Kubernetes vs Openshift in Container Management World

Both Kubernetes (K8s) and openshift are Container Management Systems used to do container ochestration and Management. They have similarities as well as differences between them.Intention of this post is to demonstrate the actual relationship and the conceptual difference between kubernetes and openshift.

What is Kubernetes ?

Kubernetes which is abbreviated as K8s is an opensource Container Management System originated as a project by Google started in 2014. It has the portable, extensible and self-handling nature where we can get the full advantage of container-centric development environment. More clearly, it is provided as Container as a Serivice (CaaS).

When it comes to production there are three ways that we can implement Kubernetes cluster. Those are Vanilla Kubernetes, Kubernetes distribution and PaaS based Kubernetes.

Vanilla Kubernetes is the most basic installation with the primary features of the kubernetes release while Kubernetes distribution is having the features of vanilla-kubernetes and addition to that there are proprietary features given by the vendor who manage the distribution. PaaS based Kubernetes is a solution with a complete platform provided with kubernentes including everything needed to run the Container Management System in production.builds, test runs, image creation, deploying and staging lifecycle is involved in PassS based Kubernetes.

What is openshift ?

OpenShift is a Container Application platform by RedHat which acts as a enterprise Kubernetes distribution which is developed on top of Kubernetes and docker. It is provided as a Platform as a Service (PaaS). more clearly, it is one of the Kubernetes’s PaaS based Solution.

So diagrammatically it can be denoted as below.

Kubernetes is always a subset of openshift when it comes to features included in it and the functionalities of it.

Openshift is a good solution for use cases which needs OOTB available tooling and when the main consideration of the user is on his source of implementation that the CMS. So most of the part is handled by the platform itself without giving the weight to the user like routing between services, container orchestration etc.

Architecture

Hosting architecture of kubernetes and the PaaS architecture of Openshift is different. Building the images Stored in Image Registry and deploying them is available in PaaS OOTB including a web console to call the APIs without directly calling the APIs through dev/Ops. Policies and Tools are also available OOTB without asking the user to configure them. Other than that one main difference in architecture of kubernetes and openshift is logging. Kubernetes hosting architecture support ELK stack (Elastic Search + Logstash + Kibana) while Openshift PaaSarchitecture supports EFK (Elastic Search + Fluentd + Kibana). Why openshift uses fluentd over logstash is that fluentd is always being one step forward in terms of technology, component shipping and resillency. But still logstash has a good parallalism support.

Conceptual differences

One main difference in concepts or the constructs of Kubernetes and OpenShift are Ingress and Ingress Controller vs Route and Router. Route an Router are OpenShift constructs where route is used to define rules to be applied for incoming connections. The corresponding construct in Kuberntes for the same purpose is named as Ingress. Routers in OpenShift are the constructs which expose the routes created by the user to external traffic. The matching resource of kubernetes for Router is Ingress Controller. Having an Ingress Resource is no use without and Ingress Controller.

More security for the namespace with project

The namespace in Kubernetes is a virtual cluster which is backed by a physical cluster. We can create many namespaces on a single physical cluster to subset the services, pods, endpoints etc. These logical groupings does not have a security between them because if you can connect to the cluster, you can see all the namespaces and the resources in each of them. OpenShift has gone one step forward to solve this security issue in namespaces by introducing the construct project to wrap up the namespace by controlling the access for the users to the namespaces. Then the users or the applications can only access to the resources/ namespaces to only which they have been granted privileges. in much more broader terms “Projects enables multi-tenant use of an OpenShift cluster with access privileges determined by the identity of the user or the team they belong to.projects enabled”.

Summary

Kubernetes and Openshift both are Container Management Systems which provides automation for deployment, management and scaling of containerized applications.

By being developed on top of Kubernetes, OpenShift is always sophisticated than Kubernetes as it provides much more features OOTB by becoming Enterprise-Ready Kubernetes than Native Kubernetes which is a rock-solid orchestration layer to OpenShift.