Kubernetes Turns 10: Here’s Seven Ways to Make It Better

The container orchestration software juggernaut now dominates the fastest-growing segments of technology infrastructure — cloud computing and artificial intelligence. Open-sourced out of Google, Kubernetes has been the foundation of the cloud native movement to shift applications and other technology elements out of bare metal and on-prem and into the cloud. The first ten years of Kubernetes saw not only miraculous growth and strong adoption but also a broad evolution not unlike what we saw with the Linux operating system, as maintainers adapted the stack for more complicated and regulated use cases. Yet Kubernetes remains a bear to operate and secure and the bane of security operations and network operations teams who are used to simpler times before servers constantly spun up and down and microservices exploded legacy apps into a thousand small codebases, each pinned to an API that must be secured and maintained — both internally and externally. So, what does Kubernetes need to do to maintain its growth? Here are seven of focus.

Simplified Resource Management

Kubernetes could unify and consolidate resource definitions, reducing the number of YAML files and configuration options needed for deployment and management. Auto-generating YAML files for common configurations would further streamline this process. Such automation would alleviate the manual burden on users, making it easier to deploy applications quickly and accurately. By providing templates and defaults, Kubernetes can cater to novice users who need guidance and experienced users who seek efficiency.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

Enhanced UX in Both CLI and GUI

Kubernetes is an infrastructure tool managed and touched by engineers. You shouldn’t need a Kubernetes certification to use it effectively. Enhancing the user interface and experience is low-hanging fruit. It starts with improving the `kubectl` command-line tool with better error messages and interactive prompts for noobs and more options for filtering (regex) for savants. Additionally, integrating a more powerful and comprehensive dashboard by default would allow users to visualize, monitor and manage their clusters more effectively. This dashboard could offer real-time insights and more straightforward navigation, transforming how users interact with Kubernetes.

Advanced Automation and Smart Defaults

Kubernetes could benefit from predefined profiles tailored for different workloads, such as web applications, batch jobs or databases. This could also help lock down Kubernetes by default more easily by establishing a more logical least-privilege approach. Implementing automated checks and recommendations for best practices would guide users toward optimal configurations and deployments, minimizing common errors and enhancing overall system performance and security.

Simplified Networking and Storage

Integrating a simplified, built-in service mesh within Kubernetes would streamline microservices networking, including traffic management, security and observability, eliminating the need for additional setup. This would not replace more advanced service meshes like Istio. But it would allow for a better out-of-the-box Kubernetes experience, particularly if the service mesh handled ingress and alleviated the need to install an ingress resource. Simplifying storage management with intuitive abstractions and dynamic provisioning mechanisms would enhance usability. Users would spend less time on complex configurations and more time focusing on their applications.

More Intuitive Security and Compliance

The Gateway API has a clean path in this direction, and it will be key in streamlining role-based access control (RBAC) configurations to make them both more granular and more user-friendly. It should be straightforward to set up and manage permission. This is another area where a GUI would be helpful. Built-in security scanning and compliance tools could also be added to continuously monitor and report vulnerabilities and misconfigurations. These enhancements would provide a secure and compliant environment out of the box, ensuring that users can maintain robust security practices with minimal effort.

Better Observability and Troubleshooting

Integrating observability tools like Prometheus and Grafana more tightly into the core Kubernetes would provide out-of-the-box monitoring, logging, and alerting capabilities. The significant majority of the community uses these two tools. They are separate projects from Kubernetes. However, it would make Kubernetes more usable if Prometheus and Grafana were available in the initial installation or as a default option without significant configuration. In general,  enhanced debugging tools within Kubernetes would allow for easier diagnosis and resolution of issues, improving the overall reliability and stability of applications. These improvements would help users maintain visibility and control over their clusters, facilitating quicker responses to potential problems.

Enhanced Ecosystem Integration

The VSCode extension for Kubernetes has been downloaded nearly five million times. Developers and operators crave tools to make their Kubernetes experience better. To find the best ones, they have to skitter around to different existing marketplaces or some random GitHub repo with a list of tools in a markdown file. Creating a marketplace or repository for Kubernetes plugins and extensions would make it easier for users to discover, install, and manage additional functionalities. Standardizing APIs for common extensions and integrations would ensure compatibility and reduce the complexity of adding new tools to the Kubernetes ecosystem. These improvements would foster a vibrant ecosystem, enabling users to extend and customize their Kubernetes environments with greater ease and confidence.

Conclusion: Kubernetes, From Good to Great

The first ten years Kubernetes saw it move from a nascent container orchestration engine to a foundational piece of cloud infrastructure deployed by huge incumbent industries for mission-critical, highly regulated jobs. In other words, it moved from a near beta to a well-known and well-liked entity. In the next ten years, Kubernetes can focus on moving the needle on factors that make it more secure, usable, and manageable. With anything as large as Kubernetes, this consists of many minor fixes. I suggested a handful, and there are certainly others. Backed by a massive community of highly competent contributors, Kubernetes has as good a chance as any piece of open-source software to go from good to great over the next decade of its already impressive trajectory.