TL;DR: I want to keep my containers up to date, currently Portainer based compose files updated by renovate. How do you do it?
Status Quo
I’m hosting a few containers on my Unraid Homeserver for personal use, but I don’t use the Unraid Webinterface to control them. I’m running Portainer CE in a Container on the host. Within Portainer I use the “Stacks” feature to define my containers. The Stack-files (basically docker-compose files) reside in a private Git(-hub) repository. I configured renovate to create pull requests to the Git repository in case there are new updates for the container images (aka new tagged images).
Issues
Currently I’m not really satisfied with that workflow. These are the issues I have:
It’s not really automatic. I still have to manually approve the Pull Requests on GitHub, even though I don’t test them before applying
I once updated a specific container but the database structure of the application changed. I had to manually restore the application data from a backup
Some containers I use don’t have proper versioning (e.g. only a “latest” image)
For some containers renovate doesn’t open Pull Requests for updates. I think it’s because the images are not in Docker Hub, but on GitHub or other registries.
Adding new stacks to Portainer is cumbersome, I have to specify the Git repository, the path of the docker-compose file and credentials everytime.
Wishlist
What I would like to have:
Automatic Updates to my containers (bug fixes, new features, security fixes)
Updates should apply automatically except if I pin the image tag/version
Before updating a container the container should get shutdown and a copy of the application data should be created
If the container exits unexpectedly after an update, an automatic rollback should get applied. Notification to me and no further updates for this container until I continue it.
Container definitions should be defined in a version controlled code/text, e.g. docker-compose files in a Git repo
Solution should be self hosted
Questions
I’m aware of watchtower, but as far as I see it only updates the live-configuration of the system. So no version control or roll-backs. What do you folks think? Are my requirements stupid overkill for a homeserver? How do you keep your container based applications up to date?
I’m planning CI/CD which you’re basically proposing for my own needs as well. My plan is to build it service by service in Jenkins or perhaps another similar tool, though I am familiar with Jenkins from work.
Jenkins can fetch the configuration for each flow (project) from GIT such that I don’t need to interact with Jenkins much at all. Notifications will be through Matrix. Backups to my S3 (swift) which in turn is backed up to Dropbox so it’s offsited as well.
It will then poll for changes in code or, when applicable, for new container versions. It also has a decent API such that I can trigger builds on commit and similar.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
I’m planning CI/CD which you’re basically proposing for my own needs as well. My plan is to build it service by service in Jenkins or perhaps another similar tool, though I am familiar with Jenkins from work.
Jenkins can fetch the configuration for each flow (project) from GIT such that I don’t need to interact with Jenkins much at all. Notifications will be through Matrix. Backups to my S3 (swift) which in turn is backed up to Dropbox so it’s offsited as well.
It will then poll for changes in code or, when applicable, for new container versions. It also has a decent API such that I can trigger builds on commit and similar.