A swarm is a cluster of nodes that work together. This is DOcker's official orchestration system and is similar with Kubernetes.
- provides an API
- uses services instead of running containers individually
A swarm encrypts these services by default:
- distributed cluster store
- networks
- TLS
- cluster joining tokens
- PKI
Manager Node
- responsible for running the cluster
- cluster state
- schedules services
- receives API commands and converts them to actions
- recommended to have "odd" number of nodes for HA
- if you have "even" number of nodes (ex: 4 nodes), it's possible to have split brain issue
- maximum of 7 nodes
Worker Nodes
- runs the containers
- needs at least 1 manager node
To see all the nodes in your swarm:
$ docker node ls
Initialize on the first manager node:
$ docker swarm init \
--advertise-addr <private-ip>:2377 \
--listen-addr <private-ip>:2377
After initializing, create a token:
$ docker swarm join-token manager
You can then use this token to join another manager node to the swarm.
To create a token for the worker nodes:
$ docker swarm join-token worker
Use this token to join a node as a worker node to the swarm.
$ docker swarm join \
--token <worker-node-token> \
--advertise-addr <private-ip>:2377 \
--listen-addr <private-ip>:2377
Note that if a node goes down for some time and restarts, its data may be in conflict with the data in the swarm. To prevent this, enable locking to stops the restarted node from rejoining the swarm and require an administrator password first.
$ docker swarm init --autolock
$ docker swarm update --autolock=true
Note that is better to delete and recreate the node so that it gets the recent copy of the data.
Define the image to be used and then the service will run the container for you.
- also specify the desired state (replicas, etc.)
- replicate mode by default, containers are distributed evenly
- global mode, a single replica on each node
- scaling up/down