Kubernetes on Openstack@

Ashwin RaveendraneBay Cloud Engineering

What is Kubernetes

A lean, portable, extensible platform for managing cloud native applications

- container packaged- dynamically scheduled - declarative state

- microservices oriented

neutron keystone cinder nova swift

work streams

Networking

IAM

Storage

Cluster setup and Management

Container Registry

Networking

• Leverage cloud native networking solution

Pods needs cluster wide routable IPs

Each node requires a CIDR block

Performance and Manageability

• Neutron private networks within cluster

• Assign one neutron network/subnet per node

Networking: future

• Pure Layer 3 networking with BGP

• Policy based distributed firewall

• IPV6

Kube APIs requires identity and access management

• Leverage keystone as the IAM service

•map keystone projects == kube namespaces

• use keystone authentication and RBAC

IAM

ABAC policy based plugin

Integrate keystone into kubectl cli flow for tokens

Offer a native IAM service for cloud native applications

IAM: future

Storage

Stateful workload needs high performancepersistent storage

• leverage openstack cinder

• Storage plugin manages pod volume lifecycle automatically

Storage: future• Native distributed storage

• Swift based storage sidecars

Cluster Setup and Management

• openstack apis, custom scripts, cloud-init, salt stack

• disk-image-builder based pipeline for building compute images for minions

• swift for storing non-dockerized build artifacts

Cluster Setup and Mgmt: future

• multi cloud-provider cluster setup and management using declarative state

• federated cluster management for hybrid clouds patterns (cluster federation)

Container Registry

Container registry needs access control • Keystone for ACLs

Container registry needs dependable storage• Swift as backing storage

Container Registry: future

• Notary support

• Scale

thank you