Which platform is the best: Kubernetes vs OpenShift

Containers provide businesses with a repeatable method for bundling together all dependencies for an application into a single box or object that can be run on multiple environments. If done correctly these containers allow businesses to automatically scale up their web services to meet peaks in demand and scale down with lower demand to reduce expenses.

Just these benefits alone demonstrate why it is not a surprise that containers have drastically risen in popularity.

As more containers are deployed across an organisation there is a requirement to manage these containers in a cost-effective manner. This is where container management platforms come into play. 

In this article we compare two of the industries current heavyweights for pros and cons.

Kubernetes

Kubernetes was first announced by Google in 2014. The architecture and design of Kubernetes is based on the Borg system. 

After the announcement in 2014, the first version of Kubernetes i.e Kubernetes v1.0 was released on July 21, 2015. Google contributed Kubernetes to the Cloud Native Computing Foundation or CNCF as a seed technology. 

In 2016 when the executive director of the CNCF wanted to understand the size of Kubernetes in relation to other projects on Github, Kubernetes came in 2nd for commits, with about a 5th of the number of commits in the Linux kernel[1]. 

According to the CNCF 2019 survey, Kubernetes is the most popular container management tool with 83% of respondents currently using it. To put things in perspective, Amazon’s Elastic Container Service came in second with 24%[2].

Advantages of Kubernetes

Portability

The first and foremost advantages of the Kubernetes is the portability it offers. The Kubernetes platform can be deployed on most flavours of Linux, if not all, and for this reason can be deployed to any Cloud provider or on-premise, meaning that your workloads are truly portable. Kubernetes can even be run on Windows now[3].

Also due to its popularity, most of the major cloud providers now offer a Turnkey or hosted solution for running Kubernetes within their cloud environment. It makes the deployment easier as well as faster. 

While Kubernetes can be run in the cloud with up to 5000 nodes within the cluster, it is also possible to run Kubernetes on a laptop or desktop computer. There are numerous methods for doing this with Minikube being a very popular method of running a cluster on a single machine, but also Kind which is Kubernetes in Docker allowing you to run workloads on a local machine also.  

Opensource

As stated already Kubernetes was created by Google, but it is also Open Source. A big benefit of using open-source software is that you do not need to pay a license fee for using the software. This means that if you are leveraging Kubernetes in the Cloud you will get to use one the most stable and scalable container platforms on the planet for free, well not including the infrastructure costs. 

Since it is developed by the biggest tech giant Google, it provides greater credibility and brand value. Google regularly updates and adds new features and offers bug fixes quite often. Hence, it becomes more reliable and trusted. 

The Community 

Kubernetes is one of the most widely adopted container platforms on the planet. This means that a lot of companies are using Kubernetes to build their software products. There are masses of tools that are available in the Kubernetes ecosystem to enable organisations to use other peoples patterns or software in order to provide different elements of the value chain, without reinventing the wheel.

In actual fact the community was described as one of the driving forces behind RedHat opting to integrate Kubernetes into OpenShift[3].

Weaknesses of Kubernetes

Complexity

Businesses that wish to switch to Kubernetes face some challenges due to having to re-architect their infrastructure and also their applications.

From an application development point of view, Kubernetes is easier to leverage if the application’s state is not maintained in the cluster. For that reason changing your application architecture to leverage a stateless Microservice pattern is imperative to achieving success with Kubernetes. 

Switching to Kubernetes also introduces complexity for your platform or infrastructure team. Changes to the way teams handle things like Networking, Vulnerability Management and Continuous Integration are generally required to adopt Kubernetes successfully.

Redesigning all these applications and infrastructure services is a complex task and also time-consuming.

Skillset

As stated above, redesigning the applications and the platform comes with its own complexities. Those complexities would be sufficiently less complex if the right skill sets were available on the market. As this technology is fairly new, or at least at the adoption rates that we are seeing, the market has not sufficiently upskilled enough of its workers to cope with the demand. This means that most companies are left with a market that seems underskilled to assist them with their transformation.

OpenShift 

OpenShift is another container management platform but it was developed by RedHat. RedHat was founded in 2003 and has been pretty well known for delivering software to assist the enterprise. 

RedHat’s move into the PaaS market was mainly inspired by Makara which was a company that offered a proprietary PaaS solution using Linux container technology. RedHat actually acquired Makara in 2010 and released OpenShift in May 2011 but at that time it was still a proprietary service. It was not until a year later, May 2012 that it became open-source technology. 

In version 3 RedHat decided to adopt Kubernetes as the container orchestration technology under the hood in OpenShift, also Docker as the container runtime. Part of the reason for this shift to Kubernetes was described by RedHat sources as being due to the great community, as described above in the advantages of Kubernetes. 

The next version came up with many other architectural changes like CRIO as a container runtime technology, Podman for container interaction and Buildah as a build tool for containers. This way it became free from Docker. 

It is predominantly described as an on-premises service but is also available to be installed in the Cloud.that 

Advantages

Business Speed and Agility 

The main goal of OpenShift is to enable a company to innovate and deploy applications faster. Allowing companies to focus on the business logic of their applications and removing the burden of container management is shown to have decreased application development time by 49% as well as delivery of new features by 54%. It also stands to reason that an average decrease in time to develop applications and features would also provide a reduction in engineering costs of a similar number, should everything else be consistent. 

