Packt+ | Advance your knowledge in tech

You're reading from The DevOps 2.1 Toolkit: Docker Swarm The next level of building reliable and scalable software unleashed

Product type Paperback

Published in May 2017

Publisher

ISBN-13 9781787289703

Length 436 pages

Edition 1st Edition

Tools

Docker

Concepts

DevOps

Author (1):

Viktor Farcic

View More author details

Table of Contents (17) Chapters

Preface

1. Continuous Integration with Docker Containers FREE CHAPTER

2. Setting Up and Operating a Swarm Cluster

3. Docker Swarm Networking and Reverse Proxy

4. Service Discovery inside a Swarm Cluster

5. Continuous Delivery and Deployment with Docker Containers

6. Automating Continuous Deployment Flow with Jenkins

7. Exploring Docker Remote API

8. Using Docker Stack and Compose YAML Files to Deploy Swarm Services

9. Defining Logging Strategy

10. Collecting Metrics and Monitoring the Cluster

11. Embracing Destruction: Pets versus Cattle

What now?

12. Creating and Managing a Docker Swarm Cluster in Amazon Web Services

13. Creating and Managing a Docker Swarm Cluster in DigitalOcean

14. Creating and Managing Stateful Services in a Swarm Cluster

15. Managing Secrets in Docker Swarm Clusters

16. Monitor Your GitHub Repos with Docker and Prometheus

Running a database in isolation

We can isolate a database service by not exposing its ports. That can be accomplished easily with the service create command:

docker service create --name go-demo-db \
  mongo:3.2.10

We can confirm that the ports are indeed not exposed by inspecting the service:

docker service inspect --pretty go-demo-db

The output is as follows:

ID:            rcedo70r2f1njpm0eyb3nwf8w
Name:          go-demo-db
Service Mode:  Replicated
 Replicas:     1
Placement:
UpdateConfig:
 Parallelism:  1
 On failure:   pause
 Max failure ratio: 0
ContainerSpec:
 Image:      mongo:3.2.10@sha256:532a19da83ee0e4e2a2ec6bc4212fc4af\
26357c040675d5c2629a4e4c4563cef
Resources:
Endpoint Mode: vip

As you can see, there is no mention of any port. Our go-demo-db service is fully isolated and inaccessible to anyone. However, that is too much isolation. We want the service to be isolated from anything but the service it belongs to go-demo. We can accomplish that through the usage of Docker Swarm networking...