Docker, Swarm and Kubernetes, which should we use?

Docker, Swarm and Kubernetes, which should we use?

·

8 min read

Overview

Today we are going to talk about the differences about each of some of the popular options out there (and the ones that I tested myself) article is inspired by https://phoenixnap.com/blog/kubernetes-vs-docker-swarm

In today computation we are going to evaluate the following points and my personal thoughts about why should we consider all the options (and more, ej podman)

Installation

Docker

Straight forward in all cases and distros, you probably won’t need any sort of instruction outside the documentation to land using docker.

Swarm

Since swarm comes with docker in most distros, you are already there!

Kubernetes

So here things get a little tricky, because kubernetes it’s a suite of components, when we talk about kubernetes we often refer to the cluster itself already working, but to get there we need things like kubeadm or kubectl, from there we can create our cluster with more things like minikube, microk8s, k3s. These provide functionality for the cluster, while the other tools mentioned provide a way to operate with them. You can read more about each one here https://www.linkedin.com/pulse/understanding-kubeadm-kubelet-kubectl-aloysius-pious-fqwsc/

And about the components here components are listed here https://kubernetes.io/docs/reference/command-line-tools-reference/

Learning Curve

Docker

For personal usage I’ll say is quite easy, especially if you are only going to use things that other built, then to build larger things or even try to use it in production (don’t, at least use swarm) it becomes quite a challenge, not because is hard but yes because you start to find the limitations of running docker standalone.

Swarm

After using docker itself, I’ll say transitioning into swarm is quite easy, you start seeing a few commands more and that’s all, what is not the same is that we start digging into container orchestrators. But compared to k8s trust me that is really easy!

Kubernetes

If you come from docker standalone, the concept of container orchestrators itself is going to be a challenge for you, coming from swarm I’ll say is hard but doable and healthy, looking into the additional components of kubernetes is up to you how hard it will become, you can start by trying things like minikube and say of wow this is not that hard, but once you start to think about doing a production ready cluster which is the point of kubernetes (if you are not aiming for that is clear that swarm is enough) challenges for your knowledge start to appear

GUI

Docker

Nothing pre-installed, we can use things docker desktop for personal or team usage, portainer, etc

Swarm

Same case as Docker standalone, dozzle is quite nice since it comes with swarm mode

Kubernetes

k8s comes with a dedicated dashboard, but if you are using k3s like myself, portainer is a good option to manage your cluster

The kubernetes dashboard can be found here https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

Cluster Setup

Docker

N/A

Swarm

To create a cluster is quite easy, we can use the command docker swarm

With the init we start the swarm and with docker swarm join-token we generate a command to join from the other nodes

Then you can check if the nodes are there

From here you can create a compose file and start doing your deploys

Kubernetes

Depending on which engine you are going to use installation varies, in my case i’m using k3s since my cluster is running in multiple Raspberry Pi’s so it comes handy, check https://docs.k3s.io/installation/requirements for details.

After the first installation we will have the cluster with the master node / control-plane, from there we can log in into another machines and do the same with the k3s_token.

To check the state of the cluster and nodes, you can do the following

Scalability

Docker

So we need that our application handles more traffic, if we can to scale we have to of course either expand the resources of the machine, add more replicas (manually) or deploy multiple containers if different machines which a load balancer up front, so docker standalone won’t help us scale, is up to us how we handle it

Swarm

Replicas? easy-peasy, containers across multiple computers? easy-peasy, internal load balancer? easy-peasy, outside automatic horizontal scaling swarm makes really easy this work, it is PERFECT when we have a b2b app or something that we are not going to handle 5000 users and the next day 20 million

Kubernetes

We can’t say much about kubernetes in terms of scalability since it is top-notch, at the cost of the learning curve, and hardware we have all the possible benefits that any company or product needs, I’ll say if you are in a business/product that can grow from day to night, you HAVE to use it. Imagine that you are hosting your website and one day MrBeast decides to promote your site, you know everything is going to blow up that day, kubernetes can save you that day (let’s not talk about $$)

Horizontal auto-scaling

Docker

N/A

Swarm

N/A

Kubernetes

Yes! One of the most useful features, the one that can save you (if you have enough resources to begin) if the example the created above becomes real! :) I’ll leave something to read about it https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

Monitoring

Docker and Swarm

Third-party tools are your friends

https://docs.docker.com/engine/daemon/prometheus/

https://github.com/louislam/uptime-kuma

Kubernetes

Resources can be found here https://kubernetes.io/docs/tasks/debug/debug-cluster/resource-usage-monitoring/

Load balancer

Docker

N/A

Swarm

Suppressively it comes by default

Here I have a few services running, if I point my reverse proxy to any of that external ports it will internally load balance across the replicas.

Kubernetes

The easiest way is to create a Service alongside a Deployment which the type LoadBalancer. An example can be something like this

## infobae-deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    io.kompose.service: infobae-api
  name: infobae-api-worker
spec:
  replicas: 3
  selector:
    matchLabels:
      io.kompose.service: infobae-api
  template:
    metadata:
      labels:
        io.kompose.service: infobae-api
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  io.kompose.service: infobae-api
              topologyKey: "kubernetes.io/hostname"
      containers:
        - image: dyallo/infobae_api
          name: infobae-api
          ports:
            - containerPort: 3000
              protocol: TCP
      restartPolicy: Always
## infobae-service.yml
apiVersion: v1
kind: Service
metadata:
  labels:
    io.kompose.service: infobae-api
  name: infobae-api
spec:
  ports:
    - name: 'tcp'
      port: 3000
      targetPort: 3000
  selector:
    io.kompose.service: infobae-api
  type: LoadBalancer

Then we can do run them with kubectl apply -f . if both files are in the same folder.

More information can be found here https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/

Security

All

We can say that all of them have a lot of security options if we dig enough, good resource are

https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-security

https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

which I suggest learning in docker at least is capabilities, security_opts, apparmor, seccomp and Dockerfiles with the least privilege or distroless if applies.

I’ll leave an example of a docker-compose with some of the practices mentioned

services:
  waifuland:
    container_name: waifuland
    security_opt:
      - seccomp:seccomp.json
      - apparmor:non-root-profile
      - no-new-privileges:true
    build:
        context: ../
        dockerfile: docker/Dockerfile
    cap_add: ["DAC_OVERRIDE"]
    cap_drop: ["ALL"]
    restart: always
    env_file:
      - ../.env
    ports:
      - ${EXTERNAL_PORT}:${PORT}
    networks:
      - waifuland

networks:
    waifuland:
        driver: bridge

CLI

Docker

Docker engine itself comes with the docker command which is their own cli to manage both docker standalone and docker swarm

Swarm

Same as docker, with different commands

Kubernetes

The components of Kubernetes itself don’t include a CLI, you have to install it yourself.

Use case

Docker

Let’s say you are trying a new tool, building a feature or anything for development, docker standalone works perfect since the container is going to use the image that the server runs in the end.

Proof of concepts are also welcome since you can run services locally without the need of deployments.

Small companies who have environments which can vary in dependencies and want to regulate their deployments can decide to start using docker, which a really low cost.

All sort of companies can benefit from docker standalone, I’ll not recommend docker standalone for critical applications or core.

Swarm

So swarm is a big step already, one big candidate for swarm for me is B2B models where traffic or users vary only if we got new clients, our application can maybe live with the amount of users that is there and not ground since is a niche market or when is going to grow we now the exact number of users/traffic that we are going to receive so we can scale up in advance, the tools that swarm offers are not automatic but are easy to set up and effective.

Another use case for swarm is the learning process, k8s comes with a big learning curve, if you want to have a more healthy transition going from docker, to swarm, to k8s is going to make your life easier.

Small to medium companies can benefit from docker swarm, I’ll not recommend docker swarm for the core of your business.

Kubernetes

So let’s go with the example from above, MrBeast decides to promote our site, and we know the traffic is going to zero to hero, that’s cool but is not cool if our infrastructure can’t handle that traffic and users receive a painful experience or worst the page is down. With features like horizontal autoscale (as long as we have resources speaking of self-hosted) we can survive this incident, in core or critical applications we NEED things like that where HA is necessary.

So paying the cost of hosting or using/learning is big, but benefit can be also huge if we take the example from above.

K8S is the standard nowadays for enterprise application, my only recommendation is to evaluate each of the needs for the companies, projects and more, you can sometime get away with docker standalone or swarm.

Medium to large companies can benefit from Kubernetes.

Did you find this article valuable?

Support Jonathan by becoming a sponsor. Any amount is appreciated!