Nodes and join tokens

You can switch to swarm mode by running docker swarm init. The output of this command gives you a token that you can use so that other nodes can join the swarm. There are separate tokens for workers and managers. Nodes cannot join a swarm without the token, so you need to keep the token protected, like any other secret.

The join tokens are comprised of the prefix, the format version, the hash of the root key, and a cryptographically strong random string.

Docker uses a fixed SWMTKN prefix for tokens, so you can run automated checks to see whether a token has been accidentally shared in source code or on another public location. If the token is compromised, rogue nodes could join the swarm if they had access to your network. Swarm mode can use a specific network for node traffic, so you should use a network that is not publicly accessible.

Join tokens can be rotated with the join-token rotate command, which can target either the worker token or the manager token:

> docker swarm join-token --rotate worker
Successfully rotated worker join token.

To add a worker to this swarm, run the following command:

  docker swarm join --token SWMTKN-1-0ngmvmnpz0twctlya5ifu3ajy3pv8420st...  10.211.55.7:2377

Token rotation is a fully managed operation by the swarm. Existing nodes are all updated and any error conditions, such as nodes going offline or joining mid-rotation, are gracefully handled.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.147.67.16