What are you using to update your Docker images?
You must log in or # to comment.
A corn job that run pull on then up -d on my docker compose file.
Komodo.
After too many wild rides with Watchtower auto-nuking services, thanks to breaking changes (migrations, DB updates, deployment changes, etc), I switched to What’s Up Docker and pin the version for all of my containers.
WUD lets me know when something has an update, so I periodically go through their release notes and do the update(s) manually. Usually as simple as read the notes, changes version in compose, down (or pull), then “up -d”. But this approach has saved my bacon multiple times.
I’ve seen there are other solutions - of varying degrees of promises vs delivery - but most of my stuff is long term and stable. My approach maintains all that.
Quadlets. Auto update and auto rollback if the new image fails to start. Plus easier management overall, too.
I theoretically have Diun setup, but realistically I just run my Ansible playbook weekly and have most containers set to latest. The exceptions being things that sometimes need special steps when upgrading such as Immich or critical stuff I want special attention such as Athelia/Authentik, for those I subscribe to their releases via RSS so I can update them easily, which usually is just changing a value in my Ansible configuration, but if extra changes are needed I can adapt them.
I generally don’t update automatically, I currently use WUD. It works fine for image checking and notifications and had no need to change it for now, but I am thinking of trying dockhand too.
In reality for me it’s German CERT sending me emails that my n8n is again out of date with tons of CVEs.
I use dockwatch, but not for automatic updates. I just update after reviewing the changelog and user reports.
While I’m a big proponent of version pinning your critical services, if you’re running stuff in docker swarm shepherd is a solid service updater for the less critical things.
I just use my free portainer business for 3 nodes to show in the containers view which ones are outdated, and I check it regularly. Really whish there could be some kind of notification but oh well. I also follow the releases for all the projects I self host so I know when to check. Automating this makes me too nervous for comfort.
All my docker images are in code in Github.
Renovate makes a PR when there are image or helm chart updates.
ArgoCD sees the PR merge and applies to Kubernetes.
For a few special cases I use ArgoCD-image-updater.
+1 for Renovate. It’s not a drop-in replacement for Watchtower, but it allowed me to create a robust CI/CD pipeline. And, it can be centrally run, instead of having Watchtower running on every Docker host I have.
Im using Komodo for deployong and auto updates.
I am really liking komodo so far. I need to understand how the builder works and I think it will be perfect for what I need.
Never used it, but TugTainer. I use the fork of Watchtower and run it with
'--run-once' '--cleanup'. You can run it and let it update your containers as soon as an update is available, but I just like to run it manually.I don’t use it anymore as I switched to TrueNAS which has the functionality built in, but I used to use docking-station.
