Member post originally published on Fairwinds’ blog by Joe Pelletier
Kubernetes adoption continues to grow, enabling organizations to automate the deployment, management, and scaling of containerized applications. As it does, DevOps, platform engineering, and development teams are looking more closely at the reliability, security, and cost efficiency of their workloads. Fairwinds created the Kubernetes benchmark report in 2022 by analyzing more than 100,000 Kubernetes workloads. The goal was to help organizations understand their container configurations, common areas for improvement, and review their results in comparison to those of their peers. The 2023 report analyzed over 150,000 workloads and compared the data to the previous year to analyze how things have changed. In the 2024 Kubernetes Benchmark Report, Fairwinds analyzed more than 330,000 workloads, reviewing data from hundreds of organizations. The latest report shows Kubernetes users have significantly improved workload efficiency and reliability, though areas for improvement remain.
Top Kubernetes Concerns in 2024
Applying policies consistently to manage Kubernetes cost efficiency, reliability, and security remains a top concern for cloud native users. What dev and platform teams want to know, now that they have established Kubernetes environments and are deploying more workloads to production environments, is how their configurations look compared to their peers and how to improve them.
The benchmark data shows that many organizations have made significant improvements, in part because of more widespread adoption of software that helps them identify misconfigurations automatically and receive actionable insights that make it easy to resolve them. The right solutions can help these orgs align to best practices and minimize the percentage of workloads impacted by cost efficiency, reliability, and security configurations. Read the latest Kubernetes Benchmark Report to identify areas where time and money is best spent to improve configurations.
As organizations seek to take control of cloud costs, the Kubernetes Benchmark Report shows that 37% of organizations have 50% or more workloads in need of container rightsizing to improve cost efficiency. As container usage grows increasingly common, organizations are noting that rightsizing must become part of their workflows. Teams must determine whether individual containers need to be rightsized. If so, devs need to know how to make informed rightsizing decisions and how to best apply them. Fairwinds Insights enables platform engineers to rightsize application resources by making it easy to identify wasted compute resources and get accurate and actionable resource recommendations that are straightforward to implement.
Reliability is critical for apps and services running in production environments, but key Kubernetes configuration issues can be difficult to address. Frequently, dev teams have trouble determining what values to assign for each application. The latest analysis shows that about 65% of organizations are missing liveness and readiness probes, impacting overall reliability.
Fifty-five percent of organizations have more than 21% of workloads missing replicas, which is problematic, because replicas help maintain the stability and high availability of containers. There have been improvements for 30% of organizations, which have less than 10% of workloads impacted.
This year, 67% of organizations have more than 11% of workloads impacted by missing CPU requests, down from 78% in 2023. Putting CPU request limits in place helps to increase reliability by guaranteeing the pod will have access to the resources needed.
Kubernetes is famously not secure by default, requiring a review of configurations to identify potential security issues. The latest report shows that 28% of organizations have more than 90% of workloads running with insecure capabilities, down from 33% in 2023.
Another important security setting is related to running outdated Helm charts. The latest data shows 70% of organizations have 11% or more of their workloads running with outdated Helm charts, which may result in missing critical security patches. Security configurations covered in this year’s benchmark report include:
- Insecure capabilities
- Writeable file systems
- Privilege escalation allowed
- Runs as privileged
- Run as root allowed
- Image vulnerability
- Unscanned images
- Outdated Helm charts
- Outdated container images
- API version deprecated
- NSA hardening checks
- Missing network policy
- Missing pod disruption budget
- Priority class not set
When it comes to cost efficiency, many organizations are setting CPU requests and limits. Fifty-seven percent of organizations have 10% or fewer workloads in need of rightsizing in 2024. The latest benchmark also shows that 30% of organizations need container rightsizing to improve efficiency, indicating that there are still areas of improvement for many.
Top Takeaways from the 2024 Kubernetes Benchmark Report
Containers and Kubernetes can offer businesses significant benefits, but without understanding these essential configurations and how to set them appropriately, it can be difficult to navigate Kubernetes’ inherent complexities. This report helps you identify potential areas for misconfigurations in Kubernetes and the impact they can make to the reliability, security, and cost efficiency of your workloads in the year ahead.
Read the 2024 Kubernetes Benchmark Report now.
Learn how to manage Kubernetes spend without putting scalability and reliability at risk!