I'm new to kubernetes and openshift (came from docker swarm world) and I'm having trouble with some of kubernetes and openshift documentation especially related to route and services. I was looking for how to expose a replica set of containers externally and I've found kubernetes documentation uses a service to expose the pod while openshift uses routes. can anyone explain to me the differences?
There are only minor differences in tools being used. OpenShift is a Kubernetes distribution, this means it is a collection of opinionated pre-selected components. So for Ingress, OpenShift uses HAProxy to get (HTTP) traffic into the cluster. Other Kubernetes distributions maybe use the NGINX Ingress Controller or something similar.
So Services
are used to loadbalance traffic inside the cluster. So when you create a ReplicaSet
, you'll have multiple Pods running. To "talk" to these Pods, you typically create a Service
. That Service
will distribute the traffic evenly between your Pods.
So to get HTTP(S) traffic from the outside to your Service
, OpenShift uses Routes
(Ingress
in other Kubernetes distributions):
+-----+
+-->+ Pod |
+-------+ +---------+ | +-----+
Traffic--->+ Route +------>+ Service +--+-->+ Pod |
+-------+ +---------+ | +-----+
+-->+ Pod |
+-----+
So to expose your application to the outside world, you typically create an internal Service
using oc create service
and then create a Route
using oc expose
:
# Create a new ClusterIP service named myservice
oc create service clusterip myservice --tcp=8080:8080
oc expose service myservice
Red Hat had needed an automated reverse proxy solution for containers running on OpenShift long before Kubernetes came up with Ingress. So now in OpenShift we have a Route objects which do almost the same job as Ingress in Kubernetes. The main difference is that routes are implemented by good, old HAproxy that can be replaced by commercial solution based on F5 BIG-IP. On Kubernetes, however, you have much more choice, as Ingress is an interface implemented by multiple servers starting from most popular nginx, traefik, AWS ELB/ALB, GCE, Kong and others including HAproxy as well.
So which one is better you may ask? Personally, I think HAproxy in OpenShift is much more mature, although doesn’t have as much features as some Ingress implementations. On Kubernetes however you can use different enhancements - my favorite one is an integration with cert-manager that allows you to automate management of SSL certificates. No more manual actions for issuing and renewal of certificates and additionally you can use trusted CA for free thanks to integration with Letsencrypt!
As an interesting fact, I want to mention that starting from OpenShift 3.10 Kubernetes Ingress objects are recognized by OpenShift and are translated/implemented by.. a router. It’s a big step towards compatibility with configuration prepared for Kubernetes that now can be launched on OpenShift without any modifications.
© 2022 - 2024 — McMap. All rights reserved.