What is OpenShift?
OpenShift is an application platform based on Kubernetes. The software is used to build distributed, scaling application and development environments. Based on OpenShift, proprietary Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and Containers-as-a-Service (CaaS) solutions can be implemented.
The software allows complete management of the application lifecycle, including development, rollout, operations, and maintenance. More than two thousand enterprises worldwide rely on OpenShift to host their applications in hybrid cloud environments. We will explain how OpenShift works and what makes the software special.
What versions of OpenShift are available?
OpenShift is not just one single product. Rather, the Red Hat company releases several versions as open source software under the Apache license. The “flagship” version is the “Red Hat OpenShift Container Platform” (OCP). This is installed as a Kubernetes cluster on a company’s hybrid cloud infrastructure. A single OpenShift cluster can therefore span multiple public and private cloud environments.
In addition to the OpenShift Container Platform (OCP), there is the community version “OKD”, which formerly held the name “OpenShift Origin”. OKD is a customized Kubernetes distribution that relies on Kubernetes for cluster management and Open Container Initiative (OCI)-compliant containers. It also includes application lifecycle management capabilities and DevOps tools. Interestingly, OKD is the “upstream” foundation for the development of the other OpenShift versions – similar to how the open source Chromium project serves as the foundation for development of the Chrome browser.
In addition to OCP and OKD as “on-premises” solutions, which are hosted on their own infrastructure, there are a number of “managed” solutions as well. These run on various public clouds from large providers, as well as on Red Hat’s cloud infrastructure. We are primarily discussing the OCP version 4.8, which is the current version at the time of writing. Let’s take an overview look at the various OpenShift versions:
| OpenShift Products | Description | Platform |
|---|---|---|
| Red Hat OpenShift Container Platform (OCP) | “On-premises” enterprise solution for use in your own hybrid cloud infrastructure. | Red Hat Enterprise Linux CoreOS (RHCOS) |
| OKD | “On-premises” community product, foundation for OCP | Red Hat Enterprise Linux (RHEL) or CentOS |
| OpenShift Online | Managed SaaS solution | Red Hat Cloud |
| OpenShift Dedicated | Managed PaaS solution; Red Hat takes over complete administration of the system | Amazon AWS or Google Cloud |
How does OpenShift work?
OpenShift is a suite of application platforms based on Kubernetes. The software includes a handful of core components, as well as a variety of additional functionalities. OpenShift can be hosted in a wide variety of environments, including “bare metal” machines, public and private clouds, and “edge” devices.
We discuss the similarities and differences of OpenShift and Kubernetes in a separate article.
What components does OpenShift consist of?
OpenShift is based on a software stack, which is a stack of interconnected technologies. At the lowest level, a special Linux distribution is used as the operating system. The “Red Hat Enterprise Linux CoreOS” (RHCOS) used here is installed on physical or virtualized hardware.
In previous OpenShift versions, “Red Hat Enterprise Linux” (RHEL) was used instead of RHCOS.
Building on the RHCOS operating system, Kubernetes is used as a container and cluster orchestrator. Kubernetes handles deployment, scaling and management of containerized applications. Kubernetes operators are used as the next layer in the software stack. These are pre-built, easy-to-install “Kubernetes-native” applications. In addition to operators, a container registry is used when setting up and running an OpenShift cluster.
What kind of Kubernetes is included in OpenShift?
OpenShift relies on a special Kubernetes distribution, which uses CRI-O instead of Docker or containerd as the container runtime. By breaking away from Docker as the underlying technology, there are advantages in terms of security and compatibility with other container formats.
What is an operator in OpenShift?
A Kubernetes operator oversees the health of an entire application. With installation, operation, and maintenance, operators cover the complete lifecycle of a Kubernetes application. In the words of the OpenShift documentation:
“An Operator is a method of packaging, deploying, and managing a Kubernetes-native application. A Kubernetes-native application is an application that is both deployed on Kubernetes and managed using the Kubernetes APIs and kubectl tooling.” – Source: https://cloud.redhat.com/learn/topics/operators
There is a wide range of operators on the OperatorHub platform. For example, various database systems can be seamlessly integrated into the OpenShift cluster with minimal effort. Furthermore, infrastructure operators are used to manage the cluster.
As it turns out, operators are essential to OpenShift’s functionality. A Kubernetes operator is a specialization of the application-level Kubernetes controller. A Kubernetes controller continuously monitors the state of a resource and adjusts various parameters as needed to maintain a defined state.
