This video dives deep into Docker Swarm Mode, explaining why it’s a powerful and often misunderstood container orchestration tool for those seeking a middle ground between simple Docker setups and complex Kubernetes deployments. I’ll guide you through setting up a Swarm cluster, deploying services with Docker Compose, and leveraging crucial features like secrets, configs, and overlay networks to build robust and scalable applications.
References#
- Docker Tutorial: https://www.youtube.com/watch?v=Nm1tfmZDqo8
- Docker Volumes (NFS): https://www.youtube.com/watch?v=eKAQiYu4NyI
Notes#
What is Docker Swarm Mode?#
Docker Swarm Mode is an integrated feature of the Docker Engine that allows you to create and manage a cluster of Docker nodes, orchestrating containers with built-in fault-tolerance, load-balancing, and rolling updates. It’s an excellent choice for HomeLab users or smaller teams looking for container orchestration without the complexity of Kubernetes.
Benefits of Docker Swarm#
- Built-in clustering and orchestration: Transforms multiple Docker Engines into a single, virtual Docker host.
- Service discovery and load balancing: Automatic DNS assignment for services and internal load balancing.
- High availability and fault tolerance: Automatically reschedules failed tasks on healthy nodes.
- Security by default: Secure node-to-node communication with mutual TLS encryption and integrated secrets management.
- Rolling updates and rollbacks: Supports declarative updates to services with easy rollback capabilities.
- Intelligent scheduling: Optimizes cluster resource use and resilience based on resource availability and constraints.
Why choose Docker Swarm over Kubernetes?#
Docker Swarm offers a simpler setup and ease of use, making it accessible for projects that need straightforward container orchestration. Its seamless integration with Docker, using the same CLI and API, allows teams familiar with Docker to scale from single-node to multi-node clusters without learning new tools.
bash sudo docker swarm init –advertise-addr
How to set up Docker Swarm#
To initialize a Swarm on your leader node:
sudo docker swarm init --advertise-addr <VM1-IP-address>
To join worker nodes to the Swarm:
docker swarm join --token <token> <VM1-IP-address>:2377
Verify your nodes and promote workers to managers (optional for high availability):
# On the Leader
sudo docker node ls
# Promote workers to leaders
sudo docker node promote <VM2>
sudo docker node promote <VM3>
Create Docker Services#
You can create individual services directly via the Docker CLI. Here’s an example for an Nginx service:
docker service create \
--name nginx-service-1 \
--publish 8081:80 \
--replicas 2 \
nginx:latest
To inspect services and their running tasks:
docker service ls
docker service ps nginx-service-1
For updates and rollbacks:
docker service update --image nginx:1.29.1 nginx-service-1
docker service rollback nginx-service-1
Create Services from a Compose File#
Docker Compose files can be used in Swarm Mode to manage services as stacks. Remember to adjust your Compose file for Swarm deployment:
services:
nginx:
image: docker.io/library/nginx:1.28.0-alpine
# Remove 'container_name' as Swarm manages container naming
# container_name: nginx
deploy:
replicas: 1
# (OPTIONAL) Add constraints to run this service on specific nodes
placement:
constraints:
- node.hostname != vm-test-3
ports:
- "8082:80"
# Remove 'restart' policies as Swarm handles service restarts
# restart: unless-stopped
Deploy or update your stack:
docker stack deploy -c compose.yaml nginx-service-2
Check your deployed stacks and their services:
docker stack ls
docker stack ps nginx-service-2
Swarm Mode vs. Standalone Containers#
When Swarm Mode is enabled, existing standalone containers and Docker Compose stacks (not deployed as Swarm stacks) will continue to run unaffected. They do not automatically become part of the Swarm cluster.
Docker Volumes in Swarm Mode#
By default, volumes are local to each node and are not automatically shared across the Swarm. This means if a task reschedules to another node, its data won’t follow. To address this, consider using shared storage solutions or Docker Storage Drivers. Refer to my video on Docker Volumes using NFS for a practical solution.
bash docker network create \ –driver overlay \ –attachable \ # This enables IPsec encryption, which might incur a performance penalty. Test before production. –opt encrypted \ proxy
Overlay Networks#
Overlay networks provide a distributed network across all Docker Swarm nodes, allowing services to communicate seamlessly. You can also make them attachable for standalone containers.
docker network create \
--driver overlay \
--attachable \
# This enables IPsec encryption, which might incur a performance penalty. Test before production.
--opt encrypted \
proxy
Docker Secrets and Configs#
Swarm Mode offers built-in management for sensitive data and configuration files, enhancing security and simplifying deployment.
Docker Secrets#
Docker Secrets allow you to securely store and transmit sensitive information (like API tokens, passwords, or certificates) only to the containers that need them.
To create a secret:
echo "*****" | docker secret create api_token -
Integrate secrets into your Compose file:
services:
secret_demo:
image: ubuntu:latest
deploy:
mode: replicated
replicas: 1
secrets:
- api_token
environment:
- TARGET_API_TOKEN_FILE=/run/secrets/api_token
secrets:
api_token:
external: true
docker config create my_config my_config.yaml
Integrate configs into your Compose file:
...
configs:
- source: my_config
target: /etc/myapp/config.yaml
...
configs:
my_config:
external: true
Docker Configs#
Docker Configs help you manage non-sensitive configuration files centrally, making them available to your services.
To create a config from a file (e.g., my_config.yaml):
docker config create my_config my_config.yaml
Integrate configs into your Compose file:
...
configs:
- source: my_config
target: /etc/myapp/config.yaml
...
configs:
my_config:
external: true
