Docker Community Forums

Share and learn in the Docker community.

Bypassing the routing mesh: Published vs Target ports?

In the documentation, in the section, Bypassing the routing mesh there is a line, in the context of multiple tasks running on the same node, that states that,

If you expect to run multiple service tasks on each node (such as when you have 5 nodes but run 10 replicas), you cannot specify a static target port.

Is this correct or is this a typo? I thought the port in the container(i.e. the target port) could be set but because there is no overlying mesh, having a published port on the host for these multiple containers is what is not possible.

Can someone please throws some light on this?


On a second thought: the docs are right. When you use mode=host the container of the service task binds the container’s port in the network name-space of the host (=network-wise this particular container port acts like a host port bound by a native process on the host)

If you bypass the routing mesh, you can run up to one service task per node, which binds the serice task’s container port directy on the host - there is no publishing. Of couse this is constrained by the number of desired replicas, number of available nodes and if used placement constraints. When a host port is bound by a process (read: container), it can not be bound again by another process (read: container)…

I would strongly recommend to use --publish ....,mode=host only in combination with --mode global instead of --mode replicated (which is the default mode). --mode global will deploy one task per node that matches your placement contraint per service.

I hope this makes sense.