An Introduction to Docker Stack: Deployment and Secrets Management

You can see the hands-on video here: https://blog.sofianeouafir.com/docker/video-hands-on-introduction-to-docker-stack

Introduction to Docker Stack

Docker Stack is an essential tool for managing Docker services across multiple nodes in a Docker Swarm using a docker-compose.yml file. In this tutorial, I dive into Docker Stack’s deployment capabilities and the secure management of secrets, using a practical example involving Drupal and PostgreSQL.

Docker-Compose File Setup

Here’s our docker-compose.yml file that sets up the Drupal and PostgreSQL services:

version: '3.8' services: drupal: image: drupal:8.2 ports: - "8080:80" deploy: replicas: 2 update_config: parallelism: 2 delay: 10s restart_policy: condition: on-failure

postgres: image: postgres:14 secrets: - psql-pw environment: POSTGRES_PASSWORD_FILE: /run/secrets/psql-pw POSTGRES_DB: drupal POSTGRES_USER: user deploy: placement: constraints: [node.role == manager]

secrets: psql-pw: external: true

Understanding the Deploy Section

The deploy section of the Docker Compose file specifies deployment strategies in a swarm environment, including:

• Replicas: Defines the number of instances for the service.
• Update_config:
• Parallelism: Sets how many service tasks are updated simultaneously.
• Delay: Adds a delay between updates to different service tasks to ensure smooth roll-outs.
• Restart_policy:
• Condition: Determines under what conditions the service should be restarted.

Managing Secrets in Docker Stack

What is a Docker Secret?

A Docker secret securely stores and manages sensitive data within Docker services, encrypted during transit and at rest, and only accessible by specifically authorized services.

Managing Secrets with Docker Stack

Secrets can be managed in Docker Stack in two ways:

• Using Secret Files: Ideal for development, storing sensitive data in local files securely transferred into Docker Swarm during deployment.
• secrets: psql-pw: file: ./your-file.txt
• External Secrets: For production, secrets are created directly in Docker using the CLI, avoiding the storage of sensitive information in files.
• secrets: psql-pw: external: true

Hands-On: Deploying the Stack in Docker Swarm

To deploy your stack in Docker Swarm, follow these steps:

Step 1: Prepare Your Docker Environment

Ensure Docker is running and connected to your Docker Swarm. Refer to this guide for setting up a 3-node Docker Swarm.

Step 2: Create and Edit the docker-compose.yml File

On your swarm node, initialize and edit the docker-compose file to inclue our own docker-compose file:

touch docker-compose.yml; vim docker-compose.yml;

Step 3: Create the Secret

echo "myverysecretpassword" | docker secret create psql-pw -

Step 4: Deploy the Stack

docker stack deploy -c docker-compose.yml demo-stack

Step 5: Verify the Deployment

• List Services: docker stack services demo-stack
• List Tasks: docker stack ps demo-stack

Step 6: View the Secrets in the Container

Get inside the container

docker exec -it [container-name] bash

See the secret values

cat /run/secrets/psql-pw

Step 7: View Logs and Debug

docker service logs drupal docker service logs postgres

Step 8: Play with your configs

For example, you can scale up and down your services by editing the replicas values in your docker-compose file and re-deploy using the same deploy command.

Step 9: Play with your Drupal app!

Your drupal application should now be up and running on port 8080!

Conclusion

You have successfully configured a robust Docker Swarm with three nodes. This setup is now running efficient instances of Drupal and PostgreSQL, demonstrating Docker Stack’s powerful capabilities for real-world applications.

Happy deploying!