Submitted 3 weeks ago by ReedReads@lemmy.zip to selfhosted@lemmy.world
What are you using to update your Docker images?
All my docker images are in code in Github.
Renovate makes a PR when there are image or helm chart updates.
ArgoCD sees the PR merge and applies to Kubernetes.
For a few special cases I use ArgoCD-image-updater.
+1 for Renovate. It’s not a drop-in replacement for Watchtower, but it allowed me to create a robust CI/CD pipeline. And, it can be centrally run, instead of having Watchtower running on every Docker host I have.
Dockhand can search for updates but you have to install them manually. Which I prefer anyway, plus Dockhand also replaced Portainer/Komodo for me.
Even better, Dockhand can send notifications when updates are available. I used to be a Watchtower user with nightly updates until one of my services became unavailable the next day due to a breaking change. Now I look at the update notification and apply manually through Dockhand after reviewing to make sure the update is good. Dockhand also can run Gripe and/or Trivy vulnerability scans on new images so you know approximately how many CVEs you’re adding to your network with each new or updated container! 🤣 I liked Portainer a lot but have grown to like Dockhand a lot. I’m having some issues with updates and vulnerability scanning on Hawser nodes so I’ve also tried Komodo and Arcane. Not sure which I’ll end up with long-term, but Dockhand is my favorite overall. What’s your opinion on these tools? Have you run into any issues with Dockhand?
I haven’t tried Arcane. I prefer Komodo’s interface over Portainer but Portainer worked better for me. I was running Portainer and Dockpeek for updates but Dockhand has replaced both, and IMO the interface is even better than Komodo’s. I’m still learning, there are features I don’t know much about like stack management, which I still do manually.
In the same boat but with Arcane
You have en option to install them automatically in the settings or per container
Good to know. Personally I prefer to review the changelogs before updating, though.
Quadlets. Auto update and auto rollback if the new image fails to start. Plus easier management overall, too.
After too many wild rides with Watchtower auto-nuking services, thanks to breaking changes (migrations, DB updates, deployment changes, etc), I switched to What’s Up Docker and pin the version for all of my containers.
WUD lets me know when something has an update, so I periodically go through their release notes and do the update(s) manually. Usually as simple as read the notes, changes version in compose, down (or pull), then “up -d”. But this approach has saved my bacon multiple times.
I’ve seen there are other solutions - of varying degrees of promises vs delivery - but most of my stuff is long term and stable. My approach maintains all that.
Im using Komodo for deployong and auto updates.
I am really liking komodo so far. I need to understand how the builder works and I think it will be perfect for what I need.
I theoretically have Diun setup, but realistically I just run my Ansible playbook weekly and have most containers set to latest. The exceptions being things that sometimes need special steps when upgrading such as Immich or critical stuff I want special attention such as Athelia/Authentik, for those I subscribe to their releases via RSS so I can update them easily, which usually is just changing a value in my Ansible configuration, but if extra changes are needed I can adapt them.
Never used it, but TugTainer. I use the fork of Watchtower and run it with ‘–run-once’ ‘–cleanup’. You can run it and let it update your containers as soon as an update is available, but I just like to run it manually.
In reality for me it’s German CERT sending me emails that my n8n is again out of date with tons of CVEs.
I just use my free portainer business for 3 nodes to show in the containers view which ones are outdated, and I check it regularly. Really whish there could be some kind of notification but oh well. I also follow the releases for all the projects I self host so I know when to check. Automating this makes me too nervous for comfort.
I’m thinking of using Dockcheck. It’s not a drop-in replacement for Watchtower, but you probably can wip up a quick systemd service to run it.
A corn job that run pull on then up -d on my docker compose file.
Komodo.
is there something wrong with watchtower I missed?
It’s not maintained anymore but there is a fork. Someone else posted the link.
I don’t use it anymore as I switched to TrueNAS which has the functionality built in, but I used to use docking-station.
frongt@lemmy.zip 3 weeks ago
github.com/nicholas-fedor/watchtower/