Comparison with Docker Swarm

The Similarities#

Docker has RBAC. Just as Kubernetes, it is organized around subjects, roles, and resource collections. In many aspects, both provide a very similar set of features. Should we quickly declare it a tie?

The Differences#

There is one crucial difference between Kubernetes RBAC and the one provided by Docker. The latter is not free. You’d need to purchase Docker Enterprise Edition (EE) to secure your cluster beyond “only those with the certificate can access it.” If you do have Docker EE, you already made up your mind, and the discussion whether to use one or the other is over.

Docker EE is great, and soon it will work not only with Swarm but also with Kubernetes. You bought it, and there’s not much reason to switch to something else. However, this comparison focuses on what open source core versions can offer. It ignores third party and enterprise additions.

If we stick with an “only what’s in the box” comparison, Kubernetes is a clear winner. It has RBAC, and Docker Swarm doesn’t. The problem is not that Swarm doesn’t have RBAC, but that it doesn’t have any user-based authentication baked in.

This is a very short comparison. If you don’t want to purchase enterprise products, and you do need an authorization and authentication mechanism, Kubernetes is the only option. Just as with Namespaces, Kubernetes shows its strength by the sheer number of features that do not exist in Swarm.