Before Getting Started with Kubernetes, Make Sure You Know What You’re Doing
Kubernetes is a fantastic utility for managing containerized workloads at scale. Originally developed by Google, the open-source container orchestration system helps automate and streamline containerized applications' management, deployment, and scaling. Before Kubernetes, many of the tasks associated with deploying and managing application services were manual and time-consuming. When deployed and configured correctly, Kubernetes can make the lives of development and operations teams easier.
But there’s the rub. Configured correctly.
Kubernetes is incredibly easy to adopt. It’s free, an open-source run by a community of volunteers, and anyone can go to Kubernetes.io and install the latest version. It can run anywhere – on-premises, hybrid, or public cloud infrastructure. The hyperscale cloud providers have each offered turnkey managed Kubernetes services, including Amazon’s Elastic Kubernetes Service (EKS), Microsoft’s Azure Kubernetes Service (AKS), and Google’s Kubernetes Engine (GKE), to help make things easier to orchestrate containers in their clouds.
However, getting Kubernetes configured correctly is incredibly complex, especially for beginners who don’t have the training to use it properly.
Here are three key points that enterprises thinking about Kubernetes should consider:
- It’s not intuitive, like many cloud services are. The cloud is so easy to adopt because it’s relatively easy to use. Not Kubernetes. Once you install it, it’s like a mess of wires. Once you peel off that first set-up layer, it’s very technical. You can’t tinker with Kubernetes the same way you can tinker with cloud services.
- Misconfigured Kubernetes clusters are highly vulnerable. The fact that Kubernetes is open source means all the code is open to the public and available to malicious actors. If they see a deployment vulnerability, they can exploit that with ransomware. Additionally, if your team is running Kubernetes and doesn’t understand how network security works and hasn’t taken steps to harden Kubernetes systems – such as scanning containers for vulnerabilities – you’re taking a massive risk to cybercriminals can encrypt your data or even gain access to your infrastructure. Also, keep in mind that containers are composable – they can be spun up and down as needed – and fail more often than a virtual machine does. Taking a VM and containerizing it doesn’t accomplish anything – and could lead to errors or complexity if you haven’t configured Kubernetes properly.
- We’re still mastering containerization itself. Docker, a popular service that allows organizations to containerize microservices, was developed in 2013, just a year before the initial release of Kubernetes. It feels like the community hasn’t even mastered Docker and containerizing microservices yet. And many organizations are already jumping forward into container orchestration with Kubernetes. This feels like we skipped a step. Organizations that haven’t yet figured out how to properly containerize microservices while reducing container security risks should be careful adopting Kubernetes.
Remember that Kubernetes doesn’t provide any added protection against ransomware and other cybersecurity threats compared to VMs or other non-containerized workloads. If one containerized workload is compromised, it can impact other services as well. Kubernetes’ built-in security features aren’t configured to work perfectly with your workloads when deployed.
Kubernetes continues to improve, and vendors and other open-source projects build a robust ecosystem of tools around it. But given the complexity and risk involved with running Kubernetes effectively, many organizations should consider whether a crawl-walk-run approach with Kubernetes is best.
