Introduction to Orchestration: Docker Swarm
Up to this point, we have focused on managing containers on a single host (using docker run or docker-compose). However, production applications rarely live on a single server. They need high availability, scaling, and fault tolerance.
This requires Orchestration: The automated management, scheduling, and coordination of containerized applications across a cluster of machines.
Docker Swarm is the native orchestration engine for Docker. It is integrated directly into the Docker Engine, making it the easiest way to move from single-host Docker to a multi-host cluster.
1. Key Concepts: Nodes and Services
Swarm introduces a new layer of abstraction. You no longer think about individual "containers" running on a specific server. Instead, you think about Services running on Nodes.
Nodes (The Hardware)
A Node is an instance of the Docker Engine participating in the Swarm.
Manager Nodes: The brains of the operation. They maintain the cluster state, schedule services, and serve the Swarm API.
Worker Nodes: The muscle. Their only job is to execute the containers (Tasks) assigned to them by the Managers.
Services (The Application)
A Service is the definition of a desired state for an application.
Instead of running a container, you "create a service."
You define the image (e.g.,
nginx:latest), the replicas (e.g., "I want 3 copies"), and the ports.The Swarm Manager ensures that the actual state matches this desired state. If a Worker Node dies, the Manager automatically reschedules its tasks onto a healthy node.
2. Initializing a Swarm
Turning a standard Docker host into a Swarm Manager is a single command.
On the Manager Node:
# Initialize the Swarm
docker swarm init --advertise-addr <MANAGER-IP>Output: This command will output a "join token" command.
On the Worker Node(s): Copy and paste the command provided by the manager:
docker swarm join --token SWMTKN-1-... <MANAGER-IP>:2377You now have a cluster. You can view it from the manager:
docker node ls3. Deploying a Service
The docker service command is used to manage applications in Swarm.
Create a Replicated Service
# Deploy 3 instances of Nginx, mapped to port 80
docker service create \
--name my-web \
--replicas 3 \
--publish 80:80 \
nginx:latestInspecting the Service
docker service ls # List all running services
docker service ps my-web # List the tasks (containers) for this serviceYou will see that the 3 replicas are distributed across your available nodes.
Scaling the Service
Scaling is instantaneous and declarative.
docker service scale my-web=5Swarm will immediately launch 2 new tasks to meet the desired count of 5.
4. The Routing Mesh
One of Swarm's most powerful features is the Ingress Routing Mesh.
When you publish a port (like port 80 above), Swarm listens on port 80 on every node in the cluster, regardless of whether that node is actually running one of the containers.
How it works: If an external request hits Node A (which has no Nginx container), the Routing Mesh transparently routes the traffic to Node B (which does have the container).
Benefit: You can point your external Load Balancer at any or all nodes in the cluster, and the traffic will always reach the service.
5. Managing Stacks (docker stack deploy)
Just as docker-compose is used for multi-container apps on a single host, docker stack is used for multi-service apps in a Swarm.
It uses the same docker-compose.yml file format (version 3+).
Example docker-compose.yml for Swarm:
version: "3.8"
services:
web:
image: my-web-app:v1
deploy:
replicas: 3
restart_policy:
condition: on-failure
update_config:
parallelism: 1
delay: 10s
ports:
- "80:80"
db:
image: postgres:14
volumes:
- db-data:/var/lib/postgresql/data
volumes:
db-data:Note the deploy: block, which is specific to Swarm/Orchestration.
Deploying the Stack:
docker stack deploy -c docker-compose.yml my-stack6. Rolling Updates and Rollbacks
Swarm makes zero-downtime updates trivial.
Update: To update the image version for a running service:
docker service update --image my-web-app:v2 my-stack_webSwarm will update the containers one by one (based on the update_config policy), ensuring the service remains available.
Rollback: If the update fails or causes issues:
docker service rollback my-stack_webSwarm instantly reverts to the previous definition of the service.
7. Managing Secrets
As mentioned in File 10, Swarm has a built-in, secure secrets management system.
Create the Secret:
echo "my-super-secret-password" | docker secret create db_password -Grant Access to Service:
docker service create --name db --secret db_password postgres:14Usage: Inside the container, the secret is available as a file at
/run/secrets/db_password.