-containers-to-apply-image-updates-cloudsavvy-it\/#Automating_Container_Updates\" >Automating Container Updates<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-upgrade-docker-containers-to-apply-image-updates-cloudsavvy-it\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How to Upgrade Docker Containers to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">App<\/a>ly Image Updates \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage aligncenter size-full wp-image-10864\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/04\/075c8694.jpeg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/04\/075c8694.jpeg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/04\/075c8694.jpeg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Illustration showing the Docker logo\" width=\"1600\" height=\"900\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Docker containers are meant to be disposable and easily replaced. When a new version of a container\u2019s base image is released, you should pull the new image and start a new container instance. Here\u2019s how to manage image updates across your container fleet.<\/p>\n<h2 id=\"pulling-new-images\"><span class=\"ez-toc-section\" id=\"Pulling_New_Images\"><\/span>Pulling New Images<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The basic way of applying an image update is to pull the new image, destroy running containers based on the old version, and then start new containers in their place.<\/p>\n<p>Here\u2019s an example for a container using the <code>nginx:latest<\/code> image:<\/p>\n<pre><code># Pull new image&#13;\ndocker pull nginx:latest&#13;\n&#13;\n# Delete old container by name&#13;\ndocker rm example-nginx&#13;\n&#13;\n# Start a new container&#13;\ndocker run -d -p 80:80 --name example-nginx nginx:latest<\/code><\/pre>\n<p>Docker lacks a built-in way to detect image updates and replace your running containers. The result is a convoluted manual replacement process. It can be simplified by using Docker Compose to start your containers instead of the plain <code>docker run<\/code> command.<\/p>\n<h2 id=\"replacing-containers-with-docker-compose\"><span class=\"ez-toc-section\" id=\"Replacing_Containers_With_Docker_Compose\"><\/span>Replacing Containers With Docker Compose<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Docker Compose lets you create declarative representations of container stacks using a <code>docker-compose.yml<\/code> file. The stack is started with <code>docker-compose up<\/code>, using the configuration contained in the file. This replaces the long list of flags usually given to <code>docker run<\/code>.<\/p>\n<p>Docker Compose has a built-in <code>pull<\/code> command that will pull updated versions of all the images in your stack. It\u2019s still a two-stage procedure as you must manually run <code>docker-compose up<\/code> again afterwards.<\/p>\n<pre><code># Pull all images in the stack&#13;\ndocker-compose pull&#13;\n&#13;\n# Restart the stack&#13;\n# If a new image version has been pulled, containers &#13;\n# using the old tag will be replaced with new instances.&#13;\ndocker-compose up -d<\/code><\/pre>\n<p>Docker Compose offers a simpler and more memorable experience where you don\u2019t need to type image names or remember the flags you passed to <code>docker run<\/code>. The two commands can be readily shortened to a single shell alias:<\/p>\n<pre><code>alias composePullUp=\"docker-compose pull &amp;&amp; docker-compose up -d\"<\/code><\/pre>\n<p>You need to reference the correct tag when you pull images manually. Docker Compose will handle this for you and select the tags specified in your <code>docker-compose.yml<\/code>.<\/p>\n<p>Pulling the new version of a tag is not necessarily the same as using the most recent release of an image. If you want to be using the latest version of software <em>inside<\/em> the container, pay attention to the image author\u2019s tagging practices.<\/p>\n<p>As an example, pulling a new version of <code>node:14<\/code> will get you the latest patch release of Node.js 14. Pulling <code>node:latest<\/code> will deliver the most recent Node.js version, currently 16. If an old container was using this image, a pull and replace process would trigger a major version bump for the Node binary inside the container.<\/p>\n<h2 id=\"rebuilding-images\"><span class=\"ez-toc-section\" id=\"Rebuilding_Images\"><\/span>Rebuilding Images<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>So far we\u2019ve seen how to handle containers started from images you\u2019re pulling directly from Docker Hub or another registry. Images which you\u2019re building yourself need to be rebuilt when their base image changes.<\/p>\n<p>First rebuild the image:<\/p>\n<pre><code>docker build --pull -t my-image:latest .<\/code><\/pre>\n<p>Then replace your containers:<\/p>\n<pre><code># Delete old container by name&#13;\ndocker rm my-container&#13;\n&#13;\n# Start a new container&#13;\ndocker run -d --name my-container my-image:latest<\/code><\/pre>\n<p>The <code>--pull<\/code> flag given to <code>docker build<\/code> instructs Docker to pull the base image referenced in your <code>Dockerfile<\/code>. Without this flag, Docker would reuse the existing tag reference if the image was already present on the system.<\/p>\n<p>Docker Compose users can achieve the same results with the corresponding <code>docker-compose<\/code> commands:<\/p>\n<pre><code>docker-compose build --pull&#13;\n&#13;\ndocker-compose up -d<\/code><\/pre>\n<p>Compose again offers a simpler, albeit still two-stage, process. You can forget specific image names and tags, instead trusting Compose to pull changed base images, rebuild your layers atop them, and then recreate your containers.