Sunday, 29th November 2020

Kubernetes doesn’t have to complicated if you have the right approach

Jon Shanks, CEO and co-Founder of cloud native platform for empowering developers and Ops teams Appvia, discusses how to overcome security risks and complications when using Kubernetes.

  • 04 Jul 2020 Posted in

Kubernetes is an incredibly powerful piece of technology. It can revolutionise DevOps - making development and scaling much faster, more stable and easier in pretty much every way. For businesses it represents a way to substantially save costs, reduce risks and enhance innovation. However, with great power comes, in some cases, great complications. Kubernetes is not the easiest system for everyone to use.

Its flexibility - which is arguably one of its greatest selling points - is, ironically, one of the reasons Kubernetes can be a difficult beast to tame. With the plethora of options available during deployment, it is easy to make a misstep which can, down the road, cause instability and security risks. It also requires users to have a high degree of skill. This proficiency is in short supply, which means many businesses have to rely on a handful of power users. Inevitably this can lead to bottlenecks. For example, when a developer requests a development environment it currently needs to be provisioned manually by an operations team. The operations team needs to create the environment, relevant permission controls and trigger automation pipelines. This in turn delays the start of development projects costing businesses time and money.

We recommend a two-pronged approach to tackle these issues. First, get your set up right. This means really getting to grips with the right documentation that supports Kubernetes. There is a lot of it, the trick is finding the sections that are most relevant. Do not rely on default settings. They are not necessarily the most secure available - it depends what software you are using to manage it. There are a number of very informative guides available online that can walk you through the various options. These guides can also provide invaluable insight into crucial components of Kubernetes such as network policies, ingress, certificate management, deployment, configmaps, secrets and service resources. Taking the time to share this knowledge throughout the organisation can help to provide the basic level of skill needed for a wider range of individuals to operate Kubernetes effectively. After the set up, ensure the right processes in place to identify and squash potential security threats. This means empowering your Cluster Administrator to act decisively to prevent issues such as insecure apps being deployed or members of your development team trying to escalate their privileges.

The second prong is using technology to reduce the burden of deploying and using Kubernetes. If you follow the steps outlined above, you’ll have the foundational knowledge and systems in place to determine the best tech to use. Currently, the ‘Kubernetes ecosystem’ of technology platforms designed to support day-to-day use of Kubernetes is in its infancy. However, this situation is changing rapidly. Just last week we launched a new platform called Kore, which we donated to the Open Source community, to enable the automation of development platforms and security standards for teams using Kubernetes. Kore also automates the security requirements for Kubernetes clusters based on an organisation's specific needs. This is a significant problem for a number of organisations as each cluster currently has to be configured manually. Not only is this a time consuming process, it is also high-risk as mistakes can lead to serious security or stability issues.

By doing the legwork of researching the available technologies and then comparing it to your organisation’s capabilities and gaps, you can quickly determine what system will be right for you. However, keep in mind that some platforms can tie you to a particular tech stack which can undermine the portability of Kubernetes. In short, it can tie you to one vendor and make extracting your organisation from them an expensive and complicated process.

Nevertheless, by using the right technology you can gain substantially by simplifying and commoditizing Kubernetes. This, in the long run, will save your organisation time and money, enable developers to do what they do best - innovate and it will reduce the burden on DevOps teams to manage development projects.

With Michael Noll, Principal Technologist, Office of the CTO at Confluent.
By Krzysztof Szabelski, Head of Technology at Future Processing.
App development isn’t as long and complex a process as many would imagine, and it can provide huge l...
The four questions (and answers) that lead to success. By Jeff Keyes, VP of Product at Plutora.
APIs play a central role in both enabling digital business and powering modern, microservices-based...
Getting a DevOps strategy correct requires having a progressive shared mindset that can learn from p...
To understand the impact of DevOps you need to think about how software was traditionally built and...
Today’s DevOps professionals have a lot to monitor and react to in order to keep IT systems running...