Item: Red Hat OpenShift
Rating: 7
Author: Brandon Hamilton

Use Cases and Deployment Scope

We use OpenShift (OCP) to host a number of user facing applications that support the ability to rapidly deploy virtual range environment for testing and training. OCP specifically hosts the pods that comprise these applications to include a portal, chat, lobby, and dashboard. OCP allows us to orchestrate the containers (we have upwards of 150 containers that comprise the user facing portion of our platform) in a way that embeds many non-K8 native features, such as network policies and basic security features (such as root-less containers.)

Pros and Cons

Native integration of security features such as network policies and root-less deployments
Centralized dashboards for management of the cluster, namespaces, and pods
Log aggregation of cluster resources and deployments
Relatively stable after cluster is deployed

LDAP integration needs a lot more polishing; getting the LDAP sync operator to function properly turned into a lot larger of an effort than I'd like to see. To date, it also does not appear to support LDAPS
Improved management of cluster-level resources; specifically certificates for the cluster. The industry is moving away from wildcard certificates and long term client (non-CA) certificates. Changing certificates and updating certificate trusts is extremely difficult and time consuming.
Deterministic health monitoring is another feature that I think can be improved. While OCP is better than a bare-metal K8s deployment, we've had multiple master (infrastructure) nodes that go into a degraded state, with no clear indiction of the root cause. Working with RH support did not yield any answers, and resulted in re-deployment of the nodes to get the cluster healthy again.

Return on Investment

OCP has allowed our platform to move towards a highly available infrastructure, and push our developers to provide more cloud-native applications and services
The initial deployment of OCP was a large costly investment, both in terms of monetary and man-hour resources. Once deployed however, the overhead has been more than manageable.

Alternatives Considered

VMware Tanzu and Amazon Elastic Kubernetes Service (EKS)

The biggest thing that OCP provides out of the box, that I've yet to find in the offerings above, is native security integrations with things such as Network Policies and root-less deployments. Their acquisition of StackRox (Advanced Cluster Security) also provides a much more tightly integrated security posture for the cluster, than you might find with the offerings above, without the need for sourcing third party tools.

Key Insights

Do you think Red Hat OpenShift delivers good value for the price?

Yes

Are you happy with Red Hat OpenShift's feature set?

Yes

Did Red Hat OpenShift live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Red Hat OpenShift go as expected?

Would you buy Red Hat OpenShift again?

Other Software Used

Red Hat Enterprise Linux (RHEL), Red Hat Advanced Cluster Security for Kubernetes (StackRox), Red Hat Satellite, Red Hat Ansible Automation Platform

Likelihood to Recommend

OCP is extremely well suited for users that are familiar with K8 clusters, but don't have a solid understanding of how to deploy, troubleshoot, and diagnose issues. I think OCP is a good fit for organizations that do not have experienced, senior-level K8s engineers, and have a large amount of capital to invest into their infrastructure.
For organizations that do not have a large budget, or have more experienced K8s engineers, I think there are other offerings that may be more suitable.
Lastly, for organizations, such as ours, that run manually VMware products, offerings such as Tanzu and Tanzu Kubernetes Grid with NSX may integrate more cleanly into the environment.

Review of OCP

Software Version

Modules Used

Overall Satisfaction with Red Hat OpenShift