New TCIO June 14 2021 (1).png

While both OpenShift and AKS offers a variety of Kubernetes that abstracts much of its complexity to provide easy adoption, some subtle differences and capabilities differentiate them. This article compares these two, rich-featured platforms; highlighting the key differences between them to help you make informed decisions when choosing a platform to run your containerized workloads.


    Building Kubernetes directly from its source code and setting it up requires a lot of operational effort, knowledge of the technology, and substantial infrastructure capacity. This is why teams who seek to adopt the complex technology choose to deploy it through Kubernetes distributions and managed platforms.

    Metonymic to the distributions we have in Linux, Kubernetes distributions provide pre-packaged versions of Kubernetes that simplify its installation while managed Kubernetes simplifies its deployment and management.

    Offered by various vendors, managed Kubernetes distributions usually come with advanced management and administrative tools, features, and functionalities that are lacking in Kubernetes itself thereby making it more approachable for small and medium-sized teams.

    Among the various Kubernetes distributions and managed platforms, RedHat's OpenShift and Azure's AKS are two of the most prominent in the market, providing unique features that aid the quick deployment of Kubernetes.

    Developed by RedHat, OpenShift is an enterprise-scale container management and orchestration platform built on Kubernetes. With its experience with managing and orchestrating containers pre Kubernetes, it offers various features and capabilities that further enhance its Kubernetes offering and set it apart from other Kubernetes distributions in the market.

    Azure Kubernetes Service, AKS, is a Kubernetes service hosted and managed by Microsoft Azure as part of its rich portfolio of cloud services. AKS takes the operational burden of managing Kubernetes nodes and several other complexities off developers thereby allowing you to focus on more important tasks.

    Let's compare the features, offerings, and notable differences between these two Kubernetes services.

    Installation and deployment

    Even though it was acquired by IBM Cloud in 2018, OpenShift is a standalone, cloud-agnostic Kubernetes distribution that can be deployed on multiple cloud platforms and on-premise infrastructures.

    Until recently, OpenShift ran solely on RedHat Enterprise Linux or Container Linux. It, however, announced support for Windows containers through the Windows MachineConfig Operator (WMCO) back in December 2020.

    All major cloud platforms including AWS, Google Cloud, and Azure also provide a managed OpenShift services aside from their standard managed Kubernetes.

    AKS, on the other hand, is a service built to run on Microsoft's Azure cloud platform. However, using the Azure Arc service, AKS, also allows you to extend the service to manage Kubernetes in a hybrid or multi-cloud architecture. It also provides native support and primordial support for Windows and Linux-based containers.

    Security

    OpenShift provides high-level, pre-integrated security that shields your workloads from compromises. It implements more strict and restrictive role-based access control and security policies across the container registry, data store, and build pipelines. It restricts running containers as root by default which helps in curbing security compromise even when they make way into the cluster.

    AKS Kubernetes clusters are also secured with advanced RBAC security measures, though it is perceived to be more vulnerable than OpenShift.

    Traffic Routing: Router vs Ingress

    Until 2014, OpenShift was container management and orchestration platform that operated independently from Kubernetes. After migrating to Kubernetes, OpenShift still retains many of the features and capabilities from its previous platforms.

    Instead of the ingress as we have in native Kubernetes, OpenShift uses routers which is a more mature HAproxy based traffic router compared to its Kubernetes counterpart. AKS implements the Kubernetes HAproxy-based ingress which offers more implementations than routers and is supported by multiple servers including NGINX, Google Cloud, and Kong.

    Application architecture: project vs namespace

    At the application level, AKS uses the namespaces object to isolate partition single clusters into multiple clusters while OpenShifts implements its native "project" object to provide isolation between users. Projects offer a stricter validation of admin-user roles than namespaces which may be useful in keeping threat actors at bay.

    Ease of use

    Considering that you deploy OpenShift on any cloud platform or infrastructure, OpenShift provides more flexibility than AKS—which you can only use to manage your Kubernetes clusters on hybrid and multi-cloud.

    OpenShift also saves you from vendor lock-in because you don't necessarily need to deploy it on the IBM Cloud. AKS, on the other end, is wired to work best with Microsoft Azure infrastructure and services.

    You however get to experience lock-in in the tools and integrations you can use on both platforms because you're mostly restricted to tools supported by OpenShift or AKS. OpenShift, for example, provides Kubernetes logging solely through Kibana, Fleuntd, and elasticsearch or LogDNA. In contrast, native Kubernetes supports a wide variety of tools.

    Pricing

    As explained earlier, OpenShift is offered as a free self-managed Kubernetes service, as a PaaS solution, and also as a managed Kubernetes service by various cloud platforms. The pricing, therefore, differs depending on the offering and the cloud platform you choose. Dedicated OpenShift, for example, starts from $0.03/hour while Azure RedHat OpenShift starts from  $0.171/hour/4vCPU.

    Azure Kubernetes Service, AKS is free. You only need to pay for the resources (storage, network, virtual machines) used by your Kubernetes workload.

    Use cases

    For companies who have existing investments in any of RedHat's services or middleware, they might want to go with OpenShift because it blends seamlessly into their existing tools set. This applies when the company is an existing Azure user. Adopting a new tool offered by the same service provider as many of your other tools reduces the operational overhead and knowledge gap to run and manage the service.

    However, if you prefer a solution that is more flexible, and you deploy without the fear of vendor lock-in.

    Both OpenShift and AKS provide a user-friendly interface but OpenShift appears to abstract more of Kuberntes' complexity and provide interesting features that are absent in AKS. If you fancy those features, you might prefer OpenShift to AKS. They both also get your Kubernetes cluster up and running in no time but AKS might be preferred if you’re working on Azure.


    Get similar stories in your inbox weekly, for free



    Share this story with your friends
    editorial
    The Chief I/O

    The team behind this website. We help IT leaders, decision-makers and IT professionals understand topics like Distributed Computing, AIOps & Cloud Native

    Latest stories


    DevOps: Report on Devil's Practices by DORA

    The report is drafted from a report release of the annual research and survey of …

    Amazon Elasticsearch Gets a New Version With Name Deprecated

    Accompanied by new advancements is Amazon OpenSearch, the same body of code as its predecessor, …

    McAfee Partners With IBM Security to Deliver TD Synnex Security Solution

    The MVISION platform and Security wing of IBM's partnership endgame are to extend increased protection …

    Amazon MSK Connect Launched to Better Apache Kafka UX

    Amazon follows up on its 2018 data streaming software, Amazon Managed Streaming for Apache Kafka, …

    Cloud: Zone Redundant Storage Released on General Availability

    The report is drafted from a press release of the Microsoft Azure team on the …

    Security: IBM Traces Two-Thirds of Compromises to Misconfigured APIs

    The report is drafted from a sweeping survey of dark web analysis and various X-Force …