1
0
mirror of https://github.com/containrrr/watchtower.git synced 2024-12-12 09:04:17 +02:00

Update to improve the private registry docs (#633)

* Update to improve the private registry docs

* minor adjustments

I know it's totally OK to enumerate a list using the same number in markdown, but for the sake of people reading the raw docs, I'd still like them to be numbered.
Also removed a superfluous `version: 3` and made sure all other versions were set to `"3.4"`.

Co-authored-by: Simon Aronsson <simme@arcticbit.se>
This commit is contained in:
Chander Ganesan 2020-10-03 16:07:42 -04:00 committed by GitHub
parent e118fd526b
commit 16a79d95b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -59,14 +59,14 @@ docker run [...] -v <PATH_TO_HOME_DIR>/.docker/config.json:/config.json containr
When creating the watchtower container via docker-compose, use the following lines: When creating the watchtower container via docker-compose, use the following lines:
```yaml ```yaml
version: "3" version: "3.4"
[...] services:
watchtower: watchtower:
image: index.docker.io/containrrr/watchtower:latest image: index.docker.io/containrrr/watchtower:latest
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- <PATH_TO_HOME_DIR>/.docker/config.json:/config.json - <PATH_TO_HOME_DIR>/.docker/config.json:/config.json
[...] ...
``` ```
#### Docker Config path #### Docker Config path
@ -74,10 +74,13 @@ By default, watchtower will look for the `config.json` file in `/`, but this can
Example usage: Example usage:
```yaml ```yaml
watchtower: version: "3.4"
image: containrrr/watchtower
environment: services:
DOCKER_CONFIG: /config watchtower:
image: containrrr/watchtower
environment:
DOCKER_CONFIG: /config
volumes: volumes:
- /etc/watchtower/config/:/config/ - /etc/watchtower/config/:/config/
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
@ -94,6 +97,12 @@ helper in a separate container and mount it using volumes.
### Example ### Example
Example implementation for use with [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper): Example implementation for use with [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper):
Use the dockerfile below to build the [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper),
in a volume that may be mounted onto your watchtower container.
1. Create the Dockerfile (contents below):
```Dockerfile ```Dockerfile
FROM golang:latest FROM golang:latest
@ -111,43 +120,68 @@ RUN go build \
WORKDIR /go/bin/ WORKDIR /go/bin/
``` ```
2. Use the following commands to build the aws-ecr-dock-cred-helper and store it's output in a volume:
```shell script
# Create a volume to store the command (once built)
docker volume create helper
# Build the container
docker build -t aws-ecr-dock-cred-helper .
# Build the command and store it in the new volume in the /go/bin directory.
docker run -d --rm --name aws-cred-helper --volume helper:/go/bin aws-ecr-dock-cred-helper
```
3. Create a configuration file for docker, and store it in $HOME/.docker/config.json (replace the <AWS_ACCOUNT_ID>
placeholders with your AWS Account ID):
```json
{
"credsStore" : "ecr-login",
"HttpHeaders" : {
"User-Agent" : "Docker-Client/19.03.1 (XXXXXX)"
},
"auths" : {
"<AWS_ACCOUNT_ID>.dkr.ecr.us-west-1.amazonaws.com" : {}
},
"credHelpers": {
"<AWS_ACCOUNT_ID>.dkr.ecr.us-west-1.amazonaws.com" : "ecr-login"
}
}
```
4. Create a docker-compose file (as an example) to help launch the container:
and the docker-compose definition: and the docker-compose definition:
```yaml ```yaml
version: "3" version: "3.4"
services: services:
# Check for new images and restart things if a new image exists
# for any of our containers.
watchtower: watchtower:
image: index.docker.io/containrrr/watchtower:latest image: containrrr/watchtower:latest
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- <PATH_TO_HOME_DIR>/.docker/config.json:/config.json - .docker/config.json:/config.json
- helper:/go/bin - helper:/go/bin
environment: environment:
- HOME=/ - HOME=/
- PATH=$PATH:/go/bin - PATH=$PATH:/go/bin
- AWS_REGION=<AWS_REGION> - AWS_REGION=us-west-1
- AWS_ACCESS_KEY_ID=<AWS_ACCESS_KEY>
- AWS_SECRET_ACCESS_KEY=<AWS_SECRET_ACCESS_KEY>
volumes: volumes:
helper: {} helper:
external: true
``` ```
and for `<PATH_TO_HOME_DIR>/.docker/config.json`: A few additional notes:
```json
{
"HttpHeaders" : {
"User-Agent" : "Docker-Client/19.03.1 (XXXXXX)"
},
"credsStore" : "osxkeychain",
"auths" : {
"xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : {},
"https://index.docker.io/v1/": {}
},
"credHelpers": {
"xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : "ecr-login",
"index.docker.io": "osxkeychain"
}
}
```
*Note:* `osxkeychain` can be changed to your preferred credentials helper. 1. With docker-compose the volume (helper, in this case) MUST be set to `external: true`, otherwise docker-compose
will preface it with the directory name.
2. Note that "credsStore" : "ecr-login" is needed - and in theory if you have that you can remove the
credHelpers section
3. I have this running on an EC2 instance that has credentials assigned to it - so no keys are needed; however,
you may need to include the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables as well.
4. An alternative to adding the various variables is to create a ~/.aws/config and ~/.aws/credentials files and
place the settings there, then mount the ~/.aws directory to / in the container.