Open brechsteiner opened 3 weeks ago
Hi there! 👋🏼 As you're new to this repo, we'd like to suggest that you read our code of conduct as well as our contribution guidelines. Thanks a bunch for opening your first issue! 🙏
Hi @brechsteiner,
do you have "live-restore": true
set in the /etc/docker/daemon.json
?
It is a common issue that after an update of the Docker daemon the socket connections are dysfuntional, so that the client has to be restarted.
That's one reason I created a socket-proxy with an integrated watchdog, so it can restart when the socket connection fails.
Here is my configuration with Watchtower:
services:
watchtower:
image: containrrr/watchtower:1.7.1
restart: always
read_only: true
user: 2000:2000
command:
- '--host=tcp://dockerproxy:2375'
- '--cleanup'
- '--debug'
- '--label-enable'
- '--schedule=0 0 4 * * *'
networks:
- watchtower
- docker_socket
dockerproxy:
image: wollomatic/socket-proxy:1.5.0
restart: unless-stopped
user: 65534:999 # GID needs to be Docker group
read_only: true
mem_limit: 256M
cap_drop:
- ALL
security_opt:
- no-new-privileges
command:
- '-loglevel=info'
- '-allowfrom=watchtower'
- '-listenip=0.0.0.0'
- '-allowGET=/v1\..{2}/(containers/.*|images/.*)'
- '-allowPOST=/v1\..{2}/(containers/.*|images/.*|networks/.*)'
- '-allowDELETE=/v1\..{2}/(containers/.*|images/.*)'
- '-watchdoginterval=60'
- '-stoponwatchdog'
- '-shutdowngracetime=5'
labels:
- com.centurylinklabs.watchtower.enable=false # this is important! Without, an automatic update would break Watchtower and socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- docker_socket
networks:
watchtower:
driver: bridge
docker_socket:
internal: true
attachable: false
Describe the bug
If the Docker daemon on a host is updated by apt, the Watchtower container can no longer communicate with the Docker daemon via the socket.
Steps to reproduce
1) Run Docker via Compose
2) Update Docker Daemon with apt upgrade 3) Wait for Watchtower check interval
Expected behavior
The Watchtower should still be able to communicate via the socket after the update.
Screenshots
No response
Environment
Your logs
Additional context
No response