Difference between revisions of "Docker Swarm"

List all containers over swarm

docker node ps $(docker node ls -q)

Ports - https://www.digitalocean.com/community/tutorials/how-to-configure-the-linux-firewall-for-docker-swarm-on-ubuntu-16-04

TCP port 2376 for secure Docker client communication. This port is required for Docker Machine to work. Docker Machine is used to orchestrate Docker hosts.
TCP port 2377. This port is used for communication between the nodes of a Docker Swarm or cluster. It only needs to be opened on manager nodes.
TCP and UDP port 7946 for communication among nodes (container network discovery).
UDP port 4789 for overlay network traffic (container ingress networking).

ufw allow 22/tcp
ufw allow 2376/tcp
ufw allow 2377/tcp
ufw allow 7946/tcp
ufw allow 7946/udp
ufw allow 4789/udp

Enable tls - https://docs.docker.com/engine/security/protect-access/

#!/usr/bin/env bash
set -e
# https://docs.docker.com/engine/security/protect-access/
HOST=d3.uvoo.io
ipaddr=$(dig +short d3.uvoo.io)

openssl genrsa -aes256 -out ca-key.pem 4096
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
echo subjectAltName = DNS:$HOST,IP:$ipaddr,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
          -CAcreateserial -out server-cert.pem -extfile extfile.cnf