Kubernetes? Docker? Both?! If you are new to the Cloud Native ecosystem you might have heard about these technologies but perhaps you find it difficult to understand what they do and how they correlate. If that is the case, you have come to the right place! In this blog post, we will dissect these technologies and describe their definitions, as well as usage, in a concise manner. Let’s get started!
So, you might have heard that ..
With Kubernetes and Docker it is possible to build, package, configure, deploy, and manage your application in a reliable and scalable manner across multiple environments (Testing, Staging, Production).
That sounds good and all, but to benefit from these technologies we need to take a step back and understand What is Docker? and What is Kubernetes?
What is Docker?
Docker is a suit of developer tools for simplifying the process of creating software containers (containerization) and running these containers.
At the very core, Docker can be used to create container images. A container image is an immutable “blueprint” of a runnable instance of an application containing the source code, dependencies, libraries, as well as anything else needed to run the application. To create a container image, you first write a Dockerfile which specifies the procedure to create the image, much like a recipe.
You can then use the Docker CLI command build to create a container image.
docker build [options] path | url | -
Container images make it possible to easily share the package application with your coworker, the whole company, or the world! Simply push the image to an image repository (some common ones: Docker Hub, GCR, Quay, or self-hosted alternatives such as Harbor) where it can be retrieved by anyone with access.
For more information on container images and how to use them in a secure manner, read this blog.
Why should you use Docker?
With Docker, you can package your code in a way that makes it possible to share and run it on any server, as long as it has a container runtime installed.
Software developers can use Docker to containerize their applications. This is achieved by using Docker for building container images, running and testing the images as containers, and lastly using Docker to push the container images to a remote repository so that they can be shared with others or deployed to a development or production environment.
However, it is not recommended to solely rely on the Docker tools in production environments for large and complex systems where availability, scalability, and reliability are keys to success. For this, we need additional management, which prompts the question; How can we handle the orchestration and management of multiple containers? The answer: Container Orchestration tools.
What is Container Orchestration?
Container Orchestration is the process of automating the management of running multiple containers. These containers may be distributed across one or more physical or virtual machines, often referred to as nodes.
The process of container orchestration can be quite advanced, and thus we need container orchestration tools to help us manage everything in a container's lifecycle, such as scheduling, scaling, and load balancing.
What is Docker-Compose?
Docker-compose is a container orchestration tool that can be used to run and configure multiple containers on a single host. As the name suggests, it works natively with Docker containers.
version: "3.9" services: web: build: . ports: - "8000:5000" volumes: - .:/code environment: FLASK_DEBUG: "true" redis: image: "redis:alpine"
Docker-compose configuration is done using YAML files (typically named docker-compose.yml) which specify all the applications you wish to run together with additional information, such as which ports to expose the application on to the host machine, environment variables, and volumes that should be mounted to a container. To use the docker-compose file there is a Docker CLI plugin. The plugin can be used to start, stop, and rebuild, as well as viewing the status and logs of containers described in the configuration file.
What is Docker Swarm?
Docker Swarm is also a Docker native container orchestration tool. As opposed to Docker-compose, Docker Swarm enables you to run containers across multiple nodes to create a cluster, provided that each node has Docker installed.
Docker Swarm is actually not a separate tool, rather it is a mode built into the Docker Engine that can be used to combine several Docker instances into a cluster referred to as a swarm. A swarm consists of two types of nodes: (1) managers, which are responsible for managing the state of the cluster, and (2) workers, that run tasks assigned by manager nodes. Docker Swarm also provides neat features for scaling and fault tolerance through rescheduling.
What is Kubernetes?
Kubernetes is an open source system for container orchestration built to manage distributed containerized applications which can enable your system to run in a scalable, reliable, and fault tolerant way.
Kubernetes can be used to deploy and scale the applications in a simple way through the Kubernetes API, most commonly accessed by a cluster admin user through the Kubernetes CLI called kubectl.
Nodes in a Kubernetes cluster are usually divided into two types, worker nodes and control plane nodes. Control plane nodes consist of different components that allow them to manage the worker nodes and their workloads in a cluster. This is quite similar to Docker Swarm.
Kubernetes is rather complex and comes with many components and concepts, too many to bring up in this blog post, thus we recommend reading the official documentation, or even better, read our blog post on the subject.
For more information on Kubernetes and about its components, read this blog.
Is Kubernetes using Docker?
