Docker Swarm Configuration in Home - mnhmilu/poc-kubernets GitHub Wiki

**Assume I have one laptop and one pc both have ubuntu os installed. there are two vm installed in pc . give me step by step guide to configure docker swarm . **

Prepare two vm in pc with "bridge network" so that they can get ip from home DHCP server

Setting up Docker Swarm on your Ubuntu machines involves a series of steps to configure the manager node and join worker nodes to the swarm. Here's a step-by-step guide to configuring Docker Swarm with one laptop as the manager node and one PC with two VMs as worker nodes:

Manager Node (Laptop):

Step 1: Install Docker on the Laptop (manager node):

1. Update the package index:

   sudo apt update
   

2. Install necessary packages to allow apt to use a repository over HTTPS:

   sudo apt install apt-transport-https ca-certificates curl software-properties-common
   

3. Add the Docker GPG key:

   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
   

4. Add the Docker repository:

   echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
   

5. Update the package index again:

   sudo apt update
   

6. Install Docker:

   sudo apt install docker-ce docker-ce-cli containerd.io
   

7. Start and enable Docker to run at boot:

   sudo systemctl start docker
   sudo systemctl enable docker
   

Step 2: Initialize Docker Swarm on the Laptop:

1. Open a terminal and run the following command to initialize Docker Swarm on the manager node (Laptop):

   sudo docker swarm init --advertise-addr <MANAGER_NODE_IP>
   

   Replace <MANAGER_NODE_IP> with the IP address of your laptop.

2. After successful initialization, the command will display a join token. Copy this token as you'll need it to join worker nodes to the swarm.

Worker Nodes (VMs on the PC):

Step 3: Install Docker on the VMs (worker nodes): Follow the same steps as mentioned in the "Install Docker on the Laptop" section to install Docker on both VMs.

Step 4: Join the Worker Nodes to the Swarm:

1. On each VM, open a terminal and run the "docker swarm join" command with the token obtained from the manager node:

   sudo docker swarm join --token <TOKEN> <MANAGER_NODE_IP>:<PORT>
   

   Replace <TOKEN> with the token copied from the manager node, and <MANAGER_NODE_IP>:<PORT> with the IP address and port of the manager node (Laptop).

Step 5: Verify Swarm Status:

1. On the manager node (Laptop), run the following command to check the status of the swarm and the nodes:

   sudo docker node ls
   

   This should display the manager node and the two worker nodes in the swarm.

2. To deploy services on the swarm, you can use Docker Compose or the Docker CLI. For example, you can create a service using the following command on the manager node:

   sudo docker service create --replicas 3 --name my_service nginx
   

   This will create a service named "my_service" with three replicas of the Nginx web server running across the swarm nodes.

That's it! You now have a Docker Swarm set up with one laptop as the manager node and one PC with two VMs as worker nodes. You can deploy and manage services across the swarm for your applications.

To get the join token from the manager node (your laptop), you need to initialize the Docker Swarm on the manager node first. After initializing the swarm, Docker will generate a unique join token, which you can then use to join worker nodes (VMs) to the swarm.

Here are the steps to initialize the Docker Swarm and get the join token:

Step 1: Open a terminal on the manager node (your laptop).

Step 2: Run the following command to initialize Docker Swarm:

sudo docker swarm init --advertise-addr <MANAGER_NODE_IP>

Replace <MANAGER_NODE_IP> with the IP address of your laptop. This command will initialize the Docker Swarm on the manager node and make it the leader of the swarm.

Step 3: After successful initialization, the command output will display the generated join token for worker nodes. The output will look something like this:

Swarm initialized: current node <NODE_ID> is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token <TOKEN> <MANAGER_NODE_IP>:<PORT>

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

The <TOKEN> in the output is the join token that you need to use to add worker nodes to the swarm.

Step 4: Copy the join token (<TOKEN>) from the output. You can do this by either manually selecting and copying the token or using the terminal copy functionality (e.g., right-click and select "Copy" if supported by your terminal).

Step 5: Use the copied join token to join worker nodes (VMs) to the swarm. On each VM (worker node), open a terminal and run the following command:

sudo docker swarm join --token <TOKEN> <MANAGER_NODE_IP>:<PORT>

Replace <TOKEN> with the token you copied from the manager node, and <MANAGER_NODE_IP>:<PORT> with the IP address and port of the manager node (your laptop).

