Docker Swarm is Docker's native container orchestration solution, built directly into Docker Engine, that transforms a pool of Docker hosts into a single virtual cluster. Unlike external orchestrators, Swarm mode leverages familiar Docker concepts and commands while adding cluster management, service discovery, load balancing, and zero-downtime deployments. It uses the Raft consensus algorithm to maintain cluster state across manager nodes, ensuring high availability without external dependencies. Keep in mind that Swarm operates on a declarative model — you define the desired state of services, and the orchestrator continuously works to maintain that state, automatically recovering from failures and distributing workloads.
What This Cheat Sheet Covers
This topic spans 20 focused tables and 223 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: Swarm Initialization and Cluster Setup
Initializing a swarm creates the first manager node and generates the root CA, join tokens, and cluster ID. Most production failures trace back to misconfigured advertise addresses or missing firewall rules for ports 2377/TCP, 7946/TCP-UDP, and 4789/UDP.
| Command | Example | Description |
|---|---|---|
docker swarm init --advertise-addr 192.168.1.100 | • Initializes a new swarm on the current node, making it the first manager • generates join tokens for workers and additional managers | |
docker swarm init --advertise-addr 10.0.0.5:2377 | • Specifies the IP address (or interface) other nodes use to reach this manager • required on multi-interface hosts to avoid ambiguous routing. | |
docker swarm init --listen-addr 0.0.0.0:2377 | • Defines the interface and port where the manager listens for Swarm management traffic • defaults to 0.0.0.0:2377. | |
docker swarm init --autolock | Enables automatic locking of the swarm, requiring an unlock key after manager restart to protect encrypted Raft logs and secrets. | |
docker swarm init --data-path-addr eth1 | Specifies a separate interface for overlay network (data plane) traffic, decoupling container data traffic from swarm management traffic. | |
docker swarm init --data-path-port 7777 | • Sets the UDP port for overlay network VXLAN traffic • defaults to 4789. Can only be configured at init time | |
docker swarm init --default-addr-pool 10.20.0.0/16 --default-addr-pool-mask-length 24 | • Configures the default subnet pool and subnet mask length for overlay networks • prevents IP conflicts with existing infrastructure | |
docker swarm init --external-ca protocol=cfssl,url=https://ca.example.com | • Uses an external CA to issue node certificates instead of Docker's auto-generated root CA • the only supported protocol is cfssl. | |
docker swarm init --availability drain | • Sets the initial availability of the manager node at init time • use drain to dedicate it as a manager-only node that doesn't run workloads |