{{announcement.body}}
{{announcement.title}}

Kubernetes Concerns

DZone 's Guide to

Kubernetes Concerns

Developers' concerns revolve around its complexity, security, and skills/knowledge.

· Cloud Zone ·
Free Resource

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "Do you have any concerns regarding the current state of K8s use?" Here’s what we learned:

Complexity

  • Still, early days, while it is very powerful, there is a steep learning curve in every technology. The ecosystem needs to be developed and the developers need to pick it up.
  • We’ve been using forever. The biggest problem is multi-cluster and multi-cloud. We need to solve the federated solution. Have many small clusters rather than one large multitenant service mesh will help this.
  • Complexity is the main one. Related is because there’s such a big community it has become synonymous with containers and simple use cases do not require K8s. People want to use K8s to do everything. It’s a hammer and people see a lot of nails. 
  • It comes down to complexity, rather than try to add significant layers of abstraction around hard problems to build on top they introduce minimal levels of abstraction and tools for the community to abstract the right answer will change as to how we build applications change. 
  • K8s can provide a ton of value to users once they are familiar with it, but it does still present a learning curve. Many developers use our product specifically to learn, and we love to support those users and help them grow, but K8s can be overkill in certain situations and can pull developers away from shipping code. This is where we believe that higher-level abstractions built on top of K8s will provide immense value. Users should be able to interact with K8s at the level of abstraction necessary to increase productivity, without getting bogged down in the deeper feature sets that may not be relevant to them.

Security

  • Deploying applications in K8s is a relatively new practice. Several areas are still catching up to adhere to industry standards and best practices. For one, security controls are lagging behind. For example, in December of 2018, a major vulnerability in K8s was made public by its maintainers and patch releases were quickly released. This should not take us by surprise as K8s will be subject to the same security threats as other systems; it's just further confirmation that, as a rapidly evolving platform, careful attention to standards and best practices will be required for K8s to mature into a widely adopted and deployed enterprise platform. In addition, rapid innovations are occurring as K8s container orchestration systems quickly evolve. Commonly today, many specialized and best-of-breed open-source components are included when deploying a production container enterprise system. However, while an exciting proposition which we have come to expect in the world of open-source, it comes with its share of potential gaps and areas of concern. In short, it is a "batteries not included" or jigsaw puzzle approach where IT organizations are evaluating and piecing together open-source projects to build out their highly customized enterprise application solutions. Specifically, it can be an extremely difficult task to pick the right set of tech and tools to be included. Additional complexity is piled on when deciding on an upgrade strategy for the system and toolset.
  • I am concerned that newcomers will adopt inadequate K8s security measures, allowing attackers to use increasingly sophisticated exploits to succeed. The ultimate result of this will be to make transformations to container-based architectures more challenging. However, I also believe that the robust incentives of leveraging K8s-orchestrated containerized environments will similarly drive organizations to pursue the security measures necessary to properly protect those environments. 
  • We love seeing the growth in K8s adoption and are excited to watch as various flavors continue to appear — from DIY to managed to turnkey. Our main concern, based on what we have seen so far, is an assumption that managed K8s offerings are somehow inherently secure, or that by clamping down access to CI/CD to just a few DevOps people, that risk has been avoided. While managed and turnkey solutions definitely speed day one, they don’t typically do anything to secure the workloads running within clusters. 
  • Kubernetes does provide a great opportunity to modernize the business, but it's important to also address new challenges like data security.

Skill

  • It’s still very early. People are still kicking tires, learning about it, trying to figure out what it is, trying small workloads. This will be the next big wave. According to Gartner, by 2023, 80% of the enterprises will be using some form of K8s. We will see a lot of adoption. People will try on their own and have trouble maintaining their own platform.
  • It’s early and is evolving. K8s is where cloud and AWS were 10 years ago. Technology has to iterate and mature. At the same time, this is a real thing. Hundreds of organizations are deploying K8s in production at scale and it is growing exponentially. It’s challenging to find people that can drive this in the proper way.
  • The community is amazing and the product is still maturing. People jump to the conclusion they need K8s when they don’t. There is a huge time sink getting acquainted with K8s and you need to manage cluster day today to keep running and scaling.
  • A lot of people are flying blind. Running random containers with third parties without monitoring. People assume its self-healing and ignore the details. 
  • The biggest concern I have is people diving into something without understanding it thoroughly, burning hands too early and pulling out the investment. Also, some of the features and tools still need maturity and simply hoping that a tool will solve all of your problems is just being optimistic. Developers need to spend more time investigating an approach and whether a specific tool can address all the use-cases, identify risks and build a risk mitigation plan, and most importantly, be ready to invest back to the open-source to fill in the gaps.

Other

  • I’m very encouraged K8s has since such strong adoption. Great improvement in functionality, established as a clear leader in many customer environments will drive further growth in the container space.
  • More hype in the market than reality. Some of the ecosystems have marketing hype versus technical reality. Figure out what’s ready for production today versus six to nine months from now. Fairly happy with the sense of realism. Much better than the open stack days of a few years ago.
  • It’s definitely the wild west, but it’s never too early to address. It’s not K8s it’s the surrounding pieces. When you go to the sandbox arena a lot of different technologies solving an individual problem, but they may not be the final winner and may not be supported and part of the environment forever. The people who define and drive the environment, the technical operating committee are made of smart practitioners. The town is well built but there’s a lot of people that drift in and out. People who put out something that serves a very niche product, need a product that can expand and do what I need to do. Istio works well with Envoy and Mixer and is incredibly necessary as we continue to scale K8s environments.
  • Cultural challenges for enterprises changing the way they do things. If you are using a traditional method to test, you’re building a bunch a code and seeing high churn in the talent pool. Hard to scale and get success around testing initiatives. Testing is the weakest link in the CI/CD pipeline.
  • I think there are significant improvements to be made in container networking still. This has been a challenge for a long time, even predating K8s, but with increased horizontal scale there is more reliance on network performance as the weak link in the performance picture. Some community members have been doing great work providing alternative container network drivers, but this is still very difficult for organizations to implement and the default drivers need significant performance improvements.


Here’s who shared their insights:

Topics:
kubernetes ,microservices ,containers ,cloud ,cloud security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}