Container Cadence

When you start running various services in containers on your home servers, you'll need a reliable method to keep them updated. Projects continuously release new versions, not only to introduce new features, but also to address security vulnerabilities. So even if you're satisfied with the current feature set, neglecting updates can expose you to security risks.

However, updating your containers also comes with some risks. A new version might introduce incompatible changes, demanding your attention. In the worst case, you need to spend several hours resolving those issues, and of course this always happens at the most inconvenient times. So it's not recommended to just periodically update all your containers to the latest version or automatically install every new release and hope for the best.

Best Practices

How do you manage these risks? Before performing any updates, you should review the release notes of each new container version to check for breaking changes. However, this requires finding these release notes first. Therefore, you need a system that notifies you when a new update becomes available, preferably with a direct link to the release notes to save time.

Moreover, a robust update strategy demands control over the exact versions you install. If you use a latest tag to fetch the newest image version of a container, you might download a different version than intended, potentially causing compatibility issues. Specifying the exact versions of all your container images to download, using tags such as v1.3.2, can prevent such problems.

What's up Docker?

What's up Docker? (WUD) [1] is a practical tool that can help you maintain these best practices. The program has three main components: watchers, registries, and triggers (see Figure 1 for an architecture overview). Watchers scan and monitor containers on your local Docker host and/or other networked Docker hosts. Registries check online Docker registries such as Docker Hub [2] for available image updates. Triggers spring into action when an update for one of your containers is detected, notifying you via email, a webhook, MQTT, an update script, or other actions such as updating your Docker Compose file.

Figure 1: What's up Docker? has watchers, registries, and triggers.

Notification triggers include a link to the release notes of the detected version, enabling you to easily review the changes. Additionally, WUD features a web interface where you can view the status of all your containers at any time. Because WUD can set up watchers for multiple Docker hosts, a single WUD installation provides an overview of containers across all your Docker hosts in one web interface.

Installing WUD

The simplest way to run WUD is as a Docker container. Assuming that all your containers are configured in a Docker Compose file, you will add WUD to this setup. To correctly monitor the version of the WUD image itself, specify the version number. Your docker-compose.yml file will resemble Listing 1.

services:
  whatsupdocker:
    image: getwud/wud:8.1.1
    container_name: wud
    restart: unless-stopped
    ports:
      - 3000:3000
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

The /var/run/docker.sock socket, which you mount into the container, enables WUD to query the versions (or, more accurately, the tags) of the local container images.

Ensure that you add version tags to other containers in your docker-compose.yml, if not already done. (If you're using Podman, see the "Using WUD with Rootless Podman Containers" box.) You'll need to find the correct tags on the Docker Hub page of the image or the registry where you downloaded it from. Some tags might have a v prefix, such as v0.1.53. Save your changes to the file and restart your containers with docker-compose up -d. Then, visit the WUD web interface at http://IP:3000, where IP is the IP address of your Docker host (Figure 2).

Figure 2: WUD shows your containers, triggers, watchers, and registries.