- Published on
Setting up Docker Swarm on Hetzner VPS
- Authors
- Name
- Filip Grilec
Setting up Docker Swarm on Hetzner VPS
Table of Contents
- Introduction
- Prerequisites and System Requirements
- Installing Docker on the Hetzner VPS
- Initializing the Docker Swarm
- Adding Worker Nodes
- Configuring Firewall Rules for Swarm Communication
- Verifying the Swarm Setup
- Basic Swarm Management Commands
- Example: Deploying a Multi-Container Application
- Security Considerations
- Monitoring and Logging
- Backup and Disaster Recovery
- Upgrading Docker Swarm
- Best Practices for Container Image Management
- Troubleshooting
Introduction
Docker Swarm is a powerful orchestration tool that allows you to manage a cluster of Docker nodes as a single virtual system. It provides benefits such as high availability, load balancing, and easy scaling of your containerized applications. Hetzner VPS offers an excellent platform for deploying Docker Swarm due to its reliable infrastructure and competitive pricing.
This guide will walk you through the process of setting up a Docker Swarm on a Hetzner VPS, from installation to basic management commands.
Prerequisites and System Requirements
- A Hetzner VPS with a minimum of 2GB RAM and 2 vCPUs
- Ubuntu 20.04 LTS or later (recommended)
- Root access or a user with sudo privileges
- A stable internet connection
1. Installing Docker on the Hetzner VPS
a. Download and run the Docker installation script:
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
b. Add your user to the docker group (optional, for non-root users):
sudo usermod -aG docker $USER
c. Verify Docker installation:
docker --version
d. Start and enable Docker service:
sudo systemctl start docker
sudo systemctl enable docker
2. Initializing the Docker Swarm
a. Get the public IP address of your Hetzner VPS:
ip addr show
b. Initialize the Swarm:
docker swarm init --advertise-addr <your-public-ip>
c. Save the generated join token for adding worker nodes later.
3. Adding Worker Nodes (if applicable)
If you have multiple VPS instances and want to add them as worker nodes:
a. SSH into each worker node b. Install Docker on each worker node (follow step 1) c. Run the join command provided when initializing the Swarm:
docker swarm join --token <worker-token> <manager-ip>:2377
4. Configuring Firewall Rules for Swarm Communication
If you're using UFW (Uncomplicated Firewall):
# Allow inbound traffic on port 2377 for cluster management
sudo ufw allow 2377/tcp
# Allow inbound traffic on port 7946 for node communication (TCP and UDP)
sudo ufw allow 7946/tcp
sudo ufw allow 7946/udp
# Allow inbound overlay network traffic (UDP)
sudo ufw allow 4789/udp
# Reload the firewall to apply changes
sudo ufw reload
These rules allow the necessary ports for Swarm communication:
- Port 2377: Used for cluster management communications
- Port 7946: Used for communication among nodes (container network discovery)
- Port 4789: Used for overlay network traffic
5. Verifying the Swarm Setup
a. On the manager node, check the Swarm status:
docker info
b. List all nodes in the Swarm:
docker node ls
6. Basic Swarm Management Commands
- Create a service:
docker service create --name my-web-app --replicas 3 -p 80:80 nginx
- List services:
docker service ls
- Scale a service:
docker service scale my-web-app=5
- Remove a service:
docker service rm my-web-app
- Leave the Swarm (on a worker node):
docker swarm leave
- Force remove a node (on the manager):
docker node rm <node-id>
7. Example: Deploying a Multi-Container Application
Here's a simple example of deploying a multi-container application using Docker Compose with Swarm:
a. Create a docker-compose.yml
file:
version: '3'
services:
web:
image: nginx
deploy:
replicas: 3
ports:
- "80:80"
redis:
image: redis
deploy:
replicas: 1
b. Deploy the stack:
$ docker stack deploy -c docker-compose.yml my-app
c. List the services in the stack:
$ docker stack services my-app
d. Remove the stack:
$ docker stack rm my-app
8. Security Considerations
For production environments, it's crucial to implement proper security measures. Consider the following:
- Use TLS for secure communication between Swarm nodes
- Implement node labels and constraints to control workload placement
- Use Docker secrets for managing sensitive information
- Regularly update Docker and all running containers
- Implement network segmentation and access controls
For more detailed information on securing your Docker Swarm, refer to the official Docker documentation on Swarm mode security.
9. Monitoring and Logging
Effective monitoring and logging are crucial for maintaining a healthy Docker Swarm. Consider implementing the following:
- Use Docker's built-in health checks for containers
- Implement a monitoring solution like Prometheus and Grafana
- Set up centralized logging with ELK stack (Elasticsearch, Logstash, Kibana) or similar solutions
- Use Docker's logging drivers to forward logs to your chosen logging solution
For more information on monitoring Docker Swarm, check out the Docker documentation on monitoring.
10. Backup and Disaster Recovery
Implement a robust backup and disaster recovery strategy:
- Regularly backup Swarm configurations and data volumes
- Use Docker's built-in backup and restore commands for Swarm configurations
- Implement off-site backups for critical data
- Test your recovery process regularly
For more details on backing up a Swarm, refer to the Docker Swarm backup guide.
11. Upgrading Docker Swarm
To keep your Swarm secure and up-to-date, follow these steps for upgrading:
- Update Docker on all nodes, starting with manager nodes
- Drain worker nodes before updating them
- Update one node at a time to maintain cluster stability
- Verify the cluster health after each node update
For a detailed upgrade process, check the Docker Engine upgrade guide.
12. Best Practices for Container Image Management
Follow these best practices for managing container images in your Swarm:
- Use a private registry for storing your custom images
- Implement image scanning for vulnerabilities
- Use specific image tags instead of
latest
- Regularly update base images and rebuild your custom images
- Implement a CI/CD pipeline for automated image building and testing
Learn more about Docker image best practices in the Docker documentation.
13. Troubleshooting
Common issues and their solutions:
Node communication issues:
- Verify firewall rules are correctly configured
- Check network connectivity between nodes
Service deployment failures:
- Check service logs:
docker service logs <service-name>
- Verify resource availability on nodes
- Check service logs:
Swarm initialization failures:
- Ensure Docker is running on all nodes
- Verify the advertise address is correct and accessible
Performance issues:
- Monitor resource usage with
docker stats
- Consider scaling your services or adding more nodes to the Swarm
- Monitor resource usage with
For more troubleshooting tips, refer to the Docker troubleshooting guide.
Your Docker Swarm is now set up and ready to use on your Hetzner VPS. Remember to continuously monitor and maintain your Swarm to ensure optimal performance and security.