Shulou(Shulou.com)05/31 Report--

This article mainly explains "what is the function of Watchtower". Friends who are interested may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "what is the function of Watchtower"?

Preface

The deployment of the Docker container has the feeling of installing App on the phone, but the Docker container will not be updated automatically like the App on the phone. If we need to update the container, we generally need the following four steps:

Stop Container: docker stop

Delete Container: docker rm

Update Mirror: docker pull

Launch container: docker run...

The step of stopping the container can be replaced with the-f parameter when deleting the container, even though it still takes three steps. If a large number of containers are deployed and need to be updated, the workload in this traditional way is huge.

Watchtower is a utility that automatically updates Docker basic images and containers. It monitors running containers and related images, and when it detects that the image in reg ­istry is different from the local image, it pulls the latest image and restarts the corresponding container with the same parameters as when it was originally deployed, as if nothing had happened, just like updating the App on the phone.

Quick start

Watch ­tower itself is packaged as a Docker image, so you can run it like any other container:

Docker run-d\-- name watchtower\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower

Then all containers are automatically updated, including Watch ­tower itself.

Option parameter

Docker run-- rm containrrr/watchtower-h Watchtower automatically updates running Docker containers whenever a new image is released. More information available at https://github.com/containrrr/watchtower/. Usage: watchtower [flags] Flags:-a,-- api-version string api version to use by docker client (default "1.24")-c,-- cleanup remove previously used images after updating-d -debug enable debug mode with verbose logging-- enable-lifecycle-hooks Enable the execution of commands triggered by pre- and post-update lifecycle hooks-h,-- help help for watchtower-H -- host string daemon socket to connect to (default "unix:///var/run/docker.sock")-S,-- include-stopped Will also include created and exited containers-I,-- interval int poll interval (in seconds) (default 300)-e -label-enable watch containers where the com.centurylinklabs.watchtower.enable label is true-m,-- monitor-only Will only monitor for new images Not update the containers-no-pull do not pull any new images-no-restart do not restart any containers-notification-email-delay int Delay before sending notifications Expressed in seconds-notification-email-from string Address to send notification emails from-notification-email-server string SMTP server to send notification emails through-notification-email-server-password string SMTP server password for sending notifications-notification-email-server-port int SMTP server port to send notification emails through (default 25)-notification-email-server-tls-skip-verify Controls whether watchtower verifies the SMTP server's certificate chain and host name. Should only be used for testing. -- notification-email-server-user string SMTP server user for sending notifications-- notification-email-subjecttag string Subject prefix tag for notifications via mail--notification-email-to string Address to send notification emails to-- notification-gotify-token string The Gotify Application required to query the Gotify API-- notification-gotify-url string The Gotify URL to send notifications to -notification-msteams-data The MSTeams notifier will try to extract log entry fields as MSTeams message facts-- notification-msteams-hook string The MSTeams WebHook URL to send notifications to-- notification-slack-channel string A string which overrides the webhook's default channel. Example: # my-custom-channel-- notification-slack-hook-url string The Slack Hook URL to send notifications to-- notification-slack-icon-emoji string An emoji code string to use in place of the default icon--notification-slack-icon-url string An icon image URL string to use in place of the default icon--notification-slack-identifier string A string which will be used to identify the messages Coming from this watchtower instance (default "watchtower")-n -notifications strings notification types to send (valid: email, slack, msteams, gotify)-notifications-level string The log level used for sending notifications. Possible values: panic, fatal, error, warn, info or debug (default "info")-remove-volumes remove attached volumes before updating-revive-stopped Will also start stopped containers that were updated, if include-stopped is active-R,-run-once Run once now and exit-s -- schedule string the cron expression which defines when to update-t,-- stop-timeout duration timeout before a container is forcefully stopped (default 10s)-v,-- tlsverify use TLS and verify the remote

Automatically clear old mirrors

The official default startup command will pile up a lot of old images labeled none after long-term use, which will take up a lot of disk space if left unchecked. To avoid this, you can add the-cleanup option so that the old image will be cleaned up with each update.

