Get Docker Images and Containers Updates Notifications
You Won’t Miss an Update From Now On!
As a developer or sysadmin running a number of Docker containers, it is critical that you keep them updated regularly when a new release or a security patch is out for your images.
Being informed is not easy, If you go by checking the Docker image homepage or its releases page, that's not practical and a waste of time.
In this post, we will see two ways to get notified about newly released Docker images.
Table of contents
Requirements
- Docker
- Docker Compose
- Basic understanding of Docker and Docker Compose
The Idea
You would want something to check the image latest version with the version you are currently running, automatically!, If a newer version is found, you should be notified, then you can examine the change-log and act upon that (you do check the change-log right?)
For this we have a tool for the job and a bonus one at the bottom, Let's discover them.
WatchTower
WatchTower is not only notifying you about new releases but also updates the running containers for you, however, this is not the ideal output we want since sometimes the new release can be a breaking one or needs some kind of preparation ahead of deploying it.
Let's see how we can make it work.
WatchTower works also as a Docker container, for that we will be writing a Docker Compose file to set our configuration for it.
Create a docker-compose.yml
file and paste the following into it:
Before spinning the container up, we will go throw the environment variables used there:
WATCHTOWER_SCHEDULE
is where you define when WatchTower will look for updates.WATCHTOWER_INCLUDE_RESTARTING
andWATCHTOWER_INCLUDE_STOPPED
are to tell WatchTower to look for updates for stopped and restarting containers as well.WATCHTOWER_MONITOR_ONLY
used to tell WatchTower to not update (this is where notifications only part is).WATCHTOWER_NOTIFICATIONS
this is where you define the notifications channels where possible values areemail
,slack
,msteams
,shoutrrr
, andgotify
(gotify
is what we are using in this example, feel free to use whatever notification channel you want or need, we have a post on how to install it).WATCHTOWER_NOTIFICATION_GOTIFY_URL
,WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN
andWATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY
are used to define theGotify
server information.
The other options are up to you to adapt like TZ
(TimeZone), NO_COLOR
, and docker-compose argument hostname
so you can identify from where the notifications are coming.
WatchTower Start and Verification
Start the container up with:
docker-compose up -d
Check the logs for any errors thrown with:
docker-compose logs
You should see something similar to the following):
Attaching to watchtower_app_1
app_1 | time="2021-11-22T21:37:54+01:00" level=warning msg="Using an HTTP url for Gotify is insecure"
app_1 | time="2021-11-22T21:37:56+01:00" level=info msg="Watchtower 1.3.0\nUsing notifications: gotify\nChecking all containers (except explicitly disabled with label)\nScheduling first run: 2021-11-23 19:00:00 +0100 +01\nNote that the first check will be performed in 21 hours, 22 minutes, 3 seconds"
After checking the logs, in Gotify
you should see a notification already carrying almost the same information:
If the above checks, we can say the setup was successful, now every day at 19:00 you will receive a notification if there is a container that needs to be updated so you can take action.
Here is a sample notification (where M0
, M1
and CM1
are names of servers I maintain):
Bonus Tool, Diun
Diun (Docker Image Update Notifier), is a similar service, actually, it was built for the purpose of notifications only (unlike WatchTower, which can do both; notify and/or update).
We will see below how you can deploy and use it, then you can be the judge and use what you feel comfortable with.
To install it, you will do the same thing as WatchTower, create a docker-compose.yml
file and paste the following into it:
version: "3.5"
services:
diun:
image: crazymax/diun:latest
container_name: diun
restart: unless-stopped
command: serve
volumes:
- ./data:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
- TZ=Africa/Casablanca
- LOG_LEVEL=info
- LOG_JSON=false
- DIUN_WATCH_WORKERS=20
- DIUN_WATCH_SCHEDULE=0 19 * * *
- DIUN_PROVIDERS_DOCKER=true
- DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true
- DIUN_PROVIDERS_DOCKER_WATCHSTOPPED=true
- DIUN_NOTIF_GOTIFY_ENDPOINT=http://192.168.1.197:8001/
- DIUN_NOTIF_GOTIFY_TOKEN=AVcPmg-d9sE-Z8s
Feel free to make the required changes to make it work, like changing the gotify
notification information and credentials along with the schedule and timezone.
Launch it with:
docker-compose up -d
Below is a sample of Diun's notifications:
Conclusion
Personally, I like how WatchTower delivers notifications with a list of all updates available for each server I have while Diun is sending a notification for each update available.
But it's up to you to decide and choose between the two!
Sources
- WatchTower source code and website
- Diun source code and website
As always, I hope you learned something.
Found this useful? feel free to share it with your friends.
Join the newsletter from here to notify you of new posts and updates.
Like the post? consider buying us a coffee ❤️.