What is a registry in OpenShift?
A container registry contains container images that are continuously created as software is built. The images are versioned, subjected to security checks, and stored in the registry. Interestingly, within OpenShift the registry itself is implemented as an operator.
“Quay” is a registry developed by Red Hat with a focus on security. The images required during the installation of the OpenShift cluster are obtained from Quay. In doing so, Quay can manage other build artifacts in addition to the container images. In the words of the Red Hat documentation:
“Quay is a container registry for storing containers, Helm charts, and other container-related content.” – Source: https://www.redhat.com/sysadmin/introduction-quay
Following the tiered product model of OpenShift OCP and OKD, multiple versions of Quay exist:
| Registry | Explanation | Platform |
|---|---|---|
| Red Hat Quay | runs on its own computing infrastructure, including private clouds; integrated into OpenShift by an operator | own cloud environment, including private cloud |
| Red Hat Quay.io | managed by Red Hat with enterprise-level support | Cloud |
How is OpenShift structured?
OpenShift is built on top of Kubernetes as a cluster of containers. At the cluster level, OpenShift includes two tiers:
- Control Plane
The control plane is composed of so-called “control plane machines”. These are also known as “Master Machines” and manage the OpenShift Container Platform cluster.
- Worker Machines
The worker machines, which are also known as “compute machines”, perform the actual work of the OpenShift cluster. Master machines assign tasks to the worker machines and monitor their execution.
What services run on the working machines?
A working machine runs the following services and is thus included in the OpenShift cluster:
- CRI-O, as a container runtime environment,
- Kubelet, as a service that accepts and processes requests to start and stop workloads,
- a service proxy, which handles communication between work machines.
The further specialization of the working machines results from the state of the running containers and the software they contain.
What components constitute the control plane?
Let’s take a detailed look at the structure of the control plane below. We distinguish between components of the Kubernetes implementation and the OpenShift-specific components:
| Kubernetes component | Explanation |
|---|---|
| Kubernetes API Server | The Kubernetes API Server checks and configures the data for pods, services, and replication controllers. Furthermore, the API acts as a central interface for global cluster state data. |
| etcd | The etcd service contains the persistent master state. The other components monitor ectd for changes and adjust their state as required. |
| Kubernetes Controller Manager | The Kubernetes Controller Manager monitors etcd for changes to objects such as replication, namespace, and service account controllers and uses the API to achieve the desired state. There is a cluster of several of these processes, with one active as the leader. |
| Kubernetes Scheduler | The Kubernetes scheduler detects newly created pods that have not yet been assigned a node and chooses the best node to host the pod. |
The OpenShift-specific control plane components are implemented as operators:
| OpenShift component | Explanation | Managed by |
|---|---|---|
| OpenShift API Server | The OpenShift API Server checks and configures OpenShift resources, such as projects, routes, and templates. | OpenShift API Server Operator |
| OpenShift Controller Manager | The OpenShift Controller Manager monitors etcd for changes to OpenShift objects, such as projects, routes, and template controller objects, and uses the API to achieve the desired state. | OpenShift Controller Manager Operator |
| OpenShift OAuth API Server | The OpenShift OAuth API Server validates and configures data for authentication on OpenShift Container Platform. This includes users, groups, and OAuth tokens. | Cluster Authentication Operator |
| OpenShift OAuth Server | Users request a token from the OpenShift OAuth Server to authenticate against the API. | Cluster Authentication Operator |
For which application scenarios is OpenShift used?
The OpenShift Container Platform is primarily used to build application and development environments. This allows company-proprietary PaaS, SaaS, and CaaS solutions to be implemented. Due to the power and complexity of the software, OpenShift is primarily used for long-lived projects of large organizations.
OpenShift users include government and research institutions on a national level, as well as internationally active companies such as banks and insurance companies. The aforementioned user groups all benefit from hybrid cloud deployments. Deployment across private and public cloud boundaries allows parts of the infrastructure to be hosted according to local compliance requirements.
Another important aspect that speaks for the use of OpenShift is its high level of security. Preventing cyber intrusions and data leaks is essential for large, international companies. Security breaches can result in lasting damage to the company’s image and substantial financial penalties.
The functionalities included in OpenShift allow fast development workflows. This leads to radically reduced development times in the field; in-house software teams can comfortably manage their resources themselves and continuously drive development forward.
