Docker Swarm
Docker Swarm provides cluster management and orchestration features embedded in and bundled with the Docker engine that allows multiple docker hosts to run containers. Swarm mode enables features such as docker secrets used for storing passwords or sensitive data required by a container.
The market share for container based orchestration has gone towards Kubernetes as literally everyone is now using it.
See Also: https://docs.docker.com/engine/swarm/
Setup
The following ports must be available between the docker hosts.
- TCP port 2377 for cluster management communications
- TCP and UDP port 7946 for communication among nodes
- UDP port 4789 for overlay network traffic
One of the nodes will be the manager; it is the one which first creates the swarm. To create a swarm:
# docker swarm init [ --advertise-addr <MANAGER-IP>]
The optional value --advertise-addr should be used if the swarm is to have more than one node.
You can check the state of the swarm by checking on the docker engine info, and by listing nodes:
# docker info
...
Swarm: active
NodeID: krjls0ie07ypkftaue2eo257c
Is Manager: true
...
# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
krjls0ie07ypkftaue2eo257c * docker01 Ready Active Leader
The * next to the node ID indicates that you’re currently connected on this node.
Joining a Swarm
Additional nodes can join using the docker swarm join command. The full command with the token can be obtained by running on the manager:
# docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-5siymu2ijhm51gl34s13q5njpdpaxavsoll5zd88jqltk4rgt2-1kygf0i36tkrb3lfnmep2v72q 172.20.1.30:2377
Swarm Networking
A swarm node generates 2 traffic:
- Docker Node Management & Control (encrypted, ports TCP&UDP/7946, UDP/4789)
- Application traffic (from containers, external clients)
Network concepts in swarm services:
- Overlay Networks - A networ
- Ingress Network - Overlay network that facilitates load balancing among a service's nodes using a module called
IPVS. - docker_gwbridge - Connects overlay networks (including ingress networks) to docker containers.
Deploy a Service
A service to a swarm is like a container to a docker host. A docker service runs within a docker swarm.
Services can be created via the command line (similar to docker run), or by using a docker-compose.yml file.
To start an image as a service:
# docker service create --replicas 1 --name helloworld alpine ping 127.0.0.1
A container in a service will restart if terminates abnormally. To list all services:
# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
aath3rehcloy test-service replicated 1/1 alpine:latest
To inspect a service:
# docker service inspect --pretty test-service
ID: aath3rehcloyz8x66xwsyexkw
Name: test-service
Service Mode: Replicated
Replicas: 1
Placement:
UpdateConfig:
Parallelism: 1
On failure: pause
Monitoring Period: 5s
Max failure ratio: 0
Update order: stop-first
RollbackConfig:
Parallelism: 1
On failure: pause
Monitoring Period: 5s
Max failure ratio: 0
Rollback order: stop-first
ContainerSpec:
Image: alpine:latest@sha256:f006ecbb824d87947d0b51ab8488634bf69fe4094959d935c0c103f4820a417d
Args: ping mirror.cpsc.ucalgary.ca
Resources:
Endpoint Mode: vip
Stacks
Applications typically will have more than one service working together. Docker helps manage these applications with discrete services with 'stacks'.
A stack defines a set of services that needs to be running within a swarm to maintain an application's state.
Use Docker Compose to define your application. See https://github.com/docker/labs/blob/master/beginner/chapters/votingapp.md
To deploy an application:
# docker stack deploy --compose-file docker-stack.yml vote
To verify the stack:
# docker stack services vote
To remove a stack
# docker stack rm vote