-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathautoupdates.yml
135 lines (124 loc) · 3.88 KB
/
autoupdates.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
---
- name: Automated updates
hosts: localhost
become: false
gather_facts: false
vars:
hostname: "{{ ansible_host }}"
# Docker image registry credentials, if private
registry_user: "{{ lookup('ansible.builtin.env', 'REGISTRY_USER') }}"
registry_pass: "{{ lookup('ansible.builtin.env', 'REGISTRY_PASS') }}"
# https://containrrr.dev/watchtower/notifications/
watchtower_notification_url: ""
# Socket Proxy
socket_proxy_docker_image: ghcr.io/tecnativa/docker-socket-proxy:0.1.1
socket_proxy_restart_policy: unless-stopped
socket_proxy_name: socket-proxy
socket_proxy_network: "{{ socket_proxy_name }}_net"
# https://github.com/Tecnativa/docker-socket-proxy#grant-or-revoke-access-to-certain-api-sections
socket_proxy_env_vars:
LOG_LEVEL="info"
EVENTS="1"
PING="1"
VERSION="1"
CONTAINERS="1"
IMAGES="1"
NETWORKS="1"
VOLUMES="1"
POST="1"
SERVICES="0"
INFO="0"
TASKS="0"
AUTH="0"
SECRETS="0"
BUILD="0"
COMMIT="0"
CONFIGS="0"
DISTRIBUTION="0"
EXEC="0"
GRPC="0"
NODES="0"
PLUGINS="0"
SESSION="0"
SWARM="0"
SYSTEM="0"
# Watchtower
watchtower_docker_image: ghcr.io/containrrr/watchtower:1.5.1
watchtower_restart_policy: unless-stopped
# https://containrrr.dev/watchtower/arguments/
watchtower_env_vars:
DOCKER_HOST="tcp://{{ socket_proxy_name }}:2375"
REPO_USER="{{ registry_user }}"
REPO_PASS="{{ registry_pass }}"
WATCHTOWER_LABEL_ENABLE="true"
WATCHTOWER_CLEANUP="true"
WATCHTOWER_INCLUDE_STOPPED="true"
WATCHTOWER_REVIVE_STOPPED="true"
WATCHTOWER_LOG_LEVEL="info"
WATCHTOWER_POLL_INTERVAL="30"
WATCHTOWER_TIMEOUT="10s"
WATCHTOWER_NOTIFICATIONS=shoutrrr
WATCHTOWER_NOTIFICATION_URL="{{ watchtower_notification_url }}"
WATCHTOWER_NOTIFICATIONS_HOSTNAME="{{ hostname }}"
tasks:
- name: Pull socket-proxy image
docker_image:
name: "{{ socket_proxy_docker_image }}"
source: pull
force_source: false
- name: Pull watchtower image
docker_image:
name: "{{ watchtower_docker_image }}"
source: pull
force_source: false
- name: Create socket-proxy network
docker_network:
name: "{{ socket_proxy_network }}"
driver: bridge
internal: true
- name: Deploy socket-proxy service
docker_container:
image: "{{ socket_proxy_docker_image }}"
name: "{{ socket_proxy_name }}"
restart_policy: "{{ socket_proxy_restart_policy }}"
state: started
env: "{{ socket_proxy_env_vars }}"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
- name: "{{ socket_proxy_network }}"
labels:
com.centurylinklabs.watchtower.enable="false"
- name: Deploy watchtower service
docker_container:
image: "{{ watchtower_docker_image }}"
name: watchtower
restart_policy: "{{ watchtower_restart_policy }}"
state: started
env: "{{ watchtower_env_vars }}"
networks:
- name: "{{ socket_proxy_network }}"
- name: "bridge"
links:
- "{{ socket_proxy_name }}"
- name: Pull API image
docker_image:
name: alpine:3.13
source: pull
- name: Re-tag API image (tag 3.13 as latest)
docker_image:
name: alpine:3.13
repository: alpine:latest
push: false
force_tag: true
source: local
- name: Deploy API service (service that should be automatically updated)
docker_container:
image: "alpine:latest"
name: api
command: "/bin/sh -c 'while true; do sleep 1; done'"
restart_policy: 'unless-stopped'
state: started
labels:
com.centurylinklabs.watchtower.enable="true"
...