I love Docker, but I hate that containers have to be manually updated. So, I found a solution: Watchtower. This simple Docker container completely streamlined my setup, and I won’t deploy another Docker server without it.

Docker Containers Don’t Update Themselves

I love everything about Docker containers, except for the fact that there’s no simple update method in most Docker managers. While Unraid provides a great Docker update system, you typically have to recreate the container to update it, even with something like Portainer.

No data is lost during this recreation, and it’s honestly a simple thing to do. However, knowing whether a container has an update, plus updating lots of containers at once, can be a bit cumbersome.

Honestly, I was a little surprised by this. Up until the last month or so, I’ve always used Unraid to manage my Docker containers. Unraid has a great interface for knowing if a container has an update, and for applying said update. In fact, in Unraid, you can click on the individual containers to update them, or click a button and update them all at one time.

But, when moving to Portainer, I realized that this was an Unraid feature, not something that Docker itself does. At that point, I decided that I had to figure out a better way to handle updating my Docker containers. One that was more automated and hands-off than manually recreating each container.

Watchtower Keeps an Eye on Docker Updates

When I set out to find an automated update system for Docker, Watchtower was the first piece of software I came across. It was also where the search stopped, because it does everything I need and more.

Watchtower is a Docker container that runs within your Docker setup. By connecting to the Docker socket, it can see what containers you have, and it knows what to do from there. Deploying Watchtower is extremely simple.

With no added arguments, the Watchtower container will run one time and then stop. However, there are many environment variables that can be set. One of the main ones that I use is WATCHTOWER_DISABLE_CONTAINERS, to which you feed the container name as the variable. This essentially tells Watchtower to ignore those containers.

If you have mission-critical containers that you don’t want automatically updating and potentially breaking, then you’ll want to ensure they’re in the WATCHTOWER_DISABLE_CONTAINERS variable.

I also have the WATCHTOWER_SCHEDULE and TZ environmental variables set to handle scheduling when Watchtower runs. It uses Chron scheduling, and I have mine is set to run early in the morning daily, when nobody is typically using any of the services or websites that I host in my Docker setup. However, you can set it to check once a day, multiple times a day, once a week, once a month. It’s really up to you.

Auto Update or Just Notify, the Choice Is Yours

Watchtower is quite configurable. Not only can you tell it when to run, and what containers to ignore, but you can also determine whether it updates those containers or not.

Watchtower can integrate with Discord and Slack, allowing you to set up notifications for what it’s doing. This means you can have it simply tell you when a container has an update, but do nothing with it. On the other hand, you could have it do the full update of the containers and tell you when it’s done. Or, be like me, and just have it updated but never know what’s happening unless you check the logs.

So should you set it to auto-update or just notify? Well, I have most of my containers auto-updating: the ones that I don’t foresee breaking, and that are relatively easy for me to fix if they do. Other services could break catastrophically with an auto update.

You’ve got to determine what level of automation you want to employ here. The great thing with Watchtower is it’s ultra-configurable, though, so you can decide on a case-by-case basis whether a container is automatically handled.

Watchtower lets you choose which containers it works with through the WATCHTOWER_DISABLE_CONTAINERS variable, or through labels. With labels, you can pass a variable to the container itself, either enabling or disabling it for Watchtower. While I haven’t used this function of Watchtower yet, it’s great to see that you can set the flags within your other containers instead of having to set it in Watchtower. Then, you can just change that flag in the future if you want to change Watchtower’s function.