-
Notifications
You must be signed in to change notification settings - Fork 3
Home
Will Luck edited this page Apr 13, 2026
·
8 revisions
A container update orchestrator with a web dashboard, written in Go. Monitors Docker containers for image updates, applies per-container update policies, takes pre-update snapshots, and rolls back automatically if a container fails health checks after updating.
- Multi-instance Portainer support - one Sentinel instance can monitor containers across multiple Portainer servers
- Engine ID deduplication - automatically detects and prevents duplicate scanning when the same Docker host is reachable via multiple Portainer endpoints
-
Enhanced cluster mode -
SENTINEL_CLUSTER_ADVERTISEfor multi-network TLS cert SANs, plus actionable CA mismatch guidance - Security hardening - webhook secrets moved to headers, OIDC nonce + PKCE, CSRF-protected logout
-
Maintenance windows -
SENTINEL_MAINTENANCE_WINDOWrestricts auto-updates to a specific time range
- Scan running containers and check their update policies
- Check registries for new digests (mutable tags) or semver tags
- Queue updates (auto-policy proceeds immediately; manual-policy waits for approval)
- Snapshot the full container config, then pull the new image
- Update the container: stop, remove, recreate with identical config, start
- Validate after the grace period and rollback from the snapshot if unhealthy
| Page | Description |
|---|---|
| Installation | Docker, Docker Compose, binary, and building from source |
| Configuration Reference | All environment variables with defaults and descriptions |
| Docker Labels | Per-container labels for policies, schedules, and constraints |
| Web UI Guide | Dashboard, queue, container detail, images, and settings pages |
| REST API Reference | HTTP endpoints for automation and integrations |
| Authentication and Security | Password, WebAuthn/passkeys, OIDC/SSO, TOTP/2FA, and TLS |
| Notifications | Gotify, Slack, Discord, Ntfy, Telegram, Pushover, Email, MQTT, Apprise, and webhooks |
| Cluster Mode | Multi-host monitoring with server/agent topology and mTLS |
| Lifecycle Hooks | Pre/post-update hooks and Docker-Guardian integration |
| Upgrade Guide | Version-to-version upgrade notes and breaking changes |
| Troubleshooting | Common issues, debug logging, and diagnostics |
Getting Started
Using Sentinel
Multi-Host
Security
Reference