Swarm in Production

#Swarm in Production

After this lesson you'll know:

• how to organize nodes with labels
• what placement constraints are
• how to configure health checks for services

#Labeling and organizing nodes

In practice, your servers have different roles. With labels you can place services precisely:

# Label nodes
docker node update --label-add ssd=true node1
docker node update --label-add region=eu node2
docker node update --label-add gpu=true node3

docker node inspect node1 --format '{{.Spec.Labels}}'

#Placement Constraints

# Only on nodes with SSD
docker service create   --constraint 'node.labels.ssd == true'   --replicas 2   postgres

# Only on worker nodes (never on managers!)
docker service create   --constraint 'node.role == worker'   --replicas 5   my-app

# In your compose.yml:
# deploy:
#   placement:
#     constraints:
#       - node.labels.ssd == true

#Healthchecks

Swarm monitors your services and replaces unhealthy containers:

docker service create   --name api   --replicas 3   --health-cmd 'curl -f http://localhost/health || exit 1'   --health-interval 10s   --health-retries 3   --health-start-period 15s   my-api

• health-cmd: Command that checks if the service is alive
• health-interval: Check every 10 seconds
• health-retries: After 3 failures, container is considered unhealthy
• health-start-period: Wait 15s before first check (startup time)

Unhealthy containers are automatically restarted.

#Overlay Networks (Multi-Host)

An overlay network connects containers across multiple hosts:

docker network create --driver overlay --attachable my-overlay

docker service create --network my-overlay --name api my-api
docker service create --network my-overlay --name web --publish 80:80 nginx

Containers on different hosts find each other by service name — just like Compose.

#Production Checklist

• ✅ 3 Manager Nodes (for Raft quorum, tolerates 1 failure)
• ✅ At least 2 replicas per service (one fails, one keeps running)
• ✅ Healthchecks for all services
• ✅ Resource Limits (--limit-cpu, --limit-memory) against outliers
• ✅ Rolling Updates configured (--update-parallelism, --update-delay)
• ✅ Backup manager state (Raft logs regularly)
• ✅ Monitoring (cadvisor, prometheus, grafana for metrics)
• ✅ Regular pruning (docker system prune on all nodes)

#✋ Try it out

• Label a node: docker node update --label-add tier=frontend $(docker node ls -q | head -1). Check with docker node inspect
• Create a service with --constraint 'node.role == worker' — what happens when you have only a manager? (docker node ls — if you have only one node, it acts as both manager AND worker)
• Create an overlay network: docker network create --driver overlay --attachable test-net

#📌 Summary

• Labels + Constraints control where containers run
• Healthchecks automatically replace unhealthy containers
• Overlay networks connect containers across multiple hosts