{"id":16152407,"url":"https://github.com/netr0m/docker-socket-proxy-watchtower-demo","last_synced_at":"2025-04-06T22:47:33.042Z","repository":{"id":111461981,"uuid":"569240264","full_name":"netr0m/docker-socket-proxy-watchtower-demo","owner":"netr0m","description":"An example of running `Watchtower` behind `docker-socket-proxy` to restrict access to the Docker socket","archived":false,"fork":false,"pushed_at":"2022-11-23T13:50:16.000Z","size":6,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-13T05:18:09.542Z","etag":null,"topics":["automated-updates","docker-socket-proxy","watchtower"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/netr0m.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-22T11:47:36.000Z","updated_at":"2023-08-02T04:53:04.000Z","dependencies_parsed_at":"2023-03-31T15:48:34.081Z","dependency_job_id":null,"html_url":"https://github.com/netr0m/docker-socket-proxy-watchtower-demo","commit_stats":{"total_commits":2,"total_committers":1,"mean_commits":2.0,"dds":0.0,"last_synced_commit":"df0bd3beaa429437e74e43919617e46b8c2f94eb"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netr0m%2Fdocker-socket-proxy-watchtower-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netr0m%2Fdocker-socket-proxy-watchtower-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netr0m%2Fdocker-socket-proxy-watchtower-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netr0m%2Fdocker-socket-proxy-watchtower-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/netr0m","download_url":"https://codeload.github.com/netr0m/docker-socket-proxy-watchtower-demo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247563934,"owners_count":20958971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automated-updates","docker-socket-proxy","watchtower"],"created_at":"2024-10-10T01:06:38.061Z","updated_at":"2025-04-06T22:47:33.024Z","avatar_url":"https://github.com/netr0m.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Automated container updates using `docker-socket-proxy` + `watchtower`\n\nThis repository provides an example of using [`Watchtower`](https://containrrr.dev/watchtower/) to automate the process of automating containers when new base images are released, proxying requests to the Docker socket via a [`docker-socket-proxy`](https://github.com/Tecnativa/docker-socket-proxy) container to limit the scope of available APIs.\n\n## Prerequisites\n\n\u003e :warning: Note: If the host you're running on has `SELinux` or `AppArmor`, you may need to run the `docker-socket-proxy` container with the `--privileged` flag.\n\n### Environment variables\n\nIf the container you wish to automatically update is stored in a private container registry, the following environment variables are required:\n```env\nREGISTRY_USER=\u003cusername\u003e\nREGISTRY_PASS=\u003cpassword or token\u003e\n```\n\n### Dependencies\n\n#### OS dependencies\n- [ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)\n- [docker](https://docs.docker.com/get-docker/)\n\n#### Python dependencies\n##### [Optional] Create a virtual environment\n```bash\n# Install the virtualenv package\npip3 install virtualenv\n# Create a virtual environment\nvirtualenv .venv\n# Activate the virtual environment\nsource .venv\n```\n##### Dependencies\n```bash\npip3 install -r requirements.txt\n```\n\n#### Ansible dependencies\n##### Collections\n\n```bash\nansible-galaxy collection install -r ansible-requirements.yml\n```\n\n## Usage\n\nThe repository provides an `Ansible Playbook` - see [`autoupdates.yml`](./autoupdates.yml)\n\nTo run the playbook, issue the following command:\n```bash\nansible-playbook -i localhost autoupdates.yml\n```\n\n### Playbook description\nThe repository provides an Ansible Playbook which handles\n1. Setting the necessary `variables`\n2. Pulls the required Docker `images`\n3. Creates a dedicated Docker `network` for the `socket-proxy` and `watchtower` `containers`\n4. Starts the `socket-proxy` and `watchtower` `containers`\n5. Pulls an example Docker `image`, `alpine:3.13`, and creates a new `tag` of this image as `latest`\n    - i.e. `docker image tag alpine:3.13 alpine:latest`\n    - This is done to ensure that our local image, `alpine:latest`, has a different `hash` from the remote image (on `DockerHub`), which will trigger an update\n6. Starts the example Docker `image` `alpine:latest`, which will be automatically updated once `Watchtower` is triggered.\n\n#### Manual run (without Ansible)\n```bash\n# Create environment variable files\ncp socket-example.env socket.env\ncp tower-example.env tower.env\n\n# Create a Docker network\ndocker network create \\\n    -d bridge \\\n    --internal \\\n    socket-proxy-net\n\n# Start the docker-socket-proxy container\ndocker run -d \\\n    --name socket-proxy \\\n    -v /var/run/docker.sock:/var/run/docker.sock \\\n    --env-file socket.env \\\n    --network socket-proxy-net \\\n    ghcr.io/tecnativa/docker-socket-proxy:0.1.1\n\n# Start the watchtower container\ndocker run -d \\\n    --name watchtower \\\n    --env-file tower.env \\\n    --network socket-proxy-net \\\n    --link socket-proxy \\\n    ghcr.io/containrrr/watchtower:1.5.1\n\n# Pull the alpine:3.13 image (or any image, really)\ndocker pull alpine:3.13\ndocker image tag alpine:3.13 alpine:latest\n\n# Start the example container to automatically update\ndocker run -d \\\n    --name api \\\n    --restart unless-stopped \\\n    --label com.centurylinklabs.watchtower.enable=true \\\n    alpine:latest /bin/sh -c 'while true; do sleep 1; done'\n\n# Watch the logs of `watchtower`\ndocker logs -f watchtower\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetr0m%2Fdocker-socket-proxy-watchtower-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetr0m%2Fdocker-socket-proxy-watchtower-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetr0m%2Fdocker-socket-proxy-watchtower-demo/lists"}