Kubernetes and OpenShift: Community, Standards and Certifications

I’ve been writing about Kubernetes since Red Hat joined the project at its launch three and a half years ago. Little did I know then how transformational this project would be. In that initial Red Hat blog, announcing our plans to work with Google on Kubernetes, we outlined a simple goal:

“This collaboration also continues Red Hat’s goal to bring open source technologies that are powering web-scale architectures at places like Google, Twitter, Facebook and more, and make them work in enterprise customer environments.”

Turning open source projects into enterprise-ready products is a big part of what makes us Red Hat. Linux and open source software already power both large scale public clouds and enterprise datacenters alike. Today, through Red Hat OpenShift, Kubernetes is also powering mission critical applications for a growing number of enterprise customers. For every release of OpenShift, we validate Kubernetes and 140+ integrated components to deliver a seamless platform experience for developers and operators. In addition, it’s not unusual for Red Hat to find and fix numerous bugs during all the functional, performance and soak testing we do between the latest community release of Kubernetes and the corresponding OpenShift release. All of these bug fixes provide stability and increased security for our customers, and the fixes are also pushed upstream into the Kubernetes community release to benefit the broader ecosystem.

It’s Red Hat’s commitment to code contribution in upstream open source projects that both drives our product portfolio and gives us the knowledge and experience to serve our customers. It also gives us the credibility and influence to drive the direction of these projects to meet their needs. Kubernetes is no different, as Red Hat continues to lead with our upstream contributions, across a broad number of developers.

This includes top Kubernetes committer Clayton Coleman, who will be speaking at Kubecon in a few weeks, Kubernetes Steering Committee member Derek Carr, project leads in 12 of the Kubernetes SIGs, and many other Red Hat Kubernetes contributors. If customers have an issue with Kubernetes or any integrated component, Red Hat has the proven engineering expertise to understand it and fix it. If customers need Kubernetes to do something it doesn’t currently do, Red Hat has proven we can champion and drive new capabilities upstream when they make sense. This has been the key to our market success with OpenShift.

 

The Need for Open Standards

The beauty of truly open communities is that the best ideas usually rise to the top. However, fragmentation is always a risk to both the evolution and adoption of any technology and Containers are no different. That’s why Red Hat has been vocal about the importance of open standards in the containers space and why we were founding members of both the Open Container Initiative (OCI) and the Cloud Native Computing Foundation (CNCF). We worked extensively with the OCI community to bring the Container Runtime Specification and Image Format Specification to 1.0 earlier this year – two key efforts aimed at ensuring the future of these key standards.

We also saw early on the potential for Kubernetes to become an industry standard for container orchestration and management. Although Red Hat was already seeing success with OpenShift, we expanded our commitment to the Kubernetes project across the company and outlined our plans to bring it to market in OpenShift v3. Three years later, it’s gratifying to see the rest of the industry follow suit and Kubernetes emerge as a de-facto industry standard. Like other leaders in the Kubernetes community, we hope the newcomers will contribute, not just consume, and together with the community we plan to continue to drive this critical standard forward.

Standards Conformance & Certification

The CNCF plays an important role in providing neutral governance for the Kubernetes project and protecting the Kubernetes API standard. This is why Red Hat worked closely with Kubernetes community members like Google, Heptio and others to evolve the automated conformance test harness that ensures Kubernetes platforms and distributions like OpenShift adhere to the standard.

We also believe that there is a fine line between community development, great upstream testing and change validation, and commercial certification. It’s useful to clarify that in the community, when APIs are meant to be stable and should be expected to be a part of any implementation. Certification, in our view, is primarily a commercial activity that is best made outside of the upstream development community, in the full context of a commercial solution. At Red Hat, certifications are a key component of the subscription model for our products and also for our ecosystem partners.

While passing the conformance tests enables OpenShift to carry the “Certified Kubernetes” marks, Red Hat takes a broader view of “certification” when it comes to OpenShift. Much like the Linux kernel is the core of any Linux operating system distribution, Kubernetes is the meta-kernel and core of any cloud-native container platform. However, a Linux platform like Red Hat Enterprise Linux requires more than just a Linux kernel to function. Likewise, a container platform like OpenShift requires more than just Kubernetes. When Red Hat certifies Red Hat Enterprise Linux and OpenShift, we are certifying a complete enterprise platform. That certification is what offers enterprise customers around the world the confidence that Red Hat’s platforms meet our own rigorous standards and that we will stand behind them to enable their success. 

