Kubernetes limitations

Although it is a powerful orchestration engine, Kubernetes doesn't have the features that are commonly required by PaaS solutions such as OpenShift and others:

• Security:

Kubernetes namespaces are provided mainly for the purpose of resource quota enforcement for different groups of users, but they do not provide any security constraints or authentication. For example, every user from every namespace can see all other namespaces and their resources.

• Deployments:

Kubernetes provides the means to create a deployment from an image with a single command, but doesn't create a service for external clients.

• SCM integration:

Kubernetes doesn't support integration with SCM via webhooks to facilitate deployment.

• Builds:

Kubernetes doesn't provide advanced build modes such as Source-to-Image (S2I) and Custom Builder.

• Authentication:

Support for advanced authentication schemes such as LDAP, Google, GitHub, Keystone, or Kerberos is achieved only through a webhook or authenticating proxy.

• CI/CD:

Kubernetes has no integrated application life cycle support, which makes it difficult to integrate it into a corporate software delivery framework.

All these limitations will be addressed in the OpenShift sections in subsequent chapters.