But remember to pin the version number of the docker container to a specific version and avoid “latest”. At least for containers that you cannot afford to go down.
I personally keep containers like watchtower, portainer, docker-volume-backup., etc at latest. But others like Nextcloud, Vaultwarden and importantly ALL DATABASES pinned to specific version numbers.
Watchtower is probably all you need. You can set it to either automatically update containers when new images are published, or you can set it to notify you if you want to do it yourself. This can also be container-specific, so you don't have to set up more than one instance if you want to auto-update some and just be notified for others.
Some examples of stuff I have no issues with auto-updating:
Plex
the *arrs
Some examples of stuff I prefer a notification on because the data is critical
Vault/bitwarden
Databases like postgres, mysql etc. (though to be honest you shouldn't be using a 'latest' tag with those anyway)
My photo service stack
Your use-case may be different to others, and your fault tolerance may be higher or lower than others. If you expect to need or want to review all release notes for every single new image, don't auto update. If you reckon you'll just go with it anyway and see what happens, then you've got options to auto update or not, but at least know that a new image is out there.
I've maybe had 2 total containers fail to start because of some bad code in an update from the maintainers. This was over a 2 year period out of a total of 50+ containers that are checked daily for updates. It's been far more a blessing than a curse, to put it in other words.
If you're still paranoid over certain containers, you can whitelist specific containers to be updated, so it doesn't have to be all or none.
Cron job to run that then restart the containers or docker compose up -d if you want
this seems to assume that you'd always have "latest" specified for a container to be updated? As when a specific version is specified, it would simply state that image is already up to date.
I dislike the docker approach with "latest" that it makes it way to difficult even showing what that version even is? That you can call "latest" to download just that, the latest, is one thing, but then to remain calling it that way once the image is downloaded, is rather counter productive to be able to easily see yourself if it is actually still the latest...
When it was created might be a give away, it is not recent.
Hence also implementations like Watchtower, Diun and the likes, to keep an eye on new versions.
Portainer is an easier way to manage your stacks. Watchtower is great, but can lead to the occasional broken container. Overall it's more of a benefit to have it updating stuff for you. Just remember to set the schedule where it won't impact you or your users.
Definitely sounds like Watchtower is best for you, but to offer an alternative, if you'd prefer to just be notified that an update is available rather than one automatically happening, you could try using diun (Docker Image Update Notifier).
I've struggled with watchtower. I have it installed but all I get are 404s in the logs saying it can't find various containers that I'm using. It doesn't seem to actually do anything other than generate log noise.
But remember to pin the version number of the docker container to a specific version and avoid “latest”. At least for containers that you cannot afford to go down.
I personally keep containers like watchtower, portainer, docker-volume-backup., etc at latest. But others like Nextcloud, Vaultwarden and importantly ALL DATABASES pinned to specific version numbers.
More replies
More replies
Watchtower is probably all you need. You can set it to either automatically update containers when new images are published, or you can set it to notify you if you want to do it yourself. This can also be container-specific, so you don't have to set up more than one instance if you want to auto-update some and just be notified for others.
Some examples of stuff I have no issues with auto-updating:
Plex
the *arrs
Some examples of stuff I prefer a notification on because the data is critical
Vault/bitwarden
Databases like postgres, mysql etc. (though to be honest you shouldn't be using a 'latest' tag with those anyway)
My photo service stack
Your use-case may be different to others, and your fault tolerance may be higher or lower than others. If you expect to need or want to review all release notes for every single new image, don't auto update. If you reckon you'll just go with it anyway and see what happens, then you've got options to auto update or not, but at least know that a new image is out there.
Another notify-only option is Diun. If helpful, this blog explains the differences and how to set them both up https://academy.pointtosource.com/containers/updating-diun-watchtower/
Oh and to manually update stacks I created aliases so I can shorthand the processes to update more than one container at a time.
More replies
watchtower is as elegant as it gets.
What are the mixed things about Watchtower?
I've maybe had 2 total containers fail to start because of some bad code in an update from the maintainers. This was over a 2 year period out of a total of 50+ containers that are checked daily for updates. It's been far more a blessing than a curse, to put it in other words.
If you're still paranoid over certain containers, you can whitelist specific containers to be updated, so it doesn't have to be all or none.
More replies
Cron job to run that then restart the containers or docker compose up -d if you want
this seems to assume that you'd always have "latest" specified for a container to be updated? As when a specific version is specified, it would simply state that image is already up to date.
I dislike the docker approach with "latest" that it makes it way to difficult even showing what that version even is? That you can call "latest" to download just that, the latest, is one thing, but then to remain calling it that way once the image is downloaded, is rather counter productive to be able to easily see yourself if it is actually still the latest...
When it was created might be a give away, it is not recent.
Hence also implementations like Watchtower, Diun and the likes, to keep an eye on new versions.
More replies More replies
Portainer is an easier way to manage your stacks. Watchtower is great, but can lead to the occasional broken container. Overall it's more of a benefit to have it updating stuff for you. Just remember to set the schedule where it won't impact you or your users.
More replies
Definitely sounds like Watchtower is best for you, but to offer an alternative, if you'd prefer to just be notified that an update is available rather than one automatically happening, you could try using diun (Docker Image Update Notifier).
More replies
I've struggled with watchtower. I have it installed but all I get are 404s in the logs saying it can't find various containers that I'm using. It doesn't seem to actually do anything other than generate log noise.