Can this be used to schedule containers to meet the security policy requirements?

A company’s security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.

Can this be used to schedule containers to meet the security policy requirements?

Solution: label contraints
A . Yes
B . No

View Answer

Answer: A

Explanation:

Label constraints can be used to schedule containers to meet the security policy requirements. Label constraints allow you to specify which nodes a service can run on based on the labels assigned to the nodes1. For example, you can label the nodes that are intended for development with env=dev and the nodes that are intended for production with env=prod. Then, you can use the –constraint flag when creating a service to restrict it to run only on nodes with a certain label value. For example, docker service create –name dev-app –constraint ‘node.labels.env == dev’ … will create a service that runs only on development nodes2. Similarly, docker service create –name prod-app — constraint ‘node.labels.env == prod’ … will create a service that runs only on production nodes3. This way, you can ensure that development and production containers are running on separate nodes in a given Swarm cluster.

Reference: Add labels to swarm nodes

Using placement constraints with Docker Swarm

Multiple label placement constraints in docker swarm