GitHub - sergi0g/cup: 🥤Docker container updates made easy
-
Why not moving to podman and letting it do its magic?
Question please, how would podman alleviate container update woes?
-
It sucks to migrate to podman if you have been using Docker Compose heavily.
Also, updating is done with
docker compose pulland
docker compose up -devery 24h via cronjob
There's a plugin for compose, but podman itself does have some differences here and there. I'm starting to migrate my own stuff as Docker is getting more money hungry. Womder if they'll try to IPO in a few years. Seems like that's what these kinds of companies do after they start to decline from alienating users. Just wish that portainer and docker hadn't killed all the GUIs for docker and swarm was better supported.
The company i work for has also required us to migrate from Docker as the hub and desktop app are no longer totally free. I expect more and more limitations will show up on the free versions as usually is the case with companies like this.
-
There's a plugin for compose, but podman itself does have some differences here and there. I'm starting to migrate my own stuff as Docker is getting more money hungry. Womder if they'll try to IPO in a few years. Seems like that's what these kinds of companies do after they start to decline from alienating users. Just wish that portainer and docker hadn't killed all the GUIs for docker and swarm was better supported.
The company i work for has also required us to migrate from Docker as the hub and desktop app are no longer totally free. I expect more and more limitations will show up on the free versions as usually is the case with companies like this.
I hate what I'm reading here... But I have already thought about the possible enshitification of docker and docker-compose...
It really sucks to always have to relearn everything from the beginning... Now that I feel comfortable I have to relearn a new way to keep my homelab up and running.
Kinda understand how Plex people feel when someone tells them to switch over to jellyfin...Can't wait to see Jellyfin or Arr stack going a similar route
!Edit: Similar feeling goes toward Traefik...
🫤 -
Question please, how would podman alleviate container update woes?
-
Given that Watchtower is potentially unmaintained now, this might be a cool alternative?
Screenshot:
Features from their github:
- Extremely fast. Cup takes full advantage of your CPU and is hightly optimized, resulting in lightning fast speed. On my Raspberry Pi 5, it took 3.7 seconds for 58 images!
- Supports most registries, including Docker Hub, ghcr.io, Quay, lscr.io and even Gitea (or derivatives)
- Doesn't exhaust any rate limits. This is the original reason I created Cup. I feel that this feature is especially relevant now with Docker Hub reducing its pull limits for unauthenticated users.
- Beautiful CLI and web interface for checking on your containers any time.
- The binary is tiny! At the time of writing it's just 5.4 MB. No more pulling 100+ MB docker images for a such a simple program.
- JSON output for both the CLI and web interface so you can connect Cup to integrations. It's easy to parse and makes webhooks and pretty dashboards simple to set up!
Is there anything similar, but for k8s?
-
Is there anything similar, but for k8s?
Similar in which regard? Containers can be covered by this, but I'm assuming you mean for things like charts?
-
There's a plugin for compose, but podman itself does have some differences here and there. I'm starting to migrate my own stuff as Docker is getting more money hungry. Womder if they'll try to IPO in a few years. Seems like that's what these kinds of companies do after they start to decline from alienating users. Just wish that portainer and docker hadn't killed all the GUIs for docker and swarm was better supported.
The company i work for has also required us to migrate from Docker as the hub and desktop app are no longer totally free. I expect more and more limitations will show up on the free versions as usually is the case with companies like this.
Yeah I saw that plugin a few years ago and it was not ready for production yet.
I am going a whole different route, but have the same motivation: get rid of docker and improve the security.
I will move from docker compose to Nomad. And I will also not use containers itself anymore. I want/need more security. You can achieve this with MicroVM (Firecracker). However, you would need to build those VM images yourself. But there is a solution to it. Kata-containers. They allow to deploy OCI compliant containers into seperate MicroVM’s. Then you have true isolation from the host kernel, while not losing much of start-up time.
-
I hate what I'm reading here... But I have already thought about the possible enshitification of docker and docker-compose...
It really sucks to always have to relearn everything from the beginning... Now that I feel comfortable I have to relearn a new way to keep my homelab up and running.
Kinda understand how Plex people feel when someone tells them to switch over to jellyfin...Can't wait to see Jellyfin or Arr stack going a similar route
!Edit: Similar feeling goes toward Traefik...
🫤Let me stop you right there: the chances of Jellyfin going rogue are much smaller. It's libre software. It's GPL. It's copyleft. We are pretty much safe.
-
Similar in which regard? Containers can be covered by this, but I'm assuming you mean for things like charts?
Meaning that I get to see my deployment and check if the image is updated.
If not, change the deployment image -
Given that Watchtower is potentially unmaintained now, this might be a cool alternative?
Screenshot:
Features from their github:
- Extremely fast. Cup takes full advantage of your CPU and is hightly optimized, resulting in lightning fast speed. On my Raspberry Pi 5, it took 3.7 seconds for 58 images!
