Watchertower Container Setup

Watchtower email notifications

In my Homelab stack, I’ve completely Dockerized a lot of my infrastructure services: Sonarr, Radarr, Jackett, Nextcloud, Redis, MariaDB, MySQL, and a lot more! I made sure to get a very good understanding of how to manually remove containers, remove images, add macvlans, and even inspect the network elements all within the command line and then built a Docker-Compose that I can easily bring up and down containers if needed but I wanted something that can automate all updates.

All Along the Watchtower

The fine devs over at Watchtower made a container that will peridoically check to see if your containers have updates and if there is an update it will do the process for you! The break down of my docker-compose section for Watchetower looks like this:

  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    environment:
      - WATCHTOWER_NOTIFICATIONS=email
      - WATCHTOWER_NOTIFICATION_EMAIL_FROM=fromemail@example.com
      - WATCHTOWER_NOTIFICATION_EMAIL_TO=to@example.com
      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.example.com
      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=user@example.com
      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=Password
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_LABEL_ENABLE=true
      - WATCHTOWER_DEBUG=true
      - WATCHTOWER_SCHEDULE=0 30 2 * * *
      - TZ=America/New_York
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
    restart: unless-stopped

The first 3 lines are your standard variables, you set the name, the image, and the container name:

  watchtower:
    image: containrrr/watchtower
    container_name: watchtower

Lines 4 – 11 are one of the most importantable parts these lines tell Watchtower to email you if there are any updates! Fill out the information for your own mail server and the connectivity should be fine as long as you’re using the right ports to services.


    environment:
      - WATCHTOWER_NOTIFICATIONS=email
      - WATCHTOWER_NOTIFICATION_EMAIL_FROM=fromemail@example.com
      - WATCHTOWER_NOTIFICATION_EMAIL_TO=to@example.com
      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.example.com
      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=user@example.com
      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=Password

Line 12 is the second most important function to me as this tells Watchtower to clean up old images after the update has completed


- WATCHTOWER_CLEANUP=true

Line 13 tells Watchtower to only update containers that have a label: “com.centurylinklabs.watchtower.enable=”true” or com.centurylinklabs.watchtower.enable=”false”. If the value is true it will update that container and if value is false it will simply ignore that container and move on.


- WATCHTOWER_LABEL_ENABLE=true

Line 14 is a simple turn debugging on, I don’t need this to be on but when I troubleshoot I like to look at more events than not.


- WATCHTOWER_DEBUG=true

Line 15 is the cron 6 field instead of the default 5 fields the only difference is the last field is the year in YYYY format.


- WATCHTOWER_SCHEDULE=0 30 2 * * *

Line 16 is to set the timezone to America/New_York


- TZ=America/New_York

Lines 17, 18, and 19 are the bind volumes and the most important one is making sure /var/run/docker.sock is on the host and container. I just happen to always mount my localtime to ensure the right timezone is presented to the cotainer.


volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro

Lines 20 and 21 are the labels that we turned on in Lime 13, this tells Watchtower to update its own image.

    labels:
      - "com.centurylinklabs.watchtower.enable=true"

Line 22 is the normal always restart a container unless it’s stopped manually or otherwise. It’s not restarted even if the docker daemon restarts.


restart: unless-stopped

Final thoughts: I want to see how well this works out and if I don’t run into any issues I want Watchtower to monitor my other remote Docker instances. Having automation handle this will save me a lot of time from manually doing but with anything that’s automated you have to learn how to it manually before you can automate it.

**UPDATE 2022-01-09** Working as intended I received the notification email from my scheduled job that there some updates which Watchtower updated the image, restarted the container, deleted the old image upon successful start, and send me an email.

Watchtower updates the images from the docker-compose file.
Tagged , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.