Update to improve the private registry docs (#633)

* Update to improve the private registry docs * minor adjustments I know it's totally OK to enumerate a list using the same number in markdown, but for the sake of people reading the raw docs, I'd still like them to be numbered. Also removed a superfluous `version: 3` and made sure all other versions were set to `"3.4"`. Co-authored-by: Simon Aronsson <[email protected]>
containrrr · Oct 3, 2020 · 16a79d9 · 16a79d9
1 parent e118fd5
commit 16a79d9
Showing 1 changed file with 70 additions and 36 deletions.
diff --git a/docs/private-registries.md b/docs/private-registries.md
@@ -59,25 +59,28 @@ docker run [...] -v <PATH_TO_HOME_DIR>/.docker/config.json:/config.json containr
 When creating the watchtower container via docker-compose, use the following lines:
 
 ```yaml
-version: "3"
-[...]
-watchtower:
-  image: index.docker.io/containrrr/watchtower:latest
-  volumes:
+version: "3.4"
+services:
+  watchtower:
+    image: index.docker.io/containrrr/watchtower:latest
+    volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - <PATH_TO_HOME_DIR>/.docker/config.json:/config.json
-[...]
+  ...
 ```
 
 #### Docker Config path
 By default, watchtower will look for the `config.json` file in `/`, but this can be changed by setting the `DOCKER_CONFIG` environment variable to the directory path where your config is located. This is useful for setups where the config.json file is changed while the watchtower instance is running, as the changes will not be picked up for a mounted file if the inode changes.
 Example usage:
 
 ```yaml
-watchtower:
-  image: containrrr/watchtower
-  environment:
-      DOCKER_CONFIG: /config
+version: "3.4"
+
+services: 
+  watchtower:
+    image: containrrr/watchtower
+    environment:
+        DOCKER_CONFIG: /config
     volumes:
       - /etc/watchtower/config/:/config/
       - /var/run/docker.sock:/var/run/docker.sock
@@ -94,6 +97,12 @@ helper in a separate container and mount it using volumes.
 ### Example
 Example implementation for use with [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper):
 
+
+Use the dockerfile below to build the [amazon-ecr-credential-helper](https://github.com/awslabs/amazon-ecr-credential-helper),
+in a volume that may be mounted onto your watchtower container.
+
+1.  Create the Dockerfile (contents below):    
+
 ```Dockerfile
 FROM golang:latest
 
@@ -111,43 +120,68 @@ RUN go build \
 WORKDIR /go/bin/
 ```
 
+2.  Use the following commands to build the aws-ecr-dock-cred-helper and store it's output in a volume:
+
+```shell script
+# Create a volume to store the command (once built)
+docker volume create helper 
+
+# Build the container
+docker build -t aws-ecr-dock-cred-helper .
+
+# Build the command and store it in the new volume in the /go/bin directory.
+docker run  -d --rm --name aws-cred-helper --volume helper:/go/bin aws-ecr-dock-cred-helper
+
+```
+
+3.  Create a configuration file for docker, and store it in $HOME/.docker/config.json (replace the <AWS_ACCOUNT_ID>
+    placeholders with your AWS Account ID):
+
+```json
+{
+    "credsStore" : "ecr-login",
+    "HttpHeaders" : {
+      "User-Agent" : "Docker-Client/19.03.1 (XXXXXX)"
+    },
+    "auths" : {
+      "<AWS_ACCOUNT_ID>.dkr.ecr.us-west-1.amazonaws.com" : {}
+    },
+    "credHelpers": {
+      "<AWS_ACCOUNT_ID>.dkr.ecr.us-west-1.amazonaws.com" : "ecr-login"
+    }
+}
+```
+
+4.  Create a docker-compose file (as an example) to help launch the container:
+
 and the docker-compose definition:
 ```yaml
-version: "3"
-
+version: "3.4"
 services:
+  # Check for new images and restart things if a new image exists
+  # for any of our containers.
   watchtower:
-    image: index.docker.io/containrrr/watchtower:latest
+    image: containrrr/watchtower:latest
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - <PATH_TO_HOME_DIR>/.docker/config.json:/config.json
+      - .docker/config.json:/config.json
       - helper:/go/bin
     environment:
       - HOME=/
       - PATH=$PATH:/go/bin
-      - AWS_REGION=<AWS_REGION>
-      - AWS_ACCESS_KEY_ID=<AWS_ACCESS_KEY>
-      - AWS_SECRET_ACCESS_KEY=<AWS_SECRET_ACCESS_KEY>
+      - AWS_REGION=us-west-1
 volumes:
-  helper: {}
+  helper: 
+    external: true
 ```
 
-and for `<PATH_TO_HOME_DIR>/.docker/config.json`:
-```json
-  {
-    "HttpHeaders" : {
-      "User-Agent" : "Docker-Client/19.03.1 (XXXXXX)"
-    },
-    "credsStore" : "osxkeychain",
-    "auths" : {
-      "xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : {},
-      "https://index.docker.io/v1/": {}
-    },
-    "credHelpers": {
-      "xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : "ecr-login",
-      "index.docker.io": "osxkeychain"
-    }
-  }
-```
+A few additional notes:
 
-*Note:* `osxkeychain` can be changed to your preferred credentials helper.
+1.  With docker-compose the volume (helper, in this case) MUST be set to `external: true`, otherwise docker-compose 
+    will preface it with the directory name.
+2.  Note that "credsStore" : "ecr-login" is needed - and in theory if you have that you can remove the 
+    credHelpers section 
+3.  I have this running on an EC2 instance that has credentials assigned to it - so no keys are needed; however, 
+    you may need to include the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables as well.
+4.  An alternative to adding the various variables is to create a ~/.aws/config and ~/.aws/credentials files and 
+    place the settings there, then mount the ~/.aws directory to / in the container.