alphaspirit - Fotolia

IT pros debate upstream vs. packaged Kubernetes implementations

As IT vendors race to package Kubernetes implementations, their fiercest competition is not from other vendors, but from pure upstream code and DIY container orchestration projects.

Packaged versions of Kubernetes promise ease of use for the finicky container orchestration platform, but some enterprises will stick with a DIY approach to Kubernetes implementation.

Red Hat, Docker, Heptio, Mesosphere, Rancher, Platform9, Pivotal, Google, Microsoft, IBM and Cisco are among the many enterprise vendors seeking to cash in on the container craze with prepackaged Kubernetes implementations for private and hybrid clouds. Some of these products -- such Red Hat's OpenShift Container Platform, Docker Enterprise Edition and Rancher's eponymous platform -- offer their own distribution of the container orchestration software, and most add their own enterprise security and management features on top of upstream Kubernetes code.

However, some enterprise IT shops still prefer to download Kubernetes source code from GitHub and leave out IT vendor middlemen.

"We're seeing a lot of companies go with [upstream] Kubernetes over Docker [Enterprise Edition] and [Red Hat] OpenShift," said Damith Karunaratne, director of client solutions for Indellient Inc., an IT consulting firm in Oakville, Ont. "Those platforms may help with management out of the gate, but software license costs are always a consideration, and companies are confident in their technical teams' expertise."

The case for pure upstream Kubernetes

One such company is Rosetta Stone, which has used Docker containers in its DevOps process for years, but has yet to put a container orchestration tool into production. In August 2017, the company considered Kubernetes overkill for its applications and evaluated Docker swarm mode as a simpler approach to container orchestration.

Fast-forward a year, however, and the global education software company plans to introduce upstream Kubernetes into production due to its popularity and ubiquity as the container orchestration standard in the industry.

Concerns about Kubernetes management complexity are outdated, given how the latest versions of the tool smooth out management kinks and require less customization for enterprise security features, said Kevin Burnett, DevOps lead for Rosetta Stone in Arlington, Va.

"We're a late adopter, but we have the benefit of more maturity in the platform," Burnett said. "We also wanted to avoid [licensing] costs, and we already have servers. Eventually, we may embrace a cloud service like Google Kubernetes Engine more fully, but not yet."

Burnett said his team prefers to hand-roll its own configurations of open source tools, and it doesn't want to use features from a third-party vendor's Kubernetes implementation that may hinder cloud portability in the future.

Other enterprise IT shops are concerned that third-party Kubernetes implementations -- particularly those that rely on a vendor's own distribution of Kubernetes, such as Red Hat's OpenShift -- will be easier to install initially, but could worsen management complexity in the long run.

"Container sprawl combined with a forked Kubernetes runtime in the hands of traditional IT ops is a management nightmare," said a DevOps transformation leader at an insurance company who spoke on condition of anonymity, because he's not authorized to publicly discuss the company's product evaluation process.

His company is considering OpenShift because of an existing relationship with the vendor, but adding a new layer of orchestration and managing multiple control planes for VMs and containers would also be difficult, the DevOps leader predicted, particularly when it comes to IT ops processes such as security patching.

"Why invite that mess when you already have your hands full with a number of packaged containers that you're going to have to develop security patching processes for?" he said.

Vendors' Kubernetes implementations offer stability, support

Fork is a fighting word in the open source world, and most vendors say their Kubernetes implementations don't diverge from pure Kubernetes code. And early adopters of vendors' Kubernetes implementations said enterprise support and security features are the top priorities as they roll out container orchestration tools, rather than conformance with upstream code, per se.

Amadeus, a global travel technology company, is an early adopter of Red Hat OpenShift. As such, Dietmar Fauser, vice president of core platforms and middleware at Amadeus, said he doesn't worry about security patching or forked Kubernetes from Red Hat. While Red Hat could theoretically choose to deviate from, or fork, upstream Kubernetes, it hasn't done so, and Fauser said he doubts the vendor ever will.

Meanwhile, Amadeus is on the cusp of multi-cloud container portability, with instances of OpenShift on Microsoft Azure, Google and AWS public clouds in addition to its on-premises data centers. Fauser said he expects the multi-cloud deployment process will go smoothly under OpenShift.

Multi-tenancy support and a DevOps platform on top of Kubernetes were what made us want to go with third-party vendors.
Surya Suravarapuassistant vice president of product development, Change Healthcare

"Red Hat is very good at maintaining open source software distributions, patching is consistent and easy to maintain, and I trust them to maintain a portable version of Kubernetes," Fauser said. "Some upstream Kubernetes APIs come and go, but Red Hat's approach offers stability."

Docker containers and Kubernetes are de facto standards that span container environments and provide portability, regardless of which vendor's Kubernetes implementation is in place, said Surya Suravarapu, assistant vice president of product development for Change Healthcare, a healthcare information technology company in Nashville, Tenn., that spun out of McKesson in March 2017.

Suravarapu declined to specify which vendor's container orchestration tools the company uses, but said Change Healthcare uses multiple third-party Kubernetes tools and plans to put containers into production this quarter.

"Multi-tenancy support and a DevOps platform on top of Kubernetes were what made us want to go with third-party vendors," Suravarapu said. "The focus is on productivity improvements for our IT teams, where built-in tooling converts code to container images with the click of a button or one CLI [command-line interface] line, and compliance and security policies are available to all product teams."

A standard way to manage containers in Kubernetes offers enough consistency between environments to improve operational efficiency, while portability between on-premises, public cloud and customer environments is a longer-term goal, Suravarapu said.

"We're a healthcare IT company," he added. "We can't just go with a raw tool without 24/7 enterprise-level support."

Still, Amadeus's Fauser acknowledged there's risk to trust one vendor's Kubernetes implementation, especially when that implementation is one of the more popular market options.

"Red Hat wants to own the whole ecosystem, so there's the danger that they could limit other companies' access to providing plug-ins for their platform," he said.

That hasn't happened, but the risk exists, Fauser said.

Dig Deeper on Containers and virtualization