KB Platform
kb.erickguedes.com
Docker: Containers do Dev ao Deploy

Docker Swarm — Orquestração Nativa

Aula 5 de 7

Docker Swarm

Swarm é o orquestrador nativo do Docker. Transforma múltiplos hosts Docker em um cluster único.

# Inicializar cluster (manager)
docker swarm init --advertise-addr 192.168.1.10

# Adicionar worker
docker swarm join --token SWMTKN-1-xxx 192.168.1.10:2377

# Listar nós
docker node ls
docker node inspect self

Comandos do Swarm

docker node promote node2   # worker → manager
docker node demote manager1 # manager → worker
docker node update --label-add storage=ssd node3
docker node rm node4        # remove nó

Services e Tasks

# docker-compose.swarm.yaml
services:
  web:
    image: nginx:alpine
    ports:
      - target: 80
        published: 80
        mode: host  # ou ingress (LB padrão)
    deploy:
      replicas: 5
      update_config:
        parallelism: 2
        delay: 10s
        order: start-first
      restart_policy:
        condition: any
        delay: 5s
        max_attempts: 3
      resources:
        limits:
          cpus: "0.5"
          memory: 256M
      placement:
        constraints:
          - node.role == worker  # executa só em workers
          - node.labels.storage == ssd

# Deploy stack
docker stack deploy -c docker-compose.swarm.yaml minha-stack

# Gerenciar
docker stack ls
docker stack services minha-stack
docker stack ps minha-stack
docker stack rm minha-stack

# Escalar
docker service scale minha-stack_web=10
docker service update --replicas 3 minha-stack_web

Rolling Updates

# Update com zero downtime
docker service update \
  --image nginx:1.25 \
  --update-parallelism 2 \
  --update-delay 10s \
  --update-order start-first \
  minha-stack_web

# Rollback
docker service update --rollback minha-stack_web

Secrets e Configs

# Secrets (armazenados em memória, não no filesystem)
echo "minha-senha-segura" | docker secret create db_password -
docker secret ls

# Usar no service
docker service create \
  --name db \
  --secret db_password \
  --secret source=ssl_cert,target=/certs/cert.pem \
  postgres:16-alpine

# Compose com secrets
services:
  app:
    image: minha-app
    secrets:
      - db_password
      - source: api_key
        target: /run/secrets/api_key
    configs:
      - source: app_config
        target: /etc/app/config.yaml

secrets:
  db_password:
    external: true
  api_key:
    file: ./api_key.txt

configs:
  app_config:
    file: ./config.prod.yaml

Observabilidade no Swarm

# Logs do service
docker service logs --tail 100 -f minha-stack_web

# Métricas (Docker Engine metrics)
# Ativar: dockerd --metrics-addr 0.0.0.0:9323
curl localhost:9323/metrics

# Portainer — UI para Swarm
docker service create \
  --name portainer \
  --publish 9000:9000 \
  --constraint 'node.role == manager' \
  --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
  portainer/portainer-ce

Swarm é mais simples que Kubernetes. Ideal para clusters pequenos-médios. Secrets são armazenados cifrados no Raft log e montados em /run/secrets. Use constraints para distribuir cargas.