Upgrading Postgresql deployed on Docker Swarm I have deployed an app in staging on Docker Swarm, and it uses a postgresql database, using the Docker image with version 15.4. With Postgresql 16.0 published recently, here’s how I upgraded it. The setup I’m using a one-node Docker Swarm, but I suspect this should apply to multi-nodes as well. The postgresql container of the stack is pinned to a specific node, and is mounting the host directory /data/myowndb/db at /var/lib/postgresql/data for data persistence.

Staying with Docker Swarm in 2023 TL;DR: Things seem to move favorably for Docker Swarm. Last year I started to use Docker Swarm on a single node swarm, wondering if it was the right choice, with all attention going to Kubernetes. I went for Swarm because the possibilities offered by Kubernetes were not worth the price to pay in complexity. Nearly one year later, I’m happy with my choice. Docker Swarm brings enough flexibility for me (as for a lot of situations for a lot of people I think), and deploying and managing it was a pleasure.

When maintaining a Docker Swarm, you might need to take actions on a specific container, possibly identified by a task id logged by docker. But in Swarm, you run and manage services on multiple nodes, you don’t have directly access to the containers. Here’s how to get to the containers. 1) Identify the node running the container You can list all tasks running for a service with docker service ps $SERVICE_NAME.

Kubernetes has the concept of init containers. This does not exist in Docker Swarm, and the depends_on is ignored when deploying to a swarm. There are situation when the init containers are convenient, but in my Docker Swarm usage this doesn’t seem to cause trouble: before I discovered that depends_on is a no-op when deploying to a Swarm, I used it to (I thought) simulate init containers! Let’s see my usage scenario.

We will see how to store the compose files of a Docker Swarm in git, together with encrypted authentication data to retrieve images from private repositories. We will access a private registry hosted by Gitlab. Authentication to the registry is done with a deploy token, which gives you a username and password giving access only to the relevant registry. Docker authentication Authentication to a docker registry is done with the command docker login -u $login --password $password (or alternatively with --password-stdin to avoid putting the password on the command line).

Kapitan is a tool generating configuration files (and more), handling extension of configs and overriding of values. It is great when you need to generate complex configurations or config files that slightly differ by being used in slightly different scenarios. For example staging vs production, or client A vs client B. It is supporting multiple templating approaches, my favourite being jsonnet, which is the only we will cover here. It can be used to generated Kubernetes configurations, but not only.

Intro I started using Docker Swarm in 2022 and am still very satisfied with it. I am currenyl using it as a one node swarm. This post assumes you deployed Swarm with a Traefik reverse proxy as described on DockerSwarm.rocksi, that all services are deployed under the doomain stored in the DOMAIN environment variable, and that the variable DOCKER_HOST is set correctly. I wanted to test authelia for protecting a web app to be deployed on a Docker Swarm, and I decided to test it on an existing Docker Swarm.

Editing a file stored on a container volume in production is a very bad idea. You should not do it and pass all configuration through your container orchestrator. Using a single node Docker Swarm for test purposes, it can be a huge time saver though. Here’s how to do it. Ensure that your DOCKER_HOST environment is set such that running docker volume ls will show the volume storing the file you want to edit (let’s call this volume myvol).

Going with Docker Swarm in 2022 TL;DR: Docker Swarm is probably good enough in a lot of cases. See the update for 2023 Having worked professionally on setting up, customising and deploying Kubernetes (but without pretending to be a specialist), I didn’t want to go down that path for my personal infrastructure, even if using Jsonnet was of great help (see my Jsonnet course here). I tried Nomad which worked fine, but getting it to do what I wanted was taking more time than I hoped.