Kubernetes has come a long way since it’s initial open source release 5 years ago and in so doing, has not just created an ecosystem of tools and services around itself, but also changed the way software is developed and delivered.
While Kubernetes is the most popular open-source project after Linux, anyone who’s ever worked on it will agree with one thing: it’s hard. It’s hard to install; harder to configure and customize; and even harder to secure, scale and use in production. This is the very reason an entire sub ecosystem of tools and services exists – so you can be up-and-running without having to configure modules, set up certificate authority, manually install SDKs, or do a number of other tasks that make you dizzy just reading about.
If you’re relatively new at this, a host distribution that manages your cluster is the best option if you don’t want to spend a lot of time on the learning curve.
OpenShift
CoreOS has been one of the key players in the Kubernetes distribution market right from the beginning, and has contributed a lot to the open-source components that power it today.
The Tectonic stack consists of a container registry tool called Quay; an OS called Container Linux; and Tectonic, CoreOS’s Kubernetes distribution. Red Hat has since acquired CoreOS and has announced plans to integrate “almost all” of Tectonic features into Red Hat OpenShift. Additionally, Red Hat CoreOS is going to replace both Container Linux and Red Hat’s Atomic Host and function as Red-Hat’s “go-to” container operating system.
There’s also a community upstream version called Fedora CoreOS that just previewed last month and is expected to be the successor to both. With IBM’s announcement that it’s acquired Red Hat for $34 billion, you now have IBM’s bankroll behind Red Hat and CoreOS’s experience with Linux and Kubernetes. Definitely, a platform to watch.
Rancher 2.0
Rancher is another container management platform that comes with its own minimalist design – OS for containers called RancherOS – as well as its own Kubernetes distribution called Rancher Kubernetes Engine (RKE).
RKE adds a bunch of features to “vanilla” Kubernetes, like cross-provider cluster deployment, integrated CI/CD pipelines, user management, and a web UI. It also adds the ability to define specific locations for the different components of your cluster, as well as point-and-click functionality to add services or pods from the Rancher Catalog.
Rancher stands apart from other distributions by being a Docker container itself, making it especially lightweight and “quick-and-easy” to launch on a docker host. It also replaces the traditional PID 1 init system with a Docker daemon that puts everything in containers, including all system processes. Rancher also offers an ultra-lightweight Kubernetes distro that requires just 200MB of disk space and 512MB of memory called K3s.
Pivotal Container Service
PKS is basically the commercial version of Kubo, which is an open-source project by Pivotal, Google Cloud, and Vmware, aimed at bringing some qualities and characteristics of BOSH to Kubernetes clusters. Now a joint venture between VMware and Pivotal, PKS is geared more toward high availability data centers and on-premise virtualization (VMware customers).
The unique selling point here is, without a doubt, integration with VMware’s plethora of tools and services like vRealize Automation for governance or vCloud Director for provisioning. In addition to being very easy to use and integrate if you’re already using Vmware’s vSphere, it also brings exclusive VM features to containers like VMware VSAN storage, VeloCloud SD-WAN, and NSX networking, among others.
PKS is also available for AWS and Azure, and constantly compatible with GKE. This not only aids in application portability, but also allows PKS users to make use of exclusive GCP services like machine learning and BigQuery, for example.
Gravity
Gravity by Gravitational is an open-source, image-based Kubernetes packaging solution that lets users create snapshots of their clusters – including all dependencies and configurations – and deploy them anywhere as a single file. It works by breaking these snapshots down into application bundles that can then be used to re-assimilate the entire environment from scratch.
Gravity also satisfies stringent security standards since it includes Teleport, an open-source privilege access-management solution that can be run in extremely restricted and “compliant” environments. Additionally, it doesn’t even require the internet and can be run in an air-gapped server room without human supervision, making it ideal for locked down and isolated environments like research and development facilities.
There’s also a Community and an Enterprise version where the latter allows you to integrate Gravity with your enterprise security.
While most of the distributions provide security options like RBAC and SELinux, integration with enterprise-level security tools like Capsule8 is vital to obtaining visibility into what’s actually going on inside your containers.
Kube Security
While there are apparently over 30 unique Kubernetes distributions out there, only a handful bring any truly unique capabilities to the table without locking their users into a particular set of tools.
Deciding which platform is best for you is all about how you plan to use Kubernetes, with the beginner-level of the spectrum starting at Fedora CoreOS and probably ending at OpenShift or PKS, if you’re a Vmware fan.
Security, on the other hand, continues to be a concern for a lot of organizations adopting Kubernetes. This is basically because while Kubernetes distros provide a lot of security features, it takes specialized monitoring and security tools to get the kind of visibility into containers required to battle modern threats.