- Supports most registries, including Docker Hub, ghcr.io, Quay, lscr.io and even Gitea (or derivatives)
- Doesn't exhaust any rate limits. This is the original reason I created Cup. I feel that this feature is especially relevant now with Docker Hub reducing its pull limits for unauthenticated users.
- Beautiful CLI and web interface for checking on your containers any time.
- The binary is tiny! At the time of writing it's just 5.4 MB. No more pulling 100+ MB docker images for a such a simple program.
- JSON output for both the CLI and web interface so you can connect Cup to integrations. It's easy to parse and makes webhooks and pretty dashboards simple to set up!
How does it prevent you from downloading maliciously modified/images?
-
Let me stop you right there: the chances of Jellyfin going rogue are much smaller. It's libre software. It's GPL. It's copyleft. We are pretty much safe.
I really hope you're right
!! -
How does it prevent you from downloading maliciously modified/images?
wrote on last edited by [email protected]Not really its job, it just shows you updates are available. No docker update manager checks for maliciously modified images.
-
Given that Watchtower is potentially unmaintained now, this might be a cool alternative?
Screenshot:
Features from their github:
- Extremely fast. Cup takes full advantage of your CPU and is hightly optimized, resulting in lightning fast speed. On my Raspberry Pi 5, it took 3.7 seconds for 58 images!
- Supports most registries, including Docker Hub, ghcr.io, Quay, lscr.io and even Gitea (or derivatives)
- Doesn't exhaust any rate limits. This is the original reason I created Cup. I feel that this feature is especially relevant now with Docker Hub reducing its pull limits for unauthenticated users.
- Beautiful CLI and web interface for checking on your containers any time.
- The binary is tiny! At the time of writing it's just 5.4 MB. No more pulling 100+ MB docker images for a such a simple program.
- JSON output for both the CLI and web interface so you can connect Cup to integrations. It's easy to parse and makes webhooks and pretty dashboards simple to set up!
Just gave it a try, lovely simple interface!
Is it possible to show the container names or compose projects using an image? For example I have ferretdb showing a major update from
1 > 2, but I don't know where that image is used so I can check or update the compose file deploying it. -
Given that Watchtower is potentially unmaintained now, this might be a cool alternative?
Screenshot:
Features from their github:
- Extremely fast. Cup takes full advantage of your CPU and is hightly optimized, resulting in lightning fast speed. On my Raspberry Pi 5, it took 3.7 seconds for 58 images!
- Supports most registries, including Docker Hub, ghcr.io, Quay, lscr.io and even Gitea (or derivatives)
- Doesn't exhaust any rate limits. This is the original reason I created Cup. I feel that this feature is especially relevant now with Docker Hub reducing its pull limits for unauthenticated users.
- Beautiful CLI and web interface for checking on your containers any time.
- The binary is tiny! At the time of writing it's just 5.4 MB. No more pulling 100+ MB docker images for a such a simple program.
- JSON output for both the CLI and web interface so you can connect Cup to integrations. It's easy to parse and makes webhooks and pretty dashboards simple to set up!
I may have to give Cups a try. Watchtower is cool and all, but my issue is this:
INFO[35542] Stopping /READECK (1ec5dfc944bc) with SIGTERM INFO[35543] Creating /READECK INFO[35544] Removing image 08fb22cb922b INFO[35544] Session done Failed=0 Scanned=34 Updated=2 notify=no INFO[57099] Found new codeberg.org/readeck/readeck:latest image (ed6901bd8a5a) INFO[57108] Found new ghcr.io/karakeep-app/karakeep:latest image (0513b9703516) INFO[57133] Stopping /READECK (eed5398e0096) with SIGTERM INFO[57134] Creating /READECK ERRO[57134]** Error response from daemon: the container-wide MAC address must match the endpoint-specific MAC address for the main network**, or be left empty INFO[57134] Session doneThe bold part is where the problem occurs. So when there is an error response from the daemon, it stops all updates to that container, and leaves it deleted. This has happened to me several times, but not always. It does update other containers but sometimes it gets a little wonky and I haven't been able to fix that with anything that I have tried.
-
Not really its job, it just shows you updates are available. No docker update manager checks for maliciously modified images.
Why would you expend time and effort building a house ontop of a cesspool?
-
Yeah I saw that plugin a few years ago and it was not ready for production yet.
I am going a whole different route, but have the same motivation: get rid of docker and improve the security.
I will move from docker compose to Nomad. And I will also not use containers itself anymore. I want/need more security. You can achieve this with MicroVM (Firecracker). However, you would need to build those VM images yourself. But there is a solution to it. Kata-containers. They allow to deploy OCI compliant containers into seperate MicroVM’s. Then you have true isolation from the host kernel, while not losing much of start-up time.
What i read here is concerning. Non that i was getting into the swing of drocker ....
Is LXC the future then? -
What i read here is concerning. Non that i was getting into the swing of drocker ....
Is LXC the future then?Docker uses LXC. LXC is actually at the core of many container engines.
