menu
Kubernetes challenges and opportunities
Software Development

Kubernetes: challenges and opportunities for DevOps

date: 27 May 2021
reading time: 10 min

Learn about Kubernetes and the key challenges and opportunities that it creates for DevOps.


What is Kubernetes?

To start with, let’s speak about Kubernetes itself. As explained on their website:

Kubernetes is a portable, extensible, open-source platform for managing containerised workload and services, which facilitates both declarative configuration and automation. Kubernetes has a large ecosystem, is very popular and widely available. Its name means helmsman or pilot in Greek, and its abbreviation is K8s – eight being the number of letters you will find between K and s.

In the past, software development teams used to run applications on physical servers. Later on, multiple Virtual Machines (VMs) were introduced, and today they are being replaced by containers which are lightweight, have their own filesystem and are portable across clouds and OS distribution. They have great advantages but need proper management to ensure there is no downtime.

And Kubernetes is a way of managing them – it provides a framework for doing so, it takes care of scaling and failover for your application and provides deployment patterns. Kubernetes builds upon Google’s extensive experience in managing containerised applications at scale.

The Kubernetes project is governed by a collaborative framework, managed by the Kubernetes Steering Committee, which guides its community and contributions.

Traditional vs Virtualised vs Container Deployment
Traditional vs Virtualised vs Container Deployment

In the case of large-scaled containerised applications, the benefits offered by Kubernetes are unmatched. The Cloud Native Computing Foundation (CNCF) plays a crucial role in managing Kubernetes and is deeply involved in the evolution of containerisation technologies.

Kubernetes gives you the following options:

  • service discovery and load balancing,
  • storage orchestration,
  • automated rollouts and rollbacks,
  • self-healing,
  • secret and configuration management.


Why do you need Kubernetes?

K8s supports the automation of deployments, scaling applications, container management, and monitors workloads and changes. Application owners and development teams using the platform can focus more on the development of their product than on DevOps activities (infrastructure management and matching the product to its requirements).

Besides, Kubernetes can easily manage a cluster (group of servers working together) thanks to its orchestrator capabilities. When K8s accepts deployment, it divides it into workloads and distributes it across servers in a cluster.

Workloads in K8s are created as containers and wrapped into standard cluster resources called Pods. Complex applications are frequently operating over complex distributed infrastructure,

Kubernetes provides more insight into what is happening within an application, making it easier to identify and fix security problems.

Want to know more about DevOps and see how it can help solve your problems? Check out our other articles:


What are the key components of a Kubernetes cluster?

A Kubernetes cluster consists of several key components that work together to manage containerised applications.

The control plane, also known as the master components, includes the kube-api-server, which serves as the front-end for the Kubernetes API and handles all administrative tasks. The etcd component is a distributed key-value store that maintains the cluster’s state and configuration.

Kubernetes - cluster architecture
Kubernetes – cluster architecture

The kube-scheduler is responsible for assigning pods to nodes based on resource requirements and constraints. The kube-controller-manager runs various controller processes to regulate the cluster’s state, while the optional cloud-controller-manager interacts with cloud provider APIs for cloud-specific resources.

On the worker nodes, the kubelet acts as an agent ensuring containers are running in pods and communicating with the control plane. The kube-proxy maintains network rules and performs connection forwarding, implementing part of the Kubernetes Service concept.

The Container Network Interface (CNI) addresses networking challenges within Kubernetes environments by enabling seamless integration and facilitating smooth communication between containers, particularly as deployments scale and complexity increases.

Each node also requires a container runtime, such as Docker or containerd, to actually run the containers. The Container Storage Interface (CSI) is significant in standardising integration with external storage systems, a pivotal move introduced in Kubernetes version 1.9 that led to the feature’s General Availability (GA) status within just a year.

Additional components include the cluster DNS server, typically implemented using CoreDNS, which enables service discovery. An optional web-based dashboard provides a user interface for cluster management and troubleshooting. Ingress controllers may also be deployed to manage external access to services within the cluster.

These components work in concert to provide the core functionality of Kubernetes, enabling efficient container orchestration, scaling, and management. Understanding the role of each component is crucial for effectively operating and maintaining a Kubernetes cluster.


7 principles for using Kubernetes in DevSecOps

Persistent storage is very important for ensuring data retention in containerised environments, especially when managing stateful applications that require data continuity despite the ephemeral nature of containers.

Additionally, implementing a robust storage system is essential for providing fast and reliable storage solutions within Kubernetes, addressing the demands of modern applications.

To achieve the best possible results with Kubernetes you need to follow the 7 principles listed by the Department of Defense Enterprise DevSecOps Reference Design.

Principles for using Kubernetes in DevSecOps
Principles for using Kubernetes in DevSecOps


Remove bottlenecks and manual actions

Kubernetes allows developers, testers, and administrators to work hand in hand, making it easy for them to solve defects quickly and accurately. With Kubernetes, you can get rid of long delays associated with replicating development and test environments.

Besides, thanks to standardised instances, Kubernetes helps testers and developers quickly exchange precise information.


Automate as much as possible

Thanks to Kubernetes, you can automate many time-consuming tasks regarding development and deployment. Eliminating manual activities means less work and fewer errors which translates into a shorter time to market.

