Top K8s Workload Trends in the 2024 Kubernetes Benchmark Report
Gartner predicts that cloud computing will become an essential component of maintaining business competitiveness by 2028, as evidenced by the ever-increasing adoption of Kubernetes. K8s enables cloud transformation at scale by automating the deployment, management and scaling of containerized applications. As DevOps, platform engineering and development teams leverage Kubernetes more in production environments, these teams must examine the reliability, security and cost efficiency of their workloads.
Beginning in 2021, Fairwinds analyzed more than 100,000 Kubernetes workloads, publishing the results in the first Kubernetes benchmark report. The intention of the benchmark is to highlight common areas for improvement in terms of container management, both internally and in comparison to peers. The 2023 report used data from over 150,000 workloads, comparing it to the previous year to identify trends. The 2024 Kubernetes Benchmark Report builds on the previous two years and reviews data from more than 330,000 workloads. The latest report shows Kubernetes users across hundreds of organizations have made significant improvements in terms of workload efficiency and reliability, though some configuration areas remain challenging.
Positive Kubernetes Trends Emerging
Let’s start with the good news: Our analysis shows several areas of improvement in 2023 compared to 2022 and 2021. As everyone continues to repeat, Kubernetes is complex, and getting workload configuration right isn’t easy, particularly if you don’t have tools in place to help you identify problems and create tickets easily. Here are three areas where we’ve seen real progress in workload configuration:
57% of Organizations Have a Handle on Container Rightsizing
This is great news—nearly two-thirds of organizations have 10% or fewer workloads in need of rightsizing. Inevitably, as organizations move Kubernetes workloads to production, cloud costs rise. A key way to manage costs is by making sure that you have CPU and memory requests and limits set appropriately, whether the goal is to improve reliability or to maximize resource utilization and efficiency.
On the other side of this is the remaining 43% that have more than 11% of workloads that need container rightsizing. The Kubernetes Benchmark Report shows that over a third (37%) of organizations have 50% or more workloads that need to take a closer look at rightsizing. Once you’ve identified the containers that require attention, make sure your devs know what changes to make and how to apply them.
More Organizations Have Deployment Replicas
Last year was the first time Fairwinds analyzed whether workloads were configured with a replica—17% had less than 10% of workloads with missing replicas in 2022, rising to 30% in 2023. This shows that dev and ops teams recognize the value replicas provide in improving reliability and stability. If a node crashes, a deployment or ReplicaSet will not replace failed pods unless there is a replica in place. Hopefully, organizations reviewing the Benchmark will realize the value of deployment replicas and work to ensure that the percentage of organizations with them in place will continue to grow over the next year.
Fewer Workloads With Privilege Escalation Issues and Root Access
Kubernetes is famous, or infamous, for not being secure by default. That essentially means that you need to review many workload configurations to identify settings that could result in potential security issues. The latest benchmark shows that the number of organizations running more than 90% of workloads with privilege escalation issues is down to 14% from 29% in the 2023 benchmark, a significant improvement.
Similarly, just 8% of organizations have 90% or more of workloads impacted by containers that are configured to run as a root user in a Kubernetes cluster. That’s a drop from 12% last year, which is great, but ideally, very few workloads should have containers running as root. Most of the time, this high degree of access is unnecessary, and it can allow malicious attackers to take advantage of root privileges to compromise the system or access protected information.
Areas of Concern Remain
While it’s promising to see some of these trends moving in the right direction, it would be disingenuous to imply that there aren’t still challenges in terms of Kubernetes workload configuration, particularly when it comes to security. It’s not surprising. There are a lot of configurations to make, and if you aren’t automatically enforcing your security policies, it’s easy to miss these issues. A few areas where the benchmark report showed areas of concern include:
- An increase to 30% of organizations having 90% of workloads impacted by image vulnerabilities, up from 25% the previous year (and just 9% the year before)
- An increase in outdated container images; now 46% of workloads have 90% of workloads impacted by image vulnerabilities, up from 33% the previous year
- A total of 58% of organizations have 51% or more of their workloads missing network policy.
Find Improvement Areas With the Kubernetes Benchmark Report
Containers and Kubernetes absolutely offer significant business benefits, but it’s hard to understand, identify and set these configurations correctly. Kubernetes is inherently complex by design—built so you can customize it to your organization’s unique needs. That flexibility does not make it easy to configure, however. Read the latest report to learn how and where other organizations are having trouble or seeing improvements. Then take a look at your own workloads and assess how your configurations are impacting the reliability, security and cost efficiency of your workloads.