Kubernetes vs Docker Swarm: Complete Comparison Guide with Command Cheatsheets
Container orchestration has become essential for managing modern applications at scale. Two of the most prominent platforms in this space are Kubernetes and Docker Swarm. While both serve the same fundamental purpose of container orchestration, they differ significantly in complexity, features, and use cases.
This comprehensive guide will help you understand the key differences between these platforms and provide practical command cheatsheets for both.
Overview: Kubernetes vs Docker Swarm
What is Kubernetes?
Kubernetes (often abbreviated as K8s) is an open-source container orchestration platform originally developed by Google. It’s designed to automate deployment, scaling, and management of containerized applications across clusters of hosts.
Key Characteristics:
- Highly scalable and extensible
- Rich ecosystem with extensive tooling
- Complex learning curve
- Enterprise-grade features
- Strong community and vendor support
What is Docker Swarm?
Docker Swarm is Docker’s native clustering and orchestration solution. It’s built into the Docker Engine and provides a simpler alternative to Kubernetes for container orchestration.
Key Characteristics:
- Simple and easy to set up
- Integrated with Docker Engine
- Limited feature set compared to Kubernetes
- Suitable for smaller deployments
- Native Docker experience
Architecture Comparison
Kubernetes Architecture
Kubernetes follows a master-worker architecture with several components:
┌─────────────────────────────────────────────────────────────┐
│ Control Plane (Master) │
├─────────────────────────────────────────────────────────────┤
│ API Server │ Scheduler │ Controller │ etcd │
│ │ │ Manager │ │
└─────────────────────────────────────────────────────────────┘
│
┌─────────┴─────────┐
▼ ▼
┌─────────────────────────────────────────────────────────────┐
│ Worker Nodes │
├─────────────────────────────────────────────────────────────┤
│ kubelet │ kube-proxy │ Container Runtime │
│ │ │ (Docker/containerd/CRI-O) │
└─────────────────────────────────────────────────────────────┘Docker Swarm Architecture
Docker Swarm uses a simpler manager-worker architecture:
┌─────────────────────────────────────────────────────────────┐
│ Manager Nodes │
├─────────────────────────────────────────────────────────────┤
│ Docker Engine │ Swarm Manager │ Raft Consensus │
└─────────────────────────────────────────────────────────────┘
│
┌─────────┴─────────┐
▼ ▼
┌─────────────────────────────────────────────────────────────┐
│ Worker Nodes │
├─────────────────────────────────────────────────────────────┤
│ Docker Engine │ Swarm Agent │ Container Runtime │
└─────────────────────────────────────────────────────────────┘Feature Comparison Table
| Feature | Kubernetes | Docker Swarm |
|---|---|---|
| Scalability | Excellent (5000+ nodes) | Good (1000+ nodes) |
| High Availability | Built-in with multiple masters | Built-in with Raft consensus |
| Service Discovery | DNS-based with kube-dns | DNS-based with embedded DNS |
| Load Balancing | Advanced with Ingress controllers | Built-in L4 load balancing |
| Rolling Updates | Advanced with strategies | Basic rolling updates |
| Health Checks | Liveness and readiness probes | Basic health checks |
| Storage | Persistent volumes, dynamic provisioning | Limited to local volumes |
| Networking | CNI plugins, advanced policies | Overlay network, simple |
| Security | RBAC, Network Policies, Pod Security | TLS encryption, simple ACL |
| Monitoring | Rich ecosystem (Prometheus, Grafana) | Basic built-in monitoring |
| Complexity | High | Low |
Kubernetes Command Cheatsheet
Cluster Management
# Check cluster status
kubectl cluster-info
kubectl get nodes
# View cluster events
kubectl get events --sort-by='.lastTimestamp'
# Cluster version
kubectl version --shortPod Management
# List all pods
kubectl get pods
kubectl get pods --all-namespaces
# Create a pod
kubectl run nginx --image=nginx:latest
# Delete a pod
kubectl delete pod nginx
# Get pod details
kubectl describe pod <pod-name>
# View pod logs
kubectl logs <pod-name>
kubectl logs -f <pod-name> # Follow logs
# Execute commands in pod
kubectl exec -it <pod-name> -- /bin/bashDeployment Management
# Create deployment
kubectl create deployment nginx --image=nginx:latest
# Scale deployment
kubectl scale deployment nginx --replicas=3
# Update deployment image
kubectl set image deployment/nginx nginx=nginx:1.21
# Rollout status
kubectl rollout status deployment/nginx
# Rollback deployment
kubectl rollout undo deployment/nginx
# View deployment history
kubectl rollout history deployment/nginxService Management
# Create service
kubectl expose deployment nginx --port=80 --type=LoadBalancer
# List services
kubectl get services
kubectl get svc
# Service details
kubectl describe service <service-name>
# Port forward to service
kubectl port-forward service/<service-name> 8080:80Namespace Management
# List namespaces
kubectl get namespaces
# Create namespace
kubectl create namespace production
# Switch namespace
kubectl config set-context --current --namespace=production
# Delete namespace
kubectl delete namespace productionConfiguration Management
# Create configmap
kubectl create configmap app-config --from-file=config.yaml
# Create secret
kubectl create secret generic db-password --from-literal=password=mypass
# View configmaps
kubectl get configmaps
# View secrets
kubectl get secretsAdvanced Kubernetes Commands
# Resource quotas
kubectl describe resourcequota
# Network policies
kubectl get networkpolicies
# RBAC - Roles and RoleBindings
kubectl get roles
kubectl get rolebindings
# Persistent volumes
kubectl get pv
kubectl get pvc
# Helm package manager
helm list
helm install my-release stable/nginx
helm upgrade my-release stable/nginx
helm rollback my-release 1Docker Swarm Command Cheatsheet
Swarm Initialization
# Initialize swarm (on manager node)
docker swarm init --advertise-addr <MANAGER-IP>
# Get join token for workers
docker swarm join-token worker
# Get join token for managers
docker swarm join-token manager
# Join swarm as worker
docker swarm join --token <TOKEN> <MANAGER-IP>:2377
# Leave swarm
docker swarm leaveNode Management
# List nodes
docker node ls
# Node details
docker node inspect <NODE-ID>
# Update node
docker node update --availability drain <NODE-ID>
# Promote worker to manager
docker node promote <NODE-ID>
# Demote manager to worker
docker node demote <NODE-ID>Service Management
# Create service
docker service create --name web --replicas 3 --publish 80:80 nginx
# List services
docker service ls
# Service details
docker service ps web
docker service inspect web
# Scale service
docker service scale web=5
# Update service
docker service update --image nginx:1.21 web
# Remove service
docker service rm web
# Rolling update
docker service update --image nginx:alpine --update-parallelism 2 --update-delay 10s webStack Management
# Deploy stack from compose file
docker stack deploy -c docker-compose.yml mystack
# List stacks
docker stack ls
# Stack services
docker stack services mystack
# Stack processes
docker stack ps mystack
# Remove stack
docker stack rm mystackNetwork Management
# Create overlay network
docker network create --driver overlay mynetwork
# List networks
docker network ls
# Network details
docker network inspect mynetwork
# Create service with custom network
docker service create --name db --network mynetwork postgresSecret Management
# Create secret
echo "mypassword" | docker secret create db_password -
# List secrets
docker secret ls
# Secret details
docker secret inspect db_password
# Use secret in service
docker service create --name web --secret db_password nginxDocker Swarm Compose File Example
version: '3.8'
services:
web:
image: nginx:alpine
ports:
- "80:80"
deploy:
replicas: 3
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
networks:
- webnet
visualizer:
image: dockersamples/visualizer:stable
ports:
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
deploy:
placement:
constraints: [node.role == manager]
networks:
- webnet
networks:
webnet:
driver: overlayWhen to Use Kubernetes vs Docker Swarm
Use Kubernetes When:
✅ Large-scale deployments (100+ nodes, 1000+ containers)
✅ Complex applications requiring advanced features
✅ Multi-cloud or hybrid environments
✅ Advanced networking requirements (service mesh, network policies)
✅ Enterprise environments with dedicated DevOps teams
✅ Need for extensive ecosystem tools (monitoring, logging, security)
✅ Advanced deployment strategies (canary, blue-green deployments)
Use Docker Swarm When:
✅ Small to medium deployments (< 100 nodes)
✅ Simple applications with basic orchestration needs
✅ Quick prototyping and development environments
✅ Teams already familiar with Docker
✅ Limited resources for learning and maintenance
✅ Basic load balancing and service discovery needs
✅ Faster time-to-market is critical
Migration Considerations
From Docker Swarm to Kubernetes
If you’re considering migrating from Docker Swarm to Kubernetes:
- Start with simple workloads to understand Kubernetes concepts
- Use Kompose to convert Docker Compose files to Kubernetes manifests
- Gradually migrate services one by one
- Invest in training for your team
- Consider managed Kubernetes services (EKS, GKE, AKS) to reduce operational overhead
Tools for Migration
# Convert Docker Compose to Kubernetes
kompose convert -f docker-compose.yml
# Use Docker Compose on Kubernetes
kubectl apply -f docker-compose.ymlPerformance Comparison
Resource Usage
| Metric | Kubernetes | Docker Swarm |
|---|---|---|
| Control Plane Overhead | Higher (multiple components) | Lower (integrated) |
| Memory Usage | ~2GB for control plane | ~500MB for manager |
| CPU Usage | Higher with multiple controllers | Lower, integrated approach |
| Network Overhead | Higher with CNI plugins | Lower with built-in overlay |
Scalability Benchmarks
- Kubernetes: Proven to scale to 5,000+ nodes and 150,000+ pods
- Docker Swarm: Typically used for clusters up to 1,000 nodes
Security Comparison
Kubernetes Security Features
- RBAC (Role-Based Access Control): Fine-grained permissions
- Network Policies: Micro-segmentation at pod level
- Pod Security Standards: Built-in security policies
- Service Mesh Integration: mTLS with Istio/Linkerd
- Admission Controllers: Policy enforcement
- Secrets Management: Encrypted at rest, RBAC controlled
Docker Swarm Security Features
- TLS Encryption: All node-to-node communication
- Simple ACL: Basic access control
- Secret Management: Encrypted storage and transmission
- Certificate Rotation: Automatic TLS certificate management
- Network Isolation: Basic network segmentation
Cost Considerations
Kubernetes Costs
- Higher operational overhead: Requires skilled DevOps engineers
- Infrastructure costs: Multiple master nodes for HA
- Tooling costs: Monitoring, logging, security tools
- Training costs: Significant learning investment
- Managed services: $0.10 per hour per cluster (cloud providers)
Docker Swarm Costs
- Lower operational overhead: Simpler to manage
- Infrastructure efficiency: Lower resource requirements
- Faster deployment: Quicker time-to-market
- Training costs: Minimal if team knows Docker
- Total cost of ownership: Generally lower for small deployments
Conclusion
Both Kubernetes and Docker Swarm are viable container orchestration platforms, but they serve different needs:
Choose Kubernetes if you need enterprise-grade features, have complex applications, or require extensive scalability and ecosystem support. The learning curve is steeper, but the capabilities are virtually unlimited.
Choose Docker Swarm if you want simplicity, have basic orchestration needs, or need to get up and running quickly with minimal overhead. It’s perfect for smaller teams and simpler applications.
The choice ultimately depends on your specific requirements, team expertise, and long-term goals. Many organizations start with Docker Swarm and migrate to Kubernetes as their needs grow more complex.
Additional Resources
Kubernetes Learning Resources
Docker Swarm Learning Resources
Community and Support
- Kubernetes: Large community, extensive vendor support
- Docker Swarm: Smaller but active community, Docker Inc. support
Remember, the best orchestration platform is the one that fits your specific needs and constraints. Start simple, evaluate thoroughly, and scale as needed!