Kubernetes Opportunities, Challenges Escalated in 2019 – SDxCentral

If 2018 was the year that Kubernetes broke into the mainstream , then 2019 was the year that reality set in. And that reality is that while Kubernetes is awesome, it’s also hard.

The Kubernetes ecosystem did its usual part in feeding the market by staying on track in rolling out quarterly updates to the platform. And that feeding has helped Kubernetes continue to steamrollthe cloud market. However, ongoing security and commercialization challenges showed that growth is not coming without challenges.

Kubernetes 2019: Ecosystem Explosion

Kubernetes continued to draw interest from just about any company associated with the cloud space. This was evident by the most recent KubeCon + CloudNativeConevent in San Diego that drew more than 12,000 attendees. That was a 50% increase from the previous event held in North America.

The Cloud Native Computing Foundation (CNCF), which houses the open source project, found in its firstProject Journey report that Kubernetes had 315 companies contributing to the project with “several thousand having committed over the life of the project.” That was a significant increase from the 15 that were contributing prior to CNCF adopting the project in early 2016.

Including individual contributors, Kubernetes counted about 24,000 total contributors since being adopted by CNCF, 148,000 code commits, 83,000 pull requests, and 1.1 million total contributions. “It is the second- or third-highest velocity open source project depending on how you count it — up there with Linux and React,” explained CNCF Executive Director Dan Kohn in an interview.

Security Surprises

Along with that growth has come an increased focus on platform security. This feeds into what remains one of the biggest concerns for enterprises that want to drive Kubernetes deeper into their operations.

Hindering that drive were the discovering over the past year of a number of high-profile security lapses that tested the overall confidence in the platform.

Perhaps the most troubling flaw found was one in the Kubernetes kubectl command-line tool, which is the tool that allows running commands against a Kubernetes cluster to deploy applications, inspect and manage cluster resources, and view logs. If breached, the exploit could allow an attacker to use an infected container to replace or create new files on a user’s workstation.

The biggest challenge with this particular bug was that the vulnerabilitywas discovered earlier in the year and that it continued to exist even after a patch had been sent out to remediate the issue. “The original fix for that issue was incomplete and a new exploit method was discovered,” wrote Joel Smith, who works with the Kubernetes ProductSecurity Committee, in a message post.

More recently, an API vulnerabilitywas discovered that if exploited would allow an attacker to launch a denial-of-service (DoS) hack amusingly dubbed “billion laughs” attack.

The CNCF has moved aggressively to head off security concerns. This year it released a security audit that found dozens of security vulnerabilities in the container orchestration platform. These included five high-severity issues and 17 medium-severity issues. Fixes for those issues have been deployed.

The overall size and operational complexity of Kubernetes was cited as being a key reason for these security holes.

“The assessment team found configuration and deployment of Kubernetes to be non-trivial, with certain components having confusing default settings, missing operational controls, and implicitly defined security controls,” the audit explained .

It also found that the extensive Kubernetes codebase lacks detailed documentation to guide administrators and developers in setting up a robust security posture.

“The codebase is large and complex, with large sections of code containing minimal documentation and numerous dependencies, including systems external to Kubernetes,” the audit noted. “There are many cases of logic re-implementation within the codebase, which could be centralized into supporting libraries to reduce complexity, facilitate easier patching, and reduce the burden of documentation across disparate areas of the codebase.”

Despite those concerns, the audit did find that Kubernetes does streamline “difficult tasks related to maintaining and operating cluster workloads such as deployments, replication, andstorage management.” The use of role-based access controls (RBAC) also allows users an avenue to increase security.

Go-to-Market

Shoring up the security component is an important task for the Kubernetes ecosystem, but not the only one that continues to hinder broader deployments. While seemingly everyone wants to adopt Kubernetes, it remains a complex challenge for many.

This particular problem has been good for some vendors that have been able to use that complexity to drive their business. Kubernetes in 2019 witnessed billions of dollars thrown at established brands and startups through mergers and acquisitions or venture capital funding.

Highlights of this growth include the $34 billion IBM forked over to buy Red Hat, whichclosed this year, and the several billion dollars VMware spent to bolster its Kubernetes assets .

