Kubernetes vs. Docker: What's the difference?

What is Docker?

Docker is a technology that is used to create and run software containers. A container is a collection of one or more processes, organized under a single name and identifier. A container is isolated from the other processes running within a computing environment, be it a physical computer or a virtual machine (VM).

Docker technology has two main components: the client command-line interface (CLI) tool and the container runtime. The CLI tool is used to execute instructions to the Docker runtime at the command line. The job of the Docker runtime is to create containers and run them on the operating system.

Docker uses two main artifacts that are essential to container technology. One is the actual container. The other is the container image, which is a template upon which a container is realized at runtime.

A container has no life of its own outside of the operating system. Thus, in terms of an automated continuous integration and continuous deployment (CI/CD) process, a real or virtual machine with an operating system must exist for Docker to work. Also, that machine must have the Docker runtime and daemon installed. Typically, in an automated CI/CD environment, a VM can be provisioned with a DevOps tool like Vagrant or Ansible.

What is Kubernetes?

On the other hand, Kubernetes is a container orchestration technology.

Kubernetes groups the containers that support a single application or microservice into a pod. A pod is exposed to the network by way of another Kubernetes abstraction called a service. In short, the network knows about Kubernetes services and a service knows about the pod(s) that has its logic. Within each pod is one or many containers that realize the logic in the given pod.

Containers, pods and services are hosted within a collection of one or many computers, real or virtual. In Kubernetes parlance, a computer is known as a node. Kubernetes runs over a number of nodes. The collection of nodes is called a Kubernetes cluster.

Kubernetes separates the node that controls activity in the cluster from the other nodes. This boss node is called the control plane node. The other nodes are called worker nodes. The containers that make up a pod run on one or many worker nodes. Each worker node in the Kubernetes cluster must have a container runtime installed.

For a long time, Docker was the default container runtime used by Kubernetes. Today other alternative container runtimes such as containerd and CRI-O have become popular.

Kubernetes and Docker deployments

Kubernetes deployments are versatile, scalable and fault-tolerant.

In terms of versatility, Kubernetes supports modifying or upgrading pods at runtime with no interruption of service. You can set Kubernetes to add more pods at runtime as the demand increases, thus making applications running under Kubernetes scalable. And, if a VM goes down, Kubernetes can replenish the pods and containers automatically on another machine running within the given Kubernetes cluster of machines. Hence, Kubernetes is fault-tolerant.

Kubernetes is a complex technology, made up of components -- also called resources -- beyond pods and services. Kubernetes ships with default resources that facilitate security, data storage and network management. Also, developers can make custom resources in order to extend the capabilities of a Kubernetes cluster to meet a special need.

Kubernetes vs. Docker

The important thing to understand about Docker and Kubernetes is that one is a technology for defining and running containers, and the other is a container orchestration framework that represents and manages containers within a web application. Kubernetes does not make containers. Rather, it relies upon a container realization technology such as Docker to make them.