What is Kubernetes? |
What is OpenShift? |
|
Kubernetes is a free and open-source technology designed for container orchestration. It was initially created by Google. Kubernetes is now part of the Cloud Native Computing Foundation which was founded for the purpose of advancing container technology.
Kubernetes is a portable containerization platform that provides a rich set of features designed to help manage services and workloads. Kubernetes comes with features that automate a range of tasks, including deployment, networking, and scaling.
Developers use Kubernetes to introduce features like load balancing, process automation, and storage orchestration into their CI/CD pipelines. |
OpenShift is a set of containerization solutions developed by Red Hat. OpenShift is partly built on Docker and Kubernetes, both popular containerization technologies. Red Hat considers Kubernetes as the kernel of its distributed platform, and OpenShift as the distribution.
The OpenShift Container Platform is a Kubernetes-based platform offered in the cloud. It is widely considered as a Platform as a Service (PaaS) that provides containerization services. It offers built-in monitoring, enterprise-grade security, centralized policy management, and self-service provisioning.
OpenShift is compatible with Kubernetes container workloads. It also offers OpenShift OKD (formerly known as Origin), which lets you create, deploy, and test applications in the cloud.
Related content: Read our guide to OpenShift architecture |
In this article you will learn about the main differences between Kubernetes and OpenShift:
OpenShift can be installed on the following platforms:
Kubernetes can be installed on almost any Linux distribution, including the popular Ubuntu, Debian, and other alternatives.
OpenShift has different installation procedures for different versions. Here are the main differences:
Kubernetes offers a variety of installation tools, including kubeadm, kops, and kube-spray. Some tools are designed especially for the cloud while others are universal yet more complex.
OpenShift offers an intuitive web-based console that comes with a one-touch login page. The OpenShift console provides a simple form-based interface that enables users to easily change, delete, and add resources. It also helps users to easily visualize cluster projects, servers, and roles.
Kubernetes offers a complex web-based interface, which is not generally recommended for novices. To access the interface, users need to first install the official Kubernetes Dashboard and then forward the port address of their local machine to the cluster server by using kube-proxy. However, the dashboard does not have a login page. To authenticate and authorize users, you implement a process that allows users to create their own bearer tokens.
That being said, managed Kubernetes services such as Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), or Rancher, provide a more convenient, pre-configured interface, and some provide additional management tools.
OpenShift does not make it possible to automatically perform multiple, concurrent updates. To install the most recent version of OpenShift, you need to access the Red Hat Enterprise Linux package management system.
Kubernetes lets you perform multiple upgrades, which can occur simultaneously. To upgrade Kubernetes, you only need to invoke the kubeadm upgrade command, which lets you get the newest version. Before upgrading Kubernetes, be sure to backup all existing installation files.
OpenShift offers a stricter security policy compared to Kubernetes. The OpenShift platform prohibits running most container images, including many official images, which enhances security. It also requires a certain minimal level of privileges for most basic operations. OpenShift also provides an integrated authentication server. Because it is based on Kubernetes, it also offers all the built-in security features in Kubernetes (as described below).
Kubernetes provides role-based access control (RBAC), Transport Layer Security (TLS) for API traffic, and API authentication and authorization which require complex setup. Kubernetes also provides resource quotas for clusters and pods, which can limit the damage caused by a successful attack.
OpenShift provides a Router object that implements HAproxy. This provides basic traffic routing functionality, but is considered a stable, mature solution.
Kubernetes provides Ingress, which offers more options as it can be easily implemented on many different servers. Ingress provides more functionality than Router but is a comparatively new solution.
OpenShift integrates with Jenkins, making it easier to deploy applications. It provides source-to-image support, allowing users to create custom Jenkins images that can be easily updated. This makes it easy to test, manage, and update applications.
Kubernetes does not provide built-in CI/CD integration.
OpenShift templates may seem simple as the main deployment method when compared to Kubernetes Helm charts. OpenShift lacks some of the sophistication offered by the templates and package versioning in Helm charts. This can make deployment more difficult on OpenShift, as you will generally need to use external wrappers to make the templates more flexible. The simple, single-pod deployments are less useful for complex scenarios.
OpenShift 3 offers additional options, including Automation Broker (previously Ansible Service Broker) and Service Catalog. However, you cannot install these processes on Kubernetes. Additionally, OpenShift does not support Helm.
OpenShift 4 provides some granularity, similar to Helm charts, and offers an integrated OperatorHub, which is increasingly the preferred method for provisioning services such as databases and queue systems.
Kubernetes provides Helm, which is a powerful alternative to OpenShift templates. Helm architecture used to be based on Tiller, a component installed as a pod with extensive permissions, which was not compatible with the strict security policies of OpenShift. However, from Helm 3, Tiller is no longer used, and the project supports enterprise grade security, identity, and authorization features.
OpenShift provides users with its own networking solution. It uses software-defined networking (SDN) methods to provide a unified cluster network, supporting communication between pods in an OpenShift Container Platform cluster. This pod network is set up and maintained by OpenShift SDN, which uses Open vSwitch (OVS) to configure the overlay network. OpenShift also has DNS services built in.
OpenShift provides several SDN modes for configuring your pod network:
Kubernetes guarantees that Pods can connect to each other and assigns each pod an IP address from the internal network. This will make all containers in the pod behave as if they were on the same host. Giving each pod a unique IP address means that you can think of the pod as a physical host or virtual machine when it comes to port assignment, networking, naming, service discovery, load balancing, and application configuration and migration.
Kubernetes does not provide a complete networking solution to the extent that OpenShift does. But there are several mature networking projects you can use with Kubernetes, such as Calico and Cilium.
OpenShift offers the use of an integrated image registry called Image Streams, which enables easier, more secure management of container images. This registry offers a console that allows users to search for information about image streams and images within a cluster. It also provides simple mechanisms for changing image tags in a container registry.
Image Streams lets users download entire images and locally modify them without having to use external tools. It also allows users to upload container images and internally manage virtual tags in OpenShift. When they use ImageStream, users can set a trigger that starts a deployment whenever a new image exists or a change in the reference of the tag occurs.
ImageStream is ideal for workloads that require a self-deployment process based on the build of a new version. It also supports chained builds, which create updated versions of an application, and publishes it as newer versions of a base image.
Kubernetes integrates with the Docker registry. Unlike OpenShift, Kubernetes does not provide a dedicated resource that can help you manage the workflow of building container images. You can use external tools or scripts, but in most cases, Kubernetes users build images using the Docker build command.
NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP capacity can scale into the petabytes, and it supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, Kubernetes integration, and more.
In particular, Cloud Volumes ONTAP supports Kubernetes Persistent Volume provisioning and management requirements of containerized workloads.
Learn more about how Cloud Volumes ONTAP helps to address the challenges of containerized applications in these Kubernetes Workloads with Cloud Volumes ONTAP Case Studies.
Learn more about using OpenShift Persistent Storage with Cloud Volumes ONTAP and about Deploying Cloud Volumes ONTAP and OpenShift Using Ansible.