What Do You Need to Certify?

Whether it’s a commercial Kubernetes platform like OpenShift or Google Container Engine (GKE) or a DIY Kubernetes platform you’ve built yourself, a container platform requires more than just Kubernetes itself. Talk to the folks at GKE or anyone who has built their own DIY Kubernetes platform and they will tell you about the challenges of building and maintaining all of the integrated components that go into their platform. At Red Hat, we know this all too well and that’s why we invest heavily to test and certify Kubernetes and all of the integrated components that make up OpenShift. Through OpenShift, Red Hat supports Kubernetes and all of these components across multiple public clouds, private clouds, virtualization platforms and on bare metal physical servers.

Kubernetes runs on Linux and requires a container runtime to deploy and manage pods. In OpenShift, Red Hat Enterprise Linux provides the foundation for Kubernetes Masters and Nodes and Red Hat Enterprise Linux includes a fully supported container runtime to run your applications. Ensuring that Kubernetes works well with your chosen container runtime and Linux OS distribution is table stakes for any container platform builder. But with Kubernetes releasing a new version every three months and continued evolutions in the container runtime and in the Linux kernel, coordinating updates and integrations is no small feat. In OpenShift, Red Hat fully certifies and supports Kubernetes, Red Hat Enterprise Linux and the integrated container runtime as a unified platform that can be deployed in the datacenter or public cloud.  

While Kubernetes, containers and Linux are the three pillars of a cloud-native container platform, they are far from everything you need to run. There are many other components of the container infrastructure required, which may vary depending on your use case or where you are running your platform. Unlike the public cloud container services that only run in one environment, OpenShift can be deployed and is supported in many different environments. Many OpenShift customers actually have clusters deployed in multiple environments, including in multiple datacenters of their own and in multiple public clouds.

As an example, Kubernetes requires ingress routing and networking to direct traffic to your pods and across all of your services. There are multiple choices for ingress and networking via the Container Networking Interface (CNI) that users need to decide on, depending on where and how they run. OpenShift ships with HAProxy as a default ingress router and also includes a default OpenShift SDN based on Open vSwitch. Red Hat certifies both of these key components within OpenShift. We also work with partners like Cisco, Juniper, Nuage, VMware, Nginx, F5 and others to enable customers to choose the best solution for their environment.

Other examples include choices for storage, logging and metrics, which are all key components of your Kubernetes container platform. Red Hat certifies and supports solutions like Red Hat Gluster Storage, Elasticsearch, FluentD, Kibana and Prometheus (currently in Tech Preview) as part of Red Hat OpenShift Container Platform. But we also work with third party storage, log management, and monitoring vendors who provide their own OpenShift Primed solutions. OpenShift has also certified key security features like user authorization since OpenShift 3.0 (Kubernetes 1.0 release), until we recently upstreamed this into the Kubernetes authorization project where it’s now provided in OpenShift 3.7 (Kubernetes 1.7) and newer versions.

Beyond Kubernetes and the container infrastructure that surrounds it, customers need to determine where to store their images and manage the image building and update process. Again, OpenShift, as a broad application platform to enable DevOps, includes a default container registry as well as image build, CI and CD Pipelines services based on OpenShift’s integrated Source-To-Image (S2I) and Jenkins services. All of these are certified by Red Hat as part of Red Hat OpenShift Container Platform. Red Hat also works with customers who are integrating their own third-party registry and CI/CD tools and processes.

Conclusion

Kubernetes is a transformational open source project, but one that is also still evolving rapidly. The community-driven Kubernetes conformance certification will help ensure that Kubernetes providers adhere to this key standard. Building and managing a Kubernetes container platform however requires more than just Kubernetes. Customers value OpenShift not just for providing a stable and supported Kubernetes distribution, but because it provides a comprehensive and fully supported enterprise container platform. OpenShift is Enterprise Kubernetes. A platform that is built by experts in Kubernetes and containers technology who are driving key capabilities upstream. A platform that is broadly deployed across many enterprise organizations and one they can rely on to run their mission-critical applications.

Categories
Kubernetes, News
Tags
, ,