You are likely familiar with containerization and the benefits that it brings to your applications as well as to your datacenter. Docker democratized containers by providing a simple, efficient and cost-effective container implementation and management solution. Over the next few years, most, if not all new applications will be deployed using some form of containerization.
There are a few important initial decisions you must make as you launch your containerization program:
Should you use the free open-source Docker Community Edition (CE) or Docker’s commercial, supported solution, Docker Enterprise Edition (EE)?
Should you launch and manage your containerized applications manually, or should you use an orchestrator to automate your datacenter?
Which orchestrator is best: Kubernetes or Docker Swarm?
What’s the difference between them?
In this blog post, we take a look at some of the factors you should consider when answering these questions and others.
You might have noticed that we left off one important question: which container system should you use? Docker is the most popular container runtime, but there are other solutions you might consider as well, such as rkt (Rocket) from CoreOS. However, because most people are familiar with Docker, we’ll assume you’re using Docker for your containers.
Should I pay or should I go (out on my own)?
To help you answer this question, let’s look at the pros and cons of the free Docker CE and Docker EE.
CE pros: The foundational Docker software is open source and available to everyone as part of Docker Community Edition. Most Docker CE components are licensed under the Apache 2.0 license which means Docker is free to use for any reason, so long as you include the license and copyright notices. Docker CE includes the docker engine (runtime) and the Docker Swarm orchestrator, and you can use the Kubernetes orchestrator if you want to. There are desktop versions of Docker CE for macOS and Windows 10, as well as server versions that run on CentOS, Debian, Fedora and Ubuntu so platform support is broad. There is a large ecosystem of add-ons to help you get the most out of Docker CE.
CE cons: Docker CE is community-supported, so you’ll need to rely on your own expertise and that of the Docker open source community should you need assistance or guidance. If you want to use Kubernetes (see below), you’ll have to download, install, configure and manage it yourself. Docker CE is not supported on Windows Server so deploying Windows containers is limited to the Docker Windows Desktop. Docker issues patches for CE releases for only seven months after general availability of a specific release so you need to keep your systems current to take advantage of bug fixes. Finally, there is no built-in graphical user interface (GUI) to interact with, and manage Docker CE; you must use the command line interface (CLI) or a third-party tool such as Portainer, or Kitematic, which is part of the Docker Toolbox, for all configuration and management functions.
EE pros: Docker EE is designed for enterprise-class scale and you can manage hundreds or thousands of containers with the tools, features and infrastructure that Docker EE provides. It works equally well for smaller sites where you have limited IT resources and you want to focus on the dev part of DevOps rather than manage an open-source solution.
Docker EE consists of two main solutions:
1) The Universal Control Plane (UCP) includes a browser-based management GUI, role-based access controls (RBAC); and
2) Built-in, seamless support for both Swarm and Kubernetes.
Docker EE is a commercially supported product with defined SLAs and extended maintenance cycles of up to 24 months. The Docker Trusted Registry supports image storage, vulnerability scanning, image promotion, and integration with your CI/CD pipeline tools such as Jenkins and Git.
Docker EE has broader platform support than CE. Supported platforms include CentOS, Oracle Linux, RHEL, SLES, Ubuntu, and Windows Server so you have a lot of choices in terms of which platform to use. Docker EE is also supported on Docker Certified Infrastructure which includes VMware, AWS, and Azure.
EE cons: Docker EE requires enterprise licensing and this cost may be initially steep for smaller companies or for organizations who are just starting out. As with any platform, Docker EE may limit some of your hybrid cloud deployment choices depending on your architecture.
Bottom line: The decision to go it alone (or rather, go with the open-source community) with Docker CE or to go with the commercial Docker EE is often forced on you out of necessity. If you don’t have the budget for EE, then CE or a pay-as-you-go cloud-based container service are likely your best options. It can also make a lot of sense to begin your containerization journey with Docker CE and then later upgrade to EE when you have more experience and are starting to deploy your apps into production.
Kubernetes or Docker Swarm?
An orchestrator is a system for managing, or orchestrating a collection of container-based apps. Whether you decide to use Docker CE or Docker EE, you will almost certainly want to use an orchestrator to manage your containers at some point because you’re likely to have more than you can manage individually. You can start your containerization journey by playing with individual, “one-off” containers but eventually you’ll want to scale up the number of containers you’re deploying, without also having to scale up the amount of IT staff to manage them. Both the community and enterprise editions of Docker support two orchestrators: Docker Swarm, and Kubernetes so let’s look at the pros and cons of each.
