{"id":473884,"date":"2022-07-14T11:04:40","date_gmt":"2022-07-14T08:04:40","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-automatically-update-docker-containers-from-your-image-registry\/"},"modified":"2022-07-14T11:04:40","modified_gmt":"2022-07-14T08:04:40","slug":"how-to-automatically-update-docker-containers-from-your-image-registry","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-automatically-update-docker-containers-from-your-image-registry\/","title":{"rendered":"#How To Automatically Update Docker Containers From Your Image Registry"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2a7a99a6751\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2a7a99a6751\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-automatically-update-docker-containers-from-your-image-registry\/#%E2%80%9CHow_To_Automatically_Update_Docker_Containers_From_Your_Image_Registry%E2%80%9D\" >&#8220;How To Automatically Update Docker Containers From Your Image Registry&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-automatically-update-docker-containers-from-your-image-registry\/#Automatically_Deploying_Docker_Containers\" >Automatically Deploying Docker Containers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-automatically-update-docker-containers-from-your-image-registry\/#Using_Watchtower\" >Using Watchtower<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-automatically-update-docker-containers-from-your-image-registry\/#Running_Watchtower_as_a_Docker_Compose_Service\" >Running Watchtower as a Docker Compose Service<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-automatically-update-docker-containers-from-your-image-registry\/#Using_Third_Party_Registries\" >Using Third Party Registries<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CHow_To_Automatically_Update_Docker_Containers_From_Your_Image_Registry%E2%80%9D\"><\/span>&#8220;How To Automatically Update Docker Containers From Your Image Registry&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<!-- UNCACHED CONTENT --><br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage alignnone size-full wp-image-16051\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/csit\/2022\/03\/0faa1439.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"1200\" height=\"675\"\/><\/p>\n<p>Docker is a tool that makes it easy to run <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>s in portable containers. One of the primary benefits of containerization is easily managed updates\u2014all you need to do is restart with a new container, and there are tools that can automate this entire process.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How to Upgrade Docker Containers to Apply Image Updates<\/em><\/strong><\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Automatically_Deploying_Docker_Containers\"><\/span>Automatically Deploying Docker Containers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Docker is a great choice for continuous integration\/continuous deployment pipelines (CI\/CD) as it helps automate both steps of the process. Dockerfiles themselves provide a way to build your app\u2019s image, and it\u2019s pretty easy to set up automated container builds from source on services like Github. Once built, and pushed to an \u201cimage registry,\u201d it can then be downloaded and ran by any server running Docker.<\/p>\n<p>This is great, but that still involves running commands on the server every time you want to update. If you\u2019d like it to be truly automatic, then you may be interested in a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/containrrr.dev\/watchtower\/\">tool called Watchtower<\/a>.<\/p>\n<p>Watchtower is a utility that runs on your Docker host and periodically checks for updates to containers. If it detects a new version of an image from the container registry, it will automatically kill the container and restart it im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely.<\/p>\n<p>This is a very attractive feature, but before you go installing it, it\u2019s important to discuss the downsides. Doing updates entirely automatically means you will have less control over the time and prior testing of the deployment, as whenever the commit in your repository goes through and triggers a build, the running containers will update. If you don\u2019t own the image being ran, it may update unexpectedly if you don\u2019t exclude them from Watchtower.<\/p>\n<p>If you\u2019re not doing updates every day, you may be better off with a Docker GUI like Portainer, which lets you browse running containers across your servers and click a button to update them automatically. This gives you more control over the process and can help prevent unexpected updates.<\/p>\n<p><img decoding=\"async\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/csit\/2021\/01\/cc143c01.jpeg?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Portainer's container details screen\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>If you\u2019d like to get started using Portainer, you can read our guide to setting it up to learn more.