Why You Should Run Kubernetes Clusters on OpenStack

The first step for deciding to run Kubernetes is to first understand if your environment is ready to run it. After that, it’s all about figuring out where you want to run Kubernetes. From a reliability, security, and cost perspective, running Kubernetes on OpenStack is never a bad idea. In fact, there’s a ton of data to show that it’s a great idea. In this blog post, you’re going to learn about the key reasons why you’d want to run Kubernetes clusters on OpenStack.

Cost For Public Cloud

First, let’s talk about public cloud costs. As every engineer knows, running a public cloud isn’t cheap. To run an average Kubernetes cluster, the recommended node count is two control planes and two to three worker nodes. If you take the average cost of, for example, a public cloud instance that’s a medium size, which has an average amount of CPU/memory, the instance will cost roughly $39.00 USD per month.

Kicking it up a notch, let’s say you’re running 100 VMs with about 10 TB, it’ll be roughly $3,800 per month.

As you can see, it’s a fair amount of dollars spent per month. Let’s see the difference in private cloud.

Cost For Private Cloud

Taking the same scenario, which is three-four virtual machines running a Kubernetes cluster, you can think about the cost difference to help you make a solid decision on what’s more cost-effective for your organization to run Kubernetes. For an instance running in a private cloud, with the same specs shown above for the public cloud, it’s $28.56 USD cheaper per month.

From a yearly and monthly perspective, the cost savings can equate to an individual’s salary, with the medium VM sizes saving $80,832.00 USD per year.

As you can see, there’s a significant amount of cost savings that can be used to, for example, train the current staff or help better the engineering teams with a bigger budget. For most cost information, check out this blog post that breaks down almost every piece of public cloud costs vs private cloud costs.

Security

As with all security, even outside of Kubernetes, the whole idea is to mitigate as much risk as possible. There’s never going to be a solution that mitigates 100% of security risks in an organization. There are far too many obstacles for a solution to mitigate every risk. There are, however, several ways that you can mitigate as many risks as possible. One of those ways is to manage the infrastructure yourself.

Where your servers live and where your data lives are incredibly crucial. A recent research study from a Kubernetes vendor showed that 93% of organizations are having security vulnerabilities in their Kubernetes clusters. This can be anything from misconfigurations to bad RBAC policies to data being breached and network security concerns.

Although you can always fix misconfigurations and bad RBAC policies, the underlying network security and infrastructure security are more or less out of your hands when it comes to running workloads that you don’t manage. If you deploy Kubernetes on OpenStack, you’re handling every piece of security including:

• Networking
• Control Plane (ETCD, Scheduler, Controllers, etc.)
• Worker nodes
• Storage

and everything else that comes with creating a Kubernetes cluster. With OpenStack, you can handle security at all points of entry and all egress.

You Create Your Own Reliability

The truth of every public cloud, for better or for worse, is that you’re putting the reliability into the hands of others. As with all technology and platforms, there are trade-offs. Even with hosting your own infrastructure, there are pros and cons. There’s never a true “right or wrong” answer in terms of which one is best overall, but there is a right or wrong answer for which option is best for you.

If you do decide to run Kubernetes on OpenStack, the biggest pro is that you control the reality of your reliability. If a service goes down, you can go in and fix it. If a piece of the environment goes down, like a server, you can go in and fix it. Of course, this is far more responsibility for the team managing the environment, but it gives organizations the flexibility to control what’s happening.

On August 31st, Azure had an azure with Azure Kubernetes Service (AKS) where the Ubuntu servers that were running the worker nodes got a patch and the patch pushed a bug to AKS where every single AKS cluster had issues, in all regions. Although this doesn’t happen too often, it still happens. In this scenario, it would be great to, for example, have an OpenStack cluster running Kubernetes. That way, you can have a hybrid scenario where you have the best of both worlds.

Wrapping Up

Running Kubernetes on OpenStack gives you a lot of flexibility, security mitigation options, and overall monthly cost savings that aren’t going into the staff that you’re hiring. It gives you the ability to implement both a cloud-native approach along with the ability to manage and create your own environment in a datacenter of your choosing.

About Our Guest Writer

Michael Levan is a consultant, researcher, and content creator with a career that has spanned countless business sectors, and includes working with companies such as Microsoft, IBM, and Pluralsight. An engineer at heart, he is passionate about enabling excellence in software development, SRE, DevOps, and actively mentors developers to help them realize their full potential. You can learn more about Michael on his website at: https://michaellevan.net/