← Back to containers tools

Docker Swarm

DevOpscontainersDockerSwarmorchestrationclusteringservice management

DevOps Tool

Docker Swarm

Overview

Docker Swarm is Docker's native clustering and orchestration tool. Integrated with Docker, it allows simple setup of container clusters with a low learning curve, making it an accessible choice for container orchestration.

Details

Docker Swarm is a container orchestration platform developed by Docker. Released in 2014 by Docker Inc., it was integrated into Docker Engine with Docker 1.12 in 2016. It manages multiple Docker hosts as a single virtual Docker host, enabling container distribution, scaling, load balancing, and high availability. Compared to Kubernetes, it's simpler with a lower learning curve, allowing direct use of existing Docker knowledge. Features include declarative service definitions, rolling updates, self-healing, service discovery, and load balancing. Docker Stack commands enable complex application deployment using docker-compose.yml format. Security features include encrypted cluster communication, RBAC, and Secrets management. Suitable for small to medium-scale environments, migration from Docker environments, prototyping, and edge computing, it serves as an alternative to Kubernetes when simplicity is prioritized.

Advantages and Disadvantages

Advantages

  • Simplicity: Easy cluster building with just Docker knowledge
  • Native integration: Integrated into Docker Engine
  • Low learning curve: Direct use of existing Docker skills
  • Compose compatibility: Definition possible with docker-compose.yml format
  • Lightweight: Operates with fewer resources than Kubernetes
  • Security: Built-in TLS encryption and Secrets management
  • Easy operation: Fewer complex configuration files and concepts
  • Easy migration: Smooth migration from existing Docker environments

Disadvantages

  • Limited features: Less advanced orchestration features than Kubernetes
  • Ecosystem: Fewer third-party tools and add-ons
  • Scalability: Constraints in large-scale environments
  • Customization: Difficult advanced network and storage configuration
  • Monitoring/Logging: Limited integrated monitoring solutions
  • Development pace: Not as actively developed as Kubernetes
  • Enterprise support: Limited enterprise support options
  • Persistence: Limited StatefulSet equivalent functionality

Key Links

Code Examples

Swarm Cluster Initialization

# Initialize cluster on manager node
docker swarm init --advertise-addr 192.168.1.100

# Check worker join command from output
# To add a worker to this swarm, run the following command:
#     docker swarm join --token SWMTKN-1-xxx 192.168.1.100:2377

# Execute on worker node
docker swarm join --token SWMTKN-1-xxx 192.168.1.100:2377

# Get manager join token
docker swarm join-token manager

# Check nodes
docker node ls
docker node inspect node-name

Service Creation and Management

# Create basic service
docker service create --name web --replicas 3 -p 80:80 nginx:alpine

# Scaling
docker service scale web=5

# Update
docker service update --image nginx:latest web

# Rolling update configuration
docker service update --update-parallelism 1 --update-delay 10s web

# Service verification
docker service ls
docker service ps web
docker service inspect web

# Service deletion
docker service rm web

Docker Stack (Compose Format)

# docker-compose.yml
version: '3.8'

services:
  web:
    image: nginx:alpine
    ports:
      - "80:80"
    deploy:
      replicas: 3
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
      placement:
        constraints:
          - node.role == worker
    configs:
      - source: nginx_config
        target: /etc/nginx/nginx.conf
    secrets:
      - ssl_certificate
    networks:
      - frontend

  app:
    image: myapp:latest
    deploy:
      replicas: 2
      resources:
        limits:
          cpus: '0.5'
          memory: 512M
        reservations:
          cpus: '0.25'
          memory: 256M
    environment:
      - DATABASE_URL=postgresql://user:pass@db:5432/myapp
    depends_on:
      - db
    networks:
      - frontend
      - backend

  db:
    image: postgres:13
    environment:
      POSTGRES_DB: myapp
      POSTGRES_USER: user
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.labels.database == true
    secrets:
      - db_password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - backend

networks:
  frontend:
    driver: overlay
    attachable: true
  backend:
    driver: overlay

volumes:
  postgres_data:
    driver: local

configs:
  nginx_config:
    external: true

secrets:
  ssl_certificate:
    external: true
  db_password:
    external: true

# Stack deployment
docker stack deploy -c docker-compose.yml myapp

# Stack verification
docker stack ls
docker stack ps myapp
docker stack services myapp

# Stack deletion
docker stack rm myapp

Secrets Management

# Create secret
echo "my-secret-password" | docker secret create db_password -

# Create secret from file
docker secret create ssl_cert ssl_certificate.pem

# List secrets
docker secret ls

# Use secret in service
docker service create \
  --name myapp \
  --secret db_password \
  --env POSTGRES_PASSWORD_FILE=/run/secrets/db_password \
  postgres:13

# Delete secret
docker secret rm db_password

Config Management

# Create config
docker config create nginx_config nginx.conf

# Use config in service
docker service create \
  --name web \
  --config source=nginx_config,target=/etc/nginx/nginx.conf \
  nginx:alpine

# List and delete configs
docker config ls
docker config rm nginx_config

Network Management

# Create overlay network
docker network create --driver overlay --attachable mynetwork

# Specify network when creating service
docker service create --name web --network mynetwork nginx:alpine

# Update network for running service
docker service update --network-add backend web
docker service update --network-rm frontend web

# Check network information
docker network ls
docker network inspect mynetwork

Health Checks and Constraints

# Health checks in docker-compose.yml
version: '3.8'
services:
  web:
    image: nginx:alpine
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s
    deploy:
      replicas: 3
      placement:
        constraints:
          - node.role == worker
          - node.labels.zone == us-west-1
        preferences:
          - spread: node.labels.zone

Rolling Update Detailed Configuration

# Gradual update
docker service update \
  --image myapp:v2.0 \
  --update-parallelism 1 \
  --update-delay 30s \
  --update-monitor 60s \
  --update-failure-action rollback \
  --update-max-failure-ratio 0.1 \
  myapp

# Rollback
docker service rollback myapp

# Check update history
docker service ps myapp --no-trunc

Cluster Management

# Node information and label management
docker node update --label-add zone=us-west-1 node1
docker node update --label-add database=true node2
docker node update --availability drain node3  # Maintenance mode

# Leave cluster
docker swarm leave --force  # Manager node
docker swarm leave          # Worker node

# Certificate rotation
docker swarm ca --rotate
docker swarm unlock-key

# Backup
sudo systemctl stop docker
sudo tar -zvcf swarm-backup.tar.gz /var/lib/docker/swarm
sudo systemctl start docker

Monitoring and Logging

# Service logs
docker service logs -f web
docker service logs --tail 100 web

# Node and cluster information
docker system df
docker system events
docker node ps $(docker node ls -q)

# Resource usage (requires external tools)
docker stats $(docker ps --format "table {{.Names}}")