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How to Get Started With Portainer, a Web UI for Docker<\/em><\/strong><\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Using_Watchtower\"><\/span>Using Watchtower<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Watchtower is packaged as a Docker container itself, so it\u2019s pretty easy to install\u2014just one command will get it up and running:<\/p>\n<pre>docker run -d &#13;\n--name watchtower &#13;\n-v \/var\/run\/docker.sock:\/var\/run\/docker.sock &#13;\ncontainrrr\/watchtower<\/pre>\n<p>This launches a Watchtower container, and also creates a binding mounting the <code>docker.sock<\/code>\u00a0from the host so that it can interact with the Docker API. By default, this scans all running containers for updates every 24 hours, which can be changed with the <code>--interval<\/code>\u00a0flag.<\/p>\n<p>You can also create a <code>docker-compose.yml<\/code>\u00a0file to start Watchtower as a service:<\/p>\n<pre>version: \"3\"&#13;\nservices:&#13;\n  watchtower:&#13;\n    image: containrrr\/watchtower&#13;\n    restart: always&#13;\n    volumes:&#13;\n      - \/var\/run\/docker.sock:\/var\/run\/docker.sock&#13;\n      - \/root\/.docker\/config.json:\/config.json&#13;\n    command: --interval 300<\/pre>\n<p>\u201cAll running containers\u201d probably includes some things you\u2019d rather not have unexpectedly update, including images from the Docker Hub that you don\u2019t have control over. You can exclude containers from updates, but only by setting a label on the container being scanned.<\/p>\n<p>You\u2019ll need to either set this flag on the command line during <code>docker run<\/code>, or specify it in the container\u2019s build process using the <code>LABEL<\/code>\u00a0directive.<\/p>\n<pre>docker run -d --label=com.centurylinklabs.watchtower.enable=false nginx&#13;\n&#13;\nLABEL com.centurylinklabs.watchtower.enable=\"false\"<\/pre>\n<p>You can also do the reverse, by passing the <code>--label-enable<\/code>\u00a0flag when starting Watchtower and setting containers to \u201ctrue.\u201d<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Running_Watchtower_as_a_Docker_Compose_Service\"><\/span>Running Watchtower as a Docker Compose Service<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A better method, especially when you only need to run Watchtower for a single container, is to package it into an existing <code>docker-compose.yml<\/code>\u00a0file and create a scope for Watchtower to scan for.\u00a0In this example, the NGINX image is given the scope \u201cnginx,\u201d and Watchtower is configured to only update containers with that scope label.<\/p>\n<pre>version: '3'&#13;\n&#13;\nservices:&#13;\n  nginx:&#13;\n    image: nginx&#13;\n    labels:&#13;\n      - \"com.centurylinklabs.watchtower.scope=nginx\"&#13;\n&#13;\n  watchtower:&#13;\n    image: containrrr\/watchtower&#13;\n    volumes:&#13;\n      - \/var\/run\/docker.sock:\/var\/run\/docker.sock&#13;\n    command: --interval 300 --scope nginx&#13;\n    labels:&#13;\n      - \"com.centurylinklabs.watchtower.scope=nginx\"<\/pre>\n<p>If you only use Watchtower this way\u2013packaged into a compose file with a scope\u2014it will allow you to run multiple instances. If you run Watchtower without a scope on the same system though, it will override these instances.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Using_Third_Party_Registries\"><\/span>Using Third Party Registries<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>By default, Watchtower only works with the Docker Hub and any other public registry. This excludes certain services like Github\u2019s Container Registry, which requires a username and Personal Access Token (PAT) to pull images from.<\/p>\n<p>You can add config for private registries by creating a <code>config.json<\/code>\u00a0file with the following content:<\/p>\n<pre>{&#13;\n    \"auths\": {&#13;\n        \"ghcr.io\": {&#13;\n            \"auth\": \"credentials\"&#13;\n        }&#13;\n    }&#13;\n}<\/pre>\n<p>The \u201ccredentials\u201d value should be set to a base64 encoded string of your <code>username:password<\/code>\u00a0combo, or personal access token in the case of Github.<\/p>\n<pre>echo -n 'username:password' | base64<\/pre>\n<p>Then, when you run Watchtower, pass in an additional mount for this <code>config.json<\/code> file.<\/p>\n<pre>docker run -d &#13;\n    -v config.json:\/config.json&#13;\n    -v \/var\/run\/docker.sock:\/var\/run\/docker.sock &#13;\n    containrrr\/watchtower<\/pre>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/devops\/how-to-automatically-update-docker-containers-from-your-image-registry\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;How To Automatically Update Docker Containers From Your Image Registry&#8221; Docker is a tool that makes it easy to run apps in portable containers. One of the primary benefits of containerization is easily managed updates\u2014all you need to do is restart with a new container, and there are tools that can automate this entire process&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":473885,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/csit\/2022\/03\/0faa1439.png?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-473884","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/473884","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=473884"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/473884\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/473885"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=473884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=473884"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=473884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}