This is a question we get asked almost daily by people looking for a Kubernetes management platform. So we've done the research and created a comparison table for Portainer vs Rancher vs OpenShift.
How does Portainer compare to Rancher? How about to OpenShift?
For a long time, the answer was "well, we are not really sure, as we don't use those tools day in, day out". But recently, we've spent considerable time deploying and understanding Rancher and OpenShift to discover their strengths, weaknesses (or functionality they don't attempt to provide), and seeing how we compare. We took a non-biased view of this assessment, as being biased doesn't help us to learn (and we hope you appreciate the transparency).
If I had to draw a similarity, Portainer is more like OpenShift than we are like Rancher, primarily due to the product strategy of OpenShift, which is to make the hard, easy. This is very similar to our goal of reducing toil and mental burden in the operation of Kubernetes. Rancher is basically a 1:1 technical translation of API to UI, and doesn't attempt to enable non-experts to operate the platform, and that's a totally acceptable strategy for their ideal customer profile.
Analysis
- Build Environments
Straight off the bat, Portainer and Rancher/OpenShift serve two very different needs. Rancher and OpenShift are both tools that you use to CONSTRUCT yourself a Kubernetes cluster, one that is self-managed (be that on prem or in-cloud). Portainer as a company does not provide a Kubernetes distribution, and we have no mechanism to build an on-premises cluster in our app, so if this is your primary need, we won't help there, but we can help you to build Kubernetes clusters through Cloud Provider KaaS offerings, which arguably is the most operationally efficient way of using Kubernetes anyway.
Summary: Portainer helps you deploy managed Kubernetes clusters, which is our recommended way of consuming Kubernetes unless you have a large dedicated team of Kubernetes experts.
- Multi-Cluster Management
Secondly, the biggest difference we can see between both Portainer & Rancher vs OpenShift is that OpenShift is not a multi-cluster manager. You use the OpenShift installer to build a (singular) OpenShift cluster against either on-premises equipment or in a select number of cloud provider IaaS offerings, and the cluster gets deployed with a Management UI for that cluster. There is no way to deploy any additional clusters and manage them from the one management UI. Of course, RedHat has an additional product that does this (Redhat Advanced Cluster Management for Kubernetes), but this requires a dedicated cluster to run it, and it's a licensed product. I guess if you can afford to pay for OpenShift, then paying an additional $800 per month for a dedicated management cluster and an extra license fee is probably okay. Rancher and Portainer both let you (natively) deploy or import any number of existing environments under the one management server, which is great when you are operating at scale.
Summary: Portainer is a multi-cluster manager that is extremely lightweight and can provide centralized access control and governance at scale.
- Platform vs Tool
It's important to note that all three products are aiming to be a complete "turn-key" platform to manage containerized applications, with the analogy "Kubernetes is the engine, we are the car" commonly used.
All three products aim to be much more than just an alternative to the Kubernetes Dashboard (or variants of it, like Mirantis Lens). In reality, all these products aim to provide a comprehensive Kubernetes management platform that includes an intuitive UI that guides less experienced users, an integrated GitOps capability, integrated monitoring/observability, and integrated alerting. Because of this, all three offer either native capability or integrations with 3rd party open source components (such as ArgoCD).
Portainer made a decision to integrate with the Kubernetes Metrics API, which gives a good level of observability, rather than requiring all users to deploy the resource-heavy Prometheus and Grafana. That said, there is nothing stopping you from using Prometheus and Grafana, or ArgoCD alongside Portainer.
Summary: if you want a quick view of resource usage of your apps, and can't spare the additional resource overhead, Portainer is your only choice here.
- Ease of Use
Really though, the most impactful difference between the products is the target user. Portainer and OpenShift both provide a management experience that applies safe/secure best practices, and does so to ensure that non-experts can operate in an environment that they might not fully understand.
With Portainer, the admin can easily disable Portainer's applied defaults and customize them to suit the skills of the team, whereas with OpenShift the defaults are enforced. If the defaults don't suit you, then OpenShift will cause friction.
Rancher however takes a very different approach. Rancher's product appears to be tailored to Kubernetes experts, who are expected to know how to secure the platform and applications correctly.
Summary: if you want a guided, intuitive, safe-by-default experience, with the ability for the admin to adjust the defaults, then choose Portainer.
Portainer vs Rancher vs OpenShift Comparison Table
Detailed below is the side-by-side, feature comparison for Portainer, Rancher, and OpenShift.
Technology moves fast, so we will rerun this assessment quarterly and update it as applicable.
Cluster Build
|
Capability |
OpenShift |
Rancher |
Portainer |
|
Create In-Cloud KaaS Clusters |
No |
Yes (AKS, GKE, EKS) |
Yes (AKS, GKE, EKS, Civo, DoKS, Linode) |
|
Create and Update In-Cloud (IaaS) Kubernetes Clusters |
Yes, the initial cluster (using installer) |
Yes |
No |
|
Create and Update On-Premises Kubernetes Clusters |
Yes, the initial cluster (using installer) |
Yes |
No |
Cluster Management
|
Capability |
OpenShift |
Rancher |
Portainer |
|
Import and Manage Existing Kubernetes Clusters |
No, unless purchasing additional software (RHACM) |
Yes |
Yes |
|
Can configure Cluster Internal Settings (APIServer etc) |
Yes (via YAML) |
Yes (via UI for RKE) |
No |
|
Can enable User authentication for Cluster |
Yes |
Yes |
Yes |
|
Can enable Groups within Cluster |
Yes, manual management |
Yes, with external management option |
Yes, with external management option |
|
Can create ServiceAccounts within Cluster |
Yes |
Yes |
No |
|
Can create Cluster RBAC Roles and Bindings |
Yes (via YAML) |
Yes, pre-defined and custom roles. |
Yes, pre-defined roles. Roles assigned to users via UI |
|
Applies secure defaults |
Yes |
No (except Rancher Federal) |
Yes |
|
Can change/deactivate secure defaults |
No |
No |
Yes |
|
Can set Pod security policies |
Yes (via proprietary SCC) |
Yes (using PSP - deprecated) |
Yes (via OPA) |
|
Configure Node Settings |
Yes (via YAML) |
Yes (via YAML) |
No |
|
View Node Status (health, conditions, events, taints, images, pods, resources, logs) |
Yes |
Yes |
Partial (no conditions, images, logs) |
|
Kubernetes API Proxy (can use KubeCTL) |
Yes, after generating kubeconfig using oc client |
Yes by downloading Kubeconfig from UI |
Yes by downloading Kubeconfig from UI |
Multi-Cluster Management
|
Capability |
OpenShift |
Rancher |
Portainer |
|
Multi-Cluster Management from a single management instance |
No, unless purchasing additional software (RHACM) |
Yes |
Yes` |
|
Centralized User Management |
N/A |
Yes |
Yes |
|
Centralized Group Management |
N/A |
Yes |
Yes |
|
Centralized Access Control |
N/A |
Yes |
Yes |
|
Centralized RBAC |
N/A |
Yes |
Yes |
Namespaces
|
Capability |
OpenShift |
Rancher |
Portainer |
|
Create/Delete namespaces |
Yes (via YAML) |
Yes (via UI and YAML) |
Yes (via UI and YAML) |
|
Assign Users / Groups Role based access to namespaces |
Yes (via YAML) |
Yes (via UI) |
Yes (via UI) |
|
Can Set and apply NetworkPolicies to Namespaces |
Yes |
Yes |
No |
|
Can set CPU/RAM Resource Quotas in Namespaces |
Yes |
Yes |
Yes |
|
Can set advanced resource quotas (disk, load balancers) in Namespaces |
No |
Yes |
Yes |
Deployments
|
Capability |
OpenShift |
Rancher |
Portainer |
|
Create Pods |
Y |
N |
N |
|
Create Deployment / ReplicaSet |
Y |
Y |
Y |
|
Create DaemonSet |
Y |
Y |
Y |
|
Create StatefulSet |
Y |
Y |
Y |
|
Create CronJob |
Y |
Y |
N |
|
Create Jobs |
Y |
Y |
N |
|
No-Code UI based Deployment |
Y |
Y |
Y |
|
Simplified UI Deployment (minimal Kube-Specific Lingo, minimal questions) |
Y |
N |
Y |
|
Create Deployments from YAML |
Y |
Y |
Y |
|
Create Deployments from HELM |
Y |
Y |
Y |
|
Create Deployments from YAML with Kustomize |
N |
Y |
N |
|
Create Deployments from Docker Compose Files |
N |
N |
Y |
|
Create Stacks of Applications |
Y (App Grouping) |
N |
Y (Stacks) |
|
Support Setting HealthChecks (Readiness, Liveness, Startup Probes) |
Y |
Y |
N |
|
Support ConfigMaps and Secrets |
Y |
Y |
Y |
|
Support Images from Private Registries |
Y (image pull secret) |
Y (image pull secret) |
Y (centrally managed) |
|
Support Setting Resource Limits |
Y |
Y |
Y |
|
Support Setting Rollout (Scaling and Update) Strategy |
Y |
Y |
N |
|
Support configuring Pod Autoscaler |
Y |
Y |
Y |
|
Support Setting Labels and Annotations |
Y |
Y |
N |
|
Monitor Performance |
Prometheus |
Prometheus |
Metrics Server |
|
View Events |
Y |
Y |
Y |
|
Connect to Console |
Y |
Y |
Y |
|
View Logs |
Y |
Y |
Y |
|
View YAML |
Y |
Y |
Y |
|
Set and View Alerts (via AlertManager) |
Y |
N |
N |
|
Marketplace Templates |
Y |
Y |
Y |
|
Custom Deployment Templates |
Y (BuildConfigs) |
No |
Y (Custom Templates) |
|
Can install Operators/CRDs |
Yes |
Yes |
No (unless via HELM) |
|
Multi-Cluster Deployments |
No, unless purchasing additional software (RHACM) |
Yes (Fleet) |
Yes (EdgeStacks) |
Storage
|
Capability |
OpenShift |
Rancher |
Portainer |
|
Can Create Persistent Volumes |
Yes (via UI and YAML) |
Yes (via UI and YAML) |
Yes (via UI and YAML) |
|
Can Create Persistent Volume Claims |
Yes (via UI and YAML) |
Yes (via UI and YAML) |
Yes (via UI and YAML) |
|
Can take Volume Snapshots |
Yes |
No |
No |
Networking
|
Capability |
OpenShift |
Rancher |
Portainer |
|
Define Services and map to deployments |
Y |
Y |
Y |
|
Define Ingress HTTP & HTTPS pass-through Routes |
Y |
Y |
Y |
|
Define Ingress HTTPS Routes (ingress termination) |
Y |
N |
N |
|
Publish Service via Load Balancer |
N |
Y |
Y |
Integrations
|
Capability |
OpenShift |
Rancher |
Portainer |
|
Centralized Logging |
Yes |
Yes (Banzai) |
No |
|
Metrics API |
Prometheus |
Prometheus |
Metrics Server |
|
Observability Stack |
Yes (Prometeus & Grafana) |
Yes (Prometeus & Grafana) |
No |
|
Alerting |
Yes (AlertManager |
Yes (AlertManager) |
No |
|
ServiceMesh |
Yes |
Yes |
No |
|
Serverless API |
Yes (kNative) |
No |
No |
|
CI Tooling (Image Builds) |
Yes |
No |
No |
|
CD Tooling |
Yes |
No |
No |
|
GitOps Tooling |
Yes (ArgoCD) |
Yes (Native) |
Yes (Native) |
|
Multi-Cluster CD Tooling |
No, unless purchasing additional software (RHACM) |
Yes, Fleet |
Partial (Edge stacks, one time deploy) |
|
Cluster Backups |
Yes |
Yes |
No |
|
OPA Gatekeeper |
Yes |
Yes |
Yes |
|
Security Scanning |
No |
Yes |
No |
Try Portainer with 3 Nodes Free
If you're ready to get started with Portainer Business, 3 nodes free is a great place to begin. If you'd prefer to get in touch with us, we'd love to hear from you!
COMMENTS