Added support for watchtower

riotkit-org · Mar 23, 2019 · 2bcc8e5 · 2bcc8e5
1 parent 99a7d42
commit 2bcc8e5
Show file tree

Hide file tree

Showing 13 changed files with 71 additions and 0 deletions.
diff --git a/.env-default b/.env-default
@@ -55,3 +55,8 @@ BACKUPS_CONTAINER=backup
 
 # backups collections, collection per container/backup point
 BACKUPS_PORTAINER_COLLECTION_ID=11111-2222-3333-4444
+
+# watchtower
+WATCHTOWER_INTERVAL=10
+WATCHTOWER_SLACK_HOOK=https://mattermost.anarchista.net/hooks/hxs9ebij57r15k1i6hz1dp6s6e
+WATCHTOWER_IDENTIFIER="CIA-ZSP Watchtower"
diff --git a/apps/conf/docker-compose.health.yml b/apps/conf/docker-compose.health.yml
@@ -14,3 +14,5 @@ services:
             - VIRTUAL_PORT=8000
             - LETSENCRYPT_HOST=health.${MAIN_DOMAIN}${DOMAIN_SUFFIX}
             - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/docker-compose.service-discovery.yml b/apps/conf/docker-compose.service-discovery.yml
@@ -10,6 +10,7 @@ services:
         restart: unless-stopped
         labels:
             - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true
+            - com.centurylinklabs.watchtower.enable=true
         ports:
           - "80:80"
           - "443:443"
@@ -32,6 +33,7 @@ services:
         restart: always
         labels:
             - com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen=true
+            - com.centurylinklabs.watchtower.enable=true
         command: "-notify-sighup ${COMPOSE_PROJECT_NAME}_gateway_1 -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf"
         volumes_from:
             - gateway
@@ -46,3 +48,4 @@ services:
 
             # @debugging: It may be useful to disable HSTS when the SSL setup is not ready yet
             - HSTS=on
+
diff --git a/apps/conf/docker-compose.smtp.yml b/apps/conf/docker-compose.smtp.yml
@@ -14,4 +14,6 @@ services:
             - "25"
         env_file:
             - .env
+        labels:
+            com.centurylinklabs.watchtower.enable: true
 
diff --git a/apps/conf/docker-compose.ssl.yml b/apps/conf/docker-compose.ssl.yml
@@ -19,3 +19,5 @@ services:
 
             # @debugging: Enable to test if the Letsencrypt is properly configured
             #- ACME_CA_URI=https://acme-staging.api.letsencrypt.org/directory
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/docker-compose.technical.yml b/apps/conf/docker-compose.technical.yml
@@ -17,3 +17,5 @@ services:
             - VIRTUAL_PORT=9000
             - LETSENCRYPT_HOST=a2.${MAIN_DOMAIN}${DOMAIN_SUFFIX}
             - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.backup.yml.example b/apps/conf/templates/docker-compose.backup.yml.example
@@ -17,3 +17,5 @@ services:
 
         restart: on-failure
         mem_limit: 80000000 # 80M
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.dashboard.yml.example b/apps/conf/templates/docker-compose.dashboard.yml.example
@@ -20,3 +20,4 @@ services:
             org.docker.services.dashboard.description: 'Dashboard - a list of all hosted websites running on this network'
             org.docker.services.dashboard.icon: 'pe-7s-browser'
             org.docker.services.dashboard.only_for_admin: false
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.db.yml.example b/apps/conf/templates/docker-compose.db.yml.example
@@ -22,6 +22,8 @@ services:
             - MYSQL_PASSWORD=${MYSQL_PASSWORD}
             - MYSQL_DATABASE=${MYSQL_DATABASE}
             - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
 
 
     #
@@ -39,3 +41,5 @@ services:
             - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
         expose:
             - "80"
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.deployer.yml.example b/apps/conf/templates/docker-compose.deployer.yml.example
@@ -14,3 +14,5 @@ services:
             - VIRTUAL_PORT=8012
             - LETSENCRYPT_HOST=deploy.${MAIN_DOMAIN}${DOMAIN_SUFFIX}
             - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.updates.yml.example b/apps/conf/templates/docker-compose.updates.yml.example
@@ -0,0 +1,17 @@
+version: "2"
+services:
+    #
+    # Automatically does a docker pull for tagged services with "com.centurylinklabs.watchtower.enable" tag
+    #
+    autoupdater:
+        image: v2tec/watchtower
+        command: "--label-enable --interval ${WATCHTOWER_INTERVAL} --cleanup"
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock
+            - /root/.docker/config.json:/config.json
+        environment:
+            - WATCHTOWER_NOTIFICATIONS=slack
+            - WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL=${WATCHTOWER_SLACK_HOOK}
+            - WATCHTOWER_NOTIFICATION_SLACK_IDENTIFIER=${WATCHTOWER_IDENTIFIER}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.uptimeboard.yml.example b/apps/conf/templates/docker-compose.uptimeboard.yml.example
@@ -20,3 +20,4 @@ services:
             org.docker.services.dashboard.description: 'Applications health monitoring'
             org.docker.services.dashboard.icon: 'pe-7s-angle-down-circle'
             org.docker.services.dashboard.only_for_admin: false
+            com.centurylinklabs.watchtower.enable: true
diff --git a/docs/source/features.rst b/docs/source/features.rst
@@ -182,3 +182,31 @@ Example cases:
 
 .. _file-repository: https://github.com/riotkit-org/file-repository
 .. _file-repository.docs.riotkit.org: https://file-repository.docs.riotkit.org/en/latest/client/configuration-reference.html
+
+Automatic containers update
+---------------------------
+
+Watchtower_ keeps an eye on containers marked with *com.centurylinklabs.watchtower.enable* label.
+Each container's image is checked for update availability, if an update is available then it's pulled from registry
+and the container is re-created on a new version of image.
+
+Downtime is minimized by pulling newer versions of images at first, then re-creating containers in proper order.
+Linked containers dependency chain is respected, so the containers are re-created in proper order.
+
+To enable Watchtower, just use a template "docker-compose.updates.yml.example", copy it to the conf directory with removing ".example" suffix.
+
+**Configuration**
+
+By default there are a few example variables extracted into the environment. You may adjust it to your needs, turn off notifications,
+or switch notifications from slack/mattermost to e-mail.
+
+Check Watchtower_ documentation for detail.
+
+.. code:: bash
+
+    # watchtower
+    WATCHTOWER_INTERVAL=1800
+    WATCHTOWER_SLACK_HOOK=...
+    WATCHTOWER_IDENTIFIER="Watchtower"
+
+.. _Watchtower: https://github.com/v2tec/watchtower