Guest post by Sarah Geisenger, Sales Engineer at Fairwinds
One of the main benefits known about Kubernetes is the platform’s ability to increase the speed of development. By using microservices and containers, development happens faster. This is all good news and most certainly a huge benefit. But when you increase development velocity, one major drawback emerges: the cost to repair defects.
The Capers Jones graph below shows the percentage of defects introduced during each phase of the development life cycle. More importantly, it demonstrates how the cost to repair said defect goes from 1x when coding to more than 640x in production.
Kubernetes misconfiguration can be expensive to fix.
Just as problems with code are expensive to fix, so too are Kubernete misconfigurations. When spinning up clusters in support of an application, there are configurations that just need to be done and run. You need to:
- avoid running your container as root to ensure Kubernetes security
- set the right CPU and memory to control cloud costs
- set liveness and readiness probes to ensure proper autoscaling
Most companies run Kubernetes without configuration best practices in mind, creating security and reliability issues that add to technical debt and can be very expensive to repair.
Cost to Repair Kubernetes Misconfigured Clusters
The Kubernetes Configuration Benchmark report gives us average findings per cluster and workloads:
- Average # of Kubernetes misconfigurations per cluster – 328
- Average # of workloads per Kubernetes cluster – 110
- Average # of findings per workload – 3
Now consider these numbers based on the cost for a DevOps engineer:
- Hourly rate for DevOps engineer – $100
- Cost to fix in coding phase (5 minutes) – $8.33
- Cost to fix a workload Kubernetes misconfiguration at time of Git pull request – $24.85
- Cost to fix a workload misconfiguration in production – $15,903.03.
Let’s just read that again: $15,903!!!!!!
When considering how you are configuring Kubernetes, you MUST consider getting it right in your pre-production environments. You NEED to ensure misconfiguration cannot bleed into production in the first place.
How to Identify Kubernetes Misconfiguration Early
Kubernetes users need to check configurations earlier in the dev process to reduce the cost to fix. Doing so, will help to reduce the cost to fix by the 640x as mentioned by Capers Jones. Better yet, use Kubernetes governance solutions to scan your development environments, alert developers to misconfigurations AND show them how to fix the problem—a 5 minute task at the cost of $8.33!
By using a solution with an Admission Controllers, you can reject any Kubernetes resources from entering your cluster if they don’t conform to your organization’s policies. Once again, helping to reduce your production environment cost to repair from $15k down to $8-25.00.
Don’t lose the benefits of Kubernetes by not configuring it correctly.
Fairwinds offers Fairwinds Insights, Kubernetes governance and security software, to help DevOps reduce the cost to repair by shifting the fix left.