@ -59,14 +59,14 @@ docker run [...] -v <PATH_TO_HOME_DIR>/.docker/config.json:/config.json containr
When creating the watchtower container via docker-compose, use the following lines:
When creating the watchtower container via docker-compose, use the following lines:
```yaml
```yaml
version: "3"
version: "3.4 "
[...]
services:
watchtower:
watchtower:
image: index.docker.io/containrrr/watchtower:latest
image: index.docker.io/containrrr/watchtower:latest
volumes:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/run/docker.sock:/var/run/docker.sock
- < PATH_TO_HOME_DIR > /.docker/config.json:/config.json
- < PATH_TO_HOME_DIR > /.docker/config.json:/config.json
[...]
...
```
```
#### Docker Config path
#### Docker Config path
@ -74,10 +74,13 @@ By default, watchtower will look for the `config.json` file in `/`, but this can
Example usage:
Example usage:
```yaml
```yaml
watchtower:
version: "3.4"
image: containrrr/watchtower
environment:
services:
DOCKER_CONFIG: /config
watchtower:
image: containrrr/watchtower
environment:
DOCKER_CONFIG: /config
volumes:
volumes:
- /etc/watchtower/config/:/config/
- /etc/watchtower/config/:/config/
- /var/run/docker.sock:/var/run/docker.sock
- /var/run/docker.sock:/var/run/docker.sock
@ -94,6 +97,12 @@ helper in a separate container and mount it using volumes.
### Example
### Example
Example implementation for use with [amazon-ecr-credential-helper ](https://github.com/awslabs/amazon-ecr-credential-helper ):
Example implementation for use with [amazon-ecr-credential-helper ](https://github.com/awslabs/amazon-ecr-credential-helper ):
Use the dockerfile below to build the [amazon-ecr-credential-helper ](https://github.com/awslabs/amazon-ecr-credential-helper ),
in a volume that may be mounted onto your watchtower container.
1. Create the Dockerfile (contents below):
```Dockerfile
```Dockerfile
FROM golang:latest
FROM golang:latest
@ -111,43 +120,68 @@ RUN go build \
WORKDIR /go/bin/
WORKDIR /go/bin/
```
```
2. Use the following commands to build the aws-ecr-dock-cred-helper and store it's output in a volume:
```shell script
# Create a volume to store the command (once built)
docker volume create helper
# Build the container
docker build -t aws-ecr-dock-cred-helper .
# Build the command and store it in the new volume in the /go/bin directory.
docker run -d --rm --name aws-cred-helper --volume helper:/go/bin aws-ecr-dock-cred-helper
```
3. Create a configuration file for docker, and store it in $HOME/.docker/config.json (replace the < AWS_ACCOUNT_ID >
placeholders with your AWS Account ID):
```json
{
"credsStore" : "ecr-login",
"HttpHeaders" : {
"User-Agent" : "Docker-Client/19.03.1 (XXXXXX)"
},
"auths" : {
"< AWS_ACCOUNT_ID > .dkr.ecr.us-west-1.amazonaws.com" : {}
},
"credHelpers": {
"< AWS_ACCOUNT_ID > .dkr.ecr.us-west-1.amazonaws.com" : "ecr-login"
}
}
```
4. Create a docker-compose file (as an example) to help launch the container:
and the docker-compose definition:
and the docker-compose definition:
```yaml
```yaml
version: "3"
version: "3.4"
services:
services:
# Check for new images and restart things if a new image exists
# for any of our containers.
watchtower:
watchtower:
image: index.docker.io/containrrr/watchtower:latest
image: containrrr/watchtower:latest
volumes:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/run/docker.sock:/var/run/docker.sock
- < PATH_TO_HOME_DIR > /.docker/config.json:/config.json
- .docker/config.json:/config.json
- helper:/go/bin
- helper:/go/bin
environment:
environment:
- HOME=/
- HOME=/
- PATH=$PATH:/go/bin
- PATH=$PATH:/go/bin
- AWS_REGION=< AWS_REGION >
- AWS_REGION=us-west-1
- AWS_ACCESS_KEY_ID=< AWS_ACCESS_KEY >
- AWS_SECRET_ACCESS_KEY=< AWS_SECRET_ACCESS_KEY >
volumes:
volumes:
helper: {}
helper:
external: true
```
```
and for `<PATH_TO_HOME_DIR>/.docker/config.json` :
A few additional notes:
```json
{
"HttpHeaders" : {
"User-Agent" : "Docker-Client/19.03.1 (XXXXXX)"
},
"credsStore" : "osxkeychain",
"auths" : {
"xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : {},
"https://index.docker.io/v1/": {}
},
"credHelpers": {
"xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : "ecr-login",
"index.docker.io": "osxkeychain"
}
}
```
*Note:* `osxkeychain` can be changed to your preferred credentials helper.
1. With docker-compose the volume (helper, in this case) MUST be set to `external: true` , otherwise docker-compose
will preface it with the directory name.
2. Note that "credsStore" : "ecr-login" is needed - and in theory if you have that you can remove the
credHelpers section
3. I have this running on an EC2 instance that has credentials assigned to it - so no keys are needed; however,
you may need to include the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables as well.
4. An alternative to adding the various variables is to create a ~/.aws/config and ~/.aws/credentials files and
place the settings there, then mount the ~/.aws directory to / in the container.