Description
Docker and Kubernetes (EKS GKE AKS)
| Attribute | Docker | Kubernetes | Managed K8s (EKS / GKE / AKS) |
| Primary role | Container runtime and image tooling | Container orchestration and scheduling | Managed control plane + cloud integrations |
| Core artifacts | Images, containers, Dockerfile | Pods, Deployments, Services, ConfigMaps | Clusters, node pools, cloud IAM, native addons |
| Typical concerns | Build reproducible images, local dev parity | Scaling, service discovery, rolling updates | Upgrades, security posture, billing, integrations |
| Advanced levers | Multi-stage builds, image signing | Operators, CRDs, custom schedulers | Autoscaling, managed networking, cloud‑native addons |
- Docker provides the developer‑facing container model: buildable images, layered filesystems, registries, and a consistent runtime for packaging apps.
- Docker features to master: multi‑stage builds, image optimization, content trust/signing, local orchestration (compose), and secure image scanning.
- Kubernetes is the production orchestration layer that schedules containers, manages desired state, and exposes networking, storage, and config primitives.
- Kubernetes core concepts to know deeply: control plane vs worker nodes, kube‑api, etcd, controllers, scheduler, kubelet, and CRDs for extensibility.
- Deployment patterns: rolling updates, blue/green, canary, and progressive delivery with traffic shaping and feature flags.
- Stateful workloads: StatefulSets, PersistentVolumes, CSI drivers, and backup/restore strategies for databases and stateful services.
- Networking and service mesh: CNI plugins, Ingress controllers, and service meshes (Istio/Linkerd) for observability, mTLS, and traffic control.
- Security primitives: RBAC, PodSecurityPolicies/PSA, network policies, image scanning, runtime hardening, and supply‑chain controls (SBOMs, signed images).
- Observability: centralized logging, distributed tracing, metrics (Prometheus), and alerting tied to SLIs/SLOs for reliability engineering.
- Scaling and resilience: HPA/VPA, cluster autoscaler, pod disruption budgets, and chaos testing to validate fault tolerance.
- Extensibility: Operators and controllers to encode application lifecycle logic and automate complex stateful operations.
- CI/CD integration: image build pipelines, artifact registries, GitOps workflows, and automated promotion across environments.
- Cost and capacity: node sizing, spot/preemptible instances, binpacking, and resource quotas to control spend and noisy neighbors.
- Advanced runtime optimization: multi‑arch images, image caching, sidecar patterns, and runtime acceleration (GPU, FPGA, Inferentia).
- Managed Kubernetes tradeoffs: EKS/GKE/AKS remove control‑plane ops, provide cloud‑native integrations (IAM, load balancers, logging), and differ in upgrade cadence, add‑ons, and pricing models.
- Platform engineering: build self‑service developer portals, standardized Helm charts/OCI bundles, and enforce policy as code (OPA/Gatekeeper) for governance.
- For 3–20 year practitioners: junior engineers should master Docker images, Compose, and basic K8s objects; mid‑level should own CI/CD, observability, and security basics; senior architects must design multi‑cluster strategies, cost governance, platform APIs, and cloud‑specific optimizations for EKS/GKE/AKS.
