Watchtower Docker Swarm Overview
Watchtower docker swarm deployment differs from single-host Docker in one important way: containers are distributed across multiple nodes, and each node has its own Docker daemon. Watchtower must run on every node to monitor and update all containers cluster-wide.
The solution is deploying Watchtower as a global Swarm service — Docker Swarm automatically places exactly one Watchtower task on each node in the cluster.
Deploy with Docker Service Create
# Run from a Swarm manager node
docker service create \
--name watchtower \
--mode global \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--env WATCHTOWER_CLEANUP=true \
--env WATCHTOWER_POLL_INTERVAL=21600 \
--env WATCHTOWER_ROLLING_RESTART=true \
containrrr/watchtowerDeploy with Docker Stack (Compose v3)
For version-controlled deployments, use a Compose file with docker stack deploy:
# watchtower-stack.yml
version: "3.8"
services:
watchtower:
image: containrrr/watchtower
deploy:
mode: global # One instance per Swarm node
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
update_config:
order: start-first
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_POLL_INTERVAL=21600
- WATCHTOWER_ROLLING_RESTART=true
- WATCHTOWER_NOTIFICATIONS=slack
- WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL=https://hooks.slack.com/...
# Deploy with:
# docker stack deploy -c watchtower-stack.yml watchtower-stackRolling Restart in Swarm
In Swarm environments, set WATCHTOWER_ROLLING_RESTART=true to update one container at a time rather than all simultaneously. This prevents service disruption when multiple replicas of the same service are being updated:
environment:
- WATCHTOWER_ROLLING_RESTART=true # Update containers one at a timeDocker Swarm Specific Considerations
- Bind mounts must use bind type (not volume type) for the Docker socket:
type=bind,source=/var/run/docker.sock - Secrets and configs are not supported as Watchtower environment variables — use env vars directly in the Compose deploy config
- Swarm services managed by Docker Swarm scheduler (not standalone containers) may be updated by Watchtower but Swarm may try to reconcile them back — use Swarm's native rolling update mechanism for Swarm-managed services when possible
- containrrr watchtower docker swarm support is production-ready as of v1.5.0+
Verify Swarm Deployment
# Check service status
docker service ls | grep watchtower
# View tasks (one per node)
docker service ps watchtower
# View logs from all nodes
docker service logs watchtower --followFrequently Asked Questions
Because Watchtower monitors containers via the local Docker socket. A single Watchtower instance only sees containers on its own node. Deploying as --mode global ensures one Watchtower runs on every Swarm node, giving full cluster coverage without manual per-node setup.
Watchtower updates the underlying containers on each node. For Swarm-managed services with multiple replicas, Watchtower may update individual containers but this can conflict with Swarm's own reconciliation loop. For production Swarm services, consider using Swarm's native rolling update (docker service update --image) or a GitOps-style CI/CD pipeline instead, and using Watchtower only for standalone containers on Swarm nodes.
Run docker service logs watchtower --follow from any manager node — Docker Swarm aggregates logs from all nodes into a single stream, with each line prefixed by the node it came from.