Fairwinds Report Surfaces Biggest Kubernetes Management Challenges
An analysis of more than 330,000 workloads running on Kubernetes clusters conducted by Fairwinds suggests that while organizations are getting more adept at managing these platforms, there are still many best practices not being followed that result in higher costs and potential reliability and security issues.
Joe Pelletier, vice president of product for Fairwinds, said overall, the report, compared to previous years, sees improvements in adopting best Kubernetes practices, but there is still plenty of room for improvement.
For example, the report finds more than a third of organizations have 50% or more container workloads that require rightsizing to improve efficiency. Nearly two-thirds of organizations (65%) are missing liveness and/or readiness probes that are used to determine if containers are running and, if not, can be automatically restarted.
In addition, 55% of organizations have more than 21% of workloads missing replicas, which are relied on to maintain stability and high availability of containers.
On the plus side, 67% of organizations have more than 11% of workloads impacted by missing CPU requests, down from 78% in 2023.
Cybersecurity issues are equally challenging. Nearly three-quarters (71%) of workloads are allowed to run with root access.
Just under a quarter of organizations (24%) are also relying on cached images for more than 90% of workloads. That can be problematic because an image will be pulled if it isn’t already cached on the node attempting to run it. Using a cached version can cause variations in images that are running per node or potentially introduce a security vulnerability because Kubernetes will attempt to use the cached version of an image without verifying where it came from.
Overall, the report finds that just over a quarter of organizations (28%) have some type of security issue, such as unscanned workloads, outdated Helm charts and potential privilege escalations that could impact 90% or more of their workloads. On the plus side, that’s down from 33% a year ago.
In general, most of these issues can be addressed by relying more on automation to ensure policies are enforced, said Pelletier. That approach enables IT teams to use a higher level of abstraction to simplify the management of Kubernetes clusters that otherwise require a lot of expertise to tune and secure successfully, he noted.
It’s not clear at what rate organizations are embracing automation to manage Kubernetes clusters, but the one thing that is certain is there are a lot more of them running in production environments. As more organizations build and deploy cloud-native applications, many of them are now running fleets of Kubernetes clusters at levels of unprecedented scale. The challenge, as always, is to find ways to streamline the management of those clusters in a way that doesn’t require finding and retaining an army of specialists.
In the longer term, it remains to be seen what impact artificial intelligence (AI) might one day have on making Kubernetes clusters simpler to manage. In the meantime, IT teams should assume that in the coming year, where there might be a handful of Kubernetes clusters today, there will soon be many more to manage.