The worker node will then join the swarm, and you can verify its status by running sudo docker node ls on the manager node, as mentioned in the previous steps.

sudo iptables -A INPUT -p tcp --dport 2377 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 7946 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 7946 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 4789 -j ACCEPT
sudo iptables-save | sudo tee /etc/iptables/rules.v4

docker-compose.yml

version: "3.8"

services:
  webapp:
    image: nginx:latest
    deploy:
      replicas: 3
      restart_policy:
        condition: on-failure
    ports:
      - "8080:80"

run docker stack deploy -c docker-compose.yml my_webapp_stack to deploy the compose file

Then 0 replica was running

dmin@nahid-Macmini:~$ docker service ls
ID             NAME                     MODE         REPLICAS   IMAGE          PORTS
uzn68b8xnnt9   my_webapp_stack_webapp   replicated   0/3        nginx:latest   *:8080->80/tcp

To solve run this cmd docker pull nginx:latest in master node

To monitor run docker ps to get container id

now run docker stats <container-id> to get memory storage and cpu usage information

sudo docker node ls
docker service ls 
docker service inspect my_webapp_stack_webapp
docker stack ls
docker stack ps my_webapp_stack
curl http://localhost:8080

To stop the stack run docker stack rm my_webapp_stack

Check the Docker daemon logs on the host machine for any error messages related to image pulling:

sudo journalctl -u docker

Sure! Below are some common and frequently used Docker swarm commands, segmented by their use cases:

Swarm Initialization and Management:

1. Initialize Swarm: To initialize a new Docker swarm and make the current node the swarm manager, use:

   docker swarm init
   

2. Join Swarm as Manager/Worker: To join other nodes to the swarm as managers or workers, use the join token obtained from the output of docker swarm init on the manager node:

   • Join as Manager:

     docker swarm join-token manager
     

   • Join as Worker:

     docker swarm join-token worker
     

   Copy the appropriate token command and execute it on the node you want to add to the swarm.

3. List Nodes: To view the list of nodes in the swarm, use:

   docker node ls
   

4. Promote/Demote Node: To promote or demote a node to manager status, use:

   docker node promote <node-id>
   docker node demote <node-id>
   

Service and Task Management:

1. Deploy Stack: To deploy a stack using a Docker Compose file, use:

   docker stack deploy -c docker-compose.yml <stack-name>
   

2. List Services: To list all the services running in the swarm, use:

   docker service ls
   

3. Inspect Service: To view detailed information about a specific service, use:

   docker service inspect <service-name>
   

4. Scale Service: To scale the number of replicas (tasks) for a service, use:

   docker service scale <service-name>=<replicas>
   

Swarm Management and Troubleshooting:

1. Leave Swarm: To remove a node from the swarm (manager or worker), use:

   docker swarm leave
   

   If you want to force removal and bypass graceful shutdown, use docker swarm leave --force.

2. Remove Service/Stack: To remove a service or an entire stack from the swarm, use:

   docker service rm <service-name>
   docker stack rm <stack-name>
   

3. Update Service: To update the configuration of a running service, use:

   docker service update --image <new-image> <service-name>
   

4. View Logs: To view the logs of a service or task, use:

   docker service logs <service-name>
   docker logs <container-id>
   

These are some of the most commonly used Docker swarm commands. Docker provides a wide range of options for swarm management and orchestration, allowing you to deploy and scale services across a cluster of nodes efficiently. Remember to replace <service-name>, <stack-name>, and other placeholders with the actual names of your services and stacks.

To access a Docker Swarm's web app from anywhere in the world, you can use a reverse proxy like Nginx or Traefik to route incoming requests to the appropriate Docker service. Additionally, you'll need to configure port forwarding on your router to expose the Docker Swarm's IP and port to the internet. Here's a step-by-step guide to achieve this:

Step 1: Configure Docker Swarm (Assuming you already have the Swarm set up as explained in the previous answers)

Step 2: Install Nginx (or Traefik) on the Manager Node (Laptop):

Assuming you choose Nginx as the reverse proxy:

1. Install Nginx on the manager node:

   sudo apt update
   sudo apt install nginx
   

2. Start and enable Nginx to run at boot:

   sudo systemctl start nginx
   sudo systemctl enable nginx
   

Step 3: Configure Nginx to Proxy Requests to the Docker Swarm:

1. Create a new Nginx configuration file:

   sudo nano /etc/nginx/sites-available/docker_swarm_app
   

2. Add the following configuration to the file (modify it to match your setup):

   server {
       listen 80;
       server_name your_domain.com;  # Replace with your domain or public IP
   
       location / {
           proxy_pass http://localhost:SERVICE_PORT;  # Replace with the service port of your Docker app
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
   }

   Replace your_domain.com with your actual domain name or public IP address, and SERVICE_PORT with the port number on which your Docker service is running. The location block will forward incoming HTTP requests to your Docker app.

