Docker 自动更新镜像和容器-Watchtower
我们Consul集群已经搭建好了,Docker api 服务也部署好了,但是呢,又碰到一个问题。
我们每次更新api 服务,都需要拉取镜像,停止并删除容器,然后再重新运行。
这也太麻烦了!
我们希望做到镜像推送到私有仓后,api服务器能自动更新镜像和容器。
这里,我们就需要用到 Watchtower
安装Watchtower
git 地址: https://github.com/containrrr/watchtower
镜像:
containrrr/watchtower:i386-0.3.11 containrrr/watchtower:i386-latest containrrr/watchtower:amd64-0.3.11 containrrr/watchtower:amd64-latest containrrr/watchtower:armhf-0.3.11 containrrr/watchtower:armhf-latest containrrr/watchtower:arm64v8-0.3.11 containrrr/watchtower:arm64v8-latest 这里有很多版本,我们需要根据自己的操作系统,获取自己需要的版本
win 系统查看操作系统信息:
%PROCESSOR_ARCHITECTURE% 返回结果
amd64 Centos 系统查看操作系统信息:
uname -a 返回结果
Linux localhost.localdomain 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux x86_64 也就是 amd64
所以我们就是要获取 containrrr/watchtower:amd64-latest 版本
docker pull containrrr/watchtower:amd64-latest 测试运行
docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower 成功!
Watchtower 参数说明
$ docker run --rm containrrr/watchtower -h Watchtower automatically updates running Docker containers whenever a new image is released. More information available at https://github.com/containrrr/watchtower/. Usage: watchtower [flags] Flags: -a, --api-version string api version to use by docker client (default "1.24") -c, --cleanup remove previously used images after updating -d, --debug enable debug mode with verbose logging --enable-lifecycle-hooks Enable the execution of commands triggered by pre- and post-update lifecycle hooks -h, --help help for watchtower -H, --host string daemon socket to connect to (default "unix:///var/run/docker.sock") -S, --include-stopped Will also include created and exited containers -i, --interval int poll interval (in seconds) (default 300) -e, --label-enable watch containers where the com.centurylinklabs.watchtower.enable label is true -m, --monitor-only Will only monitor for new images, not update the containers --no-pull do not pull any new images --no-restart do not restart any containers --notification-email-delay int Delay before sending notifications, expressed in seconds --notification-email-from string Address to send notification emails from --notification-email-server string SMTP server to send notification emails through --notification-email-server-password string SMTP server password for sending notifications --notification-email-server-port int SMTP server port to send notification emails through (default 25) --notification-email-server-tls-skip-verify Controls whether watchtower verifies the SMTP server's certificate chain and host name. Should only be used for testing. --notification-email-server-user string SMTP server user for sending notifications --notification-email-subjecttag string Subject prefix tag for notifications via mail --notification-email-to string Address to send notification emails to --notification-gotify-token string The Gotify Application required to query the Gotify API --notification-gotify-url string The Gotify URL to send notifications to --notification-msteams-data The MSTeams notifier will try to extract log entry fields as MSTeams message facts --notification-msteams-hook string The MSTeams WebHook URL to send notifications to --notification-slack-channel string A string which overrides the webhook's default channel. Example: #my-custom-channel --notification-slack-hook-url string The Slack Hook URL to send notifications to --notification-slack-icon-emoji string An emoji code string to use in place of the default icon --notification-slack-icon-url string An icon image URL string to use in place of the default icon --notification-slack-identifier