Kubernetes vs OpenShift: Deployment Comparison
Key Points
- Kubernetes is a pure open‑source container orchestration platform, while OpenShift is Red Hat’s commercial offering built on OKD (Origin Kubernetes Distribution) that bundles Kubernetes with additional open‑source tools.
- Deploying to vanilla Kubernetes typically requires manually handling code checkout, container image builds, registry selection, and CI/CD configuration, whereas OpenShift provides an opinionated workflow that auto‑creates projects, pipelines, and source‑to‑image builds.
- Kubernetes gives teams maximal flexibility and is often preferred for legacy or highly customized architectures, while OpenShift’s guided, “turn‑key” DevOps experience speeds up onboarding for teams that want a streamlined process.
- Both platforms support integrations with runtimes like Docker and service meshes such as Istio, and managed Kubernetes services often include built‑in private registries to simplify the deployment pipeline.
Sections
- Kubernetes vs OpenShift Deployment - The speaker explains that Kubernetes is a bare‑bones open‑source platform while OpenShift (built on OKD) bundles additional tools and services, contrasting the manual steps required to deploy an application on plain Kubernetes with the more streamlined, integrated workflow offered by OpenShift.
- OpenShift’s Opinionated Dashboard & Node Management - The speaker explains how OpenShift offers preset monitoring stacks (EFK/ELK, Grafana, Istio) and automated installers/Ansible playbooks for dashboards and cluster node provisioning, simplifying operations at the cost of reduced flexibility.
- OpenShift Ease vs Security Tradeoffs - OpenShift streamlines Kubernetes setup with built‑in namespace and security policies, but its non‑root container restrictions can cause compatibility issues, so users must balance convenience with understanding core Kubernetes fundamentals.
Full Transcript
# Kubernetes vs OpenShift: Deployment Comparison **Source:** [https://www.youtube.com/watch?v=cTPFwXsM2po](https://www.youtube.com/watch?v=cTPFwXsM2po) **Duration:** 00:07:25 ## Summary - Kubernetes is a pure open‑source container orchestration platform, while OpenShift is Red Hat’s commercial offering built on OKD (Origin Kubernetes Distribution) that bundles Kubernetes with additional open‑source tools. - Deploying to vanilla Kubernetes typically requires manually handling code checkout, container image builds, registry selection, and CI/CD configuration, whereas OpenShift provides an opinionated workflow that auto‑creates projects, pipelines, and source‑to‑image builds. - Kubernetes gives teams maximal flexibility and is often preferred for legacy or highly customized architectures, while OpenShift’s guided, “turn‑key” DevOps experience speeds up onboarding for teams that want a streamlined process. - Both platforms support integrations with runtimes like Docker and service meshes such as Istio, and managed Kubernetes services often include built‑in private registries to simplify the deployment pipeline. ## Sections - [00:00:00](https://www.youtube.com/watch?v=cTPFwXsM2po&t=0s) **Kubernetes vs OpenShift Deployment** - The speaker explains that Kubernetes is a bare‑bones open‑source platform while OpenShift (built on OKD) bundles additional tools and services, contrasting the manual steps required to deploy an application on plain Kubernetes with the more streamlined, integrated workflow offered by OpenShift. - [00:03:11](https://www.youtube.com/watch?v=cTPFwXsM2po&t=191s) **OpenShift’s Opinionated Dashboard & Node Management** - The speaker explains how OpenShift offers preset monitoring stacks (EFK/ELK, Grafana, Istio) and automated installers/Ansible playbooks for dashboards and cluster node provisioning, simplifying operations at the cost of reduced flexibility. - [00:06:15](https://www.youtube.com/watch?v=cTPFwXsM2po&t=375s) **OpenShift Ease vs Security Tradeoffs** - OpenShift streamlines Kubernetes setup with built‑in namespace and security policies, but its non‑root container restrictions can cause compatibility issues, so users must balance convenience with understanding core Kubernetes fundamentals. ## Full Transcript
Hi everyone, my name is Sai Vennam
and I'm with the IBM Cloud team.
Today we want to talk about Kubernetes and OpenShift.
Now it's not exactly fair for me to compare those two directly
because Kubernetes is an open source project,
whereas OpenShift on the other hand is an offering by Red Hat,
but underneath the covers, OpenShift is actually powered by something called OKD,
or Origin Kubernetes Distribution,
and this includes Kubernetes as well as a number of other open source projects.
So, we've got Kubernetes,
maybe your favorite container runtime, something like Docker,
and if you want to take advantage of service matching capabilities,
they have integrations with Istio
and a number of other open source projects that we'll talk about.
But let's talk about a few different ways
that kind of highlights the differences between working with your apps
whether they're running strictly Kubernetes
or if you’re using OpenShift.
To start we'll talk about deploying an application.
So, deploying an application to Kubernetes can actually be a little bit time consuming.
