- Zero downtime means that when updating a service, say from version 1 to version 2, the application to which this service belongs remains up and running all the time. At no time is the application interrupted or not functional.
- Docker SwarmKit uses rolling updates to achieve zero downtime. Every service runs in multiple instances for high availability. When a rolling update is happening, small batches of the overall set of service instances are replaced by new versions. This happens while the majority of the service instances are up and running to serve incoming requests.
- Container images are immutable. That is, once created, they can never be changed. When a containerized application or service needs to be updated, a new container image is created. During a rolling update, the old container image is replaced with the new container image. If a rollback is necessary, then the new image is replaced with the old image. This can be looked at as a reverse update. As long as we do not delete the old container image, we can always return to this previous version by reusing it. Since, as we said earlier, images are immutable, we are indeed returning to the previous state.
- Docker secrets are encrypted at rest; they are stored encrypted in the raft database. Secrets are also encrypted in transit since the node-to-node communication is using mutual TLS.
- The command would have to look like this:
$ docker service update --image acme/inventory:2.1 \ --update-parallelism 2 \ --update-delay 60s \ inventory
- First, we need to remove the old secret:
$ docker service update --secret-rm MYSQL_PASSWORD inventory
Then we add the new secret and make sure we use the extended format where we can remap the name of the secret, that is, the external and internal name of the secret do not have to match. The latter command could look like this:
$ docker service update \ --secret-add source=MYSQL_PASSWORD_V2,target=MYSQL_PASSWORD \ inventory