OpenShift Container Platform

Kubernetes vs OpenShift: 10 Key Differences

 

What is Kubernetes?

What is OpenShift?

Kubernetes is a free and open-source technology designed for container orchestration. It was initially created by Google. Kubernetes is now part of the Cloud Native Computing Foundation which was founded for the purpose of advancing container technology.

 

Kubernetes is a portable containerization platform that provides a rich set of features designed to help manage services and workloads. Kubernetes comes with features that automate a range of tasks, including deployment, networking, and scaling.

 

Developers use Kubernetes to introduce features like load balancing, process automation, and storage orchestration into their CI/CD pipelines.

OpenShift is a set of containerization solutions developed by Red Hat. OpenShift is partly built on Docker and Kubernetes, both popular containerization technologies. Red Hat considers Kubernetes as the kernel of its distributed platform, and OpenShift as the distribution.

 

The OpenShift Container Platform is a Kubernetes-based platform offered in the cloud. It is widely considered as a Platform as a Service (PaaS) that provides containerization services. It offers built-in monitoring, enterprise-grade security, centralized policy management, and self-service provisioning.

 

OpenShift is compatible with Kubernetes container workloads. It also offers OpenShift OKD (formerly known as Origin), which lets you create, deploy, and test applications in the cloud.

 

Related content: Read our guide to OpenShift architecture

In this article you will learn about the main differences between Kubernetes and OpenShift:

  1. Platform Support
  2. Installation
  3. User Interface
  4. Updates
  5. Security
  6. Router vs Ingress
  7. Integrated CI/CD
  8. Templates
  9. Networking
  10. Container Image Management

1. OpenShift vs Kubernetes: Platform Support

OpenShift can be installed on the following platforms:

  • OpenShift 3—Red Hat Enterprise Linux (RHEL) or Red Hat Atomic
  • OpenShift 4—Red Hat CoreOS for the control plane, and either CoreOS or RHEL for worker nodes
  • OKD—RHEL or CentOS.

Kubernetes can be installed on almost any Linux distribution, including the popular Ubuntu, Debian, and other alternatives.

2. OpenShift vs Kubernetes: Installation

OpenShift has different installation procedures for different versions. Here are the main differences:

  • OpenShift 3—you can install this version by manually following reference guides or by using the openshift-ansible Even if you use the openshift-ansible project which automates the installation, the process may be slow, complex, and difficult to troubleshoot. The main advantage of openshift-ansible is that it provides rolling updates for the entire cluster.
  • OpenShift 4—you can install this version using a simplified installer, which currently supports vSphere and AWS. Installation is performed by a dedicated Kubernetes Operator, while the entire configuration remains within ConfigMaps inside the cluster. This is unlike version 3, which kept configuration in files on master servers. If you need to perform bare metal installation for OpenShift 4, this currently involves many manual steps and requires an active Internet connection.

Kubernetes offers a variety of installation tools, including kubeadm, kops, and kube-spray. Some tools are designed especially for the cloud while others are universal yet more complex.

3. OpenShift vs Kubernetes: User Interface

OpenShift offers an intuitive web-based console that comes with a one-touch login page. The OpenShift console provides a simple form-based interface that enables users to easily change, delete, and add resources. It also helps users to easily visualize cluster projects, servers, and roles.

Kubernetes offers a complex web-based interface, which is not generally recommended for novices. To access the interface, users need to first install the official Kubernetes Dashboard and then forward the port address of their local machine to the cluster server by using kube-proxy. However, the dashboard does not have a login page. To authenticate and authorize users, you implement a process that allows users to create their own bearer tokens.

That being said, managed Kubernetes services such as Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), or Rancher, provide a more convenient, pre-configured interface, and some provide additional management tools.

4. OpenShift vs Kubernetes: Updates

OpenShift does not make it possible to automatically perform multiple, concurrent updates. To install the most recent version of OpenShift, you need to access the Red Hat Enterprise Linux package management system.

Kubernetes lets you perform multiple upgrades, which can occur simultaneously. To upgrade Kubernetes, you only need to invoke the kubeadm upgrade command, which lets you get the newest version. Before upgrading Kubernetes, be sure to backup all existing installation files.

5. OpenShift vs Kubernetes: Security

OpenShift offers a stricter security policy compared to Kubernetes. The OpenShift platform prohibits running most container images, including many official images, which enhances security. It also requires a certain minimal level of privileges for most basic operations. OpenShift also provides an integrated authentication server. Because it is based on Kubernetes, it also offers all the built-in security features in Kubernetes (as described below).

