Skip to main content
  1. posts/

Containers in Your Hypervisor vs. VMs in Kubernetes: What’s the Difference?

·892 words·5 mins·
Christian Mohn
Kubernetes K8s Containers Virtualization Hypervisor KubeVirt
Author
Christian Mohn
IT veteran, podcaster, author, and blogger from Bergen, Norway.
Table of Contents
Hypervisor and Kubernetes - This article is part of a series.
Part 2: Storage in Hypervisor and Kubernetes Environments: What Are the Options?
Part 1: This Article

When talking about modern infrastructure, there are multiple ways to combine virtualization and Kubernetes. I’ll focus on three common approaches:

  1. Kubernetes running directly on the hypervisor alongside traditional VMs.
  2. Kubernetes running inside VMs on a hypervisor.
  3. VMs running inside Kubernetes (via KubeVirt).

The architectures described below are general concepts and not specific to any single hypervisor. They illustrate common patterns for combining virtualization and Kubernetes, but exact implementations may vary depending on your infrastructure vendor and setup.

Storage is covered in Part 2 — this overview focuses on compute and networking. Persistent storage integration is a separate design consideration.

1. Kubernetes Directly on the Hypervisor
#

In this model:

  • The hypervisor runs traditional VMs for legacy workloads.
  • A Kubernetes cluster runs directly on the hypervisor to manage containers as pods.
  • Pods can represent cloud-native applications without requiring an extra VM layer.

Diagram:

flowchart TB
  classDef node fill:#ADD8E6,stroke:#333,stroke-width:2px;
  classDef pod fill:#90EE90,stroke:#333,stroke-width:1px;

  A["Physical Server"] --> B["Hypervisor"]
  B --> C["VM: Full OS"]
  B --> K["K8s Node(s)"]
  K --> P1["Cloud Native App A"]
  K --> P2["Cloud Native App B"]

  class C,K node;
  class P1,P2 pod;

Figure 1: Hypervisor model. A traditional VM runs a full OS (light blue), and a Kubernetes cluster (light cyan node) runs directly on the hypervisor managing multiple cloud-native app pods (light green). Network isolation is possible depending on hypervisor and CNI configuration. This setup allows for common management of both traditional VMs and Kubernetes nodes.

Key points:

  • Kubernetes nodes run directly on the hypervisor, alongside other VMs.
  • Provides common management with other hypervisor workloads — everything can be managed through the same hypervisor tools.
  • Pods run directly on cluster nodes on the hypervisor.
  • Isolation depends on hypervisor networking and CNI configuration; snapshots/migration can be more complex.

2. Kubernetes Inside VMs
#

Some organizations prefer to run Kubernetes inside VMs on a hypervisor:

  • Hypervisor provides VMs with full OS isolation.
  • Kubernetes runs inside one or more of these VMs.
  • Pods run inside the Kubernetes cluster, which itself is inside VMs.

Diagram:

flowchart TB
  classDef node fill:#ADD8E6,stroke:#333,stroke-width:2px;
  classDef pod fill:#90EE90,stroke:#333,stroke-width:1px;

  A["Physical Server"] --> B["Hypervisor"]
  B --> VM1["VM 1: K8s Node"]
  B --> VM2["VM 2: K8s Node"]
  VM1 --> P1["Cloud Native App A"]
  VM2 --> P2["Cloud Native App B"]

  class VM1,VM2 node;
  class P1,P2 pod;

Figure 2: Kubernetes cluster running inside VMs. Each VM (light blue) contains a Kubernetes node which manages pods (light green). Network isolation is strong due to VM boundaries.

Key points:

  • Adds an extra layer of isolation using VMs.
  • Useful for multi-tenant environments or when compliance requires OS-level separation.
  • Slightly more complex infrastructure compared to running Kubernetes directly on the hypervisor.

