Deploy a Docker Swarm Cluster
Octos Cloud supports deploying Docker Swarm clusters with high availability, service discovery, and Traefik as an edge router for automatic SSL termination.
Cluster architecture
┌──────────────┐
│ Traefik │
│ (Manager) │
└──────┬───────┘
│
┌────────────┼────────────┐
│ │ │
┌─────┴─────┐ ┌───┴───┐ ┌──────┴────┐
│ Worker 1 │ │Worker 2│ │ Worker N │
│ (service) │ │(service│ │ (service) │
└───────────┘ └───────┘ └───────────┘
Step 1: Provision infrastructure
- Navigate to Create Instance in your project
- Provision one Instance as the manager node (e.g.,
gp.medium) and two or more Instances as worker nodes. - Attach them to the same Virtual Network for secure internal communication.
- Ensure the manager node has a Floating IP.
Step 2: Initialize Docker Swarm
Install Docker on all nodes:
curl -fsSL https://get.docker.com | sh
On the manager node, initialize the swarm:
docker swarm init --advertise-addr <MANAGER_PRIVATE_IP>
On the worker nodes, join the swarm using the token provided by the init command:
docker swarm join --token <TOKEN> <MANAGER_PRIVATE_IP>:2377
Step 3: Deploy Traefik
Create a docker-compose.yml file on the manager node for Traefik:
version: '3.8'
services:
traefik:
image: traefik:v2.10
command:
- "--api.insecure=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=your-email@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "vol_certificates:/letsencrypt"
deploy:
placement:
constraints:
- node.role == manager
volumes:
vol_certificates:
Deploy the stack:
docker stack deploy -c docker-compose.yml traefik
Step 4: Deploy your services
You can now deploy your services and expose them via Traefik:
version: '3.8'
services:
whoami:
image: traefik/whoami
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"