Watchtower

Watchtower is a Docker container update automator that monitors registries for new image pushes and automatically restarts containers with the latest versions. It functions as a container lifecycle manager, handling the process of bringing running containers up to date without manual intervention.

The service includes specialized controls to manage deployment risk and precision, such as image age deferral and deployment cooldowns to protect against buggy releases. It supports image tag pinning to restrict updates to specific version series and can operate as a self-updating service to maintain its own currency.

Beyond basic updates, the project provides infrastructure monitoring through Prometheus-compatible metrics and a webhook notification system with template-driven reporting. It manages the update lifecycle through sequential dependency-aware restarts, custom termination signals, and post-update image resource cleanup. For extended environments, it supports private registry authentication, remote daemon communication, and a token-secured management API for remote update triggers.

Features

Automated Container Image Updaters - Automatically updates running Docker containers to the latest image versions from a registry without manual intervention.

Automated Container Updaters - Monitors registries for new image pushes and automatically restarts containers with the latest versions.

Container Filtering Policies - Provides rules for selecting specific containers for monitoring and updates based on names, regex, or labels.

Container Lifecycle Management - Manages the stop and restart lifecycle of containers during the update process.

Container Lifecycle Management - Manages the process of stopping and restarting containers through custom signals, timeouts, and sequential ordering.

Docker Container Update Monitors - Monitors running Docker containers for new image pushes and automatically applies updates.

Registry Version Polling - Periodically checks remote registries for new image versions to detect available updates.

Registry Authentication Providers - Enables connection to protected image registries using environment variables, local configuration files, or external credential helpers.

Release Age Filters - Delays the application of new images until they meet a minimum age requirement to protect against buggy releases.

Lifecycle Script Execution - Executes custom scripts triggered by specific stages of the container update lifecycle.

Update Execution APIs - Provides APIs to programmatically trigger update processes for specific or all containers.

Registry Authentication - Uses environment variables or local configuration files to authenticate with private image registries.

Webhook Notification Systems - Dispatches custom formatted update reports and session logs to external services via HTTP requests.

CI/CD Workflows - Integrates container image updates into CI/CD pipelines using API triggers and lifecycle hooks.

Private Registries - Connects to protected container registries using credentials to pull and update private images.

Container Lifecycle Cleanup - Reclaims disk space by removing obsolete container images and anonymous volumes after updates.

Container Monitoring - Tracks image versions and update status via Prometheus metrics and custom notifications for system observability.

Remote Runtime Communication - Connects to container runtimes via network sockets to manage containers on separate host machines.

Dependency-Aware Orchestration - Orders container updates by analyzing linked services and network dependencies to minimize service disruption.

Dependency-Aware Restart Sequences - Determines the update sequence by following container dependencies, linked services, or network modes to minimize disruption.

Update Notification Services - Monitors running containers and dispatches alerts to various services when newer image versions are available.

Management APIs - Provides HTTP endpoints to trigger updates, monitor active containers, and export metrics.

Rolling Update Orchestrators - Updates containers sequentially and verifies health checks before proceeding to minimize service downtime.

Shutdown Signaling - Sends custom termination signals to containers during updates to ensure graceful shutdowns.

Tag Pinning - Restricts updates to the exact image reference and tag to ensure containers remain within a specific version series.

Lifecycle Hook Executions - Triggers external scripts at specific stages of the update process using custom identity mappings.

Deployment Cooldowns - Prevents immediate deployment of new images by enforcing a cooldown period based on image age.

Disk Space Cleaners - Identifies and removes unnecessary old container images and orphaned volumes to reclaim host storage.

Prometheus-Formatted HTTP Endpoints - Exposes container update status and performance metrics via a Prometheus-compatible HTTP endpoint.

Container Target Filters - Identifies which containers to monitor using specific metadata labels or regular expression patterns.

nicholas-fedorwatchtowerFork

Features

Star history