Looking back, we’ll probably view 2020 as the year that cloud migration and cloud-native infrastructure really took to the spotlight. Most companies that were already utilizing containerization to some degree have probably stepped up their efforts in the wake of the pandemic as their software and processes increasingly move online. New data suggests that the container market will more than double in size and be worth $4.1 billion by 2022, with Gartner predicting that by 2023, more than 70% of all organizations will depend on three or more containerized applications.
Put simply, containerization is booming in popularity, and if anything, the COVID-19 pandemic has only accelerated its ascent. It’s good news for businesses, developers and providers, whose lives are made infinitely easier by containerization, which many see as the natural successor to virtualization. Containerization creates a sealed virtual runtime environment that is specifically designed to host a particular application. This makes containers a valuable vehicle for running legacy applications securely, and also makes development and deployment easier for providers.
If containers are the vehicle, Kubernetes is the driving force. A survey last year found that containerization had replaced virtualization as the norm, with more than 84% of deployment projects adopting the technology. What’s striking is that 78% of those projects used Kubernetes for container orchestration. Kubernetes is the number one tool of choice for providers and developers by a considerable margin, but as its popularity continues to soar, it’s important not to cut corners and reinforce best practices while using it.
As companies around the world accelerate their use of containers and Kubernetes, moving their development and deployment onto cloud-based platforms, they need to pay special attention to any security vulnerabilities that may arise from simple mistakes or misconfigurations. Most developers know that containers and Kubernetes are just the next evolution of infrastructure and, just like previous infrastructures, best practices need to be applied and adhered to in order to get the most out of the technology. Here are just a few best practices to consider once you’ve adopted Kubernetes:
Use requests and limits to control deployment
Kubernetes is wonderfully scalable, but it’s also easy to lose track and end up in a situation where containers don’t have the resources they need to run. All it takes is for a development team to create a few more replicas or make a small config change and suddenly you’re out of CPU power or memory. Requests and limits can help companies stay firmly in control of their allocated Kubernetes resources.
Keep an eye outside the cluster
Most Kubernetes users will end up using services like the occasional API that exists outside of the cluster. This is fine if they connect to the same endpoint, but it’s not always plain sailing and problems can – and often do – emerge. Thankfully, Kubernetes has built-in service discovery mechanisms that can detect external services to help you manage and organize them, just like you do with internal services. Use it.
Use namespaces to better manage resources
Tasks that start off looking fairly simple can quickly become complicated as you continue to build services on Kubernetes. Think of Namespaces as a sort of ‘virtual cluster’ that can aid with organization and performance. Anyone thinking of adopting Kubernetes should give themselves a short course on how to set up and view namespaces and allocate various resources to them.
Carry out regular health checks
Even Kubernetes can become unwieldy when managing large, distributed systems. If something goes wrong, it can take a long time to get back on track. For that reason, Kubernetes allows you to create custom health checks that can be tailored to individual environments. It’s an ideal way to check whether certain app instances are working using readiness and liveness probes, and it’s an essential addition to any developer’s Kubernetes toolkit.
Only use container images from a trusted source
This is paramount. Ready-made container images can be incredibly useful and are now widely available in light of Kubernetes’ popularity. However, images in public repositories can become stale and outdated very quickly, becoming laden with exploits, bugs and even malware that can infect a Kubernetes cluster. As a best practice, only use container images from a trusted source, and always take some time to scan images before deploying them.
Kubernetes is an elegant solution to automated application container lifecycle management, but only when configured and used effectively. With so many businesses now under pressure to move their apps and services online, there’s a risk that corners will be cut, and details missed, and that could spell disaster. Kubernetes has many built-in features to prevent this, but they have to be learned and applied by human hands in order to secure cluster resources and workloads.
- Best Practices When Working with Kubernetes and Containers - November 28, 2020
Pingback: Addressing the Need for Egress Traffic Control in Kubernetes with Istio
Pingback: Connectivity and Cloud Take the Spotlight in 2022