Watchtower is an open-source tool that automatically updates running Docker containers. Watchtower makes it easy to keep your Docker containers up to date with the latest images.
Watchtower monitors the running containers and when a new version of an image is available, it pulls the new image and restarts the container with the new image. By using Watchtower, you can ensure that your containers are always running the latest and most secure software with limited vulnerabilities without having to manually update them.
In this lab, we will learn how to keep Docker containers up to date with Watchtower.
Part 1: Run the Watchtower Container
-
In the terminal, create a container based on the official Watchtower image from the Docker Hub.
docker run --detach `# run in background` \ --restart always `# restart on reboot` \ --name watchtower `# name the container` \ --volume /var/run/docker.sock:/var/run/docker.sock `# mount the docker socket` \ --volume /etc/localtime:/etc/localtime:ro `# mount the local time` \ containrrr/watchtower `# image name` \ --cleanup `# cleanup old images` \ --include-stopped `# include stopped containers`
This command will start the Watchtower container in the background and mount the Docker socket as a volume, which allows Watchtower to interact with the Docker engine.
By default, Watchtower checks for updates on running containers every 24 hours. You can also specify the interval down to seconds by using the
--interval
flag. For example, to update every hour, you can use--interval 1h
.
Part 2: Verify the Watchtower Container
- Verify that the Watchtower container is running.
This command will show all running containers and filter the output to only show containers with the name “watchtower”.
docker ps --filter name=watchtower
- View the logs of the Watchtower container.
The
docker logs
command will show the logs of the container.docker logs watchtower
You can also use the
docker logs --follow
command to follow the logs of the container.