Docker – How to scale docker swarm dynamically

dockerdocker-swarm

We have a docker container which can service only one request from user at a time.
So, we want to scale up and down whenever there is a request from user.

But in the docker swarm I can see only setting number of containers for a service as static by just providing the number. We need like whenever there is a new request from user a container should scale up if existing container is interacting with other user/session and destroy once the session is complete or scale down.

Can anyone, please suggest how to do that.

Best Answer

AFAIK, Docker Swarm does not offer automatic and dynamic scaling based on resource utilization. The common theme today is to use Kubernetes (K8s) or other container orchestration platforms to do it for you. That being said, you can still write a custom script or application that actively monitors the utilization of your containers and issues commands to your swarm, but that's not a stable nor effective solution.

It also depends where you're running your containers. If it's in the cloud (depending on the provider), they all offer managed services for container orcestration or even better, they have a K8s solution as well. K8s has somewhat of a learning curve but that's how containers are handled now. If you're running them on a single computer or bare metal, there are frameworks that utilize K8s such as minikube.

Related Solutions

Docker – List containers from all nodes of docker swarm mode

You can do docker node ls to see all the nodes in your swarm, then docker node ps <node> to see the containers on that node.

As a one liner, you can do:

docker node ps $(docker node ls -q)

How to setup Docker Swarm + Traefik 2.4 + domain-based routing on bare metal with CLI

Basic template for Docker Swarm with Traefik 2.4, domain-based routing, regular SSL and scalable web-app, all on bare metal servers.

Traefik will be run on all master nodes, directly listening on host's port 0.0.0.0:80 and 0.0.0.0:443. http is upgraded to https, web-apps are started on worker nodes and will be automatically registered with their domain. Then Traefik will load balanced all incoming requests and forward them to the matching worker containers.

Note that this is NOT a failover solution. You need to have a load balancer in front of this setup or a floating IP which you can switch over if a server fails.

Requirements: Setup a docker swarm, this is out of scope here. Every Docker Swarm master node Traefik is running on needs a local folder with the config.yml and SSL certificate. Alternatively you can use a Docker volume, which can be a remote NFS mount.

traefik.yml

version: '3.8'
services:
    traefik:
        image: traefik:v2.4
        ports:
          - target: 80
            published: 80
            protocol: tcp
            mode: host
          - target: 443
            published: 443
            protocol: tcp
            mode: host
        command:
          - --providers.docker.swarmMode=true
          - --providers.docker.exposedByDefault=false
          - --providers.docker.network=proxy
          - --providers.file.filename=/data/traefik/config.yml
          - --providers.file.watch=true
          - --entrypoints.web.address=:80
          - --entrypoints.web.http.redirections.entryPoint.to=websecure
          - --entrypoints.web.http.redirections.entryPoint.scheme=https
          - --entrypoints.websecure.address=:443
          - --accesslog
          - --log.level=info
        environment:
          - TZ=Europe/Berlin
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock:ro
          - /data/traefik:/data/traefik
        networks:
          - proxy
        deploy:
            mode: global
            placement:
                constraints:
                    - node.role == manager
networks:
    proxy:
        external: true

config.yml, volume from local folder, SSL certificate settings NEED to be in a separate file

tls:
    certificates:
      - certFile: /data/traefik/certs/wildcard.crt
        keyFile: /data/traefik/certs/wildcard.key
      - certFile: /data/traefik/certs/another-certificate.crt
        keyFile: /data/traefik/certs/another-certificate.key

    stores:
        default:
        defaultCertificate:
            certFile: /data/traefik/certs/wildcard.crt
            keyFile: /data/traefik/certs/wildcard.key

Command line, start your engines :-)

# create network (just once)
docker network create --driver=overlay proxy

# start traefik via traefic.yml
docker stack deploy --compose-file traefik.yml traefik

# start a web-app with its domain name
docker service create \
  --replicas 15 \
  --name web-app \
  --constraint node.role!=manager \
  --network proxy \
  --label  traefik.enable=true \
  --label 'traefik.http.routers.traefik.rule=Host(`app.doma.in`)' \
  --label  traefik.http.routers.traefik.entrypoints=websecure \
  --label  traefik.http.routers.traefik.tls=true \
  --label  traefik.http.services.hostname.loadbalancer.server.port=80 \
  nginxdemos/hello

You can reduce the log.level (or remove it completely), also the accesslog can be removed. Alternatively it is possible to log those two types into two different files. Traefik dashboard is still missing in this config.

For better security you can use docker-socket-proxy which @webjocky describes in his pastebin in this discussion.

Best Answer

Related Solutions

Docker – List containers from all nodes of docker swarm mode

How to setup Docker Swarm + Traefik 2.4 + domain-based routing on bare metal with CLI

Related Topic