Richard Bucker

Frustrated by docker swarm

Posted at — Aug 5, 2018

My complaint is as much a community issue as it is docker swarm. There are a few things that I like about docker and docker swarm and plenty to hate.PRODockerfile is very much like a makefile creating the same instance each timewith enough nodes the swarm has some survivabilitythe docker networks can be encrypted for additional securitythe docker networks can be segmented stitching the systems that are permitted to communicatewhen combined with traefik there is some dynamic deploy that I like including let’s encrypt and SSLCONin recent history it has been reported that there are some bad actors creating fake containers and there is no curated container services that are not stupid expensive. This is a common problem for open source.deploying docker services and stacks can relocate them anywhere in the swarm, however, if you use persistent volumes they do not follow and so you need a distributed filesystem, NAS, or SAN. All of which have their own risks and costs.repairing a damaged cluster means rebuilding it all. This is typical but seriously tricky to be consistent as well as keeping the docs up to date. For example I had to push my swarm source outside of my network so I could deploy it differently if there was a major failure in the lab.Right now the network filesystem is a problem without a solution.