OpenShift Origin — Enterprise Kubernetes Platform by Red Hat

Introduction

OpenShift Origin (now OKD, the community distribution of OpenShift) extends Kubernetes with opinionated defaults for enterprise use. It provides integrated image builds, a web console, role-based multi-tenancy, and operator-driven infrastructure management, reducing the operational burden of running Kubernetes in production.

What OpenShift Does

• Provides a Kubernetes distribution with hardened security defaults (SELinux, SCC policies)
• Includes Source-to-Image (S2I) builds that compile code into container images without Dockerfiles
• Offers a rich web console for cluster management, monitoring, and developer self-service
• Manages infrastructure components via Operators and the Operator Lifecycle Manager (OLM)
• Supports multi-cluster management through Red Hat Advanced Cluster Management

Architecture Overview

OpenShift runs a standard Kubernetes control plane (API server, etcd, controller-manager, scheduler) with additional components: the OpenShift API server for project/route management, an integrated OAuth server, the image registry operator, and the machine-config-operator for node OS management. CoreOS (or RHCOS) serves as the immutable node operating system managed declaratively.

Self-Hosting & Configuration

• Deploy OKD (community version) on bare metal, AWS, GCP, Azure, or vSphere using the openshift-install CLI
• Minimum cluster requires 3 control plane and 2 worker nodes for high availability
• Configure via install-config.yaml specifying platform, networking (OVN-Kubernetes or OpenShift SDN), and machine pools
• Use oc adm commands or the web console for day-2 cluster administration
• Operators manage upgrades, certificate rotation, and component lifecycle automatically

Key Features

• Routes provide built-in ingress with TLS termination without external ingress controllers
• Integrated CI/CD via OpenShift Pipelines (Tekton) and OpenShift GitOps (Argo CD)
• Security Context Constraints (SCCs) enforce pod-level security beyond standard PodSecurityPolicies
• Developer Catalog offers one-click deployment of databases, middleware, and application templates
• Serverless support through OpenShift Serverless (Knative)

Comparison with Similar Tools

• Vanilla Kubernetes — OpenShift adds opinionated security, web console, and integrated builds
• Rancher — multi-cluster manager that works with any Kubernetes distribution
• Tanzu — VMware's Kubernetes platform, focused on vSphere integration
• EKS/GKE/AKS — managed cloud Kubernetes services without the self-hosted control plane
• KubeSphere — open-source multi-cluster platform with a similar feature scope

FAQ

Q: What is the difference between OpenShift and OKD? A: OKD is the upstream community distribution. Red Hat OpenShift Container Platform (OCP) is the commercially supported product built from OKD.

Q: Can I run OpenShift on a single node? A: Yes. Single Node OpenShift (SNO) is supported for edge and small-footprint deployments.

Q: Is OpenShift free to use? A: OKD is free and open source. Red Hat OpenShift requires a subscription for support and access to RHCOS and certified operators.

Q: How does OpenShift handle upgrades? A: The Cluster Version Operator manages rolling upgrades of all control plane and worker components with minimal downtime.

Sources

• https://github.com/openshift/origin
• https://docs.okd.io/