Is there any guidelines on when to use Dockers over VM's? (or vice versa)
It seems to me that services like NGINX, Apache, or Redis, should be a docker, but I am unsure if say an ElasticSearch docker should be used in a HPC environment.
Is a Docker always better then a VM?
First, it is a container; docker is one implementation of a container, neither the first nor the last.
A virtual machine (VM) is a superset of a container, so the question isn't about better, it is about depth - namely how much isolation do you need. At the most trivial level, isolation is about getting away from the .so-insanity that plagues the universe; determine what you need, dump it in a container, and voila, no more compatibility problems. At this level, the container is mainly about packaging; and nothing can go wrong with making packaging magic. Just make sure your resume is up to date.
At deeper levels, containers can be involved in isolated deployments. These work, but typically require substantial amounts of management software: orchestration software (k8s), service mess (istio :), [A-Z]AAS. Somewhere in this wilderness they intersect with Virtual Machines, which pre-package many concepts in the other layers, albeit with a different management platform.
Within the domain of VMs, we see a continuum of awareness within the guest of the host which extends from similar to the container (ie. highly dependent) to blithely ignorant (ie. classic virtual machine). The selection criteria in this arena mainly falls in the domain of trust -- this less you trust the guest, the more you want to isolate it; or the less the guest trusts the host environment, the more isolated it wants to be.
To review; in the realm of isolation, containers and VMs occupy overlapping extremes of a continuum. The container is the lightest way to manage packaging, but as the isolation needs increase, the VM becomes increasingly attractive. Within the VM continuum, there are trade offs between trust and performance. There is a tonne of software supporting every stop along the way; but that software is not (yet) unified.