Add Swarm placement constraints

If a node is set to use Kubernetes as its orchestrator while simultaneously running Swarm services, you must deploy placement constraints to prevent those services from being scheduled on the node.

The necessary service constraints will be automatically adopted by any new MKE-created Swarm services, as well as by older Swarm services that you have updated. MKE does not automatically add placement constraints, however, to Swarm services that were created using older versions of MKE, as to do so would restart the service tasks.


To add placement constraints to older Swarm services:

  1. Download and configure the client bundle.

  2. Identify the Swarm services that do not have placement constraints:

    services=$(docker service ls -q)
    for service in $services; do
        if docker service inspect $service --format '{{.Spec.TaskTemplate.Placement.Constraints}}' | grep -q -v 'node.labels.com.docker.ucp.orchestrator.swarm==true'; then
            name=$(docker service inspect $service --format '{{.Spec.Name}}')
            if [ $name = "ucp-agent" ] || [ $name = "ucp-agent-win" ] ||  [ $name = "ucp-agent-s390x" ]; then
                continue
            fi
            echo "Service $name (ID: $service) is missing the node.labels.com.docker.ucp.orchestrator.swarm=true placement constraint"
        fi
    done
    
  3. Add placement constraints to the Swarm services you identified:

    Note

    All service tasks will restart, thus causing some amount of service downtime.

    services=$(docker service ls -q)
    for service in $services; do
        if docker service inspect $service --format '{{.Spec.TaskTemplate.Placement.Constraints}}' | grep -q -v 'node.labels.com.docker.ucp.orchestrator.swarm=true'; then
            name=$(docker service inspect $service --format '{{.Spec.Name}}')
            if [ $name = "ucp-agent" ] || [ $name = "ucp-agent-win" ]; then
                continue
            fi
            echo "Updating service $name (ID: $service)"
            docker service update --detach=true --constraint-add node.labels.com.docker.ucp.orchestrator.swarm==true $service
        fi
    done