Getting Started with Kubernetes and VMware Integrated Openstack 4.0

VMware Integrated Openstack 4.0 is available with a great new feature for users wanting to explore container orchestration.  Kubernetes provides enterprise grade container orchestration, enabling coveted technology such as auto-scaling and auto-healing.

Pairing VIO with Kubernetes makes sense as it augments the out of the box feature set with that provided by the vSphere Hypervisor and NSX, providing a much higher level of centralized management and augmented networking capabilities over the core mainline Openstack product.

The Kubernetes + OpenStack bits are available in VMware’s download portal under the VIO 4.0 download page. A 60 day trial license is included out of the box to get you started:

VIO 4.0 and Kubernetes Download Page

After downloading, go thru the normal OVA installation and deployment.  There are some great blogs out there on deploying VMware Integrated Openstack such as this blog post by Sean Whitney.


Once you’ve deployed the Kubernetes appliance, log in with the root credentials you created during OVA deployment:

Kubernetes Login Page


First, we will need to deploy a new provider.  We will target the previously deployed VIO 4.0 as our new provider.  You are allowed to have multiple providers, so you could target multiple different instances of VIO or an Openstack provider hosted in the public cloud as well.

Deploying New Cloud Provider


Name your provider appropriately and set the provider type.

Set Provider Type


In the next step, we are going to need the SSL Certificate from our VIO instance.  In my lab, the cert I’m using is the default cert and is self signed.  By providing Kubernetes the cert out of band and double checking the thumbprint, we can validate that we have the correct certificate and our K8S cluster is trusting the correct provider.

Exporting SSL Cert 1

Make sure to add the .crt extension to the exported file.  I find it easiest to use the Firefox web browser to do this as the latest versions of Chrome have moved the certificate viewer and exporter into the developer tools.  Whichever is easiest for you is fine.

Exporting SSL Cert 2

Fill out the Openstack authentication information in the next step of the wizard.  Note the Keystone public URL for authentication in VIO 4.0 is the base URL of your openstack instance with on port 5000 with /v3 added to the end of the URL.  This information is available under the info popup as well.

OpenStack Authentication for K8S


Make sure to use the cloud image version of Ubuntu, it is correctly prepared with the necessary packages to make everything work out of the box. It is available in VMDK format (as well as many others) here.

You’ll need to upload the image to your Openstack instance in the project you are using for Kubernetes before proceeding.

Kubernetes Image Selection


Choose an appropriate external network to provide network access to your K8S cluster.

External Network Configuration

Choose the internal network you want your Kubernetes deployed containers to utilize.

Internal Network Configuration


Once this information is added, you are ready to deploy your cloud provider!  This should only take a few minutes.  Once completed, it will look similar to this.

Completed Cloud Provider


Once you have a provider added, you are ready to create your first Kubernetes Cluster.  First, select the infrastructure provider we just created above.

Select Provider


Next, choose the security group you want to use to secure network traffic for this cluster.  This will vary depending on the environment and applications running in the cluster.

Cluster SG


Choose the users and groups who will be able to access and utilize the cluster.

User and Group Access Selection

Cluster creation can take awhile.  You’ll see the cluster being created in the VIO with Kubernetes UI.

Cluster Creation

During cluster creation, you should see the infrastructure for the cluster being created in the vSphere client.

vSphere tasks executing

Next Steps Deploying Your First Kubernetes Pod:

Once the cluster deploys, you should be able to access and authenticate against the kubernetes API.  From this point on, the process is identical for developers and users as consuming any other Kubernetes cluster.  This is a well documented and often written about process.  For a great starter tutorial, check out this post by Raziel Tabib at CodeFresh.