docker.recipes

DIUN Docker Image Updates

beginner

DIUN Docker Image Update Notifier for tracking container image updates.

Overview

DIUN (Docker Image Update Notifier) is an open-source monitoring tool created by CrazyMax that automatically detects when new versions of Docker images become available. Originally developed to solve the challenge of manually tracking updates across multiple containerized applications, DIUN continuously monitors Docker registries and compares them against locally running containers to identify outdated images. The tool supports multiple Docker providers including standalone Docker engines, Docker Swarm clusters, and can integrate with container orchestration platforms through registry scanning. This DIUN configuration establishes an automated image monitoring system that checks for updates every 6 hours using a cron-based scheduler. The setup connects directly to the Docker daemon through the socket mount, enabling real-time discovery of running containers and their associated images. DIUN analyzes container labels to determine which images should be monitored, then queries their respective registries to detect version changes, security updates, and new releases. The system maintains a local database of image states and version histories to track changes over time. This stack is particularly valuable for DevOps teams managing multiple containerized environments, homelab enthusiasts running numerous self-hosted services, and system administrators responsible for maintaining security compliance through timely updates. DIUN eliminates the manual overhead of checking dozens of repositories for updates while providing flexible notification options including email, Slack, Discord, Telegram, and webhook integrations to ensure update alerts reach the appropriate team members through their preferred communication channels.

Key Features

  • Multi-registry support including Docker Hub, GitHub Container Registry, GitLab Registry, and private registries with authentication
  • Flexible container discovery through Docker socket integration with label-based inclusion/exclusion filtering
  • Configurable notification providers supporting email, Slack, Discord, Telegram, Matrix, Teams, and custom webhooks
  • Cron-based scheduling system with customizable check intervals from minutes to weeks
  • Watch list management allowing specific image tracking beyond currently running containers
  • Image digest comparison and semantic version analysis for accurate update detection
  • Comprehensive logging with JSON and text formats for integration with log aggregation systems
  • Template-based notification customization with image details, update summaries, and custom messaging

Common Use Cases

  • 1Homelab administrators monitoring self-hosted applications like Nextcloud, Plex, and Bitwarden for security updates
  • 2Development teams tracking base image updates for containerized microservices across staging and production environments
  • 3Security teams ensuring timely patching of container images to address CVE vulnerabilities
  • 4Managed service providers monitoring client container deployments for maintenance scheduling
  • 5CI/CD pipeline integration to trigger automated testing when upstream dependencies release new versions
  • 6Multi-tenant SaaS platforms tracking third-party service containers for compliance and stability
  • 7Enterprise infrastructure teams managing hundreds of containerized applications across multiple clusters

Prerequisites

  • Docker Engine 20.10+ with API access and sufficient permissions to read container metadata
  • Minimum 128MB RAM allocation for DIUN container and 1GB disk space for image metadata storage
  • Network connectivity to Docker registries and notification service endpoints (SMTP, webhook URLs)
  • Understanding of Docker labels syntax for configuring per-container monitoring rules
  • Valid credentials for private registries and notification services (email servers, Slack tokens)
  • Basic cron expression knowledge for customizing update check schedules

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  diun: 
3    image: crazymax/diun:latest
4    container_name: diun
5    environment: 
6      - TZ=${TZ}
7      - LOG_LEVEL=info
8      - LOG_JSON=false
9      - DIUN_WATCH_WORKERS=20
10      - DIUN_WATCH_SCHEDULE=0 */6 * * *
11      - DIUN_PROVIDERS_DOCKER=true
12    volumes: 
13      - diun_data:/data
14      - /var/run/docker.sock:/var/run/docker.sock:ro
15    restart: unless-stopped
16    networks: 
17      - diun-network
18
19volumes: 
20  diun_data: 
21
22networks: 
23  diun-network: 
24    driver: bridge

.env Template

.env
1# DIUN
2TZ=UTC

Usage Notes

  1. 1Add labels to containers to watch
  2. 2Supports multiple notifiers
  3. 3Scheduled update checks
  4. 4Label: diun.enable=true
  5. 5Notifiers: email, Slack, Discord, etc.

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  diun:
5    image: crazymax/diun:latest
6    container_name: diun
7    environment:
8      - TZ=${TZ}
9      - LOG_LEVEL=info
10      - LOG_JSON=false
11      - DIUN_WATCH_WORKERS=20
12      - DIUN_WATCH_SCHEDULE=0 */6 * * *
13      - DIUN_PROVIDERS_DOCKER=true
14    volumes:
15      - diun_data:/data
16      - /var/run/docker.sock:/var/run/docker.sock:ro
17    restart: unless-stopped
18    networks:
19      - diun-network
20
21volumes:
22  diun_data:
23
24networks:
25  diun-network:
26    driver: bridge
27EOF
28
29# 2. Create the .env file
30cat > .env << 'EOF'
31# DIUN
32TZ=UTC
33EOF
34
35# 3. Start the services
36docker compose up -d
37
38# 4. View logs
39docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/diun-image-updates/run | bash

Troubleshooting

  • Permission denied accessing Docker socket: Ensure the Docker socket mount has correct permissions and the DIUN container user can read /var/run/docker.sock
  • No containers detected for monitoring: Add 'diun.enable=true' labels to target containers and verify Docker API connectivity
  • Failed to connect to registry: Configure registry authentication in DIUN config file and verify network access to registry endpoints
  • Notifications not sending: Validate SMTP settings, webhook URLs, or messaging service tokens in environment variables
  • High CPU usage during scans: Reduce DIUN_WATCH_WORKERS value from default 20 to 5-10 workers for resource-constrained environments
  • Missed updates on private images: Configure registry credentials using DIUN_PROVIDERS_DOCKER_REGISTRY sections with proper authentication tokens

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

diun

Tags

#diun#docker#updates#notifications#containers

Category

DevOps & CI/CD

Related Recipes

Ad Space