mirror of
https://github.com/containrrr/watchtower.git
synced 2024-12-12 09:04:17 +02:00
Update to improve the private registry docs (#633)
* Update to improve the private registry docs * minor adjustments I know it's totally OK to enumerate a list using the same number in markdown, but for the sake of people reading the raw docs, I'd still like them to be numbered. Also removed a superfluous `version: 3` and made sure all other versions were set to `"3.4"`. Co-authored-by: Simon Aronsson <simme@arcticbit.se>
This commit is contained in:
parent
e118fd526b
commit
16a79d95b5
@ -59,14 +59,14 @@ docker run [...] -v <PATH_TO_HOME_DIR>/.docker/config.json:/config.json containr
|
|||||||
When creating the watchtower container via docker-compose, use the following lines:
|
When creating the watchtower container via docker-compose, use the following lines:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: "3"
|
version: "3.4"
|
||||||
[...]
|
services:
|
||||||
watchtower:
|
watchtower:
|
||||||
image: index.docker.io/containrrr/watchtower:latest
|
image: index.docker.io/containrrr/watchtower:latest
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- <PATH_TO_HOME_DIR>/.docker/config.json:/config.json
|
- <PATH_TO_HOME_DIR>/.docker/config.json:/config.json
|
||||||
[...]
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Docker Config path
|
#### Docker Config path
|
||||||
@ -74,10 +74,13 @@ By default, watchtower will look for the `config.json` file in `/`, but this can
|
|||||||
Example usage:
|
Example usage:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
watchtower:
|
version: "3.4"
|
||||||
image: containrrr/watchtower
|
|
||||||
environment:
|
services:
|
||||||
DOCKER_CONFIG: /config
|
watchtower:
|
||||||
|
image: containrrr/watchtower
|
||||||
|
environment:
|
||||||
|
DOCKER_CONFIG: /config
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/watchtower/config/:/config/
|
- /etc/watchtower/config/:/config/
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
@ -94,6 +97,12 @@ helper in a separate container and mount it using volumes.
|
|||||||
### Example
|
### Example
|
||||||
Example implementation for use with [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper):
|
Example implementation for use with [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper):
|
||||||
|
|
||||||
|
|
||||||
|
Use the dockerfile below to build the [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper),
|
||||||
|
in a volume that may be mounted onto your watchtower container.
|
||||||
|
|
||||||
|
1. Create the Dockerfile (contents below):
|
||||||
|
|
||||||
```Dockerfile
|
```Dockerfile
|
||||||
FROM golang:latest
|
FROM golang:latest
|
||||||
|
|
||||||
@ -111,43 +120,68 @@ RUN go build \
|
|||||||
WORKDIR /go/bin/
|
WORKDIR /go/bin/
|
||||||
```
|
```
|
||||||
|
|
||||||
|
2. Use the following commands to build the aws-ecr-dock-cred-helper and store it's output in a volume:
|
||||||
|
|
||||||
|
```shell script
|
||||||
|
# Create a volume to store the command (once built)
|
||||||
|
docker volume create helper
|
||||||
|
|
||||||
|
# Build the container
|
||||||
|
docker build -t aws-ecr-dock-cred-helper .
|
||||||
|
|
||||||
|
# Build the command and store it in the new volume in the /go/bin directory.
|
||||||
|
docker run -d --rm --name aws-cred-helper --volume helper:/go/bin aws-ecr-dock-cred-helper
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Create a configuration file for docker, and store it in $HOME/.docker/config.json (replace the <AWS_ACCOUNT_ID>
|
||||||
|
placeholders with your AWS Account ID):
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"credsStore" : "ecr-login",
|
||||||
|
"HttpHeaders" : {
|
||||||
|
"User-Agent" : "Docker-Client/19.03.1 (XXXXXX)"
|
||||||
|
},
|
||||||
|
"auths" : {
|
||||||
|
"<AWS_ACCOUNT_ID>.dkr.ecr.us-west-1.amazonaws.com" : {}
|
||||||
|
},
|
||||||
|
"credHelpers": {
|
||||||
|
"<AWS_ACCOUNT_ID>.dkr.ecr.us-west-1.amazonaws.com" : "ecr-login"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
4. Create a docker-compose file (as an example) to help launch the container:
|
||||||
|
|
||||||
and the docker-compose definition:
|
and the docker-compose definition:
|
||||||
```yaml
|
```yaml
|
||||||
version: "3"
|
version: "3.4"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
# Check for new images and restart things if a new image exists
|
||||||
|
# for any of our containers.
|
||||||
watchtower:
|
watchtower:
|
||||||
image: index.docker.io/containrrr/watchtower:latest
|
image: containrrr/watchtower:latest
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- <PATH_TO_HOME_DIR>/.docker/config.json:/config.json
|
- .docker/config.json:/config.json
|
||||||
- helper:/go/bin
|
- helper:/go/bin
|
||||||
environment:
|
environment:
|
||||||
- HOME=/
|
- HOME=/
|
||||||
- PATH=$PATH:/go/bin
|
- PATH=$PATH:/go/bin
|
||||||
- AWS_REGION=<AWS_REGION>
|
- AWS_REGION=us-west-1
|
||||||
- AWS_ACCESS_KEY_ID=<AWS_ACCESS_KEY>
|
|
||||||
- AWS_SECRET_ACCESS_KEY=<AWS_SECRET_ACCESS_KEY>
|
|
||||||
volumes:
|
volumes:
|
||||||
helper: {}
|
helper:
|
||||||
|
external: true
|
||||||
```
|
```
|
||||||
|
|
||||||
and for `<PATH_TO_HOME_DIR>/.docker/config.json`:
|
A few additional notes:
|
||||||
```json
|
|
||||||
{
|
|
||||||
"HttpHeaders" : {
|
|
||||||
"User-Agent" : "Docker-Client/19.03.1 (XXXXXX)"
|
|
||||||
},
|
|
||||||
"credsStore" : "osxkeychain",
|
|
||||||
"auths" : {
|
|
||||||
"xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : {},
|
|
||||||
"https://index.docker.io/v1/": {}
|
|
||||||
},
|
|
||||||
"credHelpers": {
|
|
||||||
"xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : "ecr-login",
|
|
||||||
"index.docker.io": "osxkeychain"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
*Note:* `osxkeychain` can be changed to your preferred credentials helper.
|
1. With docker-compose the volume (helper, in this case) MUST be set to `external: true`, otherwise docker-compose
|
||||||
|
will preface it with the directory name.
|
||||||
|
2. Note that "credsStore" : "ecr-login" is needed - and in theory if you have that you can remove the
|
||||||
|
credHelpers section
|
||||||
|
3. I have this running on an EC2 instance that has credentials assigned to it - so no keys are needed; however,
|
||||||
|
you may need to include the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables as well.
|
||||||
|
4. An alternative to adding the various variables is to create a ~/.aws/config and ~/.aws/credentials files and
|
||||||
|
place the settings there, then mount the ~/.aws directory to / in the container.
|
||||||
|
Loading…
Reference in New Issue
Block a user