Developers' concerns revolve around its complexity, security, and skills/knowledge.
Join the DZone community and get the full member experience.Join For Free
To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "Do you have any concerns regarding the current state of K8s use?" Here’s what we learned:
- Deploying applications in K8s is a relatively new practice. Several areas are still catching up to adhere to industry standards and best practices. For one, security controls are lagging behind. For example, in December of 2018, a major vulnerability in K8s was made public by its maintainers and patch releases were quickly released. This should not take us by surprise as K8s will be subject to the same security threats as other systems; it's just further confirmation that, as a rapidly evolving platform, careful attention to standards and best practices will be required for K8s to mature into a widely adopted and deployed enterprise platform. In addition, rapid innovations are occurring as K8s container orchestration systems quickly evolve. Commonly today, many specialized and best-of-breed open-source components are included when deploying a production container enterprise system. However, while an exciting proposition which we have come to expect in the world of open-source, it comes with its share of potential gaps and areas of concern. In short, it is a "batteries not included" or jigsaw puzzle approach where IT organizations are evaluating and piecing together open-source projects to build out their highly customized enterprise application solutions. Specifically, it can be an extremely difficult task to pick the right set of tech and tools to be included. Additional complexity is piled on when deciding on an upgrade strategy for the system and toolset.
- I am concerned that newcomers will adopt inadequate K8s security measures, allowing attackers to use increasingly sophisticated exploits to succeed. The ultimate result of this will be to make transformations to container-based architectures more challenging. However, I also believe that the robust incentives of leveraging K8s-orchestrated containerized environments will similarly drive organizations to pursue the security measures necessary to properly protect those environments.
- We love seeing the growth in K8s adoption and are excited to watch as various flavors continue to appear — from DIY to managed to turnkey. Our main concern, based on what we have seen so far, is an assumption that managed K8s offerings are somehow inherently secure, or that by clamping down access to CI/CD to just a few DevOps people, that risk has been avoided. While managed and turnkey solutions definitely speed day one, they don’t typically do anything to secure the workloads running within clusters.
- Kubernetes does provide a great opportunity to modernize the business, but it's important to also address new challenges like data security.
- It’s early and is evolving. K8s is where cloud and AWS were 10 years ago. Technology has to iterate and mature. At the same time, this is a real thing. Hundreds of organizations are deploying K8s in production at scale and it is growing exponentially. It’s challenging to find people that can drive this in the proper way.
- A lot of people are flying blind. Running random containers with third parties without monitoring. People assume its self-healing and ignore the details.
- The biggest concern I have is people diving into something without understanding it thoroughly, burning hands too early and pulling out the investment. Also, some of the features and tools still need maturity and simply hoping that a tool will solve all of your problems is just being optimistic. Developers need to spend more time investigating an approach and whether a specific tool can address all the use-cases, identify risks and build a risk mitigation plan, and most importantly, be ready to invest back to the open-source to fill in the gaps.
- More hype in the market than reality. Some of the ecosystems have marketing hype versus technical reality. Figure out what’s ready for production today versus six to nine months from now. Fairly happy with the sense of realism. Much better than the open stack days of a few years ago.
- It’s definitely the wild west, but it’s never too early to address. It’s not K8s it’s the surrounding pieces. When you go to the sandbox arena a lot of different technologies solving an individual problem, but they may not be the final winner and may not be supported and part of the environment forever. The people who define and drive the environment, the technical operating committee are made of smart practitioners. The town is well built but there’s a lot of people that drift in and out. People who put out something that serves a very niche product, need a product that can expand and do what I need to do. Istio works well with Envoy and Mixer and is incredibly necessary as we continue to scale K8s environments.
- Cultural challenges for enterprises changing the way they do things. If you are using a traditional method to test, you’re building a bunch a code and seeing high churn in the talent pool. Hard to scale and get success around testing initiatives. Testing is the weakest link in the CI/CD pipeline.
- I think there are significant improvements to be made in container networking still. This has been a challenge for a long time, even predating K8s, but with increased horizontal scale there is more reliance on network performance as the weak link in the performance picture. Some community members have been doing great work providing alternative container network drivers, but this is still very difficult for organizations to implement and the default drivers need significant performance improvements.
Here’s who shared their insights:
- Dipti Borkar, V.P. Product Management & Marketing, Alluxio
- Matthew Barlocker, Founder & CEO, Blue Matador
- Carmine Rimi, Product Manager Kubernetes, Kubeflow, Canonical
- Phil Dougherty, Sr. Product Manager, DigitalOcean
- Tobi Knaup, Co-founder and CTO, D2iQ
- Tamas Cser, Founder & CEO, Functionize
- Kaushik Mysur, Director of Product Management, Instaclustr
- Niraj Tolia, CEO, Kasten
- Marco Palladino, CTO & Co-founder, Kong
- Daniel Spoonhower, Co-founder and CTO, LightStep
- Matt Creager, Co-founder, Manifold
- Ingo Fuchs, Chief Technologist, Cloud & DevOps, NetApp
- Glen Kosaka, VP of Product Management, NeuVector
- Joe Leslie, Senior Product Manager, NuoDB
- Tyler Duzan, Product Manager, Percona
- Kamesh Pemmaraju, Head of Product Marketing, Platform9
- Anurag Goel, Founder & CEO, Render
- Dave McAlister, Community Manager & Evangelist, Scalyr
- Idit Levine, Founder & CEO, Solo.io
- Edmond Cullen, Practice Principal Architect, SPR
- Tim Hinrichs, Co-founder & CTO, Styra
- Loris Degioanni, Founder & CTO, Sysdig
Opinions expressed by DZone contributors are their own.