← Back to Docker Mastery
Advanced14 min read

Advanced Topics

Advanced Docker concepts — Swarm mode, BuildKit features, production deployment patterns, and the path to Kubernetes.

Docker Swarm

Docker Swarm provides native clustering and orchestration. Initialize with docker swarm init, deploy services with docker stack deploy, and Swarm handles scheduling, scaling, and load balancing.

Swarm is simpler than Kubernetes but less feature-rich. It suits small-to-medium deployments that want orchestration without Kubernetes complexity.

  • Swarm uses the same compose.yml format with deploy key
  • Services automatically load balance across replicas
  • Swarm includes built-in secrets and config management
docker swarm init
docker stack deploy -c compose.yml myapp
docker service ls
docker service scale myapp_web=3
docker stack rm myapp

BuildKit Advanced Features

BuildKit enables cache mounts (persisting package manager caches between builds), secret mounts (passing secrets during build without baking them in), and SSH mounts (accessing private repos during build).

Cache mounts dramatically speed up repeated builds — npm, pip, and apt caches persist across builds even when earlier layers change.

# syntax=docker/dockerfile:1
FROM node:20-alpine
RUN --mount=type=cache,target=/root/.npm \
    npm ci --only=production

RUN --mount=type=secret,id=npmrc,target=/root/.npmrc \
    npm ci

Production Deployment Patterns

Production Docker deployments use orchestrators (Kubernetes, Swarm, ECS) for scheduling, health checks, and rolling updates. Single-host Docker is for development — production needs redundancy and auto-recovery.

Implement blue-green or canary deployments by running two versions simultaneously and shifting traffic. Container immutability means deployments are always new containers from new images, never in-place updates.

# Rolling update in Swarm
docker service update \
  --image myapp:2.0.0 \
  --update-parallelism 1 \
  --update-delay 30s \
  myapp_web

Rootless Docker

Rootless Docker runs the daemon as a non-root user, eliminating the biggest Docker security concern. Install with dockerd-rootless-setuptool.sh. Containers run without root privileges on the host.

Rootless mode has limitations: some storage drivers, network modes, and privileged containers are unavailable. For most application workloads, these limitations are acceptable.

dockerd-rootless-setuptool.sh install
export DOCKER_HOST=unix:///run/user/1000/docker.sock
docker run hello-world

From Docker to Kubernetes

When single-host Docker or Swarm reaches its limits — multi-node scheduling, advanced networking, CRDs, or ecosystem tooling — Kubernetes is the next step. Docker skills transfer directly: images, Dockerfiles, and registries work unchanged.

Kubernetes adds pods, services, ingress, and declarative configuration. Docker Compose maps loosely to Kubernetes manifests or Helm charts. Learn Kubernetes fundamentals to scale beyond Docker alone.

  • Kubernetes uses the same OCI images as Docker
  • Kompose converts compose.yml to Kubernetes manifests
  • Docker Desktop includes a local Kubernetes cluster for learning
# Docker Compose service maps to Kubernetes Deployment + Service
# compose.yml web service → Deployment (replicas) + Service (networking)
# docker volume → PersistentVolumeClaim
# docker network → Kubernetes NetworkPolicy

Get In Touch

Ready to discuss your next project? Drop me a message.