string A string which will be used to identify the messages coming from this watchtower instance (default "watchtower") -n, --notifications strings notification types to send (valid: email, slack, msteams, gotify) --notifications-level string The log level used for sending notifications. Possible values: panic, fatal, error, warn, info or debug (default "info") --remove-volumes remove attached volumes before updating --revive-stopped Will also start stopped containers that were updated, if include-stopped is active -R, --run-once Run once now and exit -s, --schedule string the cron expression which defines when to update -t, --stop-timeout duration timeout before a container is forcefully stopped (default 10s) -v, --tlsverify 实战
1、找一台服务器测试,先看下更新前的内容:
2、运行Watchtowe
docker run -d --name watchtower -e REPO_USER=xxxx -e REPO_PASS=test# --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower:amd64-latest -c myservice31 testservice31 --interval 300 3、运行完成之后,查看日志:
docker logs -f watchtower 
等待5分钟再看日志:
镜像和容器已更新,查看镜像
其他特性
1、设置自动更新检查频率方式
1、设置更新检测时间间隔
–interval, -i – 设置更新检测时间间隔,单位为秒。比如每隔 1 个小时检查一次更新:
如:
docker run -d --name watchtower --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower -c --interval 3600 2、设置定时检测更新时间
–schedule, -s – 设置定时检测更新时间。格式为 6 字段 Cron 表达式,而非传统的 5 个字段。比如每天凌晨 2 点检查一次更新:
如:
docker run -d --name watchtower --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower -c --schedule "0 2 * * * *" 2、手动更新
前面的使用方式都是让 Watchtower 以 detached(后台)模式在运行并自动更新容器,而 Watchtower 也支持以 foreground(前台)模式来使用,即运行一次退出并删掉容器,来实现手动更新容器。这对于偶尔更新一次那些不在自动更新列表中的容器非常有用。
对于 foreground 模式,需要加上 –run-once 这个专用的选项。下面的例子 Docker 会运行一次 Watchtower 并检查 aria2-pro 容器的基础镜像更新,最后删掉本次运行创建的 Watchtower 容器。
–run-once (简写 -R)
如:
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower -c --run-once myservice31 3、容器更新列表
如果我们指定的容器比较多时,在命令中指定不太好管理,我们可以用个列表来管理
1、创建列表
$ cat ~/.watchtower.list myservice31 testservice31 ... 2、通过变量的方式去调用这个列表
docker run -d --name watchtower --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower -c $(cat ~/.watchtower.list) 4、设置单个容器自动更新特征
给容器中添加 com.centurylinklabs.watchtower.enable 这个 LABEL 并设置它的值为 false,或者在启动命令中加入 –label com.centurylinklabs.watchtower.enable=false 参数可以排除相应的容器。下面这个例子是博主的 openwrt-mini 镜像的容器启动命令,Watchtower 将永远忽略它的更新,即使它包含在自动更新列表中
docker run -d --name myservice31 --restart always --label com.centurylinklabs.watchtower.enable=false 192.168.8.25:5000/myapi 当容器启动命令中加入 –label com.centurylinklabs.watchtower.enable=true 参数,并且给 Watchtower 加上 –label-enable 选项时,Watchtower 将只更新这些包含此参数的容器。
docker run -d –name watchtower –restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower -c –label-enable
–label-enable 可以简写为 -e
docker run -d --name watchtower --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower -ce 因为需要在容器启动时进行设置,且设置后就无法直接更改,只能重建容器,所以这种方式的灵活性不如更新列表法。尤其是在设置 com.centurylinklabs.watchtower.enable=false 参数后容器将永远被 Watchtower 忽略,也包括后面将要提到的手动更新方式,所以一般不推荐这样做,除非你愿意手动重建的原生方式更新。
踩坑记录
1、启动 watchtower 时未设置检查更新频率
docker run -d --name watchtower --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower:amd64-latest -c myservice32 testservice32 1、启动 watchtower 时未设置用户名密码
docker run -d --name watchtower --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower:amd64-latest -c myservice31 testservice31 --interval 300 
time="2021-08-05T03:01:27Z" level=info msg="Unable to update container \"/myservice31\": Error response from daemon: Head http://192.168.8.25:5000/v2/myapi/manifests/latest: no basic auth credentials. Proceeding to next." 连不上私有仓。
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/205138.html原文链接:https://javaforall.net
