docker swarm stack file Explained – Advanced Level6 min read

Prabhin Prabharkaran Administrator
DevOps Engineer

He is a Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!

follow me

Docker swarm is a docker orchestration tool that comes along with docker engine when helps to manage multiple Docker containers across multiple hosts that are joined to the cluster.


Docker Swarm enables high availability for docker containers by increasing the replicas for a particular service.

version: '3.3'
services:
  java_app:
    image: prabhin/spring:version4
    extra_hosts:
     - mariadb1:172.30.1.11
    environment:
      DB_passwrd: Passw0rd
    ports:
     - 8111:8111
    volumes:
     - /opt/log/:/opt/log/app/
    networks:
     - default
    configs:
     -
      source: app_conf
      target: /opt/log/app/conf/app.conf
    logging:
      driver: json-file
    deploy:
      replicas: 5
      update_config:
        delay: 20s
        failure_action: rollback
      placement:
        constraints:
         - node.labels.Name == java_app
      resources:
        reservations:
          cpus: '1.0'
          memory: 3072M
        limits:
          cpus: '1.0'
          memory: 3072M
networks:
  default:
    driver: overlay

let’s break the above docker-swarm stack file into smaller pieces

    extra_hosts:
     - mariadb1:172.30.1.11

In some cases, you might need to add a local DNS entry for your container when the hostname is not publically available.
The above entry creates an entry in /etc/hosts file of docker container show below

mariadb1 172.30.1.11

You can verify if the DNS is updated by login to the container and execute
cat /etc/hosts
This configuration will be persistent for all the containers under the Java_app service.

 

    environment:
      DB_passwrd: Passw0rd

The above configuration creates an environment variable, by using this you can pass key: value to the docker containers.
For sensitive data such as username and password, it’s recommended to use docker secrets. Check out this document on how to use docker secrets. how to use a docker secret for keycloak applications using a docker swarm

 

    configs:
     -
      source: app_conf
      target: /opt/log/app/conf/app.conf

The above configuration helps you to centralize the configuration file in the docker swarm. By using this you don’t create the configuration files in all the nodes. During the run time the configuration will be picked up from the docker swarm config section

This eliminates the hardcoding of the configuration files in docker images. You can change the configuration files whenever it’s required only you need to change the config name from the stack file.
once the config is generated you can mention the desired location where the config needs to mount. This work is the same as the volume mount. Docker config can be used for only files.

echo "This is a config" | docker config create my-config -

or you can choose the file like this

docker config create <configname> filename

 

    deploy:
      replicas: 35
      update_config:
        parallelism: 15
        delay: 5s
        failure_action: rollback
      placement:
        constraints:
         - node.labels.Name == java_app
      resources:
        reservations:
          cpus: '1.0'
          memory: 3072M
        limits:
          cpus: '1.0'
          memory: 3072M

if you see the above deploy section it may look complex if you are a beginner

      replicas: 35
      update_config:
        parallelism: 15
        delay: 5s
        failure_action: rollback

This tells how the docker container rolling-update should happen. Consider you need to release the new version of the docker container this tells 15 containers out of 35 replicas will be updated with a new image. Once 15 containers are up with a new Image then the docker swarm will wait for 5 seconds and start the image update for the next 15 sets of dockers. Parallelism maintains the number of containers to participate during the rolling update. The default value of parallelism is 1. if failure_action is configured to roll back then if the new images fail to start swarm automatically rollback rolling update and make the service up with older docker image.
Available failure_actions are pause, continue, rollback

 


      placement:
        constraints:
         - node.labels.Name == java_app

Let’s assume we have 10 nodes joined to the docker swarm cluster, when you deploy any service without placement constraints the docker containers can be deployed any of these 10 servers. If you need specifically want the container to be deployed a particular set of servers, then you can create a label for that servers and update the same label in the stack file for that service. So swarm deploys the docker containers only if the condition is matched.

Usually, we use these configurations when we allocate servers based on the services. Let’s say 1 to 5 servers for app1 and 6-10 for app2. In this case placement constraint will be more helpful.

In the above example, the java_app container will get deployed on the nodes which have the label Name=java_app.

docker node update --label-add Name=java_app <nodeID/Nodename>

you can get the Node ID or node Name from the below command.

docker node ls

You can add more than one label for the same node, Make sure that key and value conflicts not to happen for the same node.

 

      resources:
        reservations:
          cpus: '1.0'
          memory: 3072M
        limits:
          cpus: '1.0'
          memory: 3072M

 

when the reservation is not maintained in the stack file the node accepts n numbers of the container to deploy irrespective of the server configuration, this leads to performance issues and the node can go down as there are no system resources available.

Once reservations are configured before any container is deployed by swarm to any node it checks mentioned resources (CPU, memory) is available in the node or not. If not available containers won’t be deployed.

When limits are configured each docker container is set to use only the mentioned system resources. Containers won’t utilize the mentioned value. if limits are not mentioned the containers are set to use unlimited resources.

 

 

 

 

© 2020, Techrunnr. All rights reserved.

#1
#2
#3
Questions Answered
Articles Written
Overall Points

Related posts

Leave a Reply