[mradmin]

My anti-kubernetes setup for small single servers is docker swarm, portainer & traefik. It's a setup that works well on low powered machines, gives you TLS (letsencrypt) and traefik takes care of the complicated network routing.

I created a shell script to easily set this up: https://github.com/badsyntax/docker-box

[kawsper]

I have a similar setup, but with Nomad (in single server mode) instead of docker swarm and portainer. It works great.

[stavros]

What does Nomad do for you, exactly? I've always wanted to try it out, but I never really got how it works. It runs containers, right? Does it also do networking, volumes, and the other things Compose does?

[heipei]

What I like about Nomad is that it allows scheduling non-containerized workloads too. What it "does" for me is that it gives me a declarative language to specify the workloads, has a nice web UI to keep track of the workloads and allows such handy features as looking at the logs or exec'ing into the container from the web UI, amongst other things. Haven't used advanced networking or volumes yet though.

[stavros]

So do you use it just for scheduling commands to run? I.e. do you use `docker-compose up` as the "payload"?

[kawsper]

You send a job-specification to the Nomad API.

There's different kind of workloads, I use Docker containers the most, but jobs can also run on a system-level, there's also different types of operating modes, some jobs can be scheduled like cron, where other jobs just exposes a port and wants to be registered in Consuls service-mesh.

A job can also consist of multiple subtasks, an example could be nginx + django/rails subtasks that will be deployed together.

You can see an example of a Docker job here: https://www.nomadproject.io/docs/job-specification#example

With a few modifications you can easily allow for blue/green-deployments.

[stavros]

This is very interesting, thanks! I'll give it a go.

[ianlevesque]

Nomad is so perfect for this. I've been meaning to blog about it somewhere.

[GordonS]

Don't suppose you're able to point to a simple Nomad config for a dockerised web app, with a proxy and Let's Encrypt?

[kawsper]

I will see if I can write up a simple example, do you have anywhere I can ping you?

[GordonS]

That would be great, thanks!

I'm at: gordon dot stewart 333 at gmail dot com

[lamflam]

I would also love to read this! kevinl at hey dot com

[GordonS]

This is exactly how I deployed my last few projects, and it works great!

The only things I'd change are switching to Caddy instead of Traefik (because Traefik 2.x config is just so bewilderingly complex!), and I'm not convinced Portainer is really adding any value.

Appreciate you sharing your setup script too.

[mradmin]

Agree the traefik config is a little complex but otherwise it works great for me. About using portainer, it's useful for showing a holistic view of your containers and stacks, but I also use it for remote deployment of services (Eg as part of CI/CD). I'll push a new docker image version then I'll use the portainer webhooks to redeploy the service, then docker swarm takes over.

[GordonS]

Ah, I wasn't aware of the web hooks, that sounds useful :)

[mradmin]

Here's an example using GitHub Actions: https://github.com/badsyntax/docker-box/tree/master/examples...

[dneri]

Absolutely agree, I switched to Caddy recently and the configuration is considerably easier than Traefik. Very simple TLS setup (including self signed certificates).

[e12e]

After some struggle I've managed to set up traefik with tags/docker socket so that services can "expose themselves" via tags in their service definitions - is there anything similar for caddy?

[mrweasel]

That’s still a bit more than I feel is required.

My problem is in the two to eight server space, but networking is already externally managed and I have a loadbalancer. It’s in this space I feel that we’re lacking good solution. The size is to small to justify taking out nodes for a control plane, but big enough that Ansible feels weird.