3

I've been trying to devise a strategy for using Docker Swarm for managing a bunch of headless containers - don't need load balancer, exposing any ports, or auto scaling.

The only thing I want is the ability to update all of the containers (on all nodes), if any of the images are updated. Each container running will need to have a specific --hostname.

Is running docker service even viable for this? Or should I just do a normal docker run targeting specific nodes to specify the --hostname i want? The reason I'm even asking about docker service is because it allows you to do an update (forcing an update for all containers if there are updated images).

Was also thinking that Docker Swarm would make it a bit easier to keep an eye on all the containers (i.e. manage them from a central location).

The other option I was looking at was watchtower, to run on each server that is running one of the containers, as an alternative to swarm. My only issue with this is that it doesn't provide any orchestration, for centralized management.

Anyone have any ideas of what would be a better option given the scenario?

xil3
  • 16,305
  • 8
  • 63
  • 97
  • So what's exactly the question here? Are you having a problem implementing this? What have you tried? – Lie Ryan Oct 08 '18 at 12:24

1 Answers1

2

Docker swarm does not give you any advantage regarding rolling updates apart from the docker service command, swarm only provides the user horizontal scaling and places a load balancer in front of those replicas called "service", as well as some other goodies such as replicating the docker events across the swarm nodes.

docker service --force would work as expected.

However, you should probably use both, docker swarm for orchestration and watchtower for rolling updates.

Patricio Napoli
  • 416
  • 2
  • 7
  • Thanks Patricio - I was actually thinking the same thing. Using both may be the best option here. – xil3 Oct 09 '18 at 12:53
  • I've run into some other issues - apparently we can't run `--privileged` mode, or use `cap-add`, when using `docker service`. That changes things completely, as I need these containers to have a lot of privileged access. Looks like I'll be manually running them and using `watchtower` on the side. – xil3 Oct 09 '18 at 15:15
  • Yes, I've seen a lot of people move to Kubernetes for that same reason, it still does not support `--privileged`, there is an open issue: https://github.com/moby/moby/issues/24862 @xil3 – Patricio Napoli Oct 09 '18 at 16:59