Docker run-d\-name watchtower\-- restart unless-stopped\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower\-- cleanup

The cleanup option can be abbreviated to-c:

Docker run-d\-- name watchtower\-- restart unless-stopped\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower-c

Selective automatic update

Some containers may need to run stably, and frequent updates or restarts may cause problems, so we can use some option parameters to select and control container updates.

Container update list

Assuming that we only want to update the nginx and redis containers, we can append the container name to the end of the startup command, as in the following example:

Docker run-d\-- name watchtower\-- restart unless-stopped\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower-c\ nginx redis

Bloggers feel that it is not easy to manage the container names that need to be updated in the startup command, so they come up with a better way to create an update list file.

$cat ~ / .watchtower.list aria2-pro unlockmusic mtg.

Call this list as a variable:

Docker run-d\-- name watchtower\-- restart unless-stopped\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower-c\ $(cat ~ / .watchtower.list)

All you need to do is to adjust the list and delete the Watch ­tower container and restart Watch ­tower by re-executing the command above.

two。 Set automatic update features for a single container

Add the LA ­BEL of com.centurylinklabs.watchtower.enable to the container and set its value to false, or add the-- label com.centurylinklabs.watchtower.enable=false parameter to the startup command to exclude the corresponding container. The following example is the container launch command for the blogger's openwrt-mini image, and Watch ­tower will always ignore its updates, even if it is included in the automatic update list.

Docker run-d\-name openwrt-mini\-restart always\-network openwrt\-privileged\-label com.centurylinklabs.watchtower.enable=false\ p3terx/openwrt-mini\ / sbin/init

When you add the-- label com.centurylinklabs.watchtower.enable=true parameter to the container startup command and add the-- label-enable option to Watch ­tower, Watch ­tower will update only those containers that contain this parameter.

Docker run-d\-name watchtower\-- restart unless-stopped\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower-c\-- label-enable

Label-enable can be abbreviated as-e:

Docker run-d\-- name watchtower\-- restart unless-stopped\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower-ce

Because you need to set up the container when it starts, and you can't change it directly after setting it, you can only rebuild the container, so this approach is not as flexible as the update list method. In particular, the container will always be ignored by Watch ­tower after setting the com.centurylinklabs.watchtower.enable=false parameter, including the manual update method that will be mentioned later, so this is generally not recommended unless you are willing to manually rebuild the native update.

Set the automatic update check frequency

By default, Watch ­tower polls every 5 minutes. If you think this frequency is too high, you can use the following options to control the frequency of update checks, but you can only choose one or the other.

-- interval,-I-sets the update detection interval in seconds. For example, check for updates every hour:

Docker run-d\-name watchtower\-restart unless-stopped\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower-c\-interval 3600

-- schedule,-s-sets the update time for timing detection. The format is a 6-field Cron expression instead of the traditional 5-field, where the first bit is seconds. For example, check for updates at 2: 00 a.m. Every day:

Docker run-d\-- name watchtower\-- restart unless-stopped\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower-c\-schedule "0 02 *"

Manual update

The previous method of use is to let Watch ­tower run in detached mode and update the container automatically, while Watch ­tower also supports foreground mode, that is, to run an exit and delete the container to update the container manually. This is useful for occasionally updating containers that are not in the automatic update list.

For foreground mode, you need to add the special option-- run-once. The following example Docker runs Watch ­tower once and checks the basic image update of the aria2-pro container, and finally deletes the Watch ­tower container created by this run.

Docker run--rm\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower-c\-- run-once\ aria2-pro

Run-once can be abbreviated as-R:

Docker run-- rm\-v / var/run/docker.sock:/var/run/docker.sock\ containrrr/watchtower-cR\ aria2-pro

It is important to note that this container will not be updated when the com.centurylinklabs.watchtower.enable=false parameter is set.

At this point, I believe you have a deeper understanding of "what is the function of Watchtower"? you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.