Some say that containers are the future of cloud computing, so it only makes sense to embrace a leading container orchestration solution like Kubernetes. However, adopting Kubernetes is most certainly easier said than done. The technology itself is highly complex, and many acknowledge that using it can be quite challenging.
Kubernetes may be hailed as one of the best open-source projects of all time, but adopting it is a different story. Organizations would have to overcome some challenges first before they can get the benefits of portability, flexibility, and increased developer productivity.
According to a study conducted by independent research firm Vanson Bourne, Kubernetes adoption is faced with the challenges of security risks, poor scalability, and inadequate IT resources. The same study reveals that “while production projects using Kubernetes will rise 61 percent in the next two years, nearly all organizations (94 percent) run into challenges.” If businesses were to succeed in harnessing the advantages of Kubernetes, they need to jump over or find their way around these hurdles.
Kubernetes security risks
Security is the top concern of companies that are adopting Kubernetes. A survey by Red Hat among DevOps professionals reveals that a big majority (59 percent) believe that security is the biggest concern over the use of Kubernetes and containers. Meanwhile, 94 percent experienced at least one Kubernetes security incident in 2020 and 55 percent say that they delayed the release of their apps because of security issues.
To be clear, Kubernetes itself is not some inherently vulnerability-ridden technology. The security risks affecting it are similar to those that affect most other technologies that are relatively new to users. Organizations can use a good Kubernetes security solution and ensure that container orchestration does not become an added risk to their operation. However, many are unaware of what they should watch out for and how they can properly protect their Kubernetes implementation.
The following are some of the top security concerns in Kubernetes adoption:
- Misconfigurations and exposures – These include possible configuration issues involving container images, namespaces, runtime privileges, persistent storage, and control plane. It also includes the unnecessary exposure of secrets as they are baked into images. Runtime privileges and network policies that are not compatible with best practices are also potential sources of misconfigurations and risk exposures.
- Security vulnerabilities – These refer to exploits on containers including malware installation, crypto mining, host access, and privilege escalation. Vulnerabilities can exist in images, production-accessible container registry, fail builds, and third-party admission controllers in Kubernetes clusters.
- Threats during the runtime phase – The runtime phase is a major opportunity for attacks. In particular, when organizations shift their security priorities to reduce misconfigurations and other internal vulnerabilities, there’s a high likelihood that they become more prone to external attacks. This is mainly attributable to the lack of familiarity with containerization and container orchestration.
- Compliance audit failures – Lastly, there are security concerns when organizations think of cybersecurity only as an afterthought of the Kubernetes implementation. There are security compliance requirements that cover containers, particularly the CIS Benchmarks for Docker and Kubernetes, NIST SP 800-190, HIPAA, PCI-DSS, as well as SOC 2.
So how do organizations address these? For misconfigurations, it is important to avoid using package managers, network tools, and other non-essential software that raise security risks as they pull images from uncertain sources. Secrets should not be included in images. Namespaces should be used. Organizations also need to ensure high security visibility and configure control plane components.
When it comes to runtime threats, the solution is to monitor runtime activity, look at the build and deploy time data to detect suspicious activities, restrict unnecessary network communication, and employ process allow lists that can serve as benchmarks for normal or safe application behavior.
For security vulnerabilities and failed compliance audits, the key is to be mindful of existing compliance requirements without being too fixated on compliance. Compliance does not always equate to adequate security. It is crucial to follow established best practices and learn from the experience of implementing and securing Kubernetes.
“In order to reduce the security risks from containers and Kubernetes, companies first need visibility into their cloud-native environments. They need to understand how images are built and whether they contain any vulnerabilities, how the workloads and infrastructure are configured to operate, and where compliance gaps exist,” says Ajmal Kohgadai, Principal Product Marketing Manager for Red Hat Advanced Cluster Security for Kubernetes.
It is ironic that one of the touted benefits of Kubernetes is its ability to improve scalability and availability in an organization, but many have the perception that it is difficult to scale it up effectively. This problem is primarily because of the complexity of Kubernetes microservices and the massive amounts of data generated during deployment. Many find it very challenging to keep track of all services and the data, which is important in diagnosing issues and addressing problems.
Additionally, organizations have a hard time with the complex installation and configuration needed in Kubernetes implementation. This problem aggravates when there are multiple clouds, policies, clusters, and designated users involved. The user experiences may also vary depending on the environment.
Moreover, the Kubernetes infrastructure used by an organization may be in conflict or incompatible with the other tools used by an organization. This can lead to issues in integration and, most notably, the expansion of an organization.
To address the problem of scalability, organizations can use a dependable Kubernetes solution that includes an auto scaling feature. It is also advisable to implement joint infrastructure management across clusters and clouds, design an intuitive interface for easy configuration and deployment, build pods and clusters that are easy to scale, and come up with an organized and secure way of managing workload.
IT resource inadequacies
Many organizations want to adopt Kubernetes, but they find it hard to do it because of the lack of the right IT resources. Their existing technologies may not be compatible with Kubernetes implementation. The software tools they use may not support integration with Kubernetes or even with other container orchestration solutions. Forcing it would mean investing heavily on a new system and technology.
Also, organizations report the lack of Kubernetes talent. Going back to the Vanson Bourne study mentioned earlier, it is notable that nearly all (96 percent) organizations believe that they can find Kubernetes talent, but only 24 percent are confident that they can hire the right candidate for the job. As such, 98 percent of the surveyed organizations indicate that they are already investing or are planning to invest in Kubernetes training to address the talent scarcity.
It is also notable that a good number (38 percent) of developers say that their work (as Kubernetes specialists) is causing them to “feel extremely burnt out.” Alarmingly, the majority of developers (51 percent) express interest in switching to a different job because of the challenges they encounter with Kubernetes.
Commenting on the research, Kubernetes expert Tobi Knaup acknowledges that the “complexities of deploying Kubernetes has made it more challenging for many organizations to realize benefits such as increased agility and time-to-value.” “However, it’s no surprise that organizations still view Kubernetes as a critical part of their digital transformation strategy. With so much at stake, it’s never been more critical for organizations to ensure they have the expert resources and proven technologies required to navigate the often complicated journey to Day 2 operations success,” Knaup adds.
Overcoming the challenges
There’s no doubt that Kubernetes is complex and challenging to adopt. However, it is by no means impossible to overcome the challenges. Business leaders may initially have a hard time understanding what containerization and container orchestration are all about. Still, with enough knowledge and understanding of Kubernetes benefits and best practices, the security, scalability, and resource adequacy issues appear minimal compared to the bigger challenges.
Track Latest News Live on CEOWORLD magazine and get news updates from the United States and around the world. The views expressed are those of the author and are not necessarily those of the CEOWORLD magazine. Follow CEOWORLD magazine on Twitter and Facebook. For media queries, please contact: firstname.lastname@example.org