I'm trying to find a video that demonstrated automated container image updates for Kubernetes, similar to Watchtower for Docker. I believe the video was by @[email protected] but I can't seem to find it. The closest functionality that I can find to what I recall from the video is k8s-digester. Some key features that were discussed include:
- Automatically update tagged version number (eg - Image:v1.1.0 -> Image:v1.2.0)
- Automatically update image based on tagged image's digest for tags like "latest" or "stable"
- Track container updates through modified configuration files
- Ability to manage deploying updates through Git workflows to prevent unwanted updates
- Minimal (if any) downtime
- This may not have been in the video, but I believe it also discussed managing backups and rollback functionality as part of the upgrade process
While this tool may be used in a CI/CD pipeline, its not limited exclusively to Git repositories as it could be used to monitor container registries from various people or organizations. The tool/process may have also incorporated Ansible.
If you don't know which video I'm referring to, do you have any suggestions on how to achieve this functionality?
EDIT: For anyone stumbling on this thread, the video was Meet Renovate - Your Update Automation Bot for Kubernetes and More! by @[email protected], which discusses the Kubernetes tool Renovate.
Congrats on getting everything working - it looks great!
One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you're running your services behind Wireguard so there isn't too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you're more likely to run into issues with services not running on HTTPS.
The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won't know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).