We can usually use one or more servers as Docker hosts and use containers to run some open source tool services. And often we do not know when this application has an updated version, recently discovered an open source tool that can check whether the image of the container running on the host has been updated and can send update notifications by integrating multiple channels, this tool is DIUN (Docker Image Update Notifier).

Introduction to DUIN

DUIN is a command line tool written in GO language that can be run locally or through containers (https://hub.docker.com/r/crazymax/diun) to receive a notification when the monitored container image is updated in the corresponding registry (Registry) corresponding notification.

DUIN supports multiple monitoring configurations (Providers):

  • Docker - analyzes images of running containers on Docker hosts and checks for updates
  • Podman - similar to Docker, requires Podman to be started as a service
  • Kubernetes - Analyze Pods in a Kubernetes cluster and check the images used by pods
  • Swarm - Analyze the images used by services in a Swarm cluster
  • Nomad - Similar to Docker, analyzes the images used by the Nomad engine to run
  • Dockerfile - Analyze the images referenced in the Dockerfile
  • File - yaml-formatted configuration file that directly configures the image information to be checked

DUIN supports integration with multiple notification channels such as Discord, Slack, Matrix, Telegram and Webhook.

DUIN Usage Example

Here is a demonstration of using Docker Compose on a Docker host to run the DUIN service and integrate with Slack to send notifications to the appropriate channel.

docker-compose.yml:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
services:
  diun:
    image: crazymax/diun:latest
    container_name: diun
    hostname: home200-diun
    command: serve
    volumes:
      - diundata:/data
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - "TZ=Asia/Shanghai"
      - "LOG_LEVEL=info"
      - "LOG_JSON=false"
      - "DIUN_WATCH_WORKERS=20"
      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
      - "DIUN_WATCH_JITTER=30s"
      - "DIUN_PROVIDERS_DOCKER=true"
      - "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
      - "DIUN_NOTIF_SLACK_WEBHOOKURL=https://hooks.slack.com/services/xxxxxxxxxxxxx"
    restart: on-failure

volumes:
  diundata:

In the environment variables above

  • DIUN_WATCH_SCHEDULE=0 */6 * * * Specifies to do a check every 6 hours
  • DIUN_PROVIDERS_DOCKER=true specifies that the Docker Provider is used and therefore needs to be bound to /var/run/docker.sock:/var/run/docker.sock
  • DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true specifies to check the images of all containers running in the current Docker environment by default, if the value is set to false, the tag diun.enable=true needs to be added when running containers that need to be checked for images
  • DIUN_NOTIF_SLACK_WEBHOOKURL= specifies the channel to which notifications are sent to Slack when updates are discovered. The configured value simply adds an Incoming Webhook application to one of Slack’s channels

Start more configurations, see documentation.

Start the container, which can be accessed for notification testing.

1
2
3
➜  docker compose exec diun sh
/ # diun notif test
Notification sent for slack notifier(s)

In Slack, notifications will be received.

After that, when DIUN finds that a new image is published to the image repository, we will receive the corresponding notification and we can choose whether to upgrade the application or not.

When we use fixed-label images for our applications, we can specify the corresponding labels to check, such as

1
2
3
4
  labels:
    - 'diun.enable=true'
    - 'diun.watch_repo=true'
    - 'diun.include_tags=^\d+\.\d+\.\d+$'

The above regular specifies the tags to be checked.

Summary

This article recommends an open source container image update notification tool, and also demonstrates the integration based on Docker+Slack, please refer to its documentation for more information on how to use it.