Docker Swarm overview

Posted byLaszlo Pinter Leave a comment on Docker Swarm overview

Docker Swarm Hierarchy

  • image in the registry
  • container
  • task ( container and the command to run in it )
  • service ( one or multiple instances of the same task, like multiple copies of the same web API )
  • stack ( one or multiple services that belong together, like a front end web application, middle tier, and database server launch scripted in a .yml file )

The difference between the service and the stack is like docker run vs. docker compose, but in a Docker Swarm cluster.

Docker Swarm Services

Global service

Global services will run on every available node once.

Replicated service

The Manager distributes the given number of tasks ( containers and commands to run ) of the replicated services on the nodes based on the desired scale number, that can be one. Once a task is assigned to a node it cannot be moved, it will run on that node until stops or fails.

Docker Swarm Networking

Host network

Uses the host’s network stack without any namespace separation, and sharing all of the host’s interfaces.

Bridge network

Docker-managed Linux bridge on the Docker host. By default, all containers created on the same bridge can talk to each other.

Overlay network

An overlay network that may span over multiple Docker hosts. Uses the gossip protocol to communicate between hosts.

None

The container’s own network stack and namespace, without any interfaces. It stays isolated from every other network, and even its own host’s network.

MACVLAN

Establishes connections between container interfaces and parent host interfaces. They can be used to assign IP addresses that are routable on physical networks to containers.

Docker Swarm Load Balancing

Internal load balancing

Internal load balancing is enabled by default. When a container contacts another container in the same Docker Swarm, the internal load balancer routes the request.

External ingress load balancing

To enable the external ingress load balancing, publish the port of the service with the –publish flag. Every node in the cluster starts to listen on the published port to answer incoming requests. If the service does not run a container on the node that received the request, the Routing Mesh will route the request to the node that runs the container on the Ingress Network.

Routing Mesh. Source: https://success.docker.com/article/ucp-service-discovery

Create a service with an image in a private registry

These instructions will pass the login token from your local client to the Docker Swarm nodes, so those are able to log into the registry and pull the image.

# Save the Docker Registry password in the PASSWORD environment variable 

# Log into the Docker Registry
echo $PASSWORD | docker login -u [user] registry.my_registry.com --password-stdin

# Create the service
docker service create \
  --with-registry-auth \
  --name my_service \  
 registry.my_registry.com/my_namespace/my_image:latest

Leave a comment

Your email address will not be published. Required fields are marked *