Few weeks ago, I gave a talk on OpenShift. During my favorite part of the talk (the Q&A), a number of good questions came up. I took away some of the questions I didn't have answers for, as a to-do and gathered answers from my Red Hat colleagues. This blog is a collection of those questions and their answers as the information would be useful to many others. If you'd like to improve any of the answer(s), please reach out to me and I'll update this post.
Is OpenShift the same as Kubernetes?
If Kubernetes is the engine, OpenShift is the car. Just like you cannot drive using the engine itself, you'll need a bunch of other services (for monitoring, storage etc.) alongside container orchestration (a.k.a. Kubernetes). A number of these essential services come out of the box with OpenShift and you have the option to install more based on your project needs. Some specific mentions: RBAC and Networking; i.e. try to implement using vanilla Kubernetes versus how OpenShift provides the out-of-the-box capabilities.
At the heart of OpenShift IS Kubernetes, and that it is a 100% certified Kubernetes, fully open source and non-proprietary, which means:
- The API to the OpenShift cluster is 100% Kubernetes.
- Nothing changes between a container running on any other Kubernetes and running on OpenShift. No changes to the application. For a more detailed answer, you can read this excellent blog.
Any good docs on how to design/deploy apps to OpenShift clusters?
Estimating the cluster in terms of HA and designing your projects/apps in terms of performance/scalability is a massive topic. This is also a direct factor of the type of apps you deploy and what kind of resiliency you expect. To get started, you can refer to this doc.
Are cluster services part of the platform? Or workloads built on the platform?
If we're talking about Kubernetes Services, that is considered a workload which you can find under Networking --> Service under Administrator perspective on your OpenShift cluster. If the question is more along the way how OpenShift manages the core services for its operators; the answer starts with Operator Lifecycle Manager (OLM). Beginning OpenShift 4.X, the OLM helps users install, update, and manage the lifecycle of all Operators and their associated services running across their clusters. It is part of the Operator Framework, an open source toolkit designed to manage Kubernetes native applications (Operators) in an effective, automated, and scalable way. For more details on OLM, please read this OpenShift doc.
How are SSL/TLS handled on OpenShift? If I deploy an app, do I have to configure these manually or done by default?
It depends on how you configure the OpenShift route you create for that app (i.e. the service). This blog is an excellent source to learn various OpenShift route configuration (i.e. whether the platform or the developer handles SSL/TLS).
What firewall rules should be open to the internet if the OCP cluster is on-site?
Usually 443 or 80 unless you are doing NodePort.
Does OpenShift have a way to encrypt kube secrets at rest (in etcd) and as they are being made available to the pods (in transit)?
ETCD can be encrypted for securing the data at rest. There is something called "sealed secrets" that might be what you'd need for pods. For more information on using "sealed secrets" on OpenShift, please read this blog.
How many apps/pods should I run per OpenShift project?
This is another it depends answer. OpenShift Docs indicates cluster limits which are the maximum numbers but whether anything below that is going to be "usable" is going to depend a lot on the app(s) in question.
These were the 7 answers of the 7 questions I took away from my talk. The 8th answer is my own learning over the recent years: whether we're maintaining a legacy system or choosing a shiny new tool, we should always keep the end-user in mind when making technical decisions. At the end, it's their experiences with the product that matters.
About the author
Browse by channel
Automation
The latest on IT automation that spans tech, teams, and environments
Artificial intelligence
Explore the platforms and partners building a faster path for AI
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
Explore how we reduce risks across environments and technologies
Edge computing
Updates on the solutions that simplify infrastructure at the edge
Infrastructure
Stay up to date on the world’s leading enterprise Linux platform
Applications
The latest on our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Developer resources
- Customer support
- Red Hat value calculator
- Red Hat Ecosystem Catalog
- Find a partner
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit