catch { snail }

Configure Docker Swarm

November 15, 2019

You can also read more about Docker Swarm on the official documentation page

-What is a Docker Swarm ?

“Docker Engine 1.12 introduces swarm mode that enables you to create a cluster of one or more Docker Engines called a swarm. Docker swarm is a management and orchestration features embedded in the Docker Engine are built using swarmkit. Swarmkit is a separate project which implements Docker’s orchestration layer and is used directly within Docker.” Folder Structure

Swarm consists of a multiple Docker hosts which are running in swarm mode and act as managers and workers. Manager is managing delegations and memberships. Workers are running the swarm services.

-Before

For example i have 3 separate servers that i would like to run in Docker Swarm mode.

1.1.1.1
2.2.2.2
3.3.3.3

And all of them are connected to the private network 10.0.0.1/16

-Network Configuration

This part was only important in my use case. So you can skip networking configuration if it’s not relevant to you.

All my servers were connected to the private subnet 10.0.0.1/16. And this was really important that they would stay connected to each other over that network. In this case i needed to change docker ingress network subnet due to the fact that the default ingress subnet has the same subnet.

When you initialize a swarm or join a Docker host to an existing swarm, two new networks are created on that Docker host:

  • an overlay network called ingress, which handles control and data traffic related to swarm services. When you create a swarm service and do not connect it to a user-defined overlay network, it connects to the ingress network by default.
  • a bridge network called docker_gwbridge, which connects the individual Docker daemon to the other daemons participating in the swarm.

Inspect networks:

docker network inspect ingress

Remove ingress network:

docker network rm ingress

Create a new ingress network with the subnet 20.11.0.0/16:

docker network create \
  --driver overlay \
  --ingress \
  --subnet=20.11.0.0/16 \
  --gateway=20.11.0.2 \
  --opt com.docker.network.driver.mtu=1200 \
  my-ingress

-Configure the Manager Node

We have decided that 1.1.1.1 will be the manager in our case. On the 1.1.1.1 we will need to initialize swarm mode by running command below:

docker swarm init --advertise-addr 1.1.1.1

The output will be the command with the worker token that we will need to run on the other servers in order for them to join to the cluster manager 1.1.1.1

docker swarm join --token SWMTKN-1-19a9q3z51lr1qjakg2wfsdhweweasdsjik323zxgmg23-qwe3qfggwe67a22kdl

-Configure the Worker Nodes

Run this command on each server that should be connected to the Cluster Manager as a Worker

docker swarm join --token SWMTKN-1-19a9q3z51lr1qjakg2wfsdhweweasdsjik323zxgmg23-qwe3qfggwe67a22kdl

-Verify the Swarm Cluster

On the manager node run

docker node ls

The output example:

In case you will loose join tokens you can run the following commands on the manager node:

To retrieve the manager token run:

docker swarm join-token manager -q

To retrieve the worker token run:

docker swarm join-token worker -q

-Deploy Application

We can use docker service or docker stack:

  • The docker stack can be used to manage a multi-service application.
  • The docker service is used when you need to manage an individual service on a docker swarm cluster.

We will use docker stack. Lets create docker-compose-app1.yml file with the following content:

version: "3"

services:
    app:
        image: 15734342727.dkr.ecr.us-east-1.amazonaws.com/hello-world:latest
        restart: always
        ports:
            - 8010:80
        networks:
            - default

You’ve probably noticed that i’m usng AWS ECR (private registry) and in order for the workers to pull the image from that registry we need to deploy the app with the option --with-registry-auth to send registry authentication details to Swarm agents.

If you are using private registry as well then before deploying the application we need to login to the registry in my case it is AWS ECR.

Run the following command on the manager node:

aws ecr get-login --no-include-email

The output will be a docker login ... command. You need to execute this command on the cluster manager in order to login to the AWS ECR registry.

After we can run the following command on the manager node:

docker stack deploy -c docker-compose-app1.yml --with-registry-auth Hello_World_App

To validate services, run the following command on the manager node:

docker service ls

The example output with the 2 applications:

To scale the app run the following command on the manager node:

docker service scale <SERVICE-ID>=<NUMBER-OF-TASKS>

For example:

docker service scale sjcrh8ra88yf=5

Cheers!


My personal notes.
I write about code.

© 2022, Built with Gatsby and a tiny Snail