Orgs Struggling With Kubernetes Management Challenges

A report based on analysis of more than 150,000 workloads running in Kubernetes clusters deployed by hundreds of different organizations finds organizations are not following best practices for managing cloud-native application environments.

The Kubernetes Benchmark Report 2023 from Fairwinds, a provider of managed Kubernetes services, finds, for example, that 30% of organizations have at least 50% of their workloads set with memory limits too high. A full 83% of organizations are not setting liveness or readiness probes for more than 10% of Kubernetes workloads.

More troubling still, cybersecurity is often lax. A total of 44% of organizations are running 71% or more of their workloads on platforms allowing root access, with only 10% of organizations able to lock down their workloads. A quarter of organizations (25%) are seeing greater than 90% of workloads impacted by image vulnerabilities.

Joe Pelletier, vice president of product for Fairwinds, said some of these issues are to be expected as more organizations deploy Kubernetes clusters in production environments. Not everyone on a IT team will have the same level of management expertise given how relatively new Kubernetes clusters are in enterprise IT environments. He noted that many organizations, for example, are running outdated containers or Helm charts.

As organizations start to implement Kubernetes at scale, it’s apparent there will be a greater need for guardrails to ensure best practices are followed, said Pelletier.

In fact, the report finds organizations that implemented Kubernetes guardrails were able to correct 36% more issues where CPU and memory configurations were missing than those that did not have guardrails in place. IT teams leveraging guardrails were also able to repair 15% more image vulnerabilities than those not using them.

It’s not clear who is assuming responsibility for managing Kubernetes clusters in most organizations. In some instances, developers that lack IT operations experience are managing clusters inefficiently. Many of those developers routinely overprovision Kubernetes clusters despite the platform’s inherent ability to dynamically scale resources up and down as required, notes Pelletier.

At the other end of the spectrum, IT operations teams that lack the skills, tools and expertise required to programmatically automate Kubernetes cluster management are getting more involved. Many of those IT professionals might not entirely understand the need to, for example, right-size containers, says Pelletier.

Of course, one of the primary reasons IT teams are embracing cloud-native applications is that, theoretically, they are less costly to run than legacy monolithic applications. Monoliths consume a dedicated amount of infrastructure allocated to a specific virtual machine. In reality, however, many IT teams are applying the same practices they use to build and deploy monolithic applications to cloud-native application environments. The reason this occurs is that many organizations are now rushing to deploy cloud-native applications without first making sure the proper guardrails are in place, notes Pelletier.

Experience, naturally, is always the best teacher. But when it comes to Kubernetes clusters, there’s plenty of available knowledge about how to optimally run these environments. The challenge is ensuring IT teams understand how best to take advantage of best practices sooner rather than later as Kubernetes clusters continue to scale up and out.

Mike Vizard

Mike Vizard is a veteran IT journalist with more than 25 years of experience covering the technology industry, having previously served as Editor-in-Chief of both CRN and InfoWorld and as editorial director for Ziff-Davis Enterprise, where he oversaw titles including eWEEK, CIO Insight and Baseline. Over his career he has also edited or contributed to a wide range of enterprise technology publications, including IT Business Edge, Channel Insider, ComputerWorld, TMCNet and Digital Review, and he later led editorial for CTOEdge.com. His reporting and analysis span software development, cloud computing, cybersecurity, IT channel strategy and, more recently, artificial intelligence and DevOps practices. A recognized voice in enterprise IT journalism, Vizard is known for tracking emerging technology trends as they move from early adoption into mainstream enterprise use. He now serves as Chief Content Officer for Techstrong Group, where he oversees editorial strategy across the full network — DevOps.com, Security Boulevard, Cloud Native Now, Digital CxO, Techstrong.ai, TechStrong.IT, Techstrong Semi and PlatformEngineering.com — in addition to writing and hosting content for Techstrong TV and the Techstrong Gang podcast.

    Mike Vizard has 1813 posts and counting. See all posts by Mike Vizard