Though not exactly the same as rootless Docker, you can run docker swarm inside rootless containers using the sysbox runtime. Each container is rootless and acts as a swarm node (similar to a VM).
For example:
(1) Launch a swarm manager node with Docker + Sysbox:
$ docker run --rm -it --runtime sysbox-runc --name manager nestybox/alpine-docker:latest
/ # dockerd > /var/log/dockerd.log 2>&1 &
/ # docker swarm init
Swarm initialized: current node (teemqygp2kfzw75cdhlcinppx) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-3urriqqyy8ysjkgmup81nxpvqgb3az063hryolhnl4p7nazl1n-cgbv86xvmf918iowrzq0fjd8w 172.20.0.2:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
(2) Launch a worker node in another container:
$ docker run --rm -it --runtime sysbox-runc --name worker0 nestybox/alpine-docker:latest
/ # dockerd > /var/log/dockerd.log 2>&1 &
/ # docker swarm join --token SWMTKN-1-3urriqqyy8ysjkgmup81nxpvqgb3az063hryolhnl4p7nazl1n-cgbv86xvmf918iowrzq0fjd8w 172.20.0.2:2377
This node joined a swarm as a worker.
(3) Back in the manager node:
/ # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
teemqygp2kfzw75cdhlcinppx * 4e30f1df39c5 Ready Active Leader 19.03.12
bs6pyyhs0rmglclzhzqs4cvhh 6ac0c3c173ef Ready Active 19.03.12
/ # docker service create --replicas 5 --name helloworld alpine ping docker.com
00u3g30hjyqe213xp7drswf3i
overall progress: 5 out of 5 tasks
1/5: running [==================================================>]
2/5: running [==================================================>]
3/5: running [==================================================>]
4/5: running [==================================================>]
5/5: running [==================================================>]
verify: Service converged
/ # docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
00u3g30hjyqe helloworld replicated 5/5 alpine:latest
/ #
This way you can run swarm inside well isolated containers and avoid the need for unsecure privileged containers or heavy VMs.
This blog post explains the differences between rootless Docker and Sysbox.