Docker swarm mode
## What ? * Container orchestration * easy to setup * integrated in the docker engine * declarative service model
## Why ? * hundreds of hosts * thousands of containers
## Facts * Available since docker 1.12.0 (07/28/2016) * Usable since 17.03.0-ce (01/03/2017) * runs on Linux and Windows * 7 month maintenance lifecycle * Editions * CE - Community edition (free) * EE = Enterprise edition ($75 per node per month)
## History * Before Docker 1.12 * (legacy) Docker Swarm * much more complicated to setup
## Competitive products * Kubernetes * Mesosphere * (Rancher 1.6 Cattle)
## What you need * one docker node for dev / demo * at least 3 nodes for a productive cluster * docker registry * general knowledge about docker
## Key elements * node * service * task * stack
## Node * A node is a computer (VM, physical) with the docker engine * Can be a manager or a worker * Manager nodes also run container workload * At least one manager in the swarm, exactly one manger is leader * Raft Consensus Algorithm is used for consistency of cluster state * Traffic between nodes is TLS encrypted
## Service 1 * the desired state is described * docker image * mounts * env vars * limits & reservations (RAM, CPU) ... * Scheduling mode * global: On each node exactly one container is started * replicated: Container is started specified number of times (can be scaled later)
## Service 2 * Healthcheck * Command to execute to determine health * Unhealthy: the container will be stopped, not reachable over network * Rolling update * Update of containers ony by one * Configurable behaviour on failure * Makes zero-downtime deployment possible * Different life-cycle * Container will be restarted automatically when stopped manually!
## Task * task for a single node to execute a single container * "atomic scheduling unit of swarm"
## Stack * Definition of things that form an application stack * services * networks * volumes * Defined in a compose file (yaml) * e. g. database + webserver ```bash docker stack deploy --compose-file <file.yml> <stackname> ```
### Compose file example ```yaml version: '3.5' services: agent: image: portainer/agent:1.1.2 volumes: - /var/run/docker.sock:/var/run/docker.sock networks: - agent_network deploy: mode: global portainer: image: portainer/portainer:1.19.2 command: --no-auth -H tcp://tasks.agent:9001 --tlsskipverify ports: - "9000:9000" networks: - agent_network deploy: mode: replicated replicas: 1 networks: agent_network: driver: overlay attachable: true ```
## Networking features * Overlay networks * Port publishing * Load balancing / routing mesh * Service discovery
## Overlay networks * Distributed network among docker hosts * on top of host network * `ingress` network automatically created by docker * Optionally encrypted (IPSEC, AES) * Containers connected to same overlay net can communicate with each other ```bash docker network create --driver overlay --opt encrypted my-overlay-net ```
## Port publishing / Load balancing * Service can publish ports (TCP / UDP) * Traffic to that port is load-balanced to replicas (VIP)
## Service discovery * Based on DNS requests * Only possible in docker containers * Docker-internal DNS service * Resolvable names: * servicename --> VIP * stackname_servicename --> VIP * tasks.servicename --> IPs of replicas (DNS_RR) * Endpoint mode configurable: DNS_RR or VIP
## More features * Secrets and Configs * Similar to env var, but larger (max. 500 kB) * can be definied in the compose file (or via CLI) * mounted as file in docker container * secrets are encrypted on rest - unencrypted in RAM disk * read-only * immutable - complicated to update 😢
## How to setup ```bash # on first manager node docker swarm init --advertise-addr <MANAGER-IP> # Show join commands for managers / workers docker swarm join-token manager docker swarm join-token worker # Issue command on other nodes. Example docker swarm join \ --token SWMTKN-1-49nj1cmql0jk... \ 192.168.0.5:2377 # List infos docker node ls docker node inspect <NODE> ```
## Contra 👎 * Missing persistence story * a container of a service maybe started on different host after reboot or service update * the containers volumes will not migrate 😢 * workarounds: * network storage (NFS) * host pinning by using placement constraints * stability / bugs in docker engine 🤮
## Advice ☝ * Sizing of manager nodes * a quorum is needed to be operable * odd number of manager nodes * at least 3 nodes for fault tolerance of 1 * maybe manager-only nodes * Do not use it for stateful services * Do not use it for databases * Beware of docker engine upgrades * Be careful with the healthchecks
## Tools with swarm mode support * Portainer: Web UI for Docker cluster * Traefik: Reverse proxy
## Example * 3 node setup with vagrant / ansible * portainer * traefik https://github.com/cgoeller/docker-swarm-mode-slides/examples
# The end. https://docs.docker.com/engine/swarm https://github.com/cgoeller/docker-swarm-mode-slides
