Docker Swarm Mode on AWS

With the latest advances in Docker's container orchestration technology having been
released last months, let's cover what it takes to set up Docker Swarm Mode on AWS.

Docker Swarm Mode is the latest entrant in a large field of container orchestration
systems. Docker Swarm was originally released as a standalone product that ran
master and agent containers on a cluster of servers to orchestrate the deployment
of containers. This changed with the release of Docker 1.12 in July of 2016. Docker
Swarm Mode is now officially part of docker-engine, and built right into every
installation of Docker. Swarm Mode brought many improvements over the standalone
Swarm product, including:

Built-in service discovery: Docker Swarm originally included drivers to integrate

with Consul, etcd, or Zookeeper for the purposes of Service Discovery. However,
this required the setup of a separate cluster dedicated to service discovery. The
Swarm Mode manager nodes now assign a unique DNS name to each service in the
cluster, and load balances between the running containers in those services.
Mesh routing: One of the most unique features of Docker Swarm Mode is Mesh
Routing. All of the nodes within a cluster are aware of the location of every
container within the cluster via gossip. This means that if a request arrives on a
node that is not currently running the service for which that request was intended,
the request will be routed to a node that is running a container for that service.
This makes it so that nodes don�t have to be purpose built for specific services.
Any node can run any service, and every node can be load balanced equally, reducing
complexity and the number of resources needed for an application.
Security: Docker Swarm Mode uses TLS encryption for communication between services
and nodes by default.
Docker API: Docker Swarm Mode utilizes the same API that every user of Docker is
already familiar with. No need to install or learn additional software.
But wait, there�s more! Check out some of the other features at Docker�s Swarm Mode
Overview page.
For companies facing increasing complexity in Docker container deployment and
management, Docker Swarm Mode provides a convenient, cost-effective, and performant
tool to meet those needs.

cloudcraft-docker-swarm-architecture-2
For the sake of brevity, I won�t reinvent the wheel and go over manual cluster
creation here. Instead, I encourage you to follow the fantastic tutorial on
Docker�s site.

What I will talk about however is the new Docker for AWS tool that Docker recently
released. This is an AWS Cloudformation template that can be used to quickly and
easily set up all of the necessary resources for a highly available Docker Swarm
cluster, and because it is a Cloudformation template, you can edit the template to
add any additional resources, such as Route53 hosted zones or S3 buckets to your
application.

One of the very interesting features of this tool is that it dynamically configures
the listeners for your Elastic Load Balancer (ELB). Once you deploy a service on
Docker Swarm, the built-in management service that is baked into instances launched
with Docker for AWS will automatically create a listener for any published ports
for your service. When a service is removed, that listener will subsequently be
removed.

If you want to create a Docker for AWS stack, read over the list of prerequisites,
then click the Launch Stack button below. Keep in mind you may have to pay for any
resources you create. If you are deploying Docker for AWS into an older account
that still has EC2-Classic, or wish to deploy Docker for AWS into an existing VPC,
read the FAQ here for more information.
cloudformation-launch-stack

With the release of Docker 1.13 in January of 2017, major enhancements were added
to Docker Swarm Mode that greatly improved its ease of use. Docker Swarm Mode now
integrates directly with Docker Compose v3 and officially supports the deployment
of �stacks� (groups of services) via docker-compose.yml files. With the new
properties introduced in Docker Compose v3, it is possible to specify node affinity
via tags, rolling update policies, restart policies, and desired scale of
containers. The same docker-compose.yml file you would use to test your application
locally can now be used to deploy to production. Here is a sample service with some
of the new properties:

version: "3"
services:
vote:
image: dockersamples/examplevotingapp_vote:before
ports:
- 5000:80
networks:
- frontend
deploy:
replicas: 2
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
placement:
constraints: [node.role == worker]
networks:
frontend:

While most of the properties within this YAML structure will be familiar to anyone
used to Docker Compose v2, the deploy property is new to v3. The replicas field
indicates the number of containers to run within the service. The update_config
field tells the swarm how many containers to update in parallel and how long to
wait between updates. The restart_policy field determines when a container should
be restarted. Finally, the placement field allows container affinity to be set
based on tags or node properties, such as Node Role. When deploying this docker-
compose file locally, using docker-compose up, the deploy properties are simply
ignored.

Deployment of a stack is incredibly simple. Follow these steps to download Docker�s

example voting app stack file and run it on your cluster.

SSH into any one of your Manager nodes with the user 'docker' and the EC2 Keypair
you specified when you launched the stack.
curl -O https://raw.githubusercontent.com/docker/example-voting-app/master/docker-
stack.yml
docker stack deploy -c docker-stack.yml vote

You should now see Docker creating your services, volumes, and networks. Now run
the following command to view the status of your stack and the services running
within it.

docker stack ps vote

You�ll get output similar to this:

counter_api_-_root_ip-10-0-0-114___home_ubuntu_-_ssh_-i____ssh_jim-labs-
ohio_pem_docker_52_14_83_166_-_214x43

This shows the container id, container name, container image, node the container is
currently running on, its desired and current state, and any errors that may have
occurred. As you can see, the vote_visualizer.1 container failed at run time, so it
was shut down and a new container spun up to replace it.

This sample application opens up three ports on your Elastic Load Balancer (ELB):
5000 for the voting interface, 5001 for the real-time vote results interface, and
8080 for the Docker Swarm visualizer. You can find the DNS Name of your ELB by
either going to the EC2 Load Balancers page of the AWS console, or viewing your
Cloudformation stack Outputs tab in the Cloudformation page of the AWS Console.
Here is an example of the Cloudformation Outputs tab:

cloudformation_management_console_%f0%9f%94%8a

DefaultDNSTarget is the URL you can use to access your application.

If you access the Visualizer on port 8080, you will see an interface similar to
this:

visualizer_%f0%9f%94%8a

This is a handy tool to see which containers are running, and on which nodes.

Scaling Services
Scaling services is as simple as running the command docker service scale
SERVICENAME=REPLICAS, for example:

docker service scale vote_vote=3

That command will scale the vote service to 3 containers, up from 2. Because Docker
Swarm uses an overlay network, it is able to run multiple containers of the same
service on the same node, allowing you to scale your services as high as your CPU
and Memory allocations will allow.

If you make any changes to your docker-compose file, updating your stack is
incredibly easy. Simply run the same command you used to create your stack:

docker stack deploy -c docker-stack.yml vote

Docker Swarm will update any services that were changed from the previous version,
and adhere to any update_configs specified in the docker-compose file. In the case
of the vote service specified above, only one container will be updated at a time,
and a 10 second delay will occur once the first container is successfully updated
before the second container is updated.

Next Steps
This was just a brief overview of the capabilities of Docker Swarm Mode in Docker
1.13. For further reading, feel free to explore the Docker Swarm Mode and Docker
Compose docs. In another post, I�ll be going over some of the advantages and
disadvantages of Docker Swarm Mode compared to other container orchestration
systems, such as ECS and Kubernetes.

If you have any experiences with Docker Swarm Mode that you would like to share, or
have any questions on any of the materials presented here, please leave a comment
below!