3. VMs Inside Kubernetes (KubeVirt)
#

Kubernetes becomes the control plane and manages VMs as workloads using KubeVirt:

  • Kubernetes manages both pods (containers) and VMs.
  • VMs can host traditional workloads or cloud-native applications.
  • This unifies management under Kubernetes for hybrid workloads.

Diagram:

flowchart TB
  classDef node fill:#ADD8E6,stroke:#333,stroke-width:2px;
  classDef pod fill:#90EE90,stroke:#333,stroke-width:1px;

  X["Physical Server"] --> Y["Kubernetes Cluster"]
  Y --> P["Pod: Cloud Native App"]
  Y --> Q["Pod: VM (KubeVirt)"]
  Q --> Q1["Legacy App"]

  class Y,Q node;
  class P,Q1 pod;

Figure 3: VMs managed as pods inside a Kubernetes cluster. Pod container is light green, VM node light blue, Cloud Native App highlighted in gold.

Choosing the Right Model
#

OptionDescriptionProsCons
1. Kubernetes on HypervisorKubernetes cluster runs directly on the hypervisor, alongside traditional VMsUnified management with other hypervisor workloads, no extra VM layerMore complex to manage, isolation depends on network configuration, harder to migrate or snapshot Kubernetes nodes
2. Kubernetes inside VMsKubernetes cluster runs inside VMs on a hypervisorStrong OS-level isolation, multi-tenant friendlyExtra layer, slightly more complex
3. VMs inside Kubernetes (KubeVirt)Kubernetes manages both pods and VMsSingle control plane for all workloads, hybrid-readyLearning curve, adds Kubernetes dependency for VM workloads

Workload Considerations
#

  • Traditional VMs primary workload: Option 1 or 2 might be better.
  • Cloud-native container primary workload: Option 3 is likely more suitable.
  • Consider management, isolation, and operational complexity.

Networking Considerations
#

OptionNetworkingIsolationComplexity
1. Kubernetes on HypervisorPods → hypervisor network; CNI (learn more)Depends on configurationLow-to-moderate
2. Kubernetes inside VMsPods → VM network → hypervisorStrongModerate-to-high
3. VMs inside KubernetesPods & VMs → Kubernetes overlay (KubeVirt)ModerateHigh

Takeaway: Network setup should reflect isolation, security, and workload requirements.

Network Comparison
#

flowchart TB
  classDef node fill:#ADD8E6,stroke:#333,stroke-width:2px;
  classDef net fill:#90EE90,stroke:#333,stroke-width:1px;

  O1["Kubernetes in Hypervisor"]
  O2["Kubernetes in VMs"]
  O3["VMs in Kubernetes (KubeVirt)"]

  O1_N["Pods → Hypervisor network (CNI)"]
  O2_N["Pods → VM network → Hypervisor"]
  O3_N["Pods & VMs → Kubernetes overlay network"]

  O1 --> O1_N
  O2 --> O2_N
  O3 --> O3_N

  class O1,O2,O3 node;
  class O1_N,O2_N,O3_N net;

Figure 4: Simplified networking comparison. Light blue = nodes/VMs, light green = pod/VM networking layers.

Summary
#

There are multiple ways to deploy containers and VMs, each with different trade-offs:

  • Kubernetes in Hypervisor: Simplest management alongside traditional VMs; network isolation depends on CNI.
  • Kubernetes in VMs: Strong isolation via VM boundaries; slightly more complex setup.
  • VMs in Kubernetes (KubeVirt): Unified control plane for containers and VMs; advanced networking setup.

Before selecting a deployment model, carefully consider:

  • Primary workload type: Traditional VMs vs. cloud-native containers.
  • Isolation and security requirements: VM boundaries, network segmentation, CNI configuration.
  • Operational complexity: Management tools, snapshots, migrations, and networking setup.

No single approach fits every scenario — the right choice depends on workload, expertise, and infrastructure goals.

Hypervisor and Kubernetes - This article is part of a series.
Part 2: Storage in Hypervisor and Kubernetes Environments: What Are the Options?
Part 1: This Article

Related