<\/p>\n<h2 id=\"software-inside-containers\"><span class=\"ez-toc-section\" id=\"Software_Inside_Containers\"><\/span>Software Inside Containers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Sometimes it can be tempting to manually update software <em>inside<\/em> your containers. This should be avoided as it goes again Docker\u2019s principles.<\/p>\n<p>Running <code>apt-get update &amp;&amp; apt get upgrade -y<\/code> on a schedule (or your package manager\u2019s counterparts) is standard practice when administering a bare metal Linux server. These commands aren\u2019t normally run within a Docker container, although they may be included as part of a <code>Dockerfile<\/code> to get the very latest security patches during an image build.<\/p>\n<p>Periodically pulling the base image and recreating your containers is the preferred way to keep them updated. This gives you all the upstream security fixes and shortens the lifespan of individual containers. Container environments aren\u2019t meant to be modified after an instance is created; filesystem changes should be limited to writes to temporary paths and dedicated Docker volumes which outlive the container.<\/p>\n<h2 id=\"automating-container-updates\"><span class=\"ez-toc-section\" id=\"Automating_Container_Updates\"><\/span>Automating Container Updates<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You can automate the process of checking for updated image tags and restarting your containers using third-party projects. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/github.com\/containrrr\/watchtower\">Watchtower<\/a> is a popular choice which monitors running containers and replaces them when their Docker Hub image changes.<\/p>\n<p>Watchtower itself is deployed as a container:<\/p>\n<pre><code>docker run -d -v \/var\/run\/docker.sock:\/var\/run\/docker.sock containrrr\/watchtower<\/code><\/pre>\n<p>Now you\u2019ve got a functioning Watchtower install. Your host\u2019s Docker socket is mounted into the Watchtower container, allowing it to run Docker commands to create and delete containers.<\/p>\n<p>Watchtower will automatically detect new image releases on Docker Hub, pull them to your machine, and replace containers using the image. Existing containers will be shutdown and new identical ones created in their place. The same flags you gave to <code>docker run<\/code> will be supplied to the replacement containers.<\/p>\n<p>Watchtower only works with Docker Hub by default. You can use it with <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/containrrr.dev\/watchtower\/private-registries\">private image registries<\/a> by supplying credentials in a configuration file.<\/p>\n<p>Create a JSON file with the following content:<\/p>\n<pre class=\"json\"><code>{&#13;\n    \"auths\": {&#13;\n        \"example.com\": {&#13;\n            \"auth\": \"credentials\"&#13;\n        }&#13;\n    }&#13;\n}<\/code><\/pre>\n<p>Replace <code>example.com<\/code> with the path to your registry.<\/p>\n<p>Next generate a credentials string from your registry username and password:<\/p>\n<pre><code>echo -n 'username:password' | base64<\/code><\/pre>\n<p>Paste the resulting Base64-encoded string into the config file, replacing the <code>credentials<\/code> placeholder text.<\/p>\n<p>Mount the config file into your Watchtower container to enable access to your registry:<\/p>\n<pre><code>docker run -d &#13;\n    -v config.json:\/config.json&#13;\n    -v \/var\/run\/docker.sock:\/var\/run\/docker.sock &#13;\n    containrrr\/watchtower<\/code><\/pre>\n<h2 id=\"conclusion\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Docker lacks any mechanism to detect and apply upstream image updates to your running containers. You can either use Docker CLI commands in sequence, <code>docker-compose<\/code> as a higher-level abstraction, or a third-party tool like Watchtower to replace your containers when new image versions are released.<\/p>\n<p>Depending on your circumstances, you might not feel a need to upgrade containers in this way at all. If your team uses CI pipelines to build a Docker image on each commit, you might already be producing and deploying updated images multiple times a day. In this case, make sure you\u2019re using the <code>--pull<\/code> flag with <code>docker build<\/code> so upstream fixes are included in your images.\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/14030\/how-to-upgrade-docker-containers-to-apply-image-updates\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How to Upgrade Docker Containers to Apply Image Updates \u2013 CloudSavvy IT&#8221; Docker containers are meant to be disposable and easily replaced. When a new version of a container\u2019s base image is released, you should pull the new image and start a new container instance. Here\u2019s how to manage image updates across your container fleet&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":333326,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/04\/075c8694.jpeg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-333325","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/333325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=333325"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/333325\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/333326"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=333325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=333325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=333325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}