Kubernetes requires that each node in a cluster runs a supported container runtime. Older versions of Kubernetes had direct integrations with Docker Engine, but this special integration has since been removed.
Instead, Kubernetes uses Container Runtime Interface (CRI) compatible runtimes such as Containerd or CRI-O. However, it is still possible to use Docker Engine through an adapter called cri-dockerd. For more information on the removal of Docker Engine in Kubernetes, please visit https://kubernetes.io/blog/2022/03/31/ready-for-dockershim-removal/.
So … I should not use Docker?
Even if Docker is not necessary to run Kubernetes it is still the industry standard for building and pushing images. So, even if you are going to use Kubernetes, Docker is still useful for that specific action.
How do you run Kubernetes?
If you want to run Kubernetes by yourself you need compute-, network-, and storage resources. Be it local servers or cloud resources. There also exist several managed Kubernetes services such as Google’s GKE, Amazon’s EKS, and our own Elastisys’ Managed Kubernetes Platform.
There are several ways to set up a Kubernetes Cluster by yourself. To familiarize yourself with Kubernetes or to do local testing, you can set up a single node cluster with tools such as k3s, kind, microk8s, or minikube. For a full scale cluster there exists more complicated tools such as kubeadm, kubespray, and Cluster API.
Kubernetes by itself is often not enough, you also want to add additional monitoring, configuration, security, and much more. Managing the deployment and maintenance of these is a daunting task. This is why it can be highly beneficial to use a Kubernetes distribution. In the CNCF landscape you can find 58 certified Kubernetes distributions, some open source and others closed source. Elastisys open source Kubernetes distribution built with security and compliance first can be found here: https://elastisys.io/compliantkubernetes/.
Below lists components that are part of the Elastisys Kubernetes Platform.
Can you use Docker Compose with Kubernetes?
Although both tools are used for container orchestration, there is no direct integration between them. Kubernetes is used for production grade environments while Docker Compose is primarily meant for local development.
Kubernetes is designed to distribute workload over a cluster of servers, while Docker Compose is primarily used to manage multiple containers on a single host. Docker-compose can still be useful for testing services that should interact with each other before migrating to a production ready Kubernetes cluster. Tools such as kompose can be used to help migrate between the two tools, by converting Docker Compose files into Kubernetes manifest files to then be able to deploy them in a Kubernetes cluster. Depending on what kind of Kubernetes environment you are moving to, you might also need to do additional configuration to ensure compatibility. Especially for security hardened Kubernetes environments.
Docker Swarm vs Kubernetes
Docker Swarm and Kubernetes are both container orchestration tools, so which one should you choose?
Generally, Docker Swarm is seen as the simpler and more lightweight option as it is easier to learn and integrates natively with Docker, hence it might be good to use for very simple applications and systems. However, Docker Swarm is not used much in the market due to limitations such as being tied to using the Docker engine and having less customization options and extensions than other orchestration tools.
Kubernetes on the other hand is highly configurable, extensible and powerful, at the cost of it being a lot more complex and having a larger learning curve. It is also not restricted to Docker, making it possible to use other container runtimes as long as they implement the CRI protocol. Furthermore Kubernetes integrates with a plethora of additional tools which can be added to the cluster to make it manage more complicated systems.
Kubernetes is widely used today, and its popularity keeps growing with each year as more and more businesses want to move their systems to run on top of a Kubernetes platform due to its scalability, availability and extensibility.
Docker and Kubernetes are two different tools both connected to containerization. Docker is best suited to create and run containers while Kubernetes is best used to manage distributed systems with many containers running simultaneously and uncoupled.
Docker is the de facto standard for creating containers but there are several new tools available as options such as Podman and Buildah. Which one you should choose depends on your preferences and needs. If you do choose to use Docker, there are two native Docker tools that you can use to orchestrate containers. Docker Compose can be used to manage containers locally on one machine to use for testing while Docker Swarm can be used to manage containers across multiple machines. However, while possible, we would not recommend these lightweight tools for any production system, instead we recommend using Kubernetes.
Kubernetes is the most popular container orchestration tool on the market and has more advanced features than Docker Compose and Docker Swarm. With Kubernetes it is possible to build tolerant, highly available, production ready clusters. You can also use it with any container runtime as long as it implements the Container Runtime Interface.
If you do choose to use Kubernetes, give your developers the means to succeed by choosing a managed Kubernetes service or make sure to have platform engineers in house that are specialized at Kubernetes operations. An application developer that does not have to configure and manage Kubernetes is a happy developer.