So, first let's assume that you have your code up on something like GitHub.
So, you'll pull that code to your local machine,
maybe spin up a container.
Once you've got that container you'll have to figure out
where you want to actually host it.
So, the registry.
So, maybe you want to use something like Docker Hub
or if you want a private registry you'll have to figure that out.
One thing I want to mention if you take advantage of managed Kubernetes.
So, something like Kubernetes from your favorite cloud provider.
Generally, they have options to have a registry, or private registry, directly in that experience.
Next, once it's on the registry, you actually have to figure out your CIDC story.
And this is where things get complicated because there's so many different options
for deploying your applications.
On the OpenShift side of things, on the other hand,
they have an opinionated approach.
So, all you really have to do
is create an application and a project
at which point OpenShift does the heavy lifting on the back end.
So, it's going to create those pipelines, it’s going to create
all of that automation that you need to do things like
development, test and production for your applications.
So, really, it makes it a lot easier
and you can get started on maybe using something like their Jenkins approach
or sourced image capabilities.
But one thing I do want to mention here:
you have a lot more flexibility on the Kubernetes side of things
as you don't have an opinionated, prescribed way of doing this.
So, for power users and teams that are
influenced by legacy architectures
Kubernetes might be more effective.
For teams that really just want to be told how to get everything done
and have a streamlined approach for their DevOps and pipeline approach,
the OpenShift side of things makes things quite easy.
Next let's talk about managing your applications.
So, there are two sides of the puzzle here.
First let's start with how managing your apps looks like in Kubernetes,
so you can take advantage of the default dashboard comes with any Kubernetes distribution,
but unfortunately for most operations teams
that's not quite enough.
So, they'll have to take it a step further and install additional dashboards.
So, maybe they'll use something like an ELK stack,
maybe they want to use Grafana instead,
maybe Istio,
the options are kind of endless.
So essentially,
it's a lot of digging around to figure out the exact solution
that fits their use-case.
On the OpenShift side of things, again there's an opinionated, prescribed way of doing this.
In addition, they have an awesome web console that builds on the Kubernetes API's
and comes with a lot of different capabilities
for SREs and operations teams to really manage their workloads.
In addition, there's prescribed and opinionated ways
to do those dashboards that we talked about.
So, they suggest an EFK stack
and have different ways to integrate capabilities like Istio if you wanted to use it.
So again, by taking advantage of some of their automated installers and Ansible playbooks,
managing applications is a little bit easier.
With the caveat that you give up some of that flexibility
as they do have prescribed approaches.
Next, let's talk about a node configuration,
or day-to-day operations.
So, a cluster is going to be made up of a number of VMs
whether they're virtualized or bare metal, whatever it might be,
the cluster is going to have some VM's within it.
The Kubernetes way of adding additional VM's into that cluster
can be time consuming.
So, setting up self-registration,
or the different cloud automation of setting up or creating new VMs
and bringing them into the cluster.
This is time consuming and requires scripts to be developed.
On the OpenShift side of things, it's a little bit easier.
They have Ansible playbooks and installers
to bring in new VM's into your cluster.
So, it's a fairly straightforward process,
and they even have ways to handle auto-scaling,
or spinning up new VMs in response to load.
The last thing I want to highlight is security.
So, OpenShift and Red Hat
tries to fill the gaps where the open source community maybe hasn't done so.
So, by working with real enterprise customers
they realize that by that creating best security practices from scratch
they are able to tackle some of the problems that some of the customers need
to be able to use Kubernetes.
So, let's talk about a few different things here.
So, in the Kubernetes side of things
chances are you're not working on a project by yourself,
there's a team of people,
each of which have to have different permissions.
So, in the beginning Kubernetes didn't even have something like RBAC
which OpenShift solved,
but now we can take it for granted that they have RBAC.
They can have some other capabilities to do things like IAM,
but at the end of the day, these are all things that you have to build out and are time consuming.
On the OpenShift side of things,
these all come out of the box.
So, when you create that project
you get access to all of these and you really just have to add the users
and it will handle things like Kubernetes name spacing
and creating different security policies, with the best practices,
and you can get all of that from scratch.
However, there's a small trade off.
So, for example, in Kubernetes
you can pretty much take any image out there
in Docker Hub and expect that'll run as expected,
but on the OpenShift side of things
there are restricted permissions where the containers don’t run as root.
So, sometimes images don't run as expected.
So, that's kind of a small caveat for having those best practices
of security instilled from the get-go.
So, it's something that you kind of have to balance.
At the end of the day, OpenShift is not a one-size-fits-all solution.
It's very important to understand the fundamentals of Kubernetes that power OpenShift.
For individuals and small IT teams
OpenShift really streamlines a lot of those very difficult tasks.
If you want to learn more,
check out the description for more links.
If you have any questions, be sure to drop a comment,
and if you like this video be sure to subscribe
and stay tuned for more videos in the future.
Thank you.