Docker Swarm pros: Docker Swarm is built in to the docker engine. Install the docker engine, and you’ve installed (but not yet enabled) Swarm. It is simple to build a swarm cluster: you run a single command (docker swarm init) and Docker does everything that’s needed behind the scenes. It is similarly simple to add nodes to your cluster (docker swarm join). You can have a multi-node cluster up and running in a couple of minutes, which lets you immediately focus on your apps and their containers. Because everything is self-contained and secure by default, there is very little initial configuration required and your learning curve is short. This simplicity and the tight integration with the Docker runtime engine is a huge benefit of using Swarm.
Swarm is supported on both Docker CE and EE. With CE, you enable Swarm yourself. With Docker EE, Swarm is enabled as part of the UCP installation, so you don’t have to do anything further once you’ve installed your UCP cluster.
Swarm has a robust stack of app (container) and cluster management features. You can create self-healing services, perform rolling updates and rollbacks of your services, securely store secrets such as passwords and private keys and monitor the health of your applications.
Docker Swarm cons: There are only a couple of relatively minor disadvantages to choosing Swarm as your orchestrator. The tight integration with the Docker engine means that you are somewhat locked in to the Docker ecosystem with Swarm, at least for the time being. Secondly, the all-in-one nature of Swarm means you have less control over the specifics of the implementation.
Kubernetes pros: Kubernetes has a more modular architecture than Docker Swarm. For example, Kubernetes does not have a native network implementation. You have to bring your own (plugin) which means you can choose whichever network plugin has the features you prefer. Likewise, service discovery with DNS is not included, but you can add a plugin to provide that service. Because of its modular nature, you have more fine-grained control over your site’s Kubernetes implementation.
Kubernetes is more popular than Docker Swarm which means there are more community resources to support you if you don’t have paid support. Docker EE has full support for Kubernetes which is integrated into UCP. All of the Kubernetes services have been containerized and run as self-healing services in Docker EE. Docker even includes the Calico network plugin and the Kube-DNS service discovery plugin which lowers your learning costs.
Kubernetes cons: Kubernetes modular architecture adds complexity and makes for a steeper learning curve. There are more opportunities for misconfiguration that can lead to broken systems. With Kubernetes on Docker CE, you will likely have to devote more IT resources toward managing Kubernetes compared to Swarm which works out of the box. Kubernetes itself is open source software and there is no one vendor standing behind the product. If you want commercial or enterprise-level support, you need to pay for Docker EE or contract with independent organizations.
Docker and Kubernetes pro or con: There is one additional security factor that you might consider a pro or a con, depending on your requirements and policies. Docker designed Swarm to be secure by default, with each container completely isolated from all others. Kubernetes’ architecture prioritizes communication between multiple containers in the same pod at the expense of higher security. If you prefer higher security and isolation between your containers by default, then this is a Swarm pro for you, and a Kubernetes con. If you prefer a model in which you have groups of cooperating processes and you want easy communication between them, then this is a pro for Kubernetes and a con for Swarm.
Is That Your Final Answer?
As with most things in the IT industry, there is no single answer that is right for everyone. There are many dependencies that factor into your choice. I can leave you with some generalized advice, however. If you’re new to containerization or are cost-constrained, start with Docker CE and use Docker Swarm as your orchestrator.
As you grow, consider upgrading to Docker EE to gain enterprise-class support and features such as Role-Based Access Control. Finally, consider whether the Kubernetes model of communication prioritization is worth the tradeoffs involved. If so, look into moving your apps, or developing new apps, in Kubernetes.
You can even run workloads under both orchestrators with Docker Enterprise Edition, and there are tools and experts who can help you migrate your Swarm apps to Kubernetes (or vice versa). In short, you’re not really locked in to your first choice, so experiment, learn, and have fun.
About the Author
Tim Garlick is a Docker and Kubernetes Architect at the Stone Door Group, a Cloud and DevOps consulting company and team lead for their Docker Accelerator℠ solutions. Accelerator solutions take all the guesswork out of the DevOps journey with simple to understand and easy to quantify results. To learn more, drop us an email at firstname.lastname@example.org.