It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How do you deploy from Pipelines to a remote Docker Swarm cluster ?


I'm trying to get a Bitbucket Pipelines CD setup with a Docker Swarm cluster.

I messaged Geoff on Twitter and he suggested I post here -

You guys have deployment documentation for Kubernetes -

But there is no equivalent documentation for Docker Swarm. Please add documentation for deploys to docker swarm.

2 answers

0 votes

Hi Sandeep,

I'm not fully sure what Geoff had in mind as a workaround here. He's on leave until next week so I can't ask him until then. As far as I know this isn't possible as Swarm commands aren't available at the moment. But, I'll check with Geoff when he's back.



> Swarm commands aren't available at the moment.

well I guess that was the point for this ! Swarm is the second biggest deployment infra after kubernetes and morever is bundled inside Docker itself.

We would appreciate Bitbucket Pipelines team to tell us how to do this effectively. Swarm already comes with TLS security - 

but unfair to only support kubernetes  :(

Like 1 person likes this

Hi Sandeep,

You can follow this guide to deploy to your Swarm cluster:

You will also need to update the DOCKER_CERT_PATH to point at the API keys of your Swarm cluster, mentioned here:

I don't have an ETA on when we may have a similar guide on Swarm in our own documentation. However, those links should suffice for you by translating the appropriate commands into commands in your deploy step script.



couldnt figure out how to do it with pipelines. maybe im making a stupid mistake.

I pray that you guys do get around to it /hopeful

stage: deploy
DOCKER_HOST: tcp://XXXX:2376
SERVICE_NAME: barfbarf
image: docker:latest
- mkdir -p ~/.docker
- echo "$TLSCACERT" > ~/.docker/ca.pem
- echo "$TLSCERT" > ~/.docker/cert.pem
- echo "$TLSKEY" > ~/.docker/key.pem
- docker login -u gitlab-ci-token -p "$CI_BUILD_TOKEN" "$CI_REGISTRY"
- docker service update --detach=false --with-registry-auth --image$CI_PROJECT_NAME:$CI_BUILD_REF barfbarf
name: production
- master

Basically it works like this code snipped that I posted above (gitlab pipeline). I'm currently trying to "translate" it to bitbucket.

What you can do - SSH to one of your managers and run those commands


docker service update ...

@Arne Wiese that is superb! Thanks for taking the effort. Your recipe is something on the lines that we want to follow. 

However SSH is not an option - we want this to run on every commit/merge. 

Looking forward to see this working on Swarm!

Hi @Sandeep Srinivasa,

Why is SSH not an option? Is it acceptable if SSH is run on every commit/merge as part of the pipeline script?

We have some documentation on setting up SSH commands inside of you pipeline here:

Does that help at all?



Thanks for replying.

For the same reason why kubectl tries not to use it..and every platform provides a SSL/TLS API.

Being able to physically log in to a server is a different security envelope with different considerations. For example, once you are on the server - you can attempt Spectre/Meltdown. You cannot do that with remotely issued docker commands over TLS.

In general, we would strongly request for a transport level security over being able to SSH.

IMHO both k8s and swarm have it - it's just a question of how to set it up with your infrastructure.

Did this ever get anywhere, @Sandeep Srinivasa - did you manage to find a solution?


If you do - please do post here.

Any updates on this? Would be really nice to have a proper way of doing Docker deployments to remote hosts. 

Like 1 person likes this

I was hoping I could execute the `docker stack deploy` remotely from Pipelines but I guess it's not going to happen due to how the remote host connection is set up with Docker. 

Ended up setting up a pipeline where docker-compose.yml is copied to remote host and running commands on the remote host as well. 

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published Mar 14, 2019 in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder :  #!/bin/bash source "$(dirname "$0")/" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

1,001 views 1 16
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you