Docker Services are application images that you deploy when Docker is in swarm mode. Frequently a service is the image for a microservice within the context of some larger application. They could be a HTTP server, a database, or any other type of executable program that you wish to run in a distributed environment.
Services are really just “containers in production.” A service only runs one image, but it codifies the way that image runs—what ports it should use, how many replicas of the container should run so the service has the capacity it needs, and so on. Scaling a service changes the number of container instances running that piece of software, assigning more computing resources to the service in the process.
When you create a service, you specify which container image to use and which commands to execute inside running containers. You also define options for the service including:
- CPU and memory limits and reservations
- an overlay network for the service to connect to other services in the swarm
- the port where the swarm makes the service available outside the swarm
- the number of replicas of the image to run in the swarm
- a rolling update policy
Docker Service vs Docker container
A docker service is one or more containers with the same configuration running under docker’s swarm mode. The difference is that using services you get some orchestration. That orchestration restarts your container if it stops, finds the appropriate node to run the container on based on your constraints, scale your service up or down, allows you to use the mesh networking and a VIP to discover your service, and perform rolling updates to minimise the risk of an outage during a change to your running application.
Docker Services, tasks, and containers
When you deploy the service to the swarm, the swarm manager accepts your service definition as the desired state for the service. Then it schedules the service on nodes in the swarm as one or more replica tasks. The tasks run independently of each other on nodes in the swarm.
A container is an isolated process. In the swarm mode model, each task invokes exactly one container. A task is analogous to a “slot” where the scheduler places a container. Once the container is live, the scheduler recognizes that the task is in a running state. If the container fails health checks or terminates, the task terminates. See the image below for a better understanding:
Docker Tasks and scheduling
A task is the atomic unit of scheduling within a swarm. When you declare a desired service state by creating or updating a service, the orchestrator realizes the desired state by scheduling tasks. Each task is a slot that the scheduler fills by spawning a container. The container is the instantiation of the task.
The underlying logic of Docker swarm mode is a general purpose scheduler and orchestrator. The service and task abstractions themselves are unaware of the containers they implement. Hypothetically, you could implement other types of tasks such as virtual machine tasks or non-containerized process tasks. The scheduler and orchestrator are agnostic about the type of task. However, the current version of Docker only supports container tasks.
The diagram below shows how swarm mode accepts service create requests and schedules tasks to worker nodes.