Kubernetes provides role-based access control (RBAC), Transport Layer Security (TLS) for API traffic, and API authentication and authorization which require complex setup. Kubernetes also provides resource quotas for clusters and pods, which can limit the damage caused by a successful attack.

6. OpenShift vs Kubernetes: Router vs Ingress

OpenShift provides a Router object that implements HAproxy. This provides basic traffic routing functionality, but is considered a stable, mature solution.

Kubernetes provides Ingress, which offers more options as it can be easily implemented on many different servers. Ingress provides more functionality than Router but is a comparatively new solution.

7. OpenShift vs Kubernetes: Integrated CI/CD

OpenShift integrates with Jenkins, making it easier to deploy applications. It provides source-to-image support, allowing users to create custom Jenkins images that can be easily updated. This makes it easy to test, manage, and update applications.

Kubernetes does not provide built-in CI/CD integration.

8. OpenShift vs Kubernetes: Templates

OpenShift templates may seem simple as the main deployment method when compared to Kubernetes Helm charts. OpenShift lacks some of the sophistication offered by the templates and package versioning in Helm charts. This can make deployment more difficult on OpenShift, as you will generally need to use external wrappers to make the templates more flexible. The simple, single-pod deployments are less useful for complex scenarios.

OpenShift 3 offers additional options, including Automation Broker (previously Ansible Service Broker) and Service Catalog. However, you cannot install these processes on Kubernetes. Additionally, OpenShift does not support Helm.

OpenShift 4 provides some granularity, similar to Helm charts, and offers an integrated OperatorHub, which is increasingly the preferred method for provisioning services such as databases and queue systems.

Kubernetes provides Helm, which is a powerful alternative to OpenShift templates. Helm architecture used to be based on Tiller, a component installed as a pod with extensive permissions, which was not compatible with the strict security policies of OpenShift. However, from Helm 3, Tiller is no longer used, and the project supports enterprise grade security, identity, and authorization features.

9. OpenShift vs Kubernetes: Networking

OpenShift provides users with its own networking solution. It uses software-defined networking (SDN) methods to provide a unified cluster network, supporting communication between pods in an OpenShift Container Platform cluster. This pod network is set up and maintained by OpenShift SDN, which uses Open vSwitch (OVS) to configure the overlay network. OpenShift also has DNS services built in.

OpenShift provides several SDN modes for configuring your pod network:

  • Network Policy mode allows project admins to set their own quarantine policies using the NetworkPolicy object.
  • Multi-tenant mode enables project-level isolation for cluster-wide pods and services.
  • Subnet mode offers a flat network of pods in which every pod is able to communicate with all services and other pods.

Kubernetes guarantees that Pods can connect to each other and assigns each pod an IP address from the internal network. This will make all containers in the pod behave as if they were on the same host. Giving each pod a unique IP address means that you can think of the pod as a physical host or virtual machine when it comes to port assignment, networking, naming, service discovery, load balancing, and application configuration and migration.

Kubernetes does not provide a complete networking solution to the extent that OpenShift does. But there are several mature networking projects you can use with Kubernetes, such as Calico and Cilium.

10. OpenShift vs Kubernetes: Container Image Management

OpenShift offers the use of an integrated image registry called Image Streams, which enables easier, more secure management of container images. This registry offers a console that allows users to search for information about image streams and images within a cluster. It also provides simple mechanisms for changing image tags in a container registry.

Image Streams lets users download entire images and locally modify them without having to use external tools. It also allows users to upload container images and internally manage virtual tags in OpenShift. When they use ImageStream, users can set a trigger that starts a deployment whenever a new image exists or a change in the reference of the tag occurs.

ImageStream is ideal for workloads that require a self-deployment process based on the build of a new version. It also supports chained builds, which create updated versions of an application, and publishes it as newer versions of a base image.

Kubernetes integrates with the Docker registry. Unlike OpenShift, Kubernetes does not provide a dedicated resource that can help you manage the workflow of building container images. You can use external tools or scripts, but in most cases, Kubernetes users build images using the Docker build command.

Kubernetes Storage with Cloud Volumes ONTAP

NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP capacity can scale into the petabytes, and it supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, Kubernetes integration, and more.

In particular, Cloud Volumes ONTAP supports Kubernetes Persistent Volume provisioning and management requirements of containerized workloads.

Learn more about how Cloud Volumes ONTAP helps to address the challenges of containerized applications in these Kubernetes Workloads with Cloud Volumes ONTAP Case Studies.

Learn more about using OpenShift Persistent Storage with Cloud Volumes ONTAP and about Deploying Cloud Volumes ONTAP and OpenShift Using Ansible.

New call-to-action

Yifat Perry, Product Marketing Lead

Product Marketing Lead

-
X