Skip to content

Docker swarm


A Docker swarm connects a cluster of nodes together so that multiple docker containers can be run on it. The swarm can manage the optimal allocation of resources (which containers run on which nodes). It can provide a HA (high availability) infrastructure, where if a node fails, the services running on it are automatically redistributed to other nodes.

A Docker swarm consists of manager nods and worker nodes. Manager nodes are responsible for the orchestration of services and the worker nodes are responsible for running the various services.

It is possible to run a single-node docker swarm.

Docker swarm vs docker compose

In a very simplistic view, docker compose allows you to run multiple containers on a single node. docker swarm allows you to run multiple containers on multiple nodes.

To define what services to run, docker swarm uses a docker compose file. This is called a stack and is deployed with the following command:

docker swarm deploy [-c docker-compose.yml]

The swarm compose file is similar to the compose file used by docker compose, with some differences:

  • Use the deploy attribute to specify the configuration related to the deployment and running of services.
  • Supports docker secrets and docker configs

Docker config

A docker config is a file that can be attached to any service in a stack. If the service is moved to a different node, the config will be moved with it.

Some services require a configuration file (eg mysql). Attaching this file as a volume would be impractical, as we cannot know for sure on which node the mysql service will run. Instead, it can be attached to the mysql service as a config, and the swarm will ensure that the config is available for the mysql service whichever node is runs on.

Docker secret

A docker secret is a file that is visible only with the container to which it is attached. It generally contains sensitive data such as passwords, API keys, or SSh private keys.

It's like a docker config except that its contents are encrypted and only visible unencrypted by the container that needs it.

The main benefit of docker secrets is that sensitive values can be protected while still remaining available to the services that need them.