Our team at Fairwinds, including Bill Ledingham, Kendall Miller, Andy Suderman, Joe Pelletier and Robert Brennan, made predictions for what we can expect in 2021. Amongst the predictions, we believe that in 2021 digital transformation has to happen for companies to meet their customers where they are. Cloud native technologies and Kubernetes will continue to be essential tools for all organizations to embark on this infrastructure digital transformation.
One area of particular importance for 2021 will be around Kubernetes security and policy enforcement. Unfortunately, it is only a matter of time before we see a neglected Kubernetes cluster at a major enterprise resulting in a high profile security breach. This calls for enterprises to implement Kubernetes policy enforcement tooling to build guardrails for clusters around security, efficiency and reliability. This is of particular importance for multi-cluster and multi-tenancy environments.
As we look to 2021, we not only want to predict how the Kubernetes ecosystem will change, but also offer some resolutions for engineers, engineering leaders and DevOps. Here are four resolutions:
Just last month, a new medium severity CVE was discovered (CVE-2020-8554) affecting multitenant Kubernetes clusters. Unfortunately CVEs are going to increase in the Kubernetes world. Resolution 1 is to put policy enforcement in place so that if a CVE is announced, you can quickly create a policy to identify if you are impacted, patch the vulnerability and then prevent it from entering your clusters again. Spend time in 2021 identifying and selecting policy enforcement tooling to help you protect against security vulnerabilities.
This resolution feels like a no brainer, but unfortunately, we see a lot of wasted money on resources because users fail to specify CPU or memory limits or have over-provisioned resources.
25% of Kubernetes users fail to specify CPU or memory limits and 15% have over-provisioned resources.
Source: Fairwinds Insights
Setting limits appropriately to avoid over-provisioning resources can save your business money. It can also help increase the reliability of your pods. Ask yourself - do all your clusters have limits set? Are they the right limits? Consider validating your cluster configurations to save your team money.
A negative consequence of Kubernetes is configuration drift leading to increased complexity and higher operational costs. As organizations move past the PoC stage of Kubernetes, they may neglect to establish internal standards for Kube configurations, or find themselves making frequent updates to these guidelines. This can cause “Kubernetes sprawl”, leaving many containers and Kubernetes resources unmanaged. Organizations can incur tech debt and complexity. This increases the cost of upgrades and patching, leaving organizations exposed to security vulnerabilities longer and impacting time-to-market. Resolution three is about not simply defining, but enforcing your configuration best practices and compliance rules for all your clusters.
Resolution 4: Know what’s happening in your clusters
Unfortunately with Kubernetes sprawl, you don’t always have visibility into what’s happening. Without visibility, Ops teams cannot pinpoint errors. Gaining visibility by investing in a centralized platform for running multiple open source tools that offer visibility into security, efficiency and reliability configurations.
Unlike some resolutions that we may personally set for ourselves, these resolutions are easily achievable and can help you run secure, reliable and cost-efficient Kubernetes applications.
