The OpenStack cloud provider for Kubernetes has several requirements in OpenStack, which are outlined in the OpenStack cloud provider Overview section.
In addition to component requirements, there are operational requirements:
In addition to operational requirements, the OpenStack cloud provider
introduces a significant security concern. As a result, a non-privileged user
should be created in the project/tenant where the instances reside specifically
for this purpose. The reason behind this is that every single Kubernetes node
(both Master node and Node) must contain the entire credentials in
cleartext in the /etc/kubernetes/cloud-config.conf
file. These credentials
are put into pillar as well, so this is also a security vector to be aware of.