Celebrating 10 Years Of Kubernetes

Since its introduction in 2014, the Kubernetes open-source container orchestration system has gone from strength to strength. No longer a niche technology, today it has become the de-facto standard for modern application deployment and management.

Indeed, as it enters into its second decade, Kubernetes is so embedded in the cloud native landscape that it’s almost impossible to imagine life without it.

Over the past 10 years, Kubernetes has matured and evolved new capabilities. Today it offers developers hundreds of extensions, add-ons and integrations, together with an impressively comprehensive documentation base. But when Kubernetes first made its debut, the initial release was rather ‘rough’ around the edges.

Let’s take a quick look at some of the technology’s pivotal milestone moments and look ahead to where Kubernetes might be heading in the next decade.

The Early Days – from inception to teenage years

Containerisation has a long history that stretches back to the 1970s but it was the arrival of the Docker containerisation framework that finally made containers easy to work with – and by doing so created the need for container orchestration technology.

As more and more people began taking advantage of Docker to develop and run applications inside containers, they needed a way to orchestrate those containers, and Kubernetes – which originated within Google as its internal orchestration platform, aptly named “Borg” – was open-sourced to resolve this challenge.

When Kubernetes 1.0 first appeared on the scene it offered much of the functionality many of today’s Kubernetes admins will be familiar with – you could deploy sets of containers as pods, distribute them across nodes, and expose applications over the network as services. 

Thanks to the backing of the Cloud Native Computing Foundation (CNCF), Kubernetes quickly gained momentum and by 2018 had become established as a leading open-source container orchestration platform.

Coming Of Age

While Kubernetes was great for orchestrating workloads across servers, in the early days the functionality it offered was pretty basic. There was no sophisticated support for persistent data storage, network functionality was limited, and there were few built-in security controls. Over time, however, this all changed.

The arrival of a native role-based access control (RBAC) framework in 2017 reduced a number of security risks associated with inadequate access controls and made it possible to manage who can do what within Kubernetes. Meanwhile, 2018 saw the introduction of new advanced networking capabilities such as support for cluster load balancing and core DNS. This was quickly followed by the provision of support for persistent volumes in 2019. All of which helped to make Kubernetes the platform of choice for a wide array of production workload types – and put Kubernetes on the radar of cloud providers. As a result, by 2022 around 60% of organisations that used containers were orchestrating these with Kubernetes. 

New features continued to emerge. Since 2020 these advancements have included Common Expression Language (CEL) support for admission control, which enables requests to be handled in a granular way through the Kubernetes API. On the security front, the introduction of beta support for Linux-based username spacing in Pods alongside the replacement of security policies with security contexts all helped to further contain security risks. Together these enhancements allow admins to build and operate more secure clusters.

What’s Next For Kubernetes?

Unless a major disruptive technology makes it irrelevant, Kubernetes looks set to remain a cornerstone of the digital world as we know it. That said, there are numerous ways that Kubernetes could continue to grow and improve while maintaining a balance between richness of capabilities and simplicity of operation.

For example, the introduction of full support for multi-cloud clusters would be a great addition. One that would make it much easier to operate a single Kubernetes cluster whose nodes are distributed across multiple clouds or data centres.

Similarly, greater consistency between Kubernetes distributions would also resolve the challenge that of migrating from one distribution to another thanks to the diversity of distributions that can include proprietary extensions or features that only work within a given vendor ecosystem. It is also likely that we will fewer distributions in the future, since there are numerous ones available, but adoption is concentrated around a few of them. At the same time, special-purpose distribution such as K3s (lightweight implementation of Kubernetes) will justify their place.

Finally, enhancing Kubernetes security should be a primary focus for future growth and more opinionated security controls would be a welcome enhancement for admins looking to stay ahead of the game where Kubernetes security threats are concerned.

No easy task when the multitude of Kubernetes distributions and installers available today can lead to inconsistencies and vulnerabilities that can be exploited.

One thing is for sure, admins that want to keep their workloads secure over the next decade and beyond will need to keep their finger on the pulse as Kubernetes continues to evolve. Ultimately, that means covering all the bases, from secure development, to hardened configuration and compliance, through to runtime protection and network controls for Kubernetes applications. 

Rani Osnat is SVP of Strategy at Aqua Security

Image: Jaiz Anuar

You Might Also Read:

Securing Kubernetes Helm: Vulnerabilities & Defensive Strategies:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 


 

« Nowhere To Run
How Can Cloud Risk Management Elevate Your Cybersecurity Posture? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Paladion

Paladion

Paladion is a provider of managed IT security services.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

Passbase

Passbase

Passbase is building a full-stack identity verification engine backed by verified government documents.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

SOC Experts

SOC Experts

SOC Experts is a pioneer (we started SOC training well before people realized how big the domain was going to be) and the only institution to provide end-to-end training on Security Operations Centers

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

FTx Identity

FTx Identity

FTx Identity is the world's most advanced age verification technology (AVT) and identity management system.

Scinary Cybersecurity

Scinary Cybersecurity

Scinary was founded in 2015 on the premise that cybersecurity should not be limited to just large corporations or large government entities.