Comparing IBM Cloud Containers products
IBM Cloud offers several products for deploying containers.
Quick and simple: IBM Cloud Code Engine
Code Engine
IBM Cloud® Code Engine (or "Code Engine") was developed by IBM with the goal of helping you create modern, source-centric, containerized, and serverless apps and jobs. The platform is designed to address the needs of developers who just want their code to run. Code Engine abstracts the operational burden of building, deploying, and managing workloads in Kubernetes so that developers can focus on what matters most to them: the source code.
| Capability | Description |
|---|---|
| Runs your workloads | Code Engine runs your HTTP-driven applications and your run-to-completion batch jobs. |
| Fully managed service | Code Engine takes care of all the cluster management, including provisioning, configuring, scaling, and managing servers so you do not need to worry about the underlying infrastructure. |
| Builds your code | Code Engine pulls your source code and creates the container image for you. Code Engine supports both Dockerfile and Cloud Native Buildpack. |
| Private workloads | Store your source code in private repositories and push your images to private registries and Code Engine can access them. |
| Fully integrated | Code Engine is fully integrated into IBM Cloud so that you can take advantage of the full catalog of IBM Cloud services. |
| Event-driven workloads | Extend the functionality of your applications with messages (events) from event producers. Your application can then react to those events and perform actions based on them. |
| Autoscales - even to zero | Code Engine automatically scales your workloads up and down, and even down to zero when no requests are active. You pay for only the resources that you consume. |
| Control access | Assign platform and services access permissions to your projects in IBM Cloud Identity and Access Management to control who can provision and manage resources in your IBM Cloud account. |
| Based on open source | Code Engine is built on a set of open source technologies such as Kubernetes, Knative, Istio, and Tekton, keeping your apps and jobs portable. |
| DDoS protection | Code Engine provides immediate DDoS protection for your application. Code Engine's DDoS protection is provided by Cloud Internet Services (CIS) at no additional cost to you. DDoS protection covers System Interconnection (OSI) Layer 3 and Layer 4 (TCP/IP) protocol attacks, but not Layer 7 (HTTP) attacks. See DDoS protection. |
Scalable clusters with maximum capabilities: IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud
Kubernetes Service
Get started with the Kubernetes Service!
IBM Cloud Kubernetes Service is a managed offering to create your own Kubernetes cluster of compute hosts to deploy and manage containerized apps on IBM Cloud. As a certified Kubernetes provider, IBM Cloud Kubernetes Service provides intelligent scheduling, self-healing, horizontal scaling, service discovery and load balancing, automated rollouts and rollbacks, and secret and configuration management for your apps. Combined with an intuitive user experience, built-in security and isolation, and advanced tools to secure, manage, and monitor your cluster workloads, you can rapidly deliver highly available and secure containerized apps in the public cloud.
Red Hat OpenShift on IBM Cloud
Get started with Red Hat OpenShift on IBM Cloud!
Red Hat OpenShift is a Kubernetes container platform that provides a trusted environment to run enterprise workloads. It extends the Kubernetes platform with built-in software to enhance app lifecycle development, operations, and security. With Red Hat OpenShift, you can consistently deploy your workloads across hybrid cloud providers and environments.
What is a cluster?
- Cluster, worker pool, and worker node
- A Kubernetes cluster consists of a master and one or more compute hosts that are called worker nodes. Worker nodes are organized into worker pools of the same flavor, or profile of CPU, memory, operating system, attached disks, and other
properties. The worker nodes correspond to the Kubernetes
Noderesource, and are managed by a Kubernetes master that centrally controls and monitors all Kubernetes resources in the cluster. So when you deploy the resources for a containerized app, the Kubernetes master decides which worker node to deploy those resources on, accounting for the deployment requirements and available capacity in the cluster. Kubernetes resources include services, deployments, and pods.
Why should I use clusters?
Choice of container platform provider
- Deploy clusters with Red Hat OpenShift or community Kubernetes installed as the container platform orchestrator.
- Choose the developer experience that fits your company, or run workloads across both Red Hat OpenShift or community Kubernetes clusters.
- Built-in integrations from the IBM Cloud console to the Kubernetes dashboard or Red Hat OpenShift web console.
- Single view and management experience of all your Red Hat OpenShift or community Kubernetes clusters from IBM Cloud.
Single-tenant Kubernetes clusters with compute, network, and storage infrastructure isolation
- Create your own customized infrastructure that meets the requirements of your organization.
- Choose between infrastructure providers.
- Provision a dedicated and secured Kubernetes master, worker nodes, virtual networks, and storage by using the resources provided by IBM Cloud infrastructure.
- Fully managed Kubernetes master that is continuously monitored and updated by IBM to keep your cluster available.
- Option to provision worker nodes as bare metal servers for compute-intensive workloads such as data, GPU, and AI.
- Store persistent data, share data between Kubernetes pods, and restore data when needed with the integrated and secure volume service.
- Benefit from full support for all native Kubernetes APIs.
Multizone clusters to increase high availability
- Easily manage worker nodes of the same flavor (CPU, memory, virtual or physical) with worker pools.
- Guard against zone failure by spreading nodes evenly across select multizones and by using anti-affinity pod deployments for your apps.
- Decrease your costs by using multizone clusters instead of duplicating the resources in a separate cluster.
- Benefit from automatic load balancing across apps with the multizone load balancer (MZLB) that is set up automatically for you in each zone of the cluster.
Highly available masters
- Reduce cluster downtime such as during master updates with highly available masters that are provisioned automatically when you create a cluster.
- Spread your masters across zones in a multizone cluster to protect your cluster from zonal failures.
Image security compliance with Vulnerability Advisor
- Set up your own repo in a secured Docker private image registry where images are stored and shared by all users in the organization.
- Benefit from automatic scanning of images in your private IBM Cloud registry.
- Review recommendations specific to the operating system used in the image to fix potential vulnerabilities.
Continuous monitoring of the cluster health
- Use the cluster dashboard to quickly see and manage the health of your cluster, worker nodes, and container deployments.
- Find detailed consumption metrics by using IBM Cloud® Monitoring and quickly expand your cluster to meet work loads.
- Review logging information by using IBM Cloud Logs to see detailed cluster activities.
Secure exposure of apps to the public
- Choose between a public IP address, an IBM provided route, or your own custom domain to access services in your cluster from the internet.
IBM Cloud service integration
- Add extra capabilities to your app through the integration of IBM Cloud services, such as Watson APIs, Blockchain, data services, or Internet of Things.
How do I choose between IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud?
If you know you want to manage your containers in a cluster, consider these differences as you choose between the two products.
| Characteristics | Kubernetes clusters | Red Hat OpenShift clusters |
|---|---|---|
| Complete cluster management experience through the IBM Cloud Kubernetes Service automation tools (API, CLI, console) | Yes | Yes |
| Worldwide availability in single and multizones | Yes | Yes |
| Consistent container orchestration across hybrid cloud providers | Yes | Yes |
| Access to IBM Cloud services such as AI | Yes | Yes |
| Software-defined storage Portworx solution available for multizone data use cases | Yes | Yes |
| Create a cluster in an IBM Virtual Private Cloud (VPC) | Yes | Yes |
| Latest Kubernetes distribution | Yes | |
| Scope IBM Cloud IAM access policies to access groups for service access roles that sync to cluster RBAC | Yes | |
| Classic infrastructure cluster on only the private network | Yes | |
| GPU bare metal worker nodes | Yes | Yes |
| Integrated IBM Cloud Paks and middleware | Yes | |
| Built-in container image streams, builds, and tooling (read more) | Yes | |
| Integrated CI/CD with Jenkins | Yes | |
| Stricter app security context set up by default | Yes | |
| Simplified Kubernetes developer experience, with an app console that is suited for beginners | Yes | |
| Supported operating system | Kubernetes version information | Red Hat OpenShift version information |
| Preferred external traffic networking | Ingress | Router |
| Secured routes encrypted with Hyper Protect Crypto Services | Yes |
Storing images: IBM Cloud Container Registry
Container Registry
Get started with the Container Registry!
| Benefit | Description |
|---|---|
| Highly available and scalable private registry. | Set up your own image namespace in a multi-tenant, highly available, scalable, encrypted private registry that is hosted and managed by IBM.
Store your private Docker images and share them with users in your IBM Cloud account. |
| Image security compliance with Vulnerability Advisor. | Benefit from automatic scanning of images in your namespace.
Review recommendations that are specific to the operating system to fix potential vulnerabilities and protect your containers from being compromised. |
| Quota limits for storage and pull traffic. | Benefit from free storage and pull traffic to your private images until you reach your free quota.
Set custom quota limits for the amount of storage and pull traffic per month to avoid exceeding your preferred payment level. |