If a company uses one of the available Managed OpenShift offerings, it eliminates the need for administration of servers and operating systems. Instead of worrying about updates and backups, the company can focus on the essentials: Innovating and creating value for customers.
Certainly, OpenShift is not suited for small businesses or individual developers. To meet their needs, it’s better to reach for one of the available OpenShift alternatives or Kubernetes alternatives.
What is the feature set of OpenShift?
A major advantage of OpenShift over “bare” Kubernetes are the out-of-the-box convenience features. These go beyond the mere cluster management of Kubernetes. Among other things, OpenShift includes functionalities for:
- Software-defined networking (SDN)
- Routing
- Authentication
- Monitoring and logging
To manage the platform, OpenShift includes a powerful web interface in addition to the obligatory command line tools. Development and DevOps workflows are accelerated by using “Red Hat OpenShift Pipelines”. The open source Tekton framework for “Continuous integration” / “Continuous development” (CI/CD) is used. In addition to containerized applications, modern “serverless” approaches based on “Serverless Kubernetes” (Knative) can be used.
Another focus of OpenShift is on the provision of distributed microservice architectures. Also known as “Red Hat Service Mesh,” this application pattern is based on the “Istio” open source project. To deal with the complexity associated with microservice architectures, OpenShift includes a number of other tools: “Prometheus” is used to manage monitoring and notifications, whereas “Jaeger” allows tracking of transactions. “Kiali” is used to visualize the service mesh.
What are the advantages and disadvantages of OpenShift?
One of the biggest advantages of using OpenShift is being able to run the software in a hybrid cloud environment. Here, a single OpenShift cluster spans the boundaries of multiple private and public clouds. OpenShift clusters that use Red Hat Enterprise Linux CoreOS (RHCOS) as their sole operating system benefit from automated processes when updating and upgrading.
The integrated Red Hat technology and management tools and processes built into the platform result in a high user experience. The open source development model and built-in DevOps functionalities allow rapid development processes. The increased use of operators as a universal application format contributes to standardization and simplifies previously complex customizations.
The use of CRI-O as a container runtime instead of Docker leads to increased security of the platform. The user-friendly web interface is considered more powerful and clearer than the comparable Kubernetes dashboard. OpenShift also excels on the command line with the oc command, which makes the platform easier to use.
Of course, the aforementioned special features of OpenShift also cause some disadvantages. For one, die-hard Kubernetes users miss the powerful Helm charts, which describe the infrastructure setup. Furthermore, not all Docker Hub containers can be used under OpenShift due to the strict security settings. The focus on Red Hat’s own Linux distribution Red Hat Enterprise Linux CoreOS (RHCOS) also has a limiting effect; Kubernetes is more flexible in this regard.
On what infrastructure can OpenShift be run?
OpenShift can be run on just about any level of compute infrastructure, from “bare metal” machines in your own data center, to virtualized hardware in private and public cloud environments, to edge devices. We distinguish between “managed” solutions, where the management of the OpenShift platform is handled by the vendor, and customer-administered “self-managed” installations:
What are the options for running managed OpenShift?
| Product | Infrastructure | Managed by | Supported by |
|---|---|---|---|
| Microsoft Azure Red Hat OpenShift | Microsoft Azure | Red Hat and Microsoft | Red Hat and Microsoft |
| Red Hat OpenShift Dedicated | Amazon AWS or Google Cloud | Red Hat | Red Hat |
| Red Hat OpenShift on IBM Cloud | IBM Cloud | IBM | Red Hat and IBM |
| Red Hat OpenShift Service on AWS | Amazon AWS | Red Hat and AWS | Red Hat and AWS |
What are the options for running self-managed OpenShift?
| Product | Infrastructure | Managed by | Supported by |
|---|---|---|---|
| Red Hat OpenShift Platform Plus | Private Cloud, Public Cloud, Physical Machine, Virtual Machine, Edge | Customer | Red Hat / Infrastructure Provider |
| Red Hat OpenShift Container Platform | Private Cloud, Public Cloud, Physical Machine, Virtual Machine, Edge | Customer | Red Hat / Infrastructure Provider |
| Red Hat OpenShift Kubernetes Engine | Private Cloud, Public Cloud, Physical Machine, Virtual Machine, Edge | Customer | Red Hat / Infrastructure Provider |