Is your cloud migration stalling? You must fight the three Horsemen of the Status Quo.
Getting started with Kubernetes: 5 misunderstandings, explained
IT leaders and container experts discuss key misconceptions about Kubernetes – and the realities behind each of them
Misunderstanding #4: Kubernetes is an all-encompassing framework for building and deploying applications
Reality: “By itself, Kubernetes does not provide any primitives for applications such as databases, middleware, storage, [and so forth],” says Aricent’s Vempati.
Developers still need to include the necessary services and components for their respective applications, Vempati notes, yet some people overlook this.
“Kubernetes is a platform for managing containerized workloads and services with independent and composable processes,” Vempati says. “How the applications and services are orchestrated on the platform is for the developers to define.”
In a similar vein, some folks simply misunderstand what Kubernetes does in a more fundamental way. Jared Sikander, CTO at NetEnrich, encounters a key misconception in the marketplace that Kubernetes “provides containerization and microservices.” That’s a misnomer. It’s a tool for deploying and managing containers and containerized microservices. You can’t just “lift and shift” a monolithic app into Kubernetes and say, boom, we have a microservices architecture now.
“In reality, you have to refactor your applications into microservices,” Sikander says. “Kubernetes provides the platform to deploy and scale your microservices.”
[ Want more advice? Read Microservices and containers: 5 pitfalls to avoid. ]
Misunderstanding #5: Kubernetes inherently secures your containers
Reality: Container security is one of the brave new worlds in the broader threat landscape. (That’s evident in the growing number of container security firms, such as Aqua, StackRox, and others.)
Kubernetes does have critical capabilities for managing the security of your containers, but keep in mind it is not in and of itself a security platform, per se.
“Kubernetes has a lot of powerful controls built in for network policy enforcement, for example, but accessing them natively in Kubernetes means working in a YAML file,” says Dang from StackRox. This also gets back to leveraging the right tools or abstraction layers on top of Kubernetes to make its security-oriented features more consumable.
It’s also a matter of rethinking your old security playbook for containers and for hybrid cloud and multi-cloud environments in general.
[ Read our related article: Container security fundamentals: 5 things to know. ]
“As enterprises increasingly flock to Kubernetes, too many organizations are still making the dangerous mistake of relying on their previously used security measures – which really aren’t suited to protecting Kubernetes and containerized environments,” says Gary Duan, CTO at NeuVector. “While traditional firewalls and endpoint security are postured to defend against external threats, malicious threats to containers often grow and expand laterally via internal traffic, where more traditional tools have zero visibility.”
Security, like other considerations with containers and Kubernetes, is also a very different animal when you’re ready to move into production.
In part two of this series, we clear up some of the misconceptions about running Kubernetes in a production environment versus experimenting with it in a test or dev environment. The differences can be significant.
[ Kubernetes terminology, demystified: Get our Kubernetes glossary cheat sheet for IT and business leaders. ]