Building Docker Enterprise 2.1 Cluster Using Terraform

  • Build a Containers-as-a-Service platform using Docker Enterprise Edition 2.1 and,
  • Build that platform using Terraform.

Docker Enterprise Edition

Docker Enterprise 2.1 is a Containers-as-a-Service (CaaS) platform that enables a secure software supply chain and deploys diverse applications for high availability across disparate infrastructure, both on-premises and in the cloud. It is a secure, scalable, and supported container platform for building and orchestrating applications across multi-tenant Linux, Windows Server 2016, and IBM Z environments.

  • Reliably support both Windows and Linux containers.
  • Be hosted in any cloud platform or on-premise Data Center.
  • Use both Docker Swarm and Kubernetes orchestration interchangeably.
  • Docker UCP — which gives a single-pane-of-glass across your cluster.
  • Docker Trusted Registry — to securely host your container images.


Terraform is one of my favorite Orchestration/IaC tools out there. I just love the power and flexibility that Terraform offers for deploying new services to any public cloud platforms. You just define what you need and ask Terraform to Go and Build. It is that simple.

Building the Docker Enterprise Cluster

For this demo, I chose to build a small 3-node Docker Enterprise 2.1 cluster.

Terraform Files Explained

If you’d rather understand the templates first before jumping into action, the following sections will take you through the details of the Terraform files.


Input variables serve as parameters for the Terraform module. All variables must be declared in a .tf file (e.g., and their values could be passed in command line during execution OR in a separate .tfvars file (e.g., terraform.tfvars)

This file defines the keys to connect to Alicloud and the region where you want the resources created

Network and Security
This file defines the VPC, vSwitch, Security Group and the security/firewall rules to restrict access to the docker hosts.

  • Priority value for the security roles range from 1–100. Smaller the value, higher the priority
  • RDP, WinRM and SSH access are allowed only from a specific IP — your Public IP.
  • Kubernetes, Docker and application access are allowed from anywhere

Compute for Docker UCP Manager

  • internet_max_bandwidth_out attribute ensures a Public IP is assigned as part of VM creation.
  • This Public IP is used in the connection definition for file provisioner to copy the installation scripts and for remote-exec provisioner to run the setup automatically for Docker EE, UCP and DTR
  • ssh key pair for the UCP host and the linux worker node is defined in

Compute for Docker Worker Nodes
This file defines the linux worker node. Quite similar to the file, except that this only has scripts to install Docker EE and join as worker node.

  • Windows image instead of the Linux image.
  • password attribute instead of the key_name attribute used in Linux for ssh-key pair.
  • user-data attribute which is used for bootstrapping the VM, including configuration of WinRM, so further scripts can be executed using WinRM
  • Connection type is winRM instead of ssh used in Linux host.

This file defines the values returned by the module. These values will be printed once Terraform successfully completes the execution.

Scripts to Automate Build of Docker Components

Scripts used to bootstrap Linux hosts are in the folder lin-files. They are called using the remote-exec provisioner in the ECS VM definition.

  1. Change the default TLS version in powershell from 1.0. to 1.2
  2. Ignore the certificate errors when connecting to Docker API


This article was intended only to introduce you to the basic concepts of Docker Enterprise and how you can use Terraform to automate deployments in Alibaba Cloud. The definition files and scripts in the GitHub repository will help you setup a basic Docker Enterprise cluster and also provide you tips which you can use for other installations.

Key References

This section lists several useful references if you would like to learn more about Docker, Terraform, and Automation



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website: