How to Seamlessly Combine OpenStack and Kubernetes: Two Proven Approaches

OpenStack and Kubernetes Integration Overview

OpenStack and Kubernetes integration mainly has two schemes: 1) Deploy K8s on top of the OpenStack platform; 2) Integrate K8s with OpenStack components.

1. Deploy K8s on OpenStack

This is the most commonly chosen approach. Its advantages are rapid K8s deployment, elastic scaling, and indirect multi‑tenant isolation through virtual machines, providing good isolation.

The drawback is that containers run inside VMs, which may incur some compute performance loss, and the multi‑layer overlay networking can also reduce performance.

The OpenStack Magnum project exemplifies this solution. Magnum offers container orchestration services for OpenStack, allowing users to quickly provision K8s, Mesos, or Swarm clusters. It first uses Heat to orchestrate resources (VMs, volumes, security groups, etc.), then employs a heat‑container‑agent and scripts inside the image to install and configure the chosen orchestration platform. Through Ironic, Magnum also supports deploying the orchestration components directly on bare metal.

2. Integrate K8s with OpenStack components

Through joint efforts of the OpenStack and Kubernetes communities, many components can be integrated. The main integrations are:

Keystone : K8s can integrate with OpenStack Keystone for authentication (see keystone authentication kubernetes‑cluster).

Glance : Generally unnecessary because Docker images are layered; registries or Harbor are preferred. If needed, Glance can store Docker images as backup, though Swift is recommended as the storage backend.

Neutron : Although Magnum‑deployed containers still use the original K8s network model (Flannel, Contrail, etc.), the kuryr‑kubernetes project provides direct integration with OpenStack Neutron. Pods share Neutron networking services, gaining features like security groups, firewalls, and QoS. Currently, Kuryr lacks multi‑tenant support, and network/subnet configurations are static.

Cinder : K8s already supports many volume plugins, including Cinder, allowing K8s to use Cinder‑provided block storage and share the same storage system with Nova.

Manila : K8s also supports integration with OpenStack Manila for shared file storage, included in the external‑storage project.

Overall, while integrating K8s with OpenStack offers flexibility and shared services, running containers inside VMs can still introduce performance overhead, especially in networking due to overlay nesting.