- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
Kubernetes is gaining traction in the enterprise as organizations bring multiple teams to the platform. That’s why Justin McCarthy, CTO and co-founder of StrongDM, recently sat down with Techstrong Group CCO Mike Vizard and a panel of experts to discuss the enterprise-specific challenges of Kubernetes adoption, including methods for handling complexity and best practices for security teams as they learn to work with this technology.
The full panel included:
- Jared Curtis–Cloud Architect at Everbridge
- Steve George–COO of Weaveworks
- Bill Ledingham–CEO of Fairwinds
- Haseeb Budhani–Co-Founder and CEO at Rafay Systems
- Oded David–Head of DevOps at Coralogix
So, what is required for enterprise Kubernetes adoption? Here’s the recap:
Kubernetes Expansion | Who’s in Charge?
The panel discussed the challenges for enterprises expanding their Kubernetes adoption, including:
- How quickly are enterprise IT organizations adopting Kubernetes?
- Is a lack of Kubernetes expertise among developers a challenge for enterprise organizations?
- Are we seeing a rise of full-stack developers vs. a split between platform and application teams?
- Do organizations prefer to engage managed service providers?
- Is there a need for greater abstraction when it comes to Kubernetes management?
Haseeb Budhani said, “Something has changed in the last year to 18 months, and people are indeed bringing multiple teams onto Kubernetes.
Bill Ledingham added, “Over the last year, we have seen [enterprises moving from] pilot projects to more widespread adoption .… That is now presenting a second wave of challenges that companies are starting to grapple with.”
The way Oded David sees it, larger organizations are adopting Kubernetes because the platform has expanded its toolkit to meet their needs. “The toolkit is now relevant to operation, stability, availability, scaling, and so on.”
Kubernetes Complexity | Is Abstraction the Answer?
The group also discussed Kubernetes complexity, considering:
- Does Kubernetes have too many bells and whistles?
- Will abstraction reduce that complexity?
- What about automation?
- Is GitOps changing the way people think about their application delivery strategy?
- Will machine learning have a role to play in enterprise k8s management?
The panel acknowledged that Kubernetes is complex. But is that necessarily a problem? Justin McCarthy pointed out the benefit of expertise, “There's always going to be a member of your team interested in the details of Kubernetes. … And being able to create abstractions in a way that's tailored to your enterprise [is certainly preferable to] throwing your hands up because Kubernetes has a lot of features. It's true of everything.”
Haseeb Budhani added, “I see Kubernetes as having four layers. There's the storage and the networking. Then there's the actual Kubernetes layer. Then there's the add ons, and then there's the application.” But in talking to customers, he said, “What they're more focused on is how do I manage my add ons? ... The good news is, companies are popping up to solve these problems from an enterprise perspective. ”
And according to Jared Curtis, we’re likely to automate a great deal. “There are people who need to dip down really low and solve the hard problems. But for the day-to-day stuff, I think a lot of its going to be [handled by automation].”
Kubernetes Security | What Are the Best Practices?
Finally, the conversation turned toward the role of security, including:
- Security teams often trail behind new technologies. Is that happening with Kubernetes?
- How would you explain the cloud-native architecture stack to someone in security?
- How can teams accelerate Kubernetes adoption in a secure way?
- What role does standardization play?
- Do we need better guardrails to keep things under control?
Justin McCarthy said, “I think Governance and Security both have an interest in very understandable explainable facts about any deployed environment… There is this interesting tension when we turn up the dial on ephemerality, elasticity, and scalability. That competes with that explainability [that security teams desire]... You're going to have to think about how you explain this whole story at audit time.”
So, how can developers explain Kubernetes to a security team? Jared Curtis boiled it down. “Let's pretend Kubernetes is a set of APIs, right? It's no different than the APIs for your cloud vendor… You have all your VMs. You have all your nodes. They're running containers. They’re running orchestration. And we are presenting a very robust set of APIs that you can interact with. How do we secure this? Well, we have role-based access control that's native to the platform. We have network policies designated for the platform. These are your firewall rules. This is your access control list. We have all these things already built in.
In terms of guardrails, Steve Geoge said, “I've seen some quite large enterprises grind to a halt [attempting to build the perfect platform].” For this reason, he recommended “a relatively small application-centric learning phase to build off what is right at the start … and then in later phases [adding] templating and automation.”
Do you agree that Kubernetes in the enterprise is here to stay? Want to hear more from the panelists? Check out the replay. And if you need help managing access to Kubernetes and other infrastructure, book a free demo of StrongDM
About the Author
Maile McCarthy, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.