While some have managed to strike gold with Kubernetes, others have floundered under its shadow.

Docker Inc., which developed the open source container platform that instigated the Kubernetes revolution, was recentlyforced to sell its Kubernetes-focused enterprise management business because it could not make a go of it in an increasingly crowded market.

Analysts noted that Docker Inc.’s push to make container adoption easier was also part of its downfall. “In a sense, Docker is almost a victim of its own success,” Jay Lyman, research analyst at 451 Research, recently told SDxCentral. “It democratizedcontainers and made them easier to use.”

Others felt the same pressure.

Mesosphere, which was one of the first vendors to release a container orchestration platform with its Marathon product that ran inside of DC/OS,changed its name to D2IQ. That move came under the auspice of changing its focus from helping companies set up theircloud-native infrastructure to “day two” (D2) challenges of running that infrastructure in a production environment (IQ).

Smaller startup Containership also succumbed, announcing that it wasclosing up shop after being unable to monetize its operations in light of Kubernetes’ rise. This included a failed attempt to pivot its Containership Cloud operations toward a more Kubernetes-focused platform.

Edging Toward the Edge

Kubernetes might have made it difficult for some to compete, but that does not mean there is not still more room for growth. One Kubernetes area that gained momentum in 2019 was around edge.

This opportunity is being driven by the growing need to extend the reach of networks toward the end user. This is necessary to support potentially lucrative low-latency use cases.

A recent report from Mobile Experts predicts theedge computing market will grow 10-fold by 2024. It notes that the edge computing trend expands from centralized hyperscale data centers to distributed edge cloud nodes, with capex spend on near edge data centers representing the largest segment of the market.

A number of vendors repackaged Kubernetes’ core in a way that allows the platform to operate in resource-constrained environments. That slimness is important because edge locations are more resource constrained compared with data center or network core locations.

Vendors like Rancher Labs, CDNetworks, and Edgeworx all rolled out platforms built on variations of Kubernetes that can live in these environments.

Other vendors have been plugging the full Kubernetes platform into their efforts.

Mirantis last year plugged Kubernetes into its Cloud Platform Edge product to allows operators to deploy a combination of containers, virtual machines (VMs), and bare metal points of presence (PoPs) that are connected by a unified management plane.

Similarly, IoTium last year updated its edge-cloud infrastructure that is built on remotely-managed Kubernetes. The platform places Kubernetes at an edge location where it can be inside a node. The company uses a full version of Kubernetes running on IoTium’sSD-WAN platform.

There is also the KubeEdge open source project that supports edge nodes, applications, devices, and cluster management consistent with the Kuberenetes interface. This can help an edge cloud act exactly like a cloud cluster.

And of course … 5G

And the full Kubernetes stack is also being angled toward 5G deployments.

The Linux Foundation’s LF Networking group conducted a live demo of a Kubernetes-powered end-to-end 5G cloud native network at the KubeCon + CloudNativeCon North America event that showed significant progress toward what future open source telecom deployments could look like.

Heather Kirksey, VP of community and ecosystem development at the Linux Foundation, said the demo was important due to the growing amount of work around networking issues and Kubernetes. The container orchestration platform is being tasked with managing the container-based infrastructure that will be needed to support the promise of 5G networks.

“We are embracing cloud native and new applications and we want to let the folks here know why we want to partner with the cloud native developer community,” Kirksey said. “It has been a bit of a challenge to get that community excited about telecom and to get excited about working with us to advance networking.”

That Kubernetes focus on 5G telecom was echoed at the event by Craig McLuckie, VP of product and development at VMware, during an interview with SDxCentral. McLuckie, who was formerly at Google where he worked on its Compute Engine and the platform that eventually became the Kubernetes project, said that 5G will “be a fantastic and interesting challenge for the Kubernetes community and the community’s codebase in how they might solve this.”

The past year did indeed show that while Kubernetes has gained a certain stature, it remains a strong center of development and opportunity. The big challenge now will be in how the ecosystem deals with that success and opportunities in 2020.