Cloud Native ComputingContributory Expert VoicesDevelopersDevOps

3 Myths Around Kubernetes Resilience Debunked


In the last few years, Kubernetes has been adopted by a majority of companies as their default container orchestration tool. In spite of its popularity, Kubernetes is still widely misunderstood and misused.

Resilience is one of the most crucial parameters to consider when adopting cloud-native technologies. However, if you’re not careful, it can become a double-edged sword. To avoid this trap, here are 3 myths around Kubernetes resilience debunked.

I don’t need a DR, backup and restore for Cloud-Native workloads

As the world has shifted to remote work in response to the pandemic over the last two years, utilizing cloud workloads has become commonplace. Nearly every workforce is now comfortable with running applications and services on cloud resources. However, it’s imperative that organizations don’t lose sight of the fact that even if something is available on-demand in the cloud — it still needs to be backed up.

Cloud-native workload in Kubernetes is only as safe as the cloud or computing base a company’s cluster is located on. And given that companies are spread across public, private and hybrid cloud infrastructures, securing these workloads is often a customized process.

Furthermore, the distributed architecture that makes Kubernetes ideal for agile development also makes it a nightmare to implement backup and restore. All the cluster and container components makes it a very complex and time consuming process that necessitates clear DR, backup and restore plans. These plans need to be focused on cloud-native backup and restore options that won’t lock organizations into a specific infrastructure or vendor to maintain the ability to migrate in the future.

However, cloud-native active/active disaster recovery solutions or stretched clustering, which replicates workloads with an active identical infrastructure can be extremely costly. Therefore most mid-market enterprises will need to look to automate backup plans and processes with DRaaS solutions.

Migrating workloads is cumbersome

Although nearly every organization is working within the cloud in some, each organization is working in their own unique way. While the shift to public clouds remains, many organizations are also realizing that private clouds can offer better performance if they can handle the added complexities. Furthermore, companies are also balancing cloud workloads and on-premise to ensure the most sensitive information is secured in house. All of this means most IT departments believe migrating multi-cloud workloads taking place in clusters is going to be ]cumbersome. However, it doesn’t have to be.

Migration can mean shifting from one public cloud vendor to a different one; migrating from a private data center to the cloud or in the other direction or from a data center or cloud across private data centers. The biggest risk with all of these types of migrations is human error impacting uptime reliancying and data security. This is where MaaS solutions can step in to automate the most critical aspects of migrating Kubernetes and the workloads that are running on them.

SaaS-based automation tools can provide a single pane of glass for visualizing and ensuring smooth multi-cloud migrations of Kubernetes. These types of tools can automatically discover Kubernetes resources and components that need to be migrated. Rather than manually searching for these components, IT directors can simply choose the clusters from a list and decide on which they want to migrate, and the app provisions these resources in a VPC with all of its data workloads running on it.

The Only Security Needed for Kubernetes is Backups

Kubernetes is known to have strict security protocols that assist in blocking access to components outside of a cluster. This native security is certainly helpful, but it doesn’t mean that you only need to worry about backing up your cloud-native workloads. Cybersecurity concerns are a growing worry even when working within clusters. This means that businesses must continue to maintain good cyber hygiene within cloud-native environments.

One of the biggest cybersecurity risks to businesses today is ransomware. In fact, ransomware attacks increased 150% in 2020. Many of the same vulnerabilities that make organizations broadly vulnerable to ransomware attacks are what make those working in containers and clusters vulnerable. These include misconfigurations, missing timely patches, skipping updates and gaps in backing up.

However, in addition to targeting Kubernetes as a potential breach point to access a company’s network and take it hostage, cyberattackers have also taken to putting Kubernetes in their crosshairs as a way to steal data. Fortunately, The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently released a Cybersecurity Technical Report entitled Kubernetes Hardening Guidance that offers some important tips for improving the resilience of Kubernetes. Some of these best practices offered by the joint agency report include scanning containers regularly for vulnerabilities and misconfigurations, running containers with the least privileges possible and using network separation to control the amount of damage a cyberattack can generate.

Author: Faiz Khan CEO/Founder, Wanclouds
Bio: Prior to founding Wanclouds, Faiz was an executive at Cisco and played multiple technology leadership roles. His latest assignment was leading the Global Cloud automation and orchestration organization. Prior to that, he has built the Global Datacenter and cloud practice and was the GM for Emerging Markets Technology Practices Organization. Faiz has an MBA in Computer Information Systems from Colorado State University.

To hear more about cloud native topics, join the Cloud Native Computing Foundation and cloud native community at KubeCon+CloudNativeCon North America 2021 – October 11-15, 2021
Don't miss out great stories, subscribe to our newsletter.

What’s the Ticket to Untie from Provider-Specific Tech Stack?

Previous article

AIOps – A long way to get there

Next article
Login/Sign up