How do Kubernetes and OpenShift compare when working with applications?

Containerization is becoming the new norm for developing and deploying applications in a more efficient and accelerated manner. Kubernetes and OpenShift are two of the main container management platforms in the market for managing containers across the infrastructure.

In this video, I take a deep dive in looking at the many differences and similarities between Kubernetes and OpenShift.

Learn more:

• IBM and Red Hat
• Red Hat OpenShift on IBM Cloud
• VIDEO – IBM + Red Hat
• VIDEO – What is OpenShift?
• VIDEO – Intro to Red Hat OpenShift on IBM Cloud
• VIDEO – Guided Tour to Red Hat OpenShift on IBM Cloud
• “Red Hat OpenShift on IBM Cloud: Power of Kubernetes, Expertise of IBM“
• “Continuous Availability of Workloads with Red Hat OpenShift on IBM Cloud“
• “Push-Button Provisioning, Deployment, and Security“
• “Hardening Kube for Massive Scale and Workload Diversity“
• Full playlist of lightboarding videos
• Want to get some free, hands-on experience with Kubernetes? Take advantage of interactive, no-cost Kubernetes tutorials by checking out IBM CloudLabs.

Video Transcript

Kubernetes and OpenShift: How do they compare?

Hi everyone, my name is Sai Vennam, and I’m with the IBM Cloud team.

Today, we want to talk about Kubernetes and OpenShift. 

Now, it’s not exactly fair for me to compare those two directly because Kubernetes is an open source project, whereas OpenShift, on the other hand, is an offering by Red Hat. 

OpenShift and OKD

But, underneath the covers, OpenShift is actually powered by something called OKD, or Origin Kubernetes Distribution, and this includes Kubernetes as well as a number of other open source projects.

So, we’ve got Kubernetes, maybe your favorite container runtime—something like Docker—and if you want to take advantage of service-meshing capabilities, they have integrations with Istio and a number of other open source projects that we’ll talk about.

But, let’s talk about a few different ways that kind of highlight the differences between working with your apps whether they’re running strictly Kubernetes of if you’re using OpenShift.

Deploying an application

To start we’ll talk about deploying an application.

Deploying an application with Kubernetes

So, deploying an application in Kubernetes can actually be a little bit time-consuming. First let’s assume that you have your code up on something like GitHub—so you’ll pull that code to your local machine, maybe spin up a container.

Once you’ve got that container, you’ll have to figure out where you want to actually host it—so, the registry. Maybe you want to use something like Docker Hub or if you want a private registry, you’ll have to figure that out.

One thing I want to mention: If you take advantage of managed Kubernetes—so, something like Kubernetes from your favorite cloud provider—generally, they have options to have a registry or private registry directly in that experience.

Next, once it’s on that registry, you actually have to figure out your CI/CD story. This is where things get complicated because there are so many different options for deploying your applications.

Deploying an application with OpenShift

On the OpenShift side of things, on the other hand, they have an opinionated approach. So, all you really have to do is create an application and a project, at which point OpenShift does the heavy lifting on the backend. So, it’s going to create those pipelines, it’s going to create all of that automation that you need to do things like dev, test, and prod for your applications. 

So, really, it makes it a lot easier and you can get started on maybe using something like their Jenkins approach or sourced image capabilities.

The flexibility of Kubernetes vs. the streamlined approach of OpenShift

But one thing I do want to mention here you have a lot more flexibility on the Kubernetes side of things as you don’t have an opinionated, prescribed way of doing this. So, for power users and teams that are kind of influenced by legacy architectures, Kubernetes might be more effective.

For teams that really just want to be told how to get everything done and have a streamlined approach for their DevOps and pipeline approach the OpenShift side of things makes things quite easy.

Managing your applications

Next, let’s talk about managing your applications.

Managing apps with Kubernetes

So, there are two sides of the puzzle here. First, let’s start with how managing your apps looks like in Kubernetes.

So, you can take advantage of the default dashboard comes with any Kubernetes distribution but, unfortunately for most operations teams, that’s not quite enough. So, they’ll have to take it a step further and install additional dashboards.

So, maybe they’ll use something like an ELK stack, maybe they want to use Grafana instead, maybe Istio. The options are kind of endless.

So, essentially, it’s a lot of digging around to figure out the exact solution that fits their use case.

Managing apps with OpenShift

On the OpenShift side of things, again there’s an opinionated, prescribed way of doing this. In addition, they have an awesome web console that builds on the Kubernetes APIs and comes with a lot of different capabilities for SREs and operations teams to really manage their workloads.

In addition, there’s prescribed and kind of opinionated ways to do those dashboards that we talked about. So, they suggest an EFK stack and have different ways to integrate capabilities like Istio if you wanted to use it. 

So again, by taking advantage of some of their automated installers and Ansible playbooks, managing applications is a little bit easier (with the caveat that you give up some of that flexibility as they do have prescribed approaches).

Node configuration and day-to-day operations

Next, let’s talk about a node configuration or day-to-day operations.

So, a cluster is going to be made up of a number of VMs, whether they’re virtualized or bare metal—whatever it might be, the cluster is going to have some VMs within it.

Adding new VMs with Kubernetes 

The Kubernetes way of adding additional VMs into that cluster can be kind of time-consuming. So, setting up self-registration, or the different cloud automation of setting up or creating new VMs and bringing them into the cluster. This is time-consuming and requires scripts to be developed.

Adding new VMs with OpenShift

On the OpenShift side of things, it’s a little bit easier. They have Ansible playbooks and installers to bring in new VMs into your cluster. So, it’s a fairly straightforward process and they even have ways to do and handle auto-scaling or spinning up new VMs in response to load.

Security

The last thing I want to highlight is security.

So, OpenShift and Red try to fill the gaps where the open source community maybe hasn’t done so. So, by working with real enterprise customers, they’ve realized that by that by creating best security practices from scratch, they’re really able to tackle some of the problems that some of the customers need to be able to use Kubernetes.

So, let’s talk about a few different things here.

Kubernetes and security

So, on the Kubernetes side of things, you know, chances are you’re not working on a project by yourself. There’s a team of people, each of which have to have different permissions. So, in the beginning, Kuberenetes didn’t even have something like RBAC (which OpenShift kind of solved), but you know now we can take it for granted that they have RBAC.

They’re gonna have some other capabilities to do things like IAM, but at the end of the day, these are all things that you have to build out and are time-consuming.

OpenShift and security

On the OpenShift side of things, these can all come out of the box. So, when you create that project, you get access to all of these—you really just have to add the users and it’ll handle things like Kubernetes namespacing and creating different kind of security policies with the best practices. And you can get all of that from scratch.

However, there’s a small trade-off. So, for example, in Kubernetes, you can pretty much take any image out there in Docker Hub and expect that’ll run as expected. On the OpenShift side of things, there are kind of restricted permissions where the containers don’t run as root. So, sometimes images don’t run as expected. 

So, that’s kind of a small caveat for having those best practices of security instilled from the get-go. It’s something that you have to balance.

At the end of the day, OpenShift is not a one-size-fits-all solution. It’s very important to understand the fundamentals of Kubernetes that power OpenShift.

For individuals and small IT teams, OpenShift really streamlines a lot of those very difficult tasks.