What Is OpenShift?
What Is Docker?
|OpenShift is a containerized software suite developed by Red Hat. Its flagship product is OpenShift Container Platform, a platform built on top of Linux containers (built on Red Hat Enterprise Linux) and orchestrated and managed by Kubernetes. Other products in the family offer this platform through a variety of environments. OKD is Red Hat’s Kubernetes distribution, OpenShift Online is a software-as-a-service (SaaS) platform, and OpenShift Dedicated is a managed service platform.|
The OpenShift console provides a view for developers and administrators. You can use the admin view to monitor container resources and the health of containers, manage users, and interact with operators. The developer view can consume application resources from namespaces. OpenShift also provides a CLI that supports the upper set of operations provided by the Kubernetes CLI.
|Docker is an open source platform for creating, deploying, and managing application containers on a shared operating system. |
Docker initially supported only Linux and has since extended to support non-Linux operating systems, such as Apple OS X and Microsoft Windows. It also offers additional versions that support Microsoft Azure and Amazon Web Services (AWS).
Docker provides Docker Swarm, a lightweight container orchestration system that lets you manage groups of containers. Docker Swarm is less powerful than Kubernetes, but is also easier to learn and setup. It is suitable for small-scale container orchestration use cases.
In this article:
- OpenShift vs. Docker: A Fair Comparison?
- OpenShift vs Docker: What Are the Differences?
- OpenShift vs Docker: Infrastructure Support
- OpenShift vs Docker: Security
- OpenShift vs Docker: CI/CD
- OpenShift vs Docker: Third-party Integrations
- Which Platform Is Most Appropriate for Your Use Case?
OpenShift vs. Docker: A Fair Comparison?
OpenShift vs. Docker is not really a fair comparison. OpenShift is an enterprise platform for container orchestration, while Docker is just a container engine. In fact, you can run Docker containers within OpenShift deployments. However, when you add Docker Swarm to the mix, Docker can be considered an alternative to OpenShift for small-scale use cases.
We’ll explain the key differences between the Docker and OpenShift ecosystem and then explain which one will be most suitable depending on your use case.
OpenShift vs Docker: What Are the Differences?
Docker is a container engine for deploying a small number of containers in a development environment. Docker technology enables you to automate the deployment of applications in portable containers that run in the cloud or on-premises. Container orchestrators often use Docker to deploy containers at a larger scale.
Docker Swarm is a container orchestration solution built into the Docker Community Edition. You can use other orchestrators to manage Docker containers. However, Kubernetes deprecated support for Docker as a container runtime version 1.20 and further.
Related content: Read our guide to Docker Swarm
OpenShift is a container orchestration platform for managing clusters delivered as a Platform as a Service (PaaS). It employs Kubernetes container orchestration technology to enable you to manage Docker containers. The platform uses Kubernetes for orchestration and builds on Docker capabilities, offering abstracted cluster orchestration and management tools.
OpenShift vs Docker: Infrastructure Support
Docker lets you package applications as lightweight container images. Once deployed, these containers can run consistently on various environments. You can deploy Docker containers on most public cloud platforms, including Amazon Elastic Container Service (Amazon ECS), Azure Container Instances (ACI), and Google Kubernetes Engine (GKE), as well as on-premises Kubernetes.
Docker supports various desktop and cloud native environments for build, test, and deployment phases. It supports both Linux and Windows servers.
OpenShift supports various deployment environments, including on-premise Windows or Linux and cloud environments. It also provides native routes configured to direct public traffic in containers, including Red Hat Enterprise Linux, Fedora, Red Hat Atomic Host, and CentOS. However, it limits deployment possibilities for organizations that do not use these platforms.
OpenShift vs Docker: Security
The design of Docker containers incorporates default security mechanisms. It also provides various options for hardening Docker hosts to minimize the scope and danger of container breakouts. Built-in security features, such as kernel namespaces and control groups, help minimize the attack surface.
Docker lets you use existing access control solutions to create policies for intrusion prevention. It also allows you to enable hardening systems, such as GRSEC, SELinux, and App Armor, to add another layer of security.
Related content: Read our guide to Docker security
OpenShift provides strong security mechanisms to protect containers, including an integrated server for authorization and authentication. It offers a rules-based access control (RBAC) feature that lets you manage and determine access to certain aspects of processes. It also enforces security policies to restrict running container images that require root access, including official and unofficial images.
OpenShift vs Docker: CI/CD
Docker does not offer CI/CD functionality. However, you can use it to build your CI/CD pipeline by integrating with third-party CI tools like CircleCI and Jenkins. Once you integrate the CI server, you can use commands to configure a manual CI/CD pipeline.
OpenShift includes built-in continuous integration and delivery functionality that serves as a standard part of the workflow. However, it is not a full CI/CD solution. To build a CI/CD pipeline with OpenShift, you can use the integrated Jenkins container as a CI server.
It can help you use OpenShift clusters to build container images. You can perform continuous integration tasks on these images and use continuous delivery pipelines to deploy images as containers across various environments.
OpenShift vs Docker: Third-party Integrations
You can use the Docker platform to extend the capabilities of an existing container orchestration tool. You can also integrate the platform with existing services and apps. It is compatible with various tools, including Bitbucket, CircleCI, MongoDB, Nginx, Visual Studio Code, Redis, Gitlab, JFrog, and VMware Tanzu. You can also integrate with third-party plugins.
OpenShift supports various third-party integrations, including storage and infrastructure services, log analysis, monitoring, deployment, and diagnostic tools. You can use the Red Hat Marketplace and OpenShift catalog to install integrations on your cluster or use DIY open source software installations, Operators, or Helm charts.
Which Platform Is Most Appropriate for Your Use Case?
OpenShift Container Platform is an enterprise-grade platform that extends Kubernetes. Like Kubernetes, it enables large-scale orchestration of container clusters and takes care of concerns like networking, security, and resource utilization. It also provides additional capabilities, including central management of multiple clusters, portability between environments, edge-optimized clusters, CI/CD integration, and UI-based admin interfaces.
Docker, when used together with Docker Swarm, provides only the most basic container orchestration capabilities. Its automated scaling features are less mature than those of Kubernetes, it does not support network policies and segmentation, and provides a limited API for controlling clusters of containers which has only a small subset of the capabilities of the Kubernetes API Server.
The following table summarizes the capabilities offered by each platform. This can help you understand which of the three container orchestration options are best for your use case.
|Capability||OpenShift Container Platform||Kubernetes||Docker Swarm|
|Basic Container Orchestration||✓||✓||✓|
|Advanced scalability, network policies, full featured cluster API||✓||✓||✘|
|Portability, edge optimization, CI/CD, admin interfaces||✓||✘||✘|