**OKD** is the open source upstream distribution of Red Hat OpenShift — an opinionated, enterprise-grade [[Kubernetes]] platform that bundles a container registry, CI/CD tooling, developer console, multi-tenancy, and project isolation on top of vanilla Kubernetes. Think of it as Kubernetes with strongly enforced opinions and a full developer platform pre-integrated. --- ### First Principle: Most teams need a platform, not just an orchestrator. Kubernetes is the foundation; OKD is the platform. Raw Kubernetes gives you a powerful but bare substrate. Every team ends up bolting on the same things: a registry, GitOps, monitoring, multi-tenancy, and a developer portal. OKD pre-integrates and opinionates all of these — reducing the total number of decisions, at the cost of flexibility. --- ### Key Considerations - **Routes vs Ingress**: OKD uses OpenShift Routes (a superset of Kubernetes Ingress) for external traffic. HAProxy is the default router. - **Source-to-Image (S2I)**: Developers push source code; OKD builds container images automatically — removing the container build step from developer workflows. - **Built-in Registry**: OKD includes an integrated container registry with RBAC and automated image pruning. - **Security Context Constraints (SCCs)**: OKD's SCC system is more restrictive than vanilla Kubernetes — by default, containers cannot run as root. - **[[KubeVirt]] (OpenShift Virtualisation)**: Red Hat's VM-on-Kubernetes product is built on [[KubeVirt]] and ships as an OKD/OpenShift add-on. - **vs [[Rancher]]**: Rancher is more flexible and cloud-agnostic. OKD is more integrated but more opinionated. --- ### How It Fits ``` Developers (source code + [[Tekton]] pipelines) → OKD (platform: registry, routing, RBAC, console) → [[Kubernetes]] (underlying orchestrator) → [[KubeVirt]] (optional VM workloads) ``` [[Kubernetes]] | [[KubeVirt]] | [[Rancher]] | [[Tekton]] | [[ArgoCD]] | [[Open Source Hyperscaler MoC]]