Creating a Docker Overlay Network

Summary

When we get started using Docker, the typical configuration is to create a standalone application on our desktop.

For the most part, it's usually not practical to run all your applications on a single machine and when it's not, you'll need an approach for distributing the applications across many machines. This is where a Docker Swarm comes in.

Docker Swarm provides capabilities for clustering, scalability, discovery, and security, to name a few. In this article, we'll create a basic Swarm configuration and perform some experiments to illustrate discovery and connectivity.

In this demo, we'll create a Swarm overlay cluster that will consist of a Swarm manager and a worker. For convenience, it will be running in AWS.

Architecture

Our target Architecture will consist of a couple of Docker containers running inside AWS AMI images on different EC2 hosts. The purpose of these examples is to demonstrate the concepts of how a Docker swarm can be used to discover services running on different host machines and communicate with one another.

In our hypothetical network above, we depict the interconnections of a Docker swarm manager and a couple of swarm workers. In the examples which follow we'll use a single manager and a single worker to keep complexity and costs low. Keep in mind that your real configurations will likely consist of many swarm workers.

Here's an example of what a potential Use Case may look like. An AWS load balancer configured to distribute load to a Docker swarm running on 2 or more EC2 instances.

We'll show in the examples below how you can create a Docker swarm overlay network that will allow DNS discovery of members and allow members to communicate with one another.

Prerequisites

We assume you're somewhat familiar with Docker and have some familiarity setting up EC2 instances in AWS.

If you're not confident with AWS or would like a little refresher, please review the following articles:

• Configure Docker on your EC2 instance

Some AWS services will incur charges, so be sure to stop and/or terminate any services you aren't using. Additionally, consider setting up billing alerts to warn you of charges exceeding a threshold that may cause you concern.

Configuration

Begin by creating two (2) EC2 instances (free tier should be fine), and install Docker on each EC2 instance. Refer to the Docker Supported platforms section for Docker installation guidance and instructions for your instance.

Here are the AWS ports to open to support Docker Swarm and our port connection test:

Open ports in AWS Mule SG

For our examples, we'll use the following IP addresses to represent Node 1 and Node2:

• Node 1: 10.193.142.248
• Node 2: 10.193.142.246

Before getting started, let's take a look at the existing Docker networks.

Docker Networks

docker network ls

The output of the network list should look at least like the listing below if you’ve never added a network or initialized a swarm on this Docker daemon. Other networks may be shown as well.

Results of Docker Network Listing:

From Node 1, let's begin by initializing the swarm.

Create the Swarm Master Node

docker swarm init --advertise-addr=10.193.142.248

You should get a response that looks like the one below. We'll use the token provided to join our other node to the swarm.

Results of swarm init

Swarm initialized: current node (v9c2un5lqf7iapnv96uobag00) is now a manager.

To add a worker to this swarm, run the following command:

docker swarm join --token SWMTKN-1-5bbh9ksinfmajdqnsuef7y5ypbwj5d9jazt47urenz3ksuw9lk-227dtheygwbxt8dau8ul791a7 10.193.142.248:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

It takes a minute or two for the Root CA Certificate to synchronize through the swarm, so if you get an error, give it a few minutes and try again.

If you happen to misplace the token, you can use the join-tokenargument to list tokens for manager and workers. For example, on Node 1, run the following:

Manager Token for Node 1

docker swarm join-token manager

Next, let's join the swarm from Node 2.

Node 2 Joins Swarm

docker swarm join --token SWMTKN-1-5bbh9ksinfmajdqnsuef7y5ypbwj5d9jazt47urenz3ksuw9lk-227dtheygwbxt8dau8ul791a7 10.193.142.248:2377
This node joined a swarm as a worker.

From Node 1, the swarm master, we can now look at the connected nodes

On Master, List All Nodes

docker node ls

Results of Listing Nodes

Also, notice that an Ingress network has been created, this provides an entry point for our swarm network.

Results of Docker Network Listing

Let's go ahead and create our Overlay network for standalone containers.

Overlay Network Creation on Node 1

docker network create --driver=overlay --attachable my-overlay-net

docker network ls

Results of Docker Network Listing

Note the addition of our new overlay network to the swarm. Now we join the overlay network from Node 1.

Run Our Container, Join the Overlay Net

docker run -it --name alpine1 --network my-overlay-net alpine

Join the overlay network from Node 2, we'll open port _8083_ to test connectivity into our running container.

Run Our Container, Join the Overlay Net

docker run -it --name alpine2 -p 8083:8083 --network my-overlay-net alpine

Verify Our Overlay Network Connectivity

With our containers running we can test that we can discover our hosts using DNS configured by the swarm. From Node 2, let's ping the Nod 1 container.

Node 2 Pings Node 1, Listens on Port 8083

ip addr # show our ip address
ping -c 2 alpine1

# create listener on 8083
nc -l -p 8083

From Node 1LetsPing the Node 2 Container and Connect toIt'sOpen Listener on Port8083

Node 1 Pings Node 2, Connect to Node 2 Listener on Port 8083

ip addr # show our ip address
ping -c 2 alpine2

# connect to alpine2 listener on 8083
nc alpine2 8083
Hello Alpine2
^C

There you have it, you created a tcp connection from Node 1 to Node 2 and sent a message. Similarly, your services can connect with and exchange data when running in the Docker overlay cluster.

With these fundamental building blocks in place, you're ready to apply these principles to real-world designs.

Cleanup

With our testing complete we can tear down the swarm configuration.

Remove Node 2 Swarm

docker container stop alpine2
docker container rm alpine2

docker swarm leave

Remove Node 1 Swarm

docker container stop alpine1
docker container rm alpine1

docker swarm leave --force

This concludes our brief examples with creating Docker Overlay Networks. With these fundamental building blocks in place, you now have the essential pieces necessary for building larger, more complex Docker container interactions.

Be sure to remove any AWS assets you may have used in these examples so you don't incur any ongoing costs.

I hope you enjoyed reading this article as much as I have enjoyed writing it, I'm looking forward to your feedback!