| name | docker-swarm |
|---|---|
| description | Docker Swarm mode orchestration - cluster management, service deployment, scaling, node administration, and rolling updates |
| standards-version | 1.7.0 |
Manage Docker Swarm clusters, deploy and scale services, administer nodes, and perform rolling updates and rollbacks.
flowchart TD
A[Start] --> B{Swarm initialized?}
B -->|No| C[Initialize cluster]
C -->|docker_swarmInit| D[Add nodes]
D -->|docker_swarmJoin| E[Cluster ready]
B -->|Yes| E
E --> F[Deploy service]
F -->|docker_serviceCreate| G[Monitor tasks]
G -->|docker_servicePs| H{Healthy?}
H -->|No| I[Check logs]
I -->|docker_serviceLogs| J[Fix and update]
J -->|docker_serviceUpdate| G
H -->|Yes| K{Scale needed?}
K -->|Yes| L[Scale replicas]
L -->|docker_serviceScale| G
K -->|No| M{Update needed?}
M -->|Yes| N[Rolling update]
N -->|docker_serviceUpdate| O{Update OK?}
O -->|No| P[Rollback]
P -->|docker_serviceRollback| G
O -->|Yes| G
Activate when the user:
- Asks about Docker Swarm mode or cluster orchestration
- Wants to initialize, join, or manage a Swarm cluster
- Needs to create, update, scale, or rollback Swarm services
- Asks about node management, promotion, demotion, or draining
- Mentions "swarm init", "service create", "node ls", or "rolling update"
- Task type: cluster setup, service management, node administration, or troubleshooting
- Cluster details (for init/join): advertise address, join token, remote manager address
- Service details (for create/update): image, replicas, ports, resource limits
- Assess cluster state - Use
docker_nodeLsto check existing nodes anddocker_serviceLsto list running services. - Initialize or join - Use
docker_swarmInitto bootstrap a new cluster ordocker_swarmJointo add nodes. - Deploy services - Use
docker_serviceCreatewith appropriate replicas, ports, networks, and resource limits. - Monitor and scale - Use
docker_servicePsto check task distribution,docker_serviceLogsfor debugging, anddocker_serviceScaleto adjust replicas. - Update or rollback - Use
docker_serviceUpdatefor rolling updates anddocker_serviceRollbackto revert if issues arise. - Manage nodes - Use
docker_nodeUpdateto drain nodes for maintenance,docker_nodePromote/docker_nodeDemotefor role changes.
- Docker CLI:
docker swarm init,docker swarm join,docker service create,docker service update,docker service scale,docker node ls,docker node update - Swarm port: 2377/tcp (cluster management), 7946/tcp+udp (node communication), 4789/udp (overlay network)
- Service modes:
replicated(specified number of tasks) vsglobal(one task per node)
User: "Set up a 3-replica nginx service with a rolling update strategy"
Assistant: First checks if this node is a Swarm manager.
- Calls
docker_nodeLsto verify cluster state - If not in swarm mode, calls
docker_swarmInitto initialize - Calls
docker_serviceCreatewith name, image, replicas=3, ports, and resource limits - Calls
docker_servicePsto verify all 3 tasks are running - Explains how to update with
docker_serviceUpdate --image nginx:new --update-parallelism 1 --update-delay 10s
| Tool | When to Use |
|---|---|
docker_swarmInit |
Initializing a new Swarm cluster |
docker_swarmJoin |
Adding worker or manager nodes to the cluster |
docker_swarmLeave |
Removing the current node from the Swarm |
docker_swarmJoinToken |
Retrieving or rotating join tokens |
docker_swarmUpdate |
Updating Swarm-wide settings (task history, cert expiry, autolock) |
docker_swarmUnlock |
Unlocking a locked Swarm manager after restart |
docker_swarmUnlockKey |
Retrieving or rotating the Swarm unlock key |
docker_swarmCa |
Viewing or rotating the cluster root CA certificate |
docker_serviceCreate |
Deploying a new replicated or global service |
docker_serviceUpdate |
Rolling updates to image, replicas, env, or resources |
docker_serviceRm |
Removing services from the Swarm |
docker_serviceLs |
Listing all services and their status |
docker_serviceInspect |
Viewing detailed service configuration |
docker_serviceLogs |
Retrieving service or task logs for debugging |
docker_servicePs |
Checking task distribution across nodes |
docker_serviceScale |
Scaling services up or down |
docker_serviceRollback |
Reverting a service to its previous version |
docker_nodeLs |
Listing all nodes in the cluster |
docker_nodeInspect |
Viewing detailed node information |
docker_nodePs |
Listing tasks running on a specific node |
docker_nodeRm |
Removing nodes from the cluster |
docker_nodeUpdate |
Changing node availability (active/drain) or role |
docker_nodePromote |
Promoting workers to managers for HA |
docker_nodeDemote |
Demoting managers to workers |
- Single manager - A single-manager Swarm has no fault tolerance. Promote at least 2 additional nodes to manager (odd numbers: 3, 5, 7).
- Draining without replacement - Draining a node moves all tasks to other nodes. Ensure sufficient capacity before draining.
- Missing resource limits - Services without CPU/memory limits can starve other services on the same node.
- Port conflicts - Published ports in
ingressmode are cluster-wide. Two services cannot publish the same host port. - Overlay network encryption - Overlay networks are unencrypted by default. Use
--opt encryptedfor sensitive traffic between nodes. - Token exposure - Join tokens grant cluster access. Rotate them regularly with
docker_swarmJoinTokenand never commit them to repos. - Autolock disabled - Without autolock, a stolen disk image of a manager node exposes all cluster secrets. Enable with
docker_swarmUpdate.
docker-securityskill - for general container security hardeningdocker-networkingskill - for overlay network configurationdocker-resource-managementskill - for CPU/memory limits and monitoringswarm-securityrule - automated checks for Swarm security issues