A report based on analysis of more than 150,000 workloads running in Kubernetes clusters deployed by hundreds of different organizations finds organizations are not following best practices for managing cloud-native application environments.
The Kubernetes Benchmark Report 2023 from Fairwinds, a provider of managed Kubernetes services, finds, for example, that 30% of organizations have at least 50% of their workloads set with memory limits too high. A full 83% of organizations are not setting liveness or readiness probes for more than 10% of Kubernetes workloads.
More troubling still, cybersecurity is often lax. A total of 44% of organizations are running 71% or more of their workloads on platforms allowing root access, with only 10% of organizations able to lock down their workloads. A quarter of organizations (25%) are seeing greater than 90% of workloads impacted by image vulnerabilities.
Joe Pelletier, vice president of product for Fairwinds, said some of these issues are to be expected as more organizations deploy Kubernetes clusters in production environments. Not everyone on a IT team will have the same level of management expertise given how relatively new Kubernetes clusters are in enterprise IT environments. He noted that many organizations, for example, are running outdated containers or Helm charts.
As organizations start to implement Kubernetes at scale, it’s apparent there will be a greater need for guardrails to ensure best practices are followed, said Pelletier.
In fact, the report finds organizations that implemented Kubernetes guardrails were able to correct 36% more issues where CPU and memory configurations were missing than those that did not have guardrails in place. IT teams leveraging guardrails were also able to repair 15% more image vulnerabilities than those not using them.
It’s not clear who is assuming responsibility for managing Kubernetes clusters in most organizations. In some instances, developers that lack IT operations experience are managing clusters inefficiently. Many of those developers routinely overprovision Kubernetes clusters despite the platform’s inherent ability to dynamically scale resources up and down as required, notes Pelletier.
At the other end of the spectrum, IT operations teams that lack the skills, tools and expertise required to programmatically automate Kubernetes cluster management are getting more involved. Many of those IT professionals might not entirely understand the need to, for example, right-size containers, says Pelletier.
Of course, one of the primary reasons IT teams are embracing cloud-native applications is that, theoretically, they are less costly to run than legacy monolithic applications. Monoliths consume a dedicated amount of infrastructure allocated to a specific virtual machine. In reality, however, many IT teams are applying the same practices they use to build and deploy monolithic applications to cloud-native application environments. The reason this occurs is that many organizations are now rushing to deploy cloud-native applications without first making sure the proper guardrails are in place, notes Pelletier.
Experience, naturally, is always the best teacher. But when it comes to Kubernetes clusters, there’s plenty of available knowledge about how to optimally run these environments. The challenge is ensuring IT teams understand how best to take advantage of best practices sooner rather than later as Kubernetes clusters continue to scale up and out.