These are all important reasons for a business to stand up and take notice of OpenShift as a container platform.

RedHat Support

As stated above RedHat has been in business almost two decades, they have around 13,000 employees and developed OpenShift, as well as being one of the largest contributors to the Kubernetes project, 2nd only to Google.

This would place them as somewhat of an experienced expert when dealing with workloads on these container management frameworks. They enable companies to benefit from this expertise by purchasing support packages from them, but also in the support that they offer by packaging and versioning the release of OpenShift. This gives purchasers of the technology a bit more comfort in knowing that there is somebody they can call upon if there are problems with their installation.

Security

RedHat provides some additional security features over Kubernetes, this is not to say that you cannot secure Kubernetes on your own in very similar ways, but out of the box OpenShift will give a company more security than Kubernetes.

For example, OpenShift prevents containers from running as privileged users by default. There is also the ability to granularly control the permissions that a container has via deployment policies. These can be added in Kubernetes but they are not enabled by default and then you have to modify your containers in order to still operate on the newly secured system.

OpenShift also enables companies to be more secure by providing the beginning of a secure software supply chain. All the supplied images are scanned for vulnerabilities, there are also mechanisms to automatically scan modified images for vulnerabilities, allowing companies to have a more real-time view of potential vulnerabilities within their estate, and remediate these vulnerabilities at a faster pace.

Weaknesses

Experience

OpenShift is more usually deployed in Enterprise environments, as can be seen from their very respectable statistic around being trusted by over 90% of Fortune 500 companies on their website[x]. Whether that statistic is in relation to OpenShift installations or not it does mean that there are going to be fewer engineers on the market who are experienced in using OpenShift. I have also found that this is even the case when leveraging RedHat on projects to deliver and build on top of OpenShift, that even within the walls of the parent organisation there is limited experience to go around. 

Expense

As stated above OpenShift is an open-source product and so the source code is readily available for free. However, the benefits that we discussed previously are provided in the enterprise version of OpenShift Container Platform. This enterprise version actually comes with a license fee and is licensed per core of the worker nodes that are running within your cluster. This means that OpenShift will be more expensive to run than Kubernetes when comparing these two directly in OPEX.

Kubernetes Vs OpenShift 

OpenShift leverages Kubernetes under the hood in order to deal with the complexity that comes when wanting to run multiple containers. RedHat has attempted to solve some perceived problems within Kubernetes, particularly when deploying container orchestration into Enterprise environments.

Graphical User Interface

Both of these two platforms have a graphical user interface which can be accessed using the web-browser. 

In both cases users can deploy applications to the cluster, make changes to these applications and monitor these applications.

The main difference is that in Kubernetes the web console is not installed by default, you have to deploy the web console after the cluster is up and running.

In OpenShift, the web console is made available once the cluster is deployed.

Command-Line Access

Deploying to both of these container management systems can be achieved via a Command Line Interface. 

In the Kubernetes world, the user has full control over their applications using the CLI tool kubectl. The kubectl tool is also extendible via the use of plugins.

OpenShift can be controlled using the oc command, which offers all of the same capabilities as the kubectl command provided to a Kubernetes cluster. There are a few differences provided by the oc command, the first being that it offers a built-in mechanism to authenticate to an OpenShift cluster whereas kubectl expects the executing environment to have already been authenticated to a Kubernetes cluster.

The second difference is that the oc binary allows an extra method which makes it easier for users to deploy new applications.

Registry

By default, a Kubernetes cluster does not come with a Docker registry for storing Docker images. It is simple to deploy one to the cluster, but bear in mind that it Kubernetes is usually easier to manage when state is kept outside of the cluster. 

OpenShift comes with Docker Registry out of the box, which means users can store their Docker images in the cluster straight away. OpenShift also comes with Imagestreams out of the box, making it much easier for a user to perform actions on images based on updates upstream.

Continuous Integration

While Kubernetes does not come with any Continuous Integration tooling out of the box, the community is loaded with material on how to run C.I tools using Kubernetes and this makes it incredibly easy to get C.I up and running for applications or services which sit on top of the cluster.

On the other hand, OpenShift comes with a Jenkins image out of the box making it simple to set up a basic C.I pipeline. With some of the newer Developer experience features added to Openshift in version 4, OCP Pipelines actually integrate Jenkins and Tekton into the user’s project space.

Conclusion 

That's all about it. Now, we can assume that you know everything about the Kubernetes and OpenShift platforms. You can select anyone based upon your requirements. Although both the platforms have many differences, nothing can be said about which one is better. It depends on the specific requirements of the company and what they want. 

References

1. Measuring the Popularity of Kubernetes Using BigQuery - https://www.cncf.io/blog/2017/02/27/measuring-popularity-kubernetes-using-bigquery/ 
2. How to build an enterprise Kubernetes strategy - https://info.rancher.com/how-to-build-enterprise-kubernetes-strategy
3. Running Kubernetes Locally - https://kubernetes.io/blog/2019/03/28/running-kubernetes-locally-on-linux-with-minikube-now-with-kubernetes-1.14-support/
4. Why Red Hat Chose Kubernetes - https://www.openshift.com/blog/red-hat-chose-kubernetes-openshift