Hi everyone, my name is Sai Vennam and I'm with the IBM Cloud team. Today we want to talk about Kubernetes and OpenShift. Now it's not exactly fair for me to compare those two directly because Kubernetes is an open source project, whereas OpenShift on the other hand is an offering by Red Hat, but underneath the covers, OpenShift is actually powered by something called OKD, or Origin Kubernetes Distribution, and this includes Kubernetes as well as a number of other open source projects. So, we've got Kubernetes, maybe your favorite container runtime, something like Docker, and if you want to take advantage of service matching capabilities, they have integrations with Istio and a number of other open source projects that we'll talk about. But let's talk about a few different ways that kind of highlights the differences between working with your apps whether they're running strictly Kubernetes or if you’re using OpenShift. To start we'll talk about deploying an application. So, deploying an application to Kubernetes can actually be a little bit time consuming. So, first let's assume that you have your code up on something like GitHub. So, you'll pull that code to your local machine, maybe spin up a container. Once you've got that container you'll have to figure out where you want to actually host it. So, the registry. So, maybe you want to use something like Docker Hub or if you want a private registry you'll have to figure that out. One thing I want to mention if you take advantage of managed Kubernetes. So, something like Kubernetes from your favorite cloud provider. Generally, they have options to have a registry, or private registry, directly in that experience. Next, once it's on the registry, you actually
have to figure out your CIDC story. And this is where things get complicated because there's so many different options for deploying your applications. On the OpenShift side of things, on the other hand, they have an opinionated approach. So, all you really have to do is create an application and a project at which point OpenShift does the heavy lifting on the back end. So, it's going to create those pipelines, it’s going to create all of that automation that you need to do things like development, test and production for your applications. So, really, it makes it a lot easier and you can get started on maybe using something like their Jenkins approach or sourced image capabilities. But one thing I do want to mention here: you have a lot more flexibility on the Kubernetes side of things as you don't have an opinionated, prescribed way of doing this. So, for power users and teams that are influenced by legacy architectures Kubernetes might be more effective. For teams that really just want to be told
how to get everything done and have a streamlined approach for their DevOps and pipeline approach, the OpenShift side of things makes things quite easy. Next let's talk about managing your applications. So, there are two sides of the puzzle here. First let's start with how managing your apps looks like in Kubernetes, so you can take advantage of the default dashboard comes with any Kubernetes distribution, but unfortunately for most operations teams that's not quite enough. So, they'll have to take it a step further
and install additional dashboards. So, maybe they'll use something like an ELK stack, maybe they want to use Grafana instead, maybe Istio, the options are kind of endless. So essentially, it's a lot of digging around to figure out the exact solution that fits their use-case. On the OpenShift side of things, again there's an opinionated, prescribed way of doing this. In addition, they have an awesome web console that builds on the Kubernetes API's and comes with a lot of different capabilities for SREs and operations teams to really manage their workloads. In addition, there's prescribed and opinionated ways to do those dashboards that we talked about. So, they suggest an EFK stack and have different ways to integrate capabilities like Istio if you wanted to use it. So again, by taking advantage of some of their automated installers and Ansible playbooks, managing applications is a little bit easier. With the caveat that you give up some of that flexibility as they do have prescribed approaches. Next, let's talk about a node configuration, or day-to-day operations. So, a cluster is going to be made up of a number of VMs whether they're virtualized or bare metal, whatever it might be, the cluster is going to have some VM's within it. The Kubernetes way of adding additional VM's into that cluster can be time consuming. So, setting up self-registration, or the different cloud automation of setting up or creating new VMs and bringing them into the cluster. This is time consuming and requires scripts to be developed. On the OpenShift side of things, it's a little bit easier. They have Ansible playbooks and installers to bring in new VM's into your cluster. So, it's a fairly straightforward process, and they even have ways to handle auto-scaling, or spinning up new VMs in response to load. The last thing I want to highlight is security. So, OpenShift and Red Hat tries to fill the gaps where the open source community maybe hasn't done so. So, by working with real enterprise customers they realize that by that creating best security practices from scratch they are able to tackle some of the problems that some of the customers need to be able to use Kubernetes. So, let's talk about a few different things here. So, in the Kubernetes side of things chances are you're not working on a project by yourself, there's a team of people, each of which have to have different permissions. So, in the beginning Kubernetes didn't even have something like RBAC which OpenShift solved, but now we can take it for granted that they have RBAC. They can have some other capabilities to do things like IAM, but at the end of the day, these are all things that you have to build out and are time consuming. On the OpenShift side of things, these all come out of the box. So, when you create that project you get access to all of these and you really just have to add the users and it will handle things like Kubernetes name spacing and creating different security policies, with the best practices, and you can get all of that from scratch. However, there's a small trade off. So, for example, in Kubernetes you can pretty much take any image out there in Docker Hub and expect that'll run as expected, but on the OpenShift side of things there are restricted permissions where the containers don’t run as root. So, sometimes images don't run as expected. So, that's kind of a small caveat for having
those best practices of security instilled from the get-go. So, it's something that you kind of have to
balance. At the end of the day, OpenShift is not a
one-size-fits-all solution. It's very important to understand the fundamentals of Kubernetes that power OpenShift. For individuals and small IT teams OpenShift really streamlines a lot of those very difficult tasks. If you want to learn more, check out the description for more links. If you have any questions, be sure to drop
a comment, and if you like this video be sure to subscribe and stay tuned for more videos in the future. Thank you.
