This document summarizes how Kubernetes can be used on OpenStack. It discusses integrating Kubernetes with OpenStack services for networking (Neutron), identity and access management (Keystone), storage (Cinder and Swift), cluster setup/management, and container registry. For each area, it provides an overview of the current integration and potential future enhancements.
9. Kube APIs requires identity and access
management
• Leverage keystone as the IAM service
• map keystone projects == kube namespaces
• use keystone authentication and RBAC
IAM
11. ABAC policy based plugin
Integrate keystone into kubectl cli flow for
tokens
Offer a native IAM service for cloud native
applications
IAM: future
15. Cluster Setup and Management
• openstack apis, custom scripts, cloud-init, salt
stack
• disk-image-builder based pipeline for building
compute images for minions
• swift for storing non-dockerized build artifacts
16. Cluster Setup and Mgmt: future
• multi cloud-provider cluster setup and
management using declarative state
• federated cluster management for hybrid
clouds patterns (cluster federation)
17. Container Registry
Container registry needs access control
• Keystone for ACLs
Container registry needs dependable storage
• Swift as backing storage
Container cluster platform, Abstracts infrastructure, scheduled , application failure and node failures are handled
Containers
Flexible
Consistency
Division of labor between dev and ops
predictable performance