The Swarm Factor

12-factor Docker Swarm Stacks

Docker Meetup Grenoble
Docker 6th Birthday - Show & Tell
2019-03-26

About me

Romain Clement

  • CTO @ Sylha
  • Freelance Software Engineer
  • Open-source software contributor 
contact@romain-clement.net
https://romain-clement.net
https://github.com/rclement

12-factor stacks

Context

💻 Proof-of-concept infrastructure

(single server)

🚀 Production-grade infrastructure

(cluster)

🤓 Very small team

12-factor stacks

Context

Dokku

  • Single-server
  • Docker-based
  • PaaS / GitOps
  • Databases
  • Let's Encrypt
  • Nginx

Orchestrator?

  • Scalable cluster
  • Docker-based
  • Cost-effective
  • Easy maintenance
  • Great DX, CI/CD, ...
  • No vendor lock-in

?

12-factor stacks

Experiment

  • Docker Swarm cluster
  • Simple, built-in Docker
  • Declarative approach
  • Configuration handling
  • Secrets handling
  • Just an experiment! Do not use this!

12-factor stacks

  • 1+ container(s) of 12-factor apps
    • Hosted on a Docker Registry
  • Deterministic behaviour
  • Re-usable
    • dev, staging, production
  • Configurable at run-time
    • Environment variables
    • Secret variables (encryption)
  • Automatic virtual-host subdomain

Constraints

12-factor stacks

  • Encrypted files in cluster
  • Restricted access to certain containers
  • Docker images "secret-compatible"
  • Caveat: "_FILE" suffix convention 
    • MYAPP_SECRET_KEY=secretvalue
    • MYAPP_SECRET_KEY_FILE=/run/secrets/MYAPP_SECRET_KEY

Secrets

12-factor stacks

Stack Description

Convention over configuration

docker-compose.yml
.env
.secret
inv stack-deploy -s <stack>
inv stack-update -s <stack>
inv stack-rm -s <stack>

Stack

.env.example
.secret.example

12-factor stacks

Setup

  • Docker Swarm cluster
    • Traefik
    • Portainer
  • Docker Machine
    • Secure nodes connections
    • Remote control
  • Python environment 
    • pyinvoke
    • tasks: create, destroy, update
app1
app2
app1
app2
pyinvoke
Registry

12-factor stacks

Demo

https://github.com/rclement/docker-swarm-stacks

12-factor stacks

Then what?

  • I REPEAT: DO NOT USE THIS! 💥
  • Other further experiments 
    • https://github.com/swarm-pack
  • OpenFaaS
    • Serverless environment
    • Over K8s and Swarm
    • Works with micro-services!
    • Stack, config, secrets descriptions

12-factor stacks

Then what?

  • Kubernetes
    • Stack description (deployments, services)
    • Configuration (env vars)
    • Secrets (ref as env vars!)
    • More and more managed offerings
  • GKE Build repository / Jenkins-X
    • Full PaaS experience
    • GitOps (git push to deploy)
    • CI (tests, lint, vuln scans, etc.)
    • CD

Thank you for your attention!


Happy 6th birthday, Docker!

🎂