Celebrating 10 Years Of Kubernetes

Uploaded on 2024-10-22 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

Since its introduction in 2014, the Kubernetes open-source container orchestration system has gone from strength to strength. No longer a niche technology, today it has become the de-facto standard for modern application deployment and management.

Indeed, as it enters into its second decade, Kubernetes is so embedded in the cloud native landscape that it’s almost impossible to imagine life without it.

Over the past 10 years, Kubernetes has matured and evolved new capabilities. Today it offers developers hundreds of extensions, add-ons and integrations, together with an impressively comprehensive documentation base. But when Kubernetes first made its debut, the initial release was rather ‘rough’ around the edges.

Let’s take a quick look at some of the technology’s pivotal milestone moments and look ahead to where Kubernetes might be heading in the next decade.

The Early Days – from inception to teenage years

Containerisation has a long history that stretches back to the 1970s but it was the arrival of the Docker containerisation framework that finally made containers easy to work with – and by doing so created the need for container orchestration technology.

As more and more people began taking advantage of Docker to develop and run applications inside containers, they needed a way to orchestrate those containers, and Kubernetes – which originated within Google as its internal orchestration platform, aptly named “Borg” – was open-sourced to resolve this challenge.

When Kubernetes 1.0 first appeared on the scene it offered much of the functionality many of today’s Kubernetes admins will be familiar with – you could deploy sets of containers as pods, distribute them across nodes, and expose applications over the network as services. 

Thanks to the backing of the Cloud Native Computing Foundation (CNCF), Kubernetes quickly gained momentum and by 2018 had become established as a leading open-source container orchestration platform.

Coming Of Age

While Kubernetes was great for orchestrating workloads across servers, in the early days the functionality it offered was pretty basic. There was no sophisticated support for persistent data storage, network functionality was limited, and there were few built-in security controls. Over time, however, this all changed.

The arrival of a native role-based access control (RBAC) framework in 2017 reduced a number of security risks associated with inadequate access controls and made it possible to manage who can do what within Kubernetes. Meanwhile, 2018 saw the introduction of new advanced networking capabilities such as support for cluster load balancing and core DNS. This was quickly followed by the provision of support for persistent volumes in 2019. All of which helped to make Kubernetes the platform of choice for a wide array of production workload types – and put Kubernetes on the radar of cloud providers. As a result, by 2022 around 60% of organisations that used containers were orchestrating these with Kubernetes. 

New features continued to emerge. Since 2020 these advancements have included Common Expression Language (CEL) support for admission control, which enables requests to be handled in a granular way through the Kubernetes API. On the security front, the introduction of beta support for Linux-based username spacing in Pods alongside the replacement of security policies with security contexts all helped to further contain security risks. Together these enhancements allow admins to build and operate more secure clusters.

What’s Next For Kubernetes?

Unless a major disruptive technology makes it irrelevant, Kubernetes looks set to remain a cornerstone of the digital world as we know it. That said, there are numerous ways that Kubernetes could continue to grow and improve while maintaining a balance between richness of capabilities and simplicity of operation.

For example, the introduction of full support for multi-cloud clusters would be a great addition. One that would make it much easier to operate a single Kubernetes cluster whose nodes are distributed across multiple clouds or data centres.

Similarly, greater consistency between Kubernetes distributions would also resolve the challenge that of migrating from one distribution to another thanks to the diversity of distributions that can include proprietary extensions or features that only work within a given vendor ecosystem. It is also likely that we will fewer distributions in the future, since there are numerous ones available, but adoption is concentrated around a few of them. At the same time, special-purpose distribution such as K3s (lightweight implementation of Kubernetes) will justify their place.

Finally, enhancing Kubernetes security should be a primary focus for future growth and more opinionated security controls would be a welcome enhancement for admins looking to stay ahead of the game where Kubernetes security threats are concerned.

No easy task when the multitude of Kubernetes distributions and installers available today can lead to inconsistencies and vulnerabilities that can be exploited.

One thing is for sure, admins that want to keep their workloads secure over the next decade and beyond will need to keep their finger on the pulse as Kubernetes continues to evolve. Ultimately, that means covering all the bases, from secure development, to hardened configuration and compliance, through to runtime protection and network controls for Kubernetes applications. 

Rani Osnat is SVP of Strategy at Aqua Security

Image: Jaiz Anuar

You Might Also Read:

Securing Kubernetes Helm: Vulnerabilities & Defensive Strategies:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« Nowhere To Run
How Can Cloud Risk Management Elevate Your Cybersecurity Posture? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Living Security

Living Security

Living Security specializes in metric driven and engaging security awareness solutions that reduce risk by increasing security culture and changing employee behaviour.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

Inceptus

Inceptus

Inceptus is a next generation Managed Security Service Provider (MSSP). We are dedicated to keeping our customers safe, secure and protected while doing business on the Internet.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

TuxCare

TuxCare

TuxCare make Linux more secure. We take care of Linux so that organizations can use Linux to support environments that require high levels of Cybersecurity, stability, and availability.

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

Intellinexus

Intellinexus

Intellinexus turns data into actionable insights to revolutionise decision-making in your business.

SafeAeon

SafeAeon

SafeAeon is a leading Cybersecurity-as-a-Service provider, offering 24x7 premium Managed Security Services with AI-powered and Human-driven 24x7 SOC.

Morrow Global Network

Morrow Global Network

Morrow is the global venture network for venture accelerators, studios, hubs, and their visionary leaders.