Container Orchestration

Container orchestration automates the deployment, management, scaling, and networking of containers across multiple hosts. This guide covers orchestration concepts, Docker Swarm, and an introduction to Kubernetes.

Why Orchestration?

Running containers on a single host works for development, but production environments require:

Challenge	Orchestration Solution
High availability	Automatic failover and replication
Scaling	Horizontal scaling based on demand
Load balancing	Distribute traffic across instances
Service discovery	Automatic DNS and routing
Rolling updates	Zero-downtime deployments
Resource management	Efficient allocation across hosts
Health monitoring	Automatic restart of failed containers

Orchestration Architecture

┌──────────────────────────────────────────────────────────┐
│                    Orchestrator                            │
│              (Swarm Manager / K8s Control Plane)          │
│                                                          │
│  ┌──────────┐  ┌──────────┐  ┌──────────────────┐      │
│  │Scheduler │  │ Service  │  │Health Monitor    │      │
│  │          │  │ Discovery│  │                  │      │
│  └──────────┘  └──────────┘  └──────────────────┘      │
└──────────────────────┬───────────────────────────────────┘
                       │
          ┌────────────┼────────────┐
          ▼            ▼            ▼
    ┌───────────┐┌───────────┐┌───────────┐
    │  Node 1   ││  Node 2   ││  Node 3   │
    │┌──┐┌──┐  ││┌──┐┌──┐  ││┌──┐┌──┐  │
    ││C1││C2│  │││C3││C4│  │││C5││C6│  │
    │└──┘└──┘  ││└──┘└──┘  ││└──┘└──┘  │
    └───────────┘└───────────┘└───────────┘

Docker Swarm

Docker Swarm is Docker's built-in orchestration solution. It is simple to set up and integrates natively with the Docker CLI.

Initialize a Swarm

# Initialize Swarm on the manager node
docker swarm init --advertise-addr 192.168.1.10

# Output provides a join token for worker nodes
# docker swarm join --token SWMTKN-1-xxx 192.168.1.10:2377

# On worker nodes, join the swarm
docker swarm join --token SWMTKN-1-xxx 192.168.1.10:2377

# List nodes in the swarm
docker node ls

Swarm Node Roles

Role	Description	Responsibilities
Manager	Controls the swarm	Scheduling, orchestration, serving API
Worker	Executes tasks	Running containers
Leader	Primary manager	Raft consensus leader

Services

Services are the primary abstraction in Swarm for deploying applications:

# Create a service
docker service create \
  --name web \
  --replicas 3 \
  --publish 80:80 \
  nginx:latest

# List services
docker service ls

# Inspect a service
docker service inspect web

# View service tasks (containers)
docker service ps web

# Scale a service
docker service scale web=5

# Update a service
docker service update --image nginx:1.25 web

# Remove a service
docker service rm web

Rolling Updates

# Create a service with update configuration
docker service create \
  --name api \
  --replicas 6 \
  --update-parallelism 2 \
  --update-delay 10s \
  --update-failure-action rollback \
  --rollback-parallelism 1 \
  --rollback-delay 5s \
  my-api:1.0

# Perform a rolling update
docker service update --image my-api:2.0 api

# Monitor the update
docker service ps api

# Manual rollback
docker service rollback api

Update Configuration Options

Option	Description	Default
--update-parallelism	Number of tasks to update simultaneously	1
--update-delay	Delay between updating batches	0s
--update-failure-action	Action on update failure (pause, continue, rollback)	pause
--update-max-failure-ratio	Failure rate to tolerate	0
--update-order	Update order (start-first, stop-first)	stop-first

Swarm Networking

# Create an overlay network
docker network create --driver overlay my-overlay

# Create a service on the overlay network
docker service create \
  --name api \
  --network my-overlay \
  --replicas 3 \
  my-api:latest

docker service create \
  --name db \
  --network my-overlay \
  postgres:16

# Services can reach each other by name
# api can connect to db using hostname "db"

Stack Deployments

Docker Stacks allow you to deploy multi-service applications using Compose files:

# docker-stack.yml
version: "3.9"

services:
  web:
    image: nginx:1.25
    ports:
      - "80:80"
    deploy:
      replicas: 3
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure
    networks:
      - frontend

  api:
    image: my-api:latest
    deploy:
      replicas: 2
      resources:
        limits:
          cpus: '0.5'
          memory: 256M
    networks:
      - frontend
      - backend

  db:
    image: postgres:16
    volumes:
      - db-data:/var/lib/postgresql/data
    deploy:
      placement:
        constraints:
          - node.role == manager
    networks:
      - backend
    secrets:
      - db_password

networks:
  frontend:
    driver: overlay
  backend:
    driver: overlay
    internal: true

volumes:
  db-data:

secrets:
  db_password:
    external: true

# Deploy a stack
docker stack deploy -c docker-stack.yml myapp

# List stacks
docker stack ls

# List services in a stack
docker stack services myapp

# List tasks in a stack
docker stack ps myapp

# Remove a stack
docker stack rm myapp

Introduction to Kubernetes

Kubernetes (K8s) is the industry-standard container orchestration platform for large-scale production deployments.

Key Kubernetes Concepts

Concept	Description
Pod	Smallest deployable unit; one or more containers
Deployment	Manages a set of identical pods with rolling updates
Service	Stable network endpoint for a set of pods
Namespace	Virtual cluster for resource isolation
ConfigMap	Configuration data as key-value pairs
Secret	Sensitive data (passwords, tokens)
Ingress	HTTP routing and load balancing
PersistentVolume	Storage that outlives pods

Basic Kubernetes Deployment

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
  labels:
    app: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - name: my-app
          image: my-app:1.0
          ports:
            - containerPort: 3000
          resources:
            requests:
              memory: "128Mi"
              cpu: "250m"
            limits:
              memory: "256Mi"
              cpu: "500m"
          readinessProbe:
            httpGet:
              path: /health
              port: 3000
            initialDelaySeconds: 5
            periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
  name: my-app-service
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 3000
  type: LoadBalancer

# Apply the configuration
kubectl apply -f deployment.yaml

# Check deployment status
kubectl get deployments
kubectl get pods
kubectl get services

# Scale the deployment
kubectl scale deployment my-app --replicas=5

# Update the image (rolling update)
kubectl set image deployment/my-app my-app=my-app:2.0

# View rollout status
kubectl rollout status deployment/my-app

# Rollback
kubectl rollout undo deployment/my-app

Swarm vs Kubernetes Comparison

Feature	Docker Swarm	Kubernetes
Setup complexity	Simple (built into Docker)	Complex (separate installation)
Learning curve	Low	High
Scaling	Good	Excellent
Auto-scaling	Manual	Built-in HPA
Networking	Overlay networks	CNI plugins (flexible)
Storage	Volume drivers	CSI drivers (flexible)
Community	Smaller	Very large
Production readiness	Small-medium workloads	Enterprise-grade
GUI	Docker Desktop	Dashboard, Lens, Rancher

Choosing an Orchestration Platform

                    ┌──────────────────┐
                    │ How large is your │
                    │   deployment?     │
                    └────────┬─────────┘
                             │
                ┌────────────┼────────────┐
                ▼                         ▼
        ┌───────────┐            ┌───────────────┐
        │  Small /  │            │   Large /     │
        │  Medium   │            │   Enterprise  │
        └─────┬─────┘            └───────┬───────┘
              │                          │
              ▼                          ▼
     ┌─────────────────┐       ┌─────────────────┐
     │  Docker Swarm   │       │   Kubernetes    │
     │  or Compose     │       │                 │
     └─────────────────┘       └─────────────────┘

Health Checks and Monitoring

Swarm Health Checks

services:
  web:
    image: my-app:latest
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    deploy:
      replicas: 3
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3

Monitoring Stack

services:
  prometheus:
    image: prom/prometheus:latest
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
    ports:
      - "9090:9090"

  grafana:
    image: grafana/grafana:latest
    ports:
      - "3000:3000"
    volumes:
      - grafana-data:/var/lib/grafana

  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro

volumes:
  grafana-data:

Next Steps

• Docker Compose in Production — Deploy Compose apps in production
• Docker Networking Guide — Deep dive into container networking
• Security Best Practices — Secure your orchestrated deployments
• Storage Management — Persistent storage for orchestrated services
• Docker Engine Architecture — Understand swarm mode internals