3. Create a symbolic link to enable the Nginx configuration:

   sudo ln -s /etc/nginx/sites-available/docker_swarm_app /etc/nginx/sites-enabled/
   

4. Test the Nginx configuration for syntax errors:

   sudo nginx -t
   

5. If the configuration test is successful, reload Nginx to apply the changes:

   sudo systemctl reload nginx
   

Step 4: Set Up Port Forwarding on Your Router:

1. Access your router's configuration page. Usually, this is done by entering the router's IP address in a web browser.

2. Look for the "Port Forwarding" or "Virtual Servers" section in your router settings.

3. Add a new port forwarding rule to forward external traffic on port 80 (HTTP) to the internal IP address and port of your Docker Swarm manager node.

   For example:

   • External port: 80 (HTTP)
   • Internal IP: The IP address of your Docker Swarm manager node (laptop)
   • Internal port: The port where Nginx is listening (usually 80)

Step 5: DNS Configuration (Optional):

If you have a domain name, you can configure the DNS to point to your public IP address. This way, users can access your Docker app using the domain name rather than the IP address.

1. Log in to your domain registrar's website and access your domain settings.

2. Add an "A" record or modify the existing one to point to your public IP address.

Step 6: Test Access:

After completing the above steps, your Docker Swarm's web app should now be accessible from anywhere in the world using your domain name (if configured) or your public IP address. Users can access your web app by entering the domain name or IP address in their web browser.

Remember to keep your firewall settings secure and consider using HTTPS for added security when exposing services to the internet.

Yes, you can use Cloudflare to add an additional layer of protection and security to your Docker Swarm's web app when exposing it to the internet. Cloudflare provides various security features, including DDoS protection, Web Application Firewall (WAF), SSL/TLS encryption, and more, which can help safeguard your application from potential threats and attacks.

Here's how you can use Cloudflare to protect your Docker Swarm's web app:

Step 1: Sign Up for Cloudflare:

If you don't have a Cloudflare account, you need to sign up for one. Visit the Cloudflare website (https://www.cloudflare.com/) and create an account.

Step 2: Add Your Domain to Cloudflare:

1. After signing up, add your domain to Cloudflare by following the instructions provided on the Cloudflare dashboard. You'll need to update your domain's nameservers to Cloudflare's nameservers to route traffic through Cloudflare.

2. Once your domain is added and the DNS records have propagated, Cloudflare will start protecting your domain and acting as a reverse proxy.

Step 3: Configure Cloudflare Security Settings:

1. Log in to your Cloudflare account and go to the "Security" section.

2. Enable the appropriate security features for your Docker Swarm's web app. These may include:

   • DDoS Protection: Cloudflare provides protection against Distributed Denial of Service (DDoS) attacks to ensure your application stays online during traffic spikes.
   • Web Application Firewall (WAF): Set up Cloudflare's WAF rules to protect your app from common web application vulnerabilities and attacks.
   • SSL/TLS Encryption: Enable SSL/TLS to encrypt the communication between Cloudflare and your Docker Swarm, ensuring data privacy.

3. Configure firewall rules and IP whitelisting as needed to control access to your application.

Step 4: Update Nginx Configuration (If using Nginx):

If you are using Nginx as a reverse proxy, you may need to adjust your Nginx configuration to take into account Cloudflare's reverse proxy settings. For example, you can obtain the visitor's real IP address from the "CF-Connecting-IP" header instead of using the "X-Real-IP" header.

Step 5: Test and Monitor:

After configuring Cloudflare and updating your Nginx configuration (if applicable), test your Docker Swarm's web app to ensure everything works as expected. Monitor Cloudflare's analytics and security settings to detect any unusual or potentially malicious activity.

By using Cloudflare, you can enhance the security, performance, and reliability of your Docker Swarm's web app, allowing you to focus on delivering a seamless user experience while protecting your application from various threats on the internet.