DevOps assessment and its benefits
DevOps assessment and its benefits


Adopt common tools from planning and requirements through deployment and operations

Kubernetes provides many capabilities that allow one container to support many environment configuration contexts. In this case, there is no need for specialised containers for different environment configurations.

Besides, the configmaps object supports configuration data used at runtime. What is of much importance, it simplifies the management of the whole deployment process thanks to the declarative syntax used to describe each of needed deployments.

1 Adia Case Study


Leverage agile software principles with frequent updates

Thanks to the structure, microservices benefit the most from Kubernetes. It is said that software designed with twelve-factor app methodology and communicating through APIs work best for scalable deployments on clusters.

Thus, Kubernetes is the best choice for orchestrating cloud-native applications as modular distributed services favor scaling and fast recovery from failures.


Apply the cross-functional skill sets of development, cybersecurity and operations throughout the software lifecycle

Kubernetes is constructed with health reporting metrics to enable the platform to manage life cycle events if an instance becomes unhealthy. Thanks to robust telemetry data alerting operators they can take the decisions instantly.

It is also worth noting that Kubernetes supports liveness and readiness probes providing a clear view of the state of containerised workloads.


Security risks of the underlying infrastructure must be measured and quantified

Kubernetes offers many different layers and components that ensure the highest security standards, including a scheduler that manages how workloads are distributed, controllers that manage the state of Kubernetes itself, agents that run on each node within a cluster and a key-value store where cluster configuration data is stored.

Of course, to remain immune to all types of vulnerabilities one has to implement a cohesive defence strategy consisting of the following points.

First of all, you need to use security code scanning tools to check if the vulnerabilities exist within the container code itself. There is also a need for isolation of Kubernetes nodes (servers) in a separate network, to isolate them from public networks. Not to mention restricting access to the cluster resources by role-based access control (RBAC) policies as well as using resource quotas that allow you to mitigate any disruptions.

DevSecOps
DevSecOps

One has to remember to restrict pod-to-pod traffic using Kubernetes core data types for specifying network access controls between pods and implement network border controls to enforce some ingress and egress controls at the network border. Besides, application-layer access control can be hardened with strong application-layer authentication, such as mutual transport-level security protocols.

In addition to the aforementioned, segment your Kubernetes clusters by integrity level which translates into hosting the dev and test environments in a different cluster than the production environment. We also advise utilising security monitoring and auditing to capture application logs, host-level logs, Kubernetes API audit logs and cloud provider logs.

Yet, for security audit purposes, consider streaming your logs to an external location with append-only access from within your cluster. Some may consider it obvious, but remember to keep your Kubernetes versions up to date and use process whitelisting which will allow you to spot unexpected running processes.


Deploy immutable infrastructure, such as containers

Kubernetes promotes scenarios in which deployed components are completely replaced rather than being updated. In this case, utilising standardisation and emulation of common infrastructure components allow achieving predictable results.


Challenges around Kubernetes services

Kubernetes may seem like an easy and understandable system, but it’s not perfect. It is not a complete solution, but rather a complex operating system for a cluster, which requires many different components and tools and needs appropriate care and feeding.

Various Kubernetes tools extend the Kubernetes API, focusing on custom resources, custom controllers, and the operator pattern. These tools enable users to manage applications and services more effectively by automating tasks and providing a declarative API.

Common challenges around Kubernetes services
Common challenges around Kubernetes services

Among the most common plugins, you will need to install to support your Kubernetes are those dealing with:

  • network layer
  • authentication
  • authorisation
  • integration with cloud
  • K8s management tool (or service).

In production, Kubernetes is not the easiest of solutions either. Challenges around using it include stability, security, and the management of online application which is being created. In the past, issues around using Kubernetes included repeated outages caused by KIAM (K8s to AWS IAM) authorisation bridge.

The remedy was to restart the agent. In the newer agent version there was a feature allowing K8s restart it in case of failure. It’s a great solution, but to make use of it, someone needs to read and understand the KIAM changelog. And that’s not something your team may be ready to do, with so many other things they need to care of on daily basis!

Other important aspects when it comes to Kubernetes are its updates – as all operating systems, Kubernetes gets updated on a quarterly release schedule and you need to be on top of that, as well as of its security, which is crucial for the security of your project.


Kubernetes – all you need to know

The complexity of Kubernetes and the challenges that arise around using it require solutions that make the whole process easier. When K8s become a part of your business, it needs to be constantly monitored and maintained, and you cannot possibly rely on one person doing it.

Observability in DevOps
Observability in DevOps

What you really need is 24/7 access to help – in case the employee who is responsible for Kubernetes gets ill, someone else needs to be able to carry on as efficiently as the predecessor.

If your company is large enough and have an extensive IT department, it may be a good idea to set up an internal team, responsible for this part of DevOps. Beware of bad practices though: watch out not to have a layered platform team instead, which limit their actions to preserving existing technology only.

If your company is a smaller business, a great solution may be hiring an external partner who could take you on your Kubernetes journey, based on their vast experience in dealing with it on behalf of other companies.

So, if you are considering using Kubernetes or would like to speak to someone about an efficient platform team for your K8s, do give us a call. Our experts will be happy to share their knowledge with you!

Read more on our blog

Discover similar posts

Contact

© Future Processing. All rights reserved.

Cookie settings