Kubernetes On-Prem

This is a tough comparison as there are so many options and nobody is going to have the time to trial them all. So what I’ve attempted to do is crowd source information and rationalize down the options to a smaller number based on differentiating features.

After a long period of mental distillation I’ve selected to compare OpenShift, Rancher and PKS. The elephant in the room is always custom installers for which there is no direct comparison. Steve the DevOps guy could choose to manually type in KubeADM commands, or use Terraform, Ansible, Puppet, or bash scripts.

I’m going to assume that if you have a data centre you’re probably a reasonable size company with some budget. If you have a strong technical team already then they won’t need my help deciding what to use and may well go custom. This blog is for On-Prem Kubernetes selection when you’re just starting out and would like to de-risk Steve setting it all up and leaving.

Above is my analysis to date. You can see the raw spreadsheet here. You will notice that literally everyone has edit rights to that sheet. If you feel I have missed out your preferred option please update the sheet and I’ll add it to this blog, and if the information is compelling I will change my mind.

What would be massively helpful is if you could call out a clear differentiator for why anyone would pick another option over the three I have listed here. Something major as a unique selling point. As far as I could tell every option outside of the three I chose are simply me-too’s.

When adding a unique selling point please also remember who you’re dealing with. I don’t suffer marketing bullshit on this blog.

Let’s take a brief interlude into what a proper research company thinks as it’s always useful to see another source of data. There was a recent report carried out by Forrester entitled “Enterprise Container Platform Software Suites, Q4 2018“. They have the infamous magic quadrant, or a variation of it.

Forrester put Docker Enterprise, Redhat OpenShift and Rancher as the leaders. When you look at the size of the bubbles it shows Redhat, Pivotal, Docker and IBM having the most market presence.

So why didn’t I include Docker and IBM in my comparison? I honestly couldn’t see a reason why you would use them. The marketing is all identical to Redhat and Pivotal, and yet Redhat and Pivotal have specific functionality that make them more compelling.

I’ve compiled a quick table to help people decide. We’ll cover some of the points that people may like to debate from this table and then I’ll finish up with my recommendation.

Firstly, let’s cover costs. These are always subject to change and I know behind the scenes that Redhat are working on a usage model that may alter things in future. However, today, if you were to get a quote for OpenShift you’d be looking at approximately $1200 per virtual core per year. Add on top of that the cost for professional services and training. You only need a couple of 50 virtual core clusters to reach $1m+ per year in software licensing costs alone.

Now I’m not saying that’s bad value for money. You get a lot of software and support when you go with OpenShift and it may work out less expensive and risky than recruiting a team of Kubernetes experts to build and operate your platform. On the flip side of that you do get massively locked-in from a sunken cost perspective. I’ve helped build a vanilla Kubernetes platform from scratch and I wouldn’t be qualified to administer OpenShift without a training course and experience. OpenShift simply adds so much Redhat specific stuff around Kubernetes that you end up isolated from a technical perspective.

There’s also no denying that OpenShift is the gold standard for security hardened Kubernetes. Out of the box containers don’t run as root, and they have locked down every interface with auth.

Pivotal has similar problems from a lock-in perspective. However, I’d argue that if you’re on VMWare you’re probably locked in already. The list price costs for Pivotal PKS are around $800 per pod and will probably come in at around 50% of the total cost of purchasing OpenShift licenses for the same size clusters. The benefits of PKS are really around the integration with vSphere, the SDN and the storage.

I do know of one company who are running VMWare that still went with OpenShift. They are a mix of on-premise VMWare and AWS / GCP for cloud.

Regarding the differentiators I have a couple of quotes from the platform architect.

“PKS is way behind Openshift. Openshift has the CNS (container native storage) which can used with Gluster, VMWare, EBS etc.”

“On the OpenShift platform you have access to the RH images which are performance tuned for containers. We ran one from Docker for JBOSS and one from Redhat. The Redhat one was 11% faster.”

From a technical perspective I assume both factors there could be eventually worked out on both platforms. It is interesting however that Redhat are playing to their strengths in big enterprise with optimisations across the entire stack including at the operating system level.

My Recommendation


I didn’t spend a lot of time talking about Rancher on this blog. This is really because there’s not much to say from a negative perspective and therefore much fewer statements to qualify.

Why would I choose Rancher over everything else? I see Rancher as the best, simplest technical choice.

Some may see the lack of IaaS integrations as a weakness whereas I suspect anyone running a data centre nowadays probably has a method to image servers and network them together. Rolling out RancherOS, or using an existing Linux image with Docker on it is the only prerequisite. From that point creating a Rancher 2.0 cluster using RKE is a simple matter of updating a yaml file and running rke up.

You’ll need to configure all of the networking and storage yourself outside of Rancher. Again, I quite like this. You probably already have a proficiency with your on-premise routers and SANs. You can simply skip learning the vendor lock-in stuff from Redhat and Pivotal. Now people may argue that you could do that with any cluster, but I’d respond by asking then what are you paying for?

The other cool thing to know is that Rancher RKE (the management UI) actually works with any Kubernetes cluster. Not just Rancher 2.0 clusters. If you decide to go hybrid then you can spin up clusters in other clouds.

Let’s tackle the Redhat marketing absurdity regarding hybrid cloud. If you are moving to the cloud then the best end result is to simply use the Kubernetes service that they offer. Google GKE is awesome and production ready right now. Azure AKS and AWS EKS are both iterating at a reasonable speed and will become defacto no-brainers for Kubernetes cluster choices on those platforms within the next year.

If that’s your end goal why would you lock yourself into a solution like OpenShift and PKS on-premise now? You’re literally creating a complex migration project for no reason, or worse, you’re getting conned into running these solutions at added expense in the cloud when there is no reason to.

The only reason I can think for using OpenShift and PKS is if you have a long term strategy of always running a data centre.

Final Words..

Dread it. Run from it. Google GKE On-Prem still arrives. I’m actually looking forward to seeing what this looks like. Google aren’t well known for their on-premise software so it may turn out to be a total failure. The connection between On-Prem clusters and the GKE web console looks quite cool. This blog will undoubtedly get updated once it’s released.


Blog Updates At the beginning of this week I saw the usual monitoring related threads on Reddit. They are always the…

Read more

There are so many options to choose from it can be a daunting task to even get started with Kubernetes. Here's some…

Read more

What are some good certifications to have and what's the best way to train for them? This page is an attempt at…

Read more

Tell us about a new Kubernetes application


Never miss a thing! Sign up for our newsletter to stay updated.


Discover and learn about everything Kubernetes