Let's say my own Docker image is based on the Debian image and I install Apache using RUN apt-get.
When the base image gets updated, I need to remove my container and create a new one. This can be automated, e.g. with Watchtower.
But how can I keep the application inside the container (Apache in my example) up to date? The base image does not change just because a security issue in one package that is not shipped with the base image was fixed. When I create a new container with my Dockerfile, Apache is still not updated thanks to Docker's image cache.
How can I handle application updates as easy as it would be if I would install Apache on the host using the package manager?
Best Answer
The procedure is to:
--pull --no-cache
options which also updates the base image.docker-compose pull && docker-compose up -d
. With swarm, you can run thedocker stack deploy -c compose.yml --with-registry-auth
and it will pull the latest version from the registry as of release 17.06. If you calldocker run
by hand, then you'd need to call the appropriatedocker pull
first (to pull the image from the registry), and then delete/recreate your container.To automate all of this, a CI-CD tool like Jenkins, GoCD, Drone.io, etc, would be used to perform all of these steps.