Docker swarm service for automatically updating your services whenever their base image is refreshed
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
Dockerfile
LICENSE
README.md
docker-compose.yml
shepherd

README.md

Shepherd

A Docker swarm service for automatically updating your services whenever their base image is refreshed.

Usage

docker service create --name shepherd \
                      --constraint "node.role==manager" \
                      --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \
                      mazzolino/shepherd

Or with docker-compose

version: "3"
services:
  ...
  shepherd:
    build: .
    image: mazzolino/shepherd
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      placement:
        constraints:
        - node.role == manager

Configuration

Shepherd will try to update your services every 5 minutes by default. You can adjust this value using the SLEEP_TIME variable.

You can prevent services from being updated by appending them to the BLACKLIST_SERVICES variable. This should be a space-separated list of service names.

You can enable private registry authentication by setting the WITH_REGISTRY_AUTH variable.

Example:

docker service create --name shepherd \
                    --constraint "node.role==manager" \
                    --env SLEEP_TIME="5m" \
                    --env BLACKLIST_SERVICES="shepherd my-other-service" \
                    --env WITH_REGISTRY_AUTH="true" \
                    --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \
                    --mount type=bind,source=/root/.docker/config.json,target=/root/.docker/config.json,ro \
                    mazzolino/shepherd

How does it work?

Shepherd just triggers updates by updating the image specification for each service, removing the current digest.

Most of the work is thankfully done by Docker which resolves the image tag, checks the registry for a newer version and updates running container tasks as needed.

Also, Docker handles all the work of applying rolling updates. So at least with replicated services, there should be no noticeable downtime.