I’ve just set WatchTower to one-shot runs and whenever I have some time to fix eventual issues, I start the WatchTower container, it’ll pull any updates and stop again. No need to mess with my compose files (all set to latest) and no need for pull requests or similar.
This. Except for a few projects that have given me headaches for an automatic update before (I’m looking at you Jellyfin). Those I have them locked to a version and only upgrade when I think it’s truly stable (spoiler: stable release was not stable) and when I know I will have time to fix things that may broke.
If I understood correctly, he manually runs watchtower to poll rather than leaving it running all the time. What wasn’t clear to me was if he has it doing the updates (evidenced by him saying he cleans up where needed after) or just pull down the updated images and he then manually restarts/rebuilds the container.
I leave it running all the time and it only updates at something like 03:00. The only containers I don’t have set to latest are DBs as major updates tend to break things.
Yes, I’ve set WATCHTOWER_RUN_ONCE and run it manually (letting it download and automatically apply the updates) when I find time. In the rare case something breaks, I can fix it immediately or roll back the broken container by setting the label to the previous version.
Still a docker noob. I find I have a lot of orphaned images. What do people normally do, schedule a purge or just prune them manually every once in a while?
I don’t know fully what’s they are doing. But here’s my workflow with watchtower.
I have a cron task that runs watchtower every day on monitor-mode and only-once one time a day. That creates a list on what containers can be uograded. They using shourrr (it’s already integrated with watchtower it’s just an environment variable to do this) I send myself a message to my phone informing me of what updates are available. If I see fit to upgrade everything I just run watchtower once without monitor mode to upgrade all. I have pendant to automate this last part in a way that I just answer to the bot that’s informing me of the updates and should apply the command without having me ssh into the server. But as for now I have to ssh and run a script I have at hand to launch the upgrade with watchtower.
There are some problematic containers that I don’t want to upgrade this way. For those I have their compose files version locked and I upgrade them manually when I want.
I’ve just set WatchTower to one-shot runs and whenever I have some time to fix eventual issues, I start the WatchTower container, it’ll pull any updates and stop again. No need to mess with my compose files (all set to
latest) and no need for pull requests or similar.Sounds like your would benefit from using dockcheck.sh for your use case.
This. Except for a few projects that have given me headaches for an automatic update before (I’m looking at you Jellyfin). Those I have them locked to a version and only upgrade when I think it’s truly stable (spoiler: stable release was not stable) and when I know I will have time to fix things that may broke.
Yeah, if you run
latest, there’s no need for renovate. I don’t thoughInteresting. Can you clarify what you meant by one-shot runs?
I have watchtower running all the time, would it be worth it/is it best practice to stop it
If I understood correctly, he manually runs watchtower to poll rather than leaving it running all the time. What wasn’t clear to me was if he has it doing the updates (evidenced by him saying he cleans up where needed after) or just pull down the updated images and he then manually restarts/rebuilds the container.
I leave it running all the time and it only updates at something like 03:00. The only containers I don’t have set to latest are DBs as major updates tend to break things.
Yes, I’ve set
WATCHTOWER_RUN_ONCEand run it manually (letting it download and automatically apply the updates) when I find time. In the rare case something breaks, I can fix it immediately or roll back the broken container by setting the label to the previous version.Thank you. Side question:
Still a docker noob. I find I have a lot of orphaned images. What do people normally do, schedule a purge or just prune them manually every once in a while?
I don’t know fully what’s they are doing. But here’s my workflow with watchtower.
I have a cron task that runs watchtower every day on monitor-mode and only-once one time a day. That creates a list on what containers can be uograded. They using shourrr (it’s already integrated with watchtower it’s just an environment variable to do this) I send myself a message to my phone informing me of what updates are available. If I see fit to upgrade everything I just run watchtower once without monitor mode to upgrade all. I have pendant to automate this last part in a way that I just answer to the bot that’s informing me of the updates and should apply the command without having me ssh into the server. But as for now I have to ssh and run a script I have at hand to launch the upgrade with watchtower.
There are some problematic containers that I don’t want to upgrade this way. For those I have their compose files version locked and I upgrade them manually when I want.