Skip to main content

Deploy a Docker Swarm Cluster

Octos Cloud supports deploying Docker Swarm clusters with high availability, service discovery, and Traefik as an edge router for automatic SSL termination.

Cluster architecture

┌──────────────┐
│ Traefik │
│ (Manager) │
└──────┬───────┘

┌────────────┼────────────┐
│ │ │
┌─────┴─────┐ ┌───┴───┐ ┌──────┴────┐
│ Worker 1 │ │Worker 2│ │ Worker N │
│ (service) │ │(service│ │ (service) │
└───────────┘ └───────┘ └───────────┘

Step 1: Provision infrastructure

  1. Navigate to Create Instance in your project
  2. Provision one Instance as the manager node (e.g., gp.medium) and two or more Instances as worker nodes.
  3. Attach them to the same Virtual Network for secure internal communication.
  4. Ensure the manager node has a Floating IP.

Step 2: Initialize Docker Swarm

Install Docker on all nodes:

curl -fsSL https://get.docker.com | sh

On the manager node, initialize the swarm:

docker swarm init --advertise-addr <MANAGER_PRIVATE_IP>

On the worker nodes, join the swarm using the token provided by the init command:

docker swarm join --token <TOKEN> <MANAGER_PRIVATE_IP>:2377

Step 3: Deploy Traefik

Create a docker-compose.yml file on the manager node for Traefik:

version: '3.8'

services:
traefik:
image: traefik:v2.10
command:
- "--api.insecure=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=your-email@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "vol_certificates:/letsencrypt"
deploy:
placement:
constraints:
- node.role == manager

volumes:
vol_certificates:

Deploy the stack:

docker stack deploy -c docker-compose.yml traefik

Step 4: Deploy your services

You can now deploy your services and expose them via Traefik:

version: '3.8'

services:
whoami:
image: traefik/whoami
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"

Next steps