-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NO, just no. watchtower is a bad tool to "force" on users. #76
Comments
Do you have an alternative? |
Of course not, anything that uses docker to update has to run on the host or use tricks like mapping To this extent putting it in nested virtual machines (eg: docker inside vitualbox) as you're doing with your "basic usage" is okay (Not brilliant though, because you now have a third OS to update!). But if want to do automatic updates inside docker you have to bypass docker, the standard option is to do standard automatic upgrades (apt-get, unattended-upgrades, ... etc) to bypass just the "freeze". Otherwise you bypass Docker's VM and run some code on the host. I think, for here, it would enough to have the inclusion of options that make it very clear that something has to run on the host. Perhaps by making a host only script, eg like this, that does the upgrades of your VM with verbiage that makes it very clear that Note: That Stackoverflow question has a lot of possible ways of doing updates including |
Another note on this; I came across https://github.com/nestybox/sysbox (now part of Docker Inc) This fixes the problem of running docker inside docker. |
Do not demand "Watchtower" in your default setup.
/var/run/docker.sock
and so it has full capability to run as root on the host. As such it is a special case that should be checked and okay'd specifically by the end user.scope
arguments so it will kill other instances of itself.You can (and perhaps should) suggest Watchtower, but putting it in the quick-start seems a supremely bad idea.
I do realise your pain with this, there is no good way of triggering automatic upgrades of docker images as part of docker, but Watchtower is not an image that should be run by a new docker user without warning.
The text was updated successfully, but these errors were encountered: