It is well-known that Docker popularized and commoditized software containers. Docker did not invent containers, but standardized them and made them broadly available, not least by offering the free image registry Docker Hub. Initially, Docker focused mainly on the developer and the development life cycle. But companies that started to use and love containers soon also wanted to use containers, not just during development or testing of new applications, but also to run those applications in production.
Initially, Docker had nothing to offer in that space, so other companies jumped into that vacuum and offered help to the users. But it didn't take long and Docker recognized that there was a huge demand for a simple yet powerful orchestrator. Docker's first attempt was a product called classic Swarm. It was a standalone product that enabled users to create a cluster of Docker host machines that could be used to run and scale their containerized applications in a highly available and self-healing way.
The setup of a classic Docker Swarm, though, was hard. A lot of complicated manual steps were involved. Customers loved the product but struggled with its complexity. So Docker decided it could do better. It went back to the drawing board and came up with SwarmKit. SwarmKit was introduced at DockerCon 2016 in Seattle and was an integral part of the newest version of the Docker engine. Yes, you got that right, SwarmKit was and still is to this day an integral part of the Docker engine. Thus, if you install a Docker host, you automatically have SwarmKit available with it.
SwarmKit was designed with simplicity and security in mind. The mantra was and still is that it has to be almost trivial to set up a swarm, and the swarm has to be highly secure out of the box. Docker Swarm operates on the assumption of least privilege.
Installing a complete, highly available Docker Swarm is literally as simple as starting with a docker swarm init on the first node in the cluster, which becomes the so-called leader, and then a docker swarm join <join-token> on all other nodes. The join-token is generated by the leader during initialization. The whole process takes less that 5 minutes on a Swarm with up to 10 nodes. If it is automated, it takes even less time.
As I already mentioned, security was top on the list of must-haves when Docker designed and developed SwarmKit. Containers provide security by relying on Linux kernel namespaces and cgroups as well as Linux syscall whitelisting (seccomp) and the support of Linux capabilities and the Linux security module (LSM). Now, on top of that, SwarmKit adds MTLS and secrets that are encrypted at rest and in transit. Furthermore, Swarm defines the so-called container network model (CNM), which allows for SDNs that provide sandboxing for application services running on the swarm.
Docker SwarmKit supports both Linux and Windows containers.