You can do docker node ls
to see all the nodes in your swarm, then docker node ps <node>
to see the containers on that node.
As a one liner, you can do:
docker node ps $(docker node ls -q)
Basic template for Docker Swarm with Traefik 2.4, domain-based routing, regular SSL and scalable web-app, all on bare metal servers.
Traefik will be run on all master nodes, directly listening on host's port 0.0.0.0:80 and 0.0.0.0:443. http is upgraded to https, web-apps are started on worker nodes and will be automatically registered with their domain. Then Traefik will load balanced all incoming requests and forward them to the matching worker containers.
Note that this is NOT a failover solution. You need to have a load balancer in front of this setup or a floating IP which you can switch over if a server fails.
Requirements: Setup a docker swarm, this is out of scope here. Every Docker Swarm master node Traefik is running on needs a local folder with the config.yml and SSL certificate. Alternatively you can use a Docker volume, which can be a remote NFS mount.
traefik.yml
version: '3.8'
services:
traefik:
image: traefik:v2.4
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
command:
- --providers.docker.swarmMode=true
- --providers.docker.exposedByDefault=false
- --providers.docker.network=proxy
- --providers.file.filename=/data/traefik/config.yml
- --providers.file.watch=true
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.websecure.address=:443
- --accesslog
- --log.level=info
environment:
- TZ=Europe/Berlin
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /data/traefik:/data/traefik
networks:
- proxy
deploy:
mode: global
placement:
constraints:
- node.role == manager
networks:
proxy:
external: true
config.yml, volume from local folder, SSL certificate settings NEED to be in a separate file
tls:
certificates:
- certFile: /data/traefik/certs/wildcard.crt
keyFile: /data/traefik/certs/wildcard.key
- certFile: /data/traefik/certs/another-certificate.crt
keyFile: /data/traefik/certs/another-certificate.key
stores:
default:
defaultCertificate:
certFile: /data/traefik/certs/wildcard.crt
keyFile: /data/traefik/certs/wildcard.key
Command line, start your engines :-)
# create network (just once)
docker network create --driver=overlay proxy
# start traefik via traefic.yml
docker stack deploy --compose-file traefik.yml traefik
# start a web-app with its domain name
docker service create \
--replicas 15 \
--name web-app \
--constraint node.role!=manager \
--network proxy \
--label traefik.enable=true \
--label 'traefik.http.routers.traefik.rule=Host(`app.doma.in`)' \
--label traefik.http.routers.traefik.entrypoints=websecure \
--label traefik.http.routers.traefik.tls=true \
--label traefik.http.services.hostname.loadbalancer.server.port=80 \
nginxdemos/hello
You can reduce the log.level (or remove it completely), also the accesslog can be removed. Alternatively it is possible to log those two types into two different files. Traefik dashboard is still missing in this config.
For better security you can use docker-socket-proxy which @webjocky describes in his pastebin in this discussion.
Best Answer
AFAIK, Docker Swarm does not offer automatic and dynamic scaling based on resource utilization. The common theme today is to use Kubernetes (K8s) or other container orchestration platforms to do it for you. That being said, you can still write a custom script or application that actively monitors the utilization of your containers and issues commands to your swarm, but that's not a stable nor effective solution.
It also depends where you're running your containers. If it's in the cloud (depending on the provider), they all offer managed services for container orcestration or even better, they have a K8s solution as well. K8s has somewhat of a learning curve but that's how containers are handled now. If you're running them on a single computer or bare metal, there are frameworks that utilize K8s such as
minikube
.