I think the confusion is the difference between a box and a container: I grok that I would use a dockerfile to configure a container, and I would use chef/puppet to configure a box. But, _why_ can't I use chef/puppet to configure a container? Why is a dockerfile (in concept or syntax) _better_ than chef/puppet?
I think the fundamental difference is that a container is built from the _outside_ (the way you would build an executable), whereas a box is configured from the _inside_ (the way you configure a physical computer). Docker is designed for the former, and Chef is designed for the latter.
What causes the confusion, I think, is Docker's premise that the best executable format for software is a virtual computer encapsulating all of the program's dependencies. Because of this, the software you're running starts looking a lot like the computer it's running on - because they're both computers! It's just computers running on computers running on computers, or as Alan Kay liked to say it, "Real Computers All The Way Down" [1].
I believe things are bound to get more confusing for a while, but the result I believe will be one of computing's most exciting development.
