Introduction to Docker Stack
Docker Stack is an essential tool for managing Docker services across multiple nodes in a Docker Swarm using a docker-compose.yml file. In this tutorial, I dive into Docker Stack’s deployment capabilities and the secure management of secrets, using a practical example involving Drupal and PostgreSQL.
Docker-Compose File Setup
Here’s our docker-compose.yml
file that sets up the Drupal and PostgreSQL services:
version: '3.8'
services:
drupal:
image: drupal:8.2
ports:
- "8080:80"
deploy:
replicas: 2
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
postgres:
image: postgres:14
secrets:
- psql-pw
environment:
POSTGRES_PASSWORD_FILE: /run/secrets/psql-pw
POSTGRES_DB: drupal
POSTGRES_USER: user
deploy:
placement:
constraints: [node.role == manager]
secrets:
psql-pw:
external: true
Understanding the Deploy Section
The deploy
section of the Docker Compose file specifies deployment strategies in a swarm environment, including:
- Replicas: Defines the number of instances for the service.
- Update_config:
- Parallelism: Sets how many service tasks are updated simultaneously.
- Delay: Adds a delay between updates to different service tasks to ensure smooth roll-outs.
- Restart_policy:
- Condition: Determines under what conditions the service should be restarted.
Managing Secrets in Docker Stack
What is a Docker Secret?
A Docker secret securely stores and manages sensitive data within Docker services, encrypted during transit and at rest, and only accessible by specifically authorized services.
Managing Secrets with Docker Stack
Secrets can be managed in Docker Stack in two ways:
- Using Secret Files: Ideal for development, storing sensitive data in local files securely transferred into Docker Swarm during deployment.
secrets:
psql-pw:
file: ./your-file.txt
- External Secrets: For production, secrets are created directly in Docker using the CLI, avoiding the storage of sensitive information in files.
secrets:
psql-pw:
external: true
Hands-On: Deploying the Stack in Docker Swarm
To deploy your stack in Docker Swarm, follow these steps:
Step 1: Prepare Your Docker Environment
Ensure Docker is running and connected to your Docker Swarm. Refer to this guide for setting up a 3-node Docker Swarm.
Step 2: Create and Edit the docker-compose.yml File
On your swarm node, initialize and edit the docker-compose file to inclue our own docker-compose file:
touch docker-compose.yml; vim docker-compose.yml;
Step 3: Create the Secret
echo "myverysecretpassword" | docker secret create psql-pw -
Step 4: Deploy the Stack
docker stack deploy -c docker-compose.yml demo-stack
Step 5: Verify the Deployment
- List Services:
docker stack services demo-stack
- List Tasks:
docker stack ps demo-stack
Step 6: View the Secrets in the Container
# Get inside the container
docker exec -it [container-name] bash
# See the secret values
cat /run/secrets/psql-pw
Step 7: View Logs and Debug
docker service logs drupal
docker service logs postgres
Step 8: Play with your configs
For example, you can scale up and down your services by editing the replicas values in your docker-compose file and re-deploy using the same deploy command.
Step 9: Play with your Drupal app!
Your drupal application should now be up and running on port 8080!
Conclusion
You have successfully configured a robust Docker Swarm with three nodes. This setup is now running efficient instances of Drupal and PostgreSQL, demonstrating Docker Stack’s powerful capabilities for real-world applications.
Happy deploying!