Skip to content

Docker provider

About

The Docker provider allows you to analyze the containers of your Docker instance to extract images found and check for updates on the registry.

Quick start

In this section we quickly go over a basic docker-compose file using your local docker provider.

Here we use a single Docker provider with a minimum configuration to analyze labeled containers (watch by default disabled), even stopped ones, of your local Docker instance.

Now let's create a simple docker-compose file with Diun and some simple services:

version: "3.5"

services:
  diun:
    image: crazymax/diun:latest
    container_name: diun
    command: serve
    volumes:
      - "./data:/data"
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - "TZ=Europe/Paris"
      - "LOG_LEVEL=info"
      - "LOG_JSON=false"
      - "DIUN_WATCH_WORKERS=20"
      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
      - "DIUN_WATCH_JITTER=30s"
      - "DIUN_PROVIDERS_DOCKER=true"
    restart: always

  cloudflared:
    image: crazymax/cloudflared:latest
    container_name: cloudflared
    ports:
      - target: 5053
        published: 5053
        protocol: udp
      - target: 49312
        published: 49312
        protocol: tcp
    environment:
      - "TZ=Europe/Paris"
      - "TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query"
    labels:
      - "diun.enable=true"
    restart: always

As an example we use crazymax/cloudflared:latest Docker image. A few labels are added to configure the image analysis of this container for Diun. Now start this composition with docker-composes up -d and take a look at the logs:

$ docker-compose logs -f
Attaching to bin_diun_1, cloudflared
cloudflared    | time="2019-12-14T15:30:07+01:00" level=info msg="Adding DNS upstream" url="https://1.1.1.1/dns-query"
cloudflared    | time="2019-12-14T15:30:07+01:00" level=info msg="Adding DNS upstream" url="https://1.0.0.1/dns-query"
cloudflared    | time="2019-12-14T15:30:07+01:00" level=info msg="Starting metrics server" addr="[::]:49312"
cloudflared    | time="2019-12-14T15:30:07+01:00" level=info msg="Starting DNS over HTTPS proxy server" addr="dns://0.0.0.0:5053"
diun_1         | Sat, 14 Dec 2019 15:30:07 CET INF Starting Diun v2.0.0
diun_1         | Sat, 14 Dec 2019 15:30:07 CET INF Found 1 image(s) to analyze provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:10 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:latest provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:12 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:2019.9.0 provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:12 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:2019.9.1 provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:12 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:2019.9.2 provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:12 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:2019.10.1 provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:12 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:2019.10.4 provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:12 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:2019.10.2 provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:12 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:2019.11.0 provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:12 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:2019.11.3 provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:13 CET INF New image found id=mydocker image=docker.io/crazymax/cloudflared:2019.11.2 provider=docker
diun_1         | Sat, 14 Dec 2019 15:30:13 CET INF Cron initialized with schedule 0 */6 * * *
diun_1         | Sat, 14 Dec 2019 15:30:13 CET INF Next run in 2 hours 29 minutes (2019-12-14 16:00:00 +0100 CET)

Configuration

Hint

Environment variable DIUN_PROVIDERS_DOCKER=true can be used to enable this provider with default values.

endpoint

Server address to connect to. Local if empty.

File

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"

Environment variables

  • DIUN_PROVIDERS_DOCKER_ENDPOINT

apiVersion

Overrides the client version with the specified one.

File

providers:
  docker:
    apiVersion: "1.39"

Environment variables

  • DIUN_PROVIDERS_DOCKER_APIVERSION

tlsCertsPath

Path to load the TLS certificates from.

File

providers:
  docker:
    tlsCertsPath: "/certs/"

Environment variables

  • DIUN_PROVIDERS_DOCKER_TLSCERTSPATH

tlsVerify

Controls whether client verifies the server's certificate chain and hostname (default true).

File

providers:
  docker:
    tlsVerify: true

Environment variables

  • DIUN_PROVIDERS_DOCKER_TLSVERIFY

watchByDefault

Enable watch by default. If false, containers that don't have diun.enable=true label will be ignored (default false).

File

providers:
  docker:
    watchByDefault: false

Environment variables

  • DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT

watchStopped

Include created and exited containers too (default false).

File

providers:
  docker:
    watchStopped: false

Environment variables

  • DIUN_PROVIDERS_DOCKER_WATCHSTOPPED

Docker labels

You can configure more finely the way to analyze the image of your container through Docker labels:

Name Default Description
diun.enable Set to true to enable image analysis of this container
diun.regopt Registry options name to use
diun.watch_repo false Watch all tags of this container image (be careful with this setting)
diun.notify_on new;update Semicolon separated list of status to be notified: new, update
diun.sort_tags reverse Sort tags method if diun.watch_repo enabled. One of default, reverse, semver, lexicographical
diun.max_tags 0 Maximum number of tags to watch if diun.watch_repo enabled. 0 means all of them
diun.include_tags Semicolon separated list of regular expressions to include tags. Can be useful if you enable diun.watch_repo
diun.exclude_tags Semicolon separated list of regular expressions to exclude tags. Can be useful if you enable diun.watch_repo
diun.hub_link automatic Set registry hub link for this image
diun.platform automatic Platform to use (e.g. linux/amd64)
diun.metadata.* See below Additional metadata that can be used in notification template (e.g. diun.metadata.foo=bar)

Default metadata

Key Description
diun.metadata.ctn_id Container ID
diun.metadata.ctn_names Container names
diun.metadata.ctn_command Container command
diun.metadata.ctn_createdat Container creation date
diun.metadata.ctn_state Container state
diun.metadata.ctn_status Container status
diun.metadata.ctn_size Container size
Last update: 2022-12-29 10:06:32
Created: 2019-12-14 16:39:00