I’m trying to have a better understand if how docker swarm decides what image to use.

Assume i have local image “username/some-image:latest” in node, and different image in docker hub under the same name(“username/some-image:latest”) .
Now i run “docker stack deploy …”

Which Image will the the node use? the local one or the one stored in docker hub?

Afaik images from the local cache are only used as a fallback. Usualy when the swarm scheduler commands a task to create a container, the image is allways pulled - though from my observation the tag will be stripped in the local cache - and then the container is created.

This is neither restricted to Dockerhub as image repository, nor for the latest tag. If a different image repository is used, the full qualified domain name is used in front of the repo-group. If tags are not set to be immutable and a new image is pushed for an existing tag, the tag will be linked with the new image id. Thus, if you manualy pull the image or swarm pulls the image implicitly, the new image will be pulled. Though only for manual pulls the tag will be changed to point to the new image id.

If you create your own images and want to run them in your swarm, you might want to setup your own private repository. Gitlab, Artifactory and Nexus have a build in Git Repo with https support and authentification. There are plenty of other docker repositories to pick from.

Thank Metin,
That makes sense. I was hoping that “–resolve-image never” will make the swarm in my dev environment to use the local images and not those in the repository. but it did not seemed to make a difference.

Oh, i wasn’t aware that such an option exists. Learned something new today

I just checked docker service create --helpon a 18.09.6 and 19.03.1 engine and in both the option is called “–no-resolve-image”. At least on 18.09.6 and 19.03.1, I can confirm that it has no effect.