Docker swarm run tasks only in workers

Question

Say that we are working in swarm mode and we have three nodes:

• manager1
• worker1
• worker2

Is it possible to create a service and specify that the tasks only has to run in the workers (worker1 and worker2) and not in the managers (manager1)

I am running the following command to create the service:

docker-machine ssh manager1 "docker service create --network dognet --name dog-db redis"

and when I ps the service:

docker-machine ssh manager1 "docker service ps dog-db"

I get:

ID                         NAME      IMAGE  NODE      DESIRED STATE  CURRENT STATE            ERROR
3kvfpbhl6fj0qwtglc5k7sbkw  dog-db.1  redis  manager1  Running        Preparing 4 seconds ago  

Answer 1

While you can use constraints (with --constraint node.role=worker) to eliminate a subset of nodes based on their role (manager or worker), I would go as far as disabling the Manager(s) from acting like Worker(s) with:

# Disables the Manager as a Worker node

docker node update --availability drain manager1

The idea is that the Manager should be kept secure from resource overload (CPU, RAM, fds), that could happen if the resources used by deployed services is higher than the resources available on a Manager. It can trigger a failure cascade scenario and the cluster could become highly unstable (or not responding to any more requests).

The Manager, at its core, maintains critical components (like certificate issuance and rotation, distributed datastore, networking), it would be bad to make your entire cluster unstable because the Managers are running out of resources.

Related Issues:

• How to kill your Managers
• Orchestrator does not handle dynamic updates in tasks scaling.

Source: I was a maintainer of Docker Swarm and wrote the Administration Guide for Swarm mode.