Kubernetes | OpenShift |
Definition |
What is Kubernetes? Kubernetes is an open-source technology designed for container orchestration. It was initially created by Google. Google open sourced it to Cloud Native Computing Foundation for improving cloud native technologies. Kubernetes is a containerization platform that provides a wide range of features designed for managing services and workloads. Kubernetes has built in features that automate a range of tasks, including deployment, networking, and scaling. Kubernetes value propositions to developers like load balancing, process automation, and storage orchestration into their CI/CD pipelines. | What is OpenShift? OpenShift is developed by Red Hat which is a containerized solution. OpenShift uses Docker and Kubernetes to build its solution. Red Hat uses Kubernetes as the kernel of its distributed platform, and OpenShift as the distribution. OpenShift is a Kubernetes-based container platform which is also offered in the cloud. It is considered as a Platform as a Service (PaaS) that provides containerization services. It has built-in monitoring, enterprise-grade security, centralized policy management, and self-service provisioning. OpenShift is compatible with Kubernetes container workloads. It also offers OpenShift OKD platform which is used to create, deploy, and test applications in the cloud. |
Platform Support |
Kubernetes supports almost all Linux distribution, including the popular Ubuntu, Debian, and other alternatives. | OpenShift supports following platforms: •OpenShift 3 supports Red Hat Enterprise Linux (RHEL) or Red Hat Atomic •OpenShift 4 supports Red Hat CoreOS for the control plane, and either CoreOS or RHEL for worker nodes •OKD supports RHEL or CentOS. |
Installation |
Kubernetes installation can be done by using various tool like kubeadm, kops, and kube-spray etc. | OpenShift installation procedure depends on OpenShift version. • For OpenShift 3: We can install OpenShift 3 manually or using OpenShift-ansible. Installation process automates by using OpenShift-ansible, but it is slow, complex, and difficult to troubleshoot. The benefits of OpenShift-ansible are that it provides rolling updates for the entire cluster. • OpenShift 4—We can install OpenShift 4 using installer. The installer is supported on vSphere and AWS as well. Installation is done by a separate Kubernetes Operator but the entire configuration remains within ConfigMaps inside the cluster. In OpenShift 3, configuration files are kept on master servers. There are many manual installation steps are involved in case of bare metal installation for OpenShift 4. |
User Interface |
Kubernetes provides a web-based interface, which is not user friendly. Kubernetes has complex web user interface. It is not directly accessible. We need to install To access the interface, users need to first Kubernetes Dashboard and then forward the local port address to Kubernetes cluster using kube-proxy. Kubernetes Dashboard does not provide login page for user authenticate and authorization. We must make alternative solution for this. Managed Kubernetes services from cloud providers like Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), or Rancher, provide easy and more flexible pre-configured interface. | OpenShift provides very rich interactive web-based console with a one-touch login page. The OpenShift console provides very simple form-based interface which enable us to change, delete, and add resources. It is very helpful for user for visualizing cluster projects, servers, and roles. |
Updates |
Kubernetes allows us to perform multiple upgrades simultaneously. kubeadm upgrade command is used to upgrade latest Kubernetes version. Note: Take backup of all installation files before upgrade. | We cannot do multiple upgrades simultaneously in OpenShift. Red Hat Enterprise Linux package management system is the only way to install latest OpenShift version. |
Security |
Kubernetes provides many securities like role-based access control (RBAC), Transport Layer Security (TLS) for API traffic, and API authentication and authorization which are essential for large setup. Resource quota feature of Kubernetes for clusters and pods reduce the damage caused by a successful attack. | OpenShift provides more strict security policy compared to Kubernetes. The OpenShift platform does not allow to run many container images including many official images which will increase the security. To do basic operation, it needs at least some minimum privileges. OpenShift also provides an integrated authentication server. It based on Kubernetes, so all the built in Kubernetes security features are also available by default. |
Router vs Ingress |
Kubernetes provides Ingress. It provides many options. It can be implemented on many different servers easily. Ingress provides much more functionality than Router. Its new solution compared to router. | OpenShift provides a Router object which is basically deploy HAproxy. It provides features like traffic routing. It is more stable, mature solution than ingress. |
Integrated CI/CD |
Kubernetes does not provide built-in CI/CD integration. | OpenShift provides CI/CD pipeline by integrating with Jenkins for applications delivery. It provides source-to-image support which allow users to create custom Jenkins images that can be easily updated. This allows us to manage, test and update applications easy and fast way. |
Templates |
Kubernetes provides Helm template which is very good compared to OpenShift template. Helm architecture is based on Tiller. This is a component installed as a pod with extensive permissions. This is not suitable for OpenShift as there is strict security policies. Tiller is not used from helm3 and it supports enterprise level of security, identity, and authorization features. | OpenShift templates are simple and less sophisticated compared to Helm charts with respect to package versioning. Some of the external wrapper may be required to make template more flexible. This may lead deployments more complicated in OpenShift. OpenShift 3 offers additional options like Automation Broker (previously Ansible Service Broker) and Service Catalog. These processes cannot be installed on Kubernetes. Additionally, OpenShift does not support Helm. OpenShift 4 provides some granularity, like Helm charts, and offers an integrated OperatorHub. This is one of the preferred methods for provisioning services such as databases and queue systems. |
Networking |
Kubernetes allows communication between Pods, and it assign unique IP address from internal network. Having unique IP address from same internal network make all the containers in Pods behave as they are running in same host and run as individual host or virtual machine in case of port assignment, networking, load balancing, naming, service discovery, application configuration and migration. Kubernetes does not offer complete networking solution but there are many mature networking projects that we can use with Kubernetes, such as Calico and Cilium. | OpenShift provides complete built in networking solution. It offers software-defined networking (SDN) based networking solution for unified cluster network. It supports communication between pods in an OpenShift Container Platform cluster. This pod network is managed by OpenShift SDN. It uses Open vSwitch (OVS) for configuring the overlay network. OpenShift also provide built in DNS services. OpenShift provides many SDN options for pod network Pod network configuration: • Network Policy mode where project admins can configure their own quarantine policies using the NetworkPolicy object. • Multi-tenant mode enables project-level isolation of cluster-wide pods and services. • Subnet mode offers a flat network of pods where each Pods can communicate with other Pods. |
Container Image Management |
Kubernetes can be integrated with the Docker registry for image management. There is no dedicated resource available in Kubernetes for managing the workflow of building container images. Normally, Kubernetes users build images using the Docker build command. But other external tool and scripts can be used. | OpenShift provides a dedicated resource for image registry called Image Streams. Container image management is more secure by using internal image registry. The image registry provides console for searching images within cluster and changing image tag easily in the container registry. Image Streams allows users to download entire images and locally modify them without having to use external tools. It also provides flexibility to upload container images and internally manage virtual tags in OpenShift. ImageStream also provide flexibility to set trigger for self-deployment whenever new image version is available. Support of chained builds help to create updated versions of an application and publishes it as newer versions of a base image. |