It seems that there is a limitation either with the ingress network, or the docker_gwbridge network, as its seemingly impossible to expose more than 128 ports externally via ingress on a swarm cluster. It does not matter how many nodes comprise the cluster; this issue occurs on a single node swarm cluster or multi-node.

To see this for yourself, on a empty swarm cluster, simply run:
docker service create -p 80 nginx
129 times..

128 of them will succeed to provision and expose their ports 30000 - 30128, however on reaching the 129th, the task will set pending forever. If i kill one of the previously deployed services, the one that is pending will instantly deploy.

Note that whilst this limitation exists for the ingress network, it does NOT apply to the standard bridge network. On the same cluster, i was able to deploy 300 containers, each exposing a port via the default bridge network.

Is there system tuning that is required to exceed 128 concurrently exposed ingress ports?

Hey, any update on this? This is quite critical for bigger swarm instances and annoying.

Docker Co need an agreement with Portainer to enhance the docker swarm feature,the docker swarm is for developer ,the kubernetes is for operator