getwud / wud

WUD (aka What's up Docker?) gets you notified when a new version of your Docker Container is available.
https://getwud.github.io/wud/
MIT License
1.28k stars 39 forks source link

Remote hosts #243

Open PrzemekSkw opened 1 year ago

PrzemekSkw commented 1 year ago

Hello, it's possible to add remote hosts from Tailscale network? Do I have to install WUD on every host? Regards.

fmartinou commented 1 year ago

Hi,

I personally don't know Tailscale network but wud can connect to multiple Docker hosts using TCP.

https://fmartinou.github.io/whats-up-docker/#/configuration/watchers/?id=variables

image

So if the remote hosts are reachable via TCP, it should work.

PrzemekSkw commented 1 year ago

Hi, thanks for answer. Can You help me how to add another host?

PrzemekSkw commented 1 year ago

Hi @fmartinou I add variable in Portainer like that:

image

I still see only my local host containers. But see my remote hosts in Watchers section:

Zrzut ekranu z 2023-03-20 19-51-58

Can You tell me what is wrong?

fmartinou commented 1 year ago

Hi @PrzemekSkw ,

For the remote host to watch, you cannot use the socket configuration, which is by design intended for local use.

You need to:

  1. Expose the Docker API over TCP (a tuto here)
  2. Configure WUD to connect to the API using TCP (Basic example here)
phampyk commented 1 year ago

Following on this as I'm having the same use case, trying to connect different machines through tailscale and docker socket proxy. I see on their github that dsp runs with a lot of stuff secured by default, which would stop wud from doing it's job. https://github.com/Tecnativa/docker-socket-proxy#grant-or-revoke-access-to-certain-api-sections there's the list of stuff you can configure, what should I change in order for wud to work??

Really would love to make this one work. Thank you!

rpatel3001 commented 1 year ago

i'd like to second the request for a list of permissions required for a socket proxy

rpatel3001 commented 1 year ago

Adding the IMAGES permission to my proxy (in addition to the already enabled CONTAINERS) allows WUD to startup and monitor. Presumably you'd need more permissions to enable triggers to actually pull new images/recreate containers

cryptogeek13 commented 2 months ago

I'm using this for the local daemon socket in a readonly use-case (no triggers for auto-updates) and it works flawlessly as far as I can tell. I think CONTAINERS and EVENTS should be necessary if you don't want to monitor stopped containers (WUD_WATCHER_{watcher_name}_WATCHALL, default false) and if you want WUD to update on container changes (WUD_WATCHER_{watcher_name}_WATCHEVENTS, default true). Or does that work for you without those two permissions?

  docker-socket-proxy:
    image: ghcr.io/tecnativa/docker-socket-proxy:0.3.0
    restart: unless-stopped
    environment:
     CONTAINERS: 1 # Allow access to viewing containers
     IMAGES: 1 # Allow access to viewing images
    volumes:
     - /var/run/docker.sock:/var/run/docker.sock:ro
    expose:
      - 2375

That being said, the author of docker-socket-proxy explicitly discourages exposing docker socket with his container to the outside, so you have been warned. Creating TLS-certs like @fmartinou mentioned is still the best approach right now.