나스(시롤로지)에 WATCHTOWER(도커 컨테이너 자동 업데이트) 설치하기
페이지 정보
본문
1. 옵션은 아래 사이트 참고
https://containrrr.dev/watchtower/arguments/
2. 설정
sudo docker run -d --name watchtower -e TZ=Asia/Seoul -e WATCHTOWER_CLEANUP=true -e WATCHTOWER_REMOVE_VOLUMES=true -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower
[code]
version: "2"
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
TZ: Asia/Seoul
WATCHTOWER_CLEANUP: 'true'
WATCHTOWER_POLL_INTERVAL: 43200
restart: unless-stopped
[/code]
version: "2"
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
TZ: Asia/Seoul
WATCHTOWER_CLEANUP: 'true'
WATCHTOWER_POLL_INTERVAL: 86400
restart: unless-stopped
Container selection
By default, watchtower will watch all containers. However, sometimes only some containers should be updated.
There are two options:
- Fully exclude: You can choose to exclude containers entirely from being watched by watchtower.
- Monitor only: In this mode, watchtower checks for container updates, sends notifications and invokes the pre-check/post-check hooks on the containers but does not perform the update.
Full Exclude¶
If you need to exclude some containers, set the com.centurylinklabs.watchtower.enable label to false.
LABEL com.centurylinklabs.watchtower.enable="false"
Or, it can be specified as part of the docker run command line:
docker run -d --label=com.centurylinklabs.watchtower.enable=false someimage
If you need to include only containers with the enable label, pass the --label-enable flag or the WATCHTOWER_LABEL_ENABLE environment variable on startup and set the com.centurylinklabs.watchtower.enable label with a value of true for the containers you want to watch.
LABEL com.centurylinklabs.watchtower.enable="true"
Or, it can be specified as part of the docker run command line:
docker run -d --label=com.centurylinklabs.watchtower.enable=true someimage
If you wish to create a monitoring scope, you will need to run multiple instances and set a scope for each of them.
Watchtower filters running containers by testing them against each configured criteria. A container is monitored if all criteria are met. For example: - If a container's name is on the monitoring name list (not empty --name argument) but it is not enabled (centurylinklabs.watchtower.enable=false), it won't be monitored; - If a container's name is not on the monitoring name list (not empty --name argument), even if it is enabled (centurylinklabs.watchtower.enable=true and --label-enable flag is set), it won't be monitored;
Monitor Only¶
Individual containers can be marked to only be monitored (without being updated).
To do so, set the com.centurylinklabs.watchtower.monitor-only label to true on that container.
LABEL com.centurylinklabs.watchtower.monitor-only="true"
Or, it can be specified as part of the docker run command line:
docker run -d --label=com.centurylinklabs.watchtower.monitor-only=true someimage
When the label is specified on a container, watchtower treats that container exactly as if WATCHTOWER_MONITOR_ONLY was set, but the effect is limited to the individual container.
Notifications
Example:
docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
-e WATCHTOWER_NOTIFICATIONS=email \
-e WATCHTOWER_NOTIFICATION_EMAIL_FROM=fromaddress@gmail.com \
-e WATCHTOWER_NOTIFICATION_EMAIL_TO=toaddress@gmail.com \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.gmail.com \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587 \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=fromaddress@gmail.com \
-e WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=app_password \
-e WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2 \
containrrr/watchtower
The previous example assumes, that you already have an SMTP server up and running you can connect to. If you don't or you want to bring up watchtower with your own simple SMTP relay the following docker-compose.yml might be a good start for you.
The following example assumes, that your domain is called your-domain.com and that you are going to use a certificate valid for smtp.your-domain.com. This hostname has to be used as WATCHTOWER_NOTIFICATION_EMAIL_SERVER otherwise the TLS connection is going to fail with Failed to send notification email or connect: connection refused. We also have to add a network for this setup in order to add an alias to it. If you also want to enable DKIM or other features on the SMTP server, you will find more information at freinet/postfix-relay.
Example including an SMTP relay:
version: '3.8'
services:
watchtower:
image: containrrr/watchtower:latest
container_name: watchtower
environment:
WATCHTOWER_MONITOR_ONLY: 'true'
WATCHTOWER_NOTIFICATIONS: email
WATCHTOWER_NOTIFICATION_EMAIL_FROM: from-address@your-domain.com
WATCHTOWER_NOTIFICATION_EMAIL_TO: to-address@your-domain.com
# you have to use a network alias here, if you use your own certificate
WATCHTOWER_NOTIFICATION_EMAIL_SERVER: smtp.your-domain.com
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: 25
WATCHTOWER_NOTIFICATION_EMAIL_DELAY: 2
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- watchtower
depends_on:
- postfix
# SMTP needed to send out status emails
postfix:
image: freinet/postfix-relay:latest
expose:
- 25
environment:
MAILNAME: somename.your-domain.com
TLS_KEY: '/etc/ssl/domains/your-domain.com/your-domain.com.key'
TLS_CRT: '/etc/ssl/domains/your-domain.com/your-domain.com.crt'
TLS_CA: '/etc/ssl/domains/your-domain.com/intermediate.crt'
volumes:
- /etc/ssl/domains/your-domain.com/:/etc/ssl/domains/your-domain.com/:ro
networks:
watchtower:
# this alias is really important to make your certificate work
aliases:
- smtp.your-domain.com
networks:
watchtower:
external: false댓글목록
등록된 댓글이 없습니다.