5 Docker Update Image Tools to Keep Images Up to Date

If you are running Docker containers in your environment, you are probably interested in knowing how to keep lifecycle management of your container images and docker update image tasks. There are actually a few tools that I want to show you in this blog post that I have found extremely helpful. Let’s dive in.

Overview of the Docker Update Image tools to use

First, let’s talk about the tools you can use to update your Docker images and respin your containers:

1. docker CLI commands
2. Watchtower – standalone Docker hosts
3. Shepherd – Docker Swarm clusters
4. Portainer – manual updates and container webhooks
5. CI/CD – initiate updates and docker cleanup

1. Docker update image CLI command

The command that we can use for basic updating of container images is the default docker CLI command line tools. Using a combination of tools, we can update container images when they have a new image available.

First, pull the new container image:

docker pull influxdb:latest

Next, we stop the existing container we want to update:

docker stop influxdb

Now, we remove the existing container:

docker rm influxdb

Finally, we run the new container with the latest image pulled:

docker run -d --name influxdb -p 8086:8086 influxdb:latest

2. Watchtower

Watchtower is a tool that I have long used on Docker standalone hosts and it works great. Watchtower can be scheduled to check for new container images. If new images are found, it will stop existing containers and respin these with the same parameters, volumes, etc.

You can learn more about the Watchtower project and read the official documentation here: GitHub – containrrr/watchtower.

docker run -d --name watchtower -e WATCHTOWER_CLEANUP=true -e WATCHTOWER_LABEL_ENABLE=true -e WATCHTOWER_LABEL_FILTER=com.example.autoupdate=true -e WATCHTOWER_POLL_INTERVAL=600 -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower

If you want to use it with Docker Compose, you can use the following compose code, modifying it for your environment. This gives you an idea of how you setup the scheduling for the image checks as well as email alerts.

version: "3" 
services: 
  watchtower:     
    image: containrrr/watchtower
    container_name: watchtower 
    restart: always 
    environment: 
      WATCHTOWER_SCHEDULE: "0 0 1 * * *" 
      TZ: America/Chicago 
      WATCHTOWER_CLEANUP: "true" 
      WATCHTOWER_DEBUG: "true"      
      WATCHTOWER_NOTIFICATIONS: "email" 
      WATCHTOWER_NOTIFICATION_EMAIL_FROM: "[email protected]"
      WATCHTOWER_NOTIFICATION_EMAIL_TO: "[email protected]" 
      # you have to use a network alias here, if you use your own certificate 
      WATCHTOWER_NOTIFICATION_EMAIL_SERVER: "10.1.149.19" 
      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: "8025" 
      WATCHTOWER_NOTIFICATION_EMAIL_DELAY: 2 
    volumes: 
      - /var/run/docker.sock:/var/run/docker.sock

3. Shepherd

If you are running Docker Swarm clusters, Watchtower isn’t the best tool for updating as it isn’t really designed for the Docker service construct that exists in Docker Swarm. Instead, there is another community project that is for this purpose and does something very similar to Watchtower except for Docker Swarm clusters. It is called Shepherd. You can read more about the project on the official Github page here: GitHub – containrrr/shepherd.

Below is the service code that I am using in my Docker Swarm cluster:

services:
  app:
    image: containrrr/shepherd
    environment:
      TZ: 'US/Central'
      FILTER_SERVICES: ''
      IGNORELIST_SERVICES: ''
      RUN_ONCE_AND_EXIT: "true"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    deploy:
      replicas: 0
      restart_policy:
        condition: none
      labels:
        - swarm.cronjob.enable=true
        - swarm.cronjob.schedule=0 1 * * *
        - swarm.cronjob.skip-running=true
      placement:
        constraints:
          - node.role == manager

  scheduler:
    image: crazymax/swarm-cronjob:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - "TZ=US/Central"
      - "LOG_LEVEL=info"
      - "LOG_JSON=false"
    deploy:
      placement:
        constraints:
          - node.role == manager

3. Portainer manual updates and container webhooks

Portainer is an excellent tool all the way around. When it comes to updating your container images, it provides a powerful tool that you can use to both manually update your images and also use container webhooks to automate this process.

When you look at the properties of your container in Portainer, you will see the following under the Actions section. The option we are looking for is Recreate. Click this button.

When you click Recreate, you will see the following dialog box. If you want to make sure you are running the latest image, enable the toggle Re-pull Image. Then click the Recreate button. This will pull the latest image and then respin the container using the latest image.

To enable the container webhook option for a Docker container in Portainer, under the Container status section, enable the toggle for Container webhook. You will see a link generated. Then click the Copy link button. Using this link, you can send a post message and it will trigger a container update process.

5. CI/CD initiate updates and docker cleanup

Using CI/CD, you can do just about anything. With Docker, you can use a CI/CD pipeline to trigger updates, such as using the container webhook URL Portainer generates, and you can do things like keeping your container host cleaned up with various housekeeping tasks.

Take a look at my previous blog post here that shows how to use a GitLab CI/CD pipeline to keep your Docker container host clean after multiple update processes, cleaning up dangling images, etc:

• Docker Prune Automating Cleanup Across Multiple Container Hosts

Wrapping up

Hopefully, the list above of Docker image update tools will be helpful to any who want to make use of automation and other tasks to keep their Docker container hosts updated with the latest images and also make sure the host is kept tidy and clean after multiple update processes. There are great tools available out there like Portainer that can help you easily manage your Docker hosts or Swarm cluster environments.