Understanding Kubernetes: Three Things to Keep in Mind

By: Michael Cade, Senior Global Technologist at Veeam.

One of the topics gaining popularity in IT is container systems, including Kubernetes. Decision-makers in companies of all sizes increasingly can’t help but wonder whether containers should be integrated into their own IT infrastructure. At the same time, VMware’s Kubernetes 2021 Report states that Kubernetes is already being used more widely, but at the same time the expertise and security required for this is lacking. Reason enough to take a closer look at important issues surrounding Kubernetes, especially from a data protection perspective.

Is it an integral part of hybrid and multi-cloud infrastructures?

In the networks of many corporations and large enterprises, containers do not yet exist, or have only existed for a short time. They are not part of traditional data center-based network structures. However, neither are they an integral part of modern multi-cloud environments or hybrid solutions: they just fit in very well. It’s similar to virtualization: this also started as a trend that not all companies saw a need to adopt, and therefore not all did: only early adopters integrated the technology from the start. But 20 years later, a large portion of companies have virtualized large workloads.

Kubernetes acts as a container management platform and, interestingly, established and regulated industries, such as banking and financial services, show a greater interest and are early adopters of this technology, while other industries are still watching and evaluating the pros and cons. The latter are first looking at what it is all about, whether it can be incorporated into their networks and be useful to gain an advantage in the market. However, these entrepreneurs are busy with other trends they need to pay attention to, such as Iaas infrastructure.

Does it support runtime environments?

Of course, the question immediately arises whether Kubernetes and virtualization software are compatible. First of all, let’s be clear about what exactly we are talking about: Kubernetes is an orchestration system for containers; Docker, for example, is by now the most common container runner. Containers created in Docker can exist and be worked on separately. Developers can manage them individually and don’t necessarily need a superior solution to do so. But as the number of containers increases, the complexity grows and the big picture is lost. To make this effort as little and as clear as possible, a central management point must be established, and this is where Kubernetes comes into play. The software keeps an eye on everything and ensures, for example, that payloads are dynamically and wisely distributed to containers to guarantee the availability of a service and ensure that it can meet all requirements. Kubernetes is therefore an organizer for Docker and, consequently, a connection between the two is not only possible, but desirable.

New security weaknesses in evidence?

Kubernetes does not change the threat landscape. It doesn’t close security gaps, but requires the same Modern Data Protection as any other type of data. Previously, we just kept everything, and then, with virtualization, we selected what to protect and how often. Today, we move forward with containers that sometimes only last minutes or hours, as opposed to machines, which can have a lifespan of months. Kubernetes.io provides comprehensive documentation that focuses on the «Four C’s» of cloud security: Code, Container, Cluster (group of computers or nodes), Cloud/Corporate Data Center. Each layer of the cloud security model builds on the previous one. Consequently, the encryption layer (code layer) benefits from a solid foundation at the cloud, cluster and container level. Therefore, if weak IT security standards are applied there, the difficulties cannot be solved at the encryption layer. Therefore, each level must form a solid foundation in itself. Kubernetes simply comes in here as the container orchestrator.

What is gaining importance, however, is data protection itself, e.g. backup and replication. Early adopters of Kubernetes and containers often complain about the lack of security and data management in connection with the new environments. This is because the infrastructure is now closer to the applications with the help of containers, and data backup must be carried out differently accordingly. Stateful rather than stateless workloads, common in container environments, are already emerging, and there is an increase in data service deployed just inside the Kubernetes cluster. Other external tools, such as Amazon Relational Database Service (AWS RDS), can connect to applications running inside Kubernetes. This changes the way data is protected. Veeam’s 2021 Cloud Protection Trends Report shows that we are in a transition: 46% of SaaS and PaaS administrators said that information coming from their stateful application is being stored separately, while 32% of IaaS administrators said their container architecture is built for a long lifespan and therefore they don’t need backup. On the other hand, 14% of backup administrators do not yet have a backup solution for containers, but are looking.

Over the past 15 years, the focus has been on protecting data in virtual environments, but container environments are not virtual machines. Backup works differently. At the same time, the administrator is busy with applications and their platforms, taking on a kind of DevOps role. This is where specialized solutions for data management, data backup and recovery come into play, such as those already offered by Kasten by Veeam, which are designed to deal with Kubernetes and container environments of all kinds, including Docker. It is important to take into account the specificities of these new types of environments, such as the ephemeral nature of many containers and their micro-functions, or the integration in cloud, multi-cloud or hybrid IT infrastructures.

Kubernetes on the rise?

ESG analysts released a report in September 2020 entitled Data Protection Trends and Strategies for Containers, which summarizes the results of a survey of 334 IT professionals from companies in the United States and Canada. When asked about their use of containers, 67% said they used them for production-related applications. This statement underscores the growing adoption and integration of containers into systems and networks, and the continuation of the same for the next two years. VMware’s report, The State of Kubernetes 2021, makes a similar point: 65% of participants already use Kubernetes within their production. In 2020, only 59% said so. 98% also said they see big advantages to implementing Kubernetes. Of course, finding trained staff is the big problem now for these companies.

With the rise of containers, Kubernetes will also increasingly enter the scene to better manage the new environment. Kubernetes is likely to begin this triumphal march with startups and large enterprises first, as the former can build their networks and incorporate the new technologies immediately accordingly, while the latter have the money and staff to integrate it successfully. What the GigaOM study, Radar for Kubernetes Data Protection, highlights is that there are already some management solutions, such as Kasten by Veeam K10, that guarantee the protection of the Kubernetes infrastructure from the very moment of its incorporation. In addition, they can also orchestrate virtual machines and workloads in the cloud. So, for most business people, the question is no longer whether to use containers and orchestration tools, but which one, because the advantages of this new technology are already readily apparent.