Docker Swarm provides cluster management and orchestration features embedded in and bundled with the Docker engine that allows multiple docker hosts to run containers. Swarm mode enables features such as docker secrets used for storing passwords or sensitive data required by a container.

The market share for container based orchestration has gone towards Kubernetes as literally everyone is now using it.

See Also:

Setup[edit | edit source]

The following ports must be available between the docker hosts.

  • TCP port 2377 for cluster management communications
  • TCP and UDP port 7946 for communication among nodes
  • UDP port 4789 for overlay network traffic

One of the nodes will be the manager; it is the one which first creates the swarm. To create a swarm:

# docker swarm init [ --advertise-addr <MANAGER-IP>]

The optional value --advertise-addr should be used if the swarm is to have more than one node. You can check the state of the swarm by checking on the docker engine info, and by listing nodes:

# docker info
Swarm: active
 NodeID: krjls0ie07ypkftaue2eo257c
 Is Manager: true

# docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS
krjls0ie07ypkftaue2eo257c *   docker01            Ready               Active              Leader

The * next to the node ID indicates that you’re currently connected on this node.

Joining a Swarm[edit | edit source]

Additional nodes can join using the docker swarm join command. The full command with the token can be obtained by running on the manager:

# docker swarm join-token worker
To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-5siymu2ijhm51gl34s13q5njpdpaxavsoll5zd88jqltk4rgt2-1kygf0i36tkrb3lfnmep2v72q

Swarm Networking[edit | edit source]

A swarm node generates 2 traffic:

  • Docker Node Management & Control (encrypted, ports TCP&UDP/7946, UDP/4789)
  • Application traffic (from containers, external clients)

Network concepts in swarm services:

  • Overlay Networks - A networ
  • Ingress Network - Overlay network that facilitates load balancing among a service's nodes using a module called IPVS.
  • docker_gwbridge - Connects overlay networks (including ingress networks) to docker containers.

Deploy a Service[edit | edit source]

A service to a swarm is like a container to a docker host. A docker service runs within a docker swarm.

Services can be created via the command line (similar to docker run), or by using a docker-compose.yml file.

To start an image as a service:

# docker service create --replicas 1 --name helloworld alpine ping

A container in a service will restart if terminates abnormally. To list all services:

# docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE                  PORTS
aath3rehcloy        test-service        replicated          1/1                 alpine:latest

To inspect a service:

# docker service inspect --pretty test-service

ID:             aath3rehcloyz8x66xwsyexkw
Name:           test-service
Service Mode:   Replicated
 Replicas:      1
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Update order:      stop-first
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Rollback order:    stop-first
 Image:         alpine:latest@sha256:f006ecbb824d87947d0b51ab8488634bf69fe4094959d935c0c103f4820a417d
 Args:          ping
Endpoint Mode:  vip

Stacks[edit | edit source]

Applications typically will have more than one service working together. Docker helps manage these applications with discrete services with 'stacks'.

A stack defines a set of services that needs to be running within a swarm to maintain an application's state.

Use Docker Compose to define your application. See

To deploy an application:

# docker stack deploy --compose-file docker-stack.yml vote

To verify the stack:

# docker stack services vote

To remove a stack

# docker stack rm vote