The year cloud native
became the new normal
Since 2015, the Cloud Native Computing Foundation has used its unique position in the cloud native community to survey the landscape, understand the dynamics and better serve users of open source, cloud native technologies. For this, our tenth iteration of the CNCF Annual Survey, we set out to create our most comprehensive survey to-date, to reflect the diverse experiences of the cloud native community.
The worldwide survey was fielded from June 30 through September 27, 2022 by the CNCF and Linux Foundation Research. It was promoted via social media, the CNCF and Linux Foundations and their respective websites, the CNCF full subscriber email, the KubeWeekly newsletter, and the Linux Foundation newsletter. The survey was available in English, Chinese, and Japanese. A third-party panel provider was also utilized to get 54% of respondents, which were provided nominal compensation for participating.
Our final sample size was 2,063. However, 2,286 responses were received, of which 20 teachers/students were removed and another 53 were taken out for not being affiliated with an organization or not knowing how many employees that organization had. Of this group, 2,063 completed page three of the survey - the first section with substantial questions asking about information beyond demographics and screening criteria. This results in a small sample margin of error of +/- 3.1% at a 95% confidence level.
We also brought more nuance to our survey questions this year. In previous surveys, we had only asked if technologies had been used in production. This year we differentiated between production, for most or all applications or business segments, and just selected usage.
In addition, Buoyant, Datadog, and Dynatrace contributed anonymised production data, to provide valuable, real-world insight into how CNCF projects are being used in production by organizations across the globe. The methodologies used by these organizations are outlined in the appendix to this report.
Beneath the topline numbers and key takeaways, a well-rounded picture emerges of our community, the challenges they face, and the benefits they're reaping from cloud native technologies. We hope you enjoy reading this report as much as we enjoyed creating it.
Region Of Organization's Headquarters
TOP 3 JOB FUNCTIONS
SOFTWARE DEVELOPER /
Director / VP
Organization's Number Of Employees
CNCF End Users Technical Experience
Containers are the new normal, and WebAssembly is the future
Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this cloud native approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil.
With containers now mainstream, in 2022 the uptake of serverless architecture is setting the stage for WebAssembly, which was asked about for the first time in this survey. Overall, 37% of end user organizations have some experience deploying applications with WebAssembly. Although many are still just personally testing the waters, WasmEdge and WAMR are the top runtimes being used.
44% of respondents are already using containers for nearly all applications and business segments and another 35% say containers are used for at least a few production applications. However, container adoption outpaces the maturity of cloud native techniques, suggesting organizations are still early in their cloud native journey - just 30% of our respondents' organizations have adopted cloud native approaches across nearly all development and deployment activities. Still, 62% of organizations that do not regularly use cloud native techniques have containers for pilot projects or limited production use cases, indicating there is room for growth
Datadog, in their 2022 Container Report, 9 Insights on Real-World Container Usage, found that nearly half of all organizations using containers run Kubernetes to deploy and manage at least some of those containers. In addition, alongside the growing adoption of containers, organizations were more likely to adopt a multi-cloud approach as they grow in size.
How are containers used within your organization?
Container adoption outpaces the maturity of cloud native techniques
Just 30% of our respondents' organizations have adopted cloud native
approaches across nearly all development and deployment activities.
What are your challenges in using / deploying containers?
The biggest challenges responders reported, in using and deploying containers, are lack of training and security. In fact, lack of training is the most significant barrier inhibiting adoption. It is the top challenge cited by 44% that have yet to deploy containers in production, and 41% of those that use containers on a limited basis. Once containers are used for nearly all applications, then security becomes the top challenge.
Organizations that have fully embraced cloud native techniques are more likely to be releasing applications and using GitOps. GitOps is maturing as a technology base with the Argo and Flux projects recently graduating in CNCF. Furthermore, GitOps principles are 4x as likely to be followed at mature cloud native organizations, versus those that have not embraced cloud native techniques.
To what extent has your organization adopted practices and tools that adhere to GitOps principles?
How often are your organization's release cycles?
Of organizations that widely use cloud native approaches, 76% are using containers for nearly all applications and business segments, and 48% release code at least daily. In comparison, only 20% of organizations with limited cloud native maturity use containers and 23% release applications daily.
Does your organization use Kubernetes?
If your organization uses Kubernetes, how many production clusters do you have?
Kubernetes yet to be fully deployed outside cloud native community
Outside of the cloud native community, Kubernetes has yet to be fully deployed into production, leaving the door open for alternative orchestrators and platforms. End users have a greater propensity to consider alternatives to Kubernetes, with 72% evaluating at least one tool while 48% of non-end users are evaluating container orchestration tools.
How many container orchestration tools that are not associated with Kubernetes is your organization actively evaluating / piloting?
Number of non-kubernetes container orchestration tools being evaluated by organizations using kubernetes to some extent
Larger enterprises have embraced hybrid cloud architecture, which often have more than 10 Kubernetes clusters. Meanwhile production users with 1-5 clusters are less likely to be evaluating Kubernetes alternatives.
Which of the following combinations of data center and cloud architectures does your organization use?
(By organization size)
If your organization uses Kubernetes, how many production clusters do you have? (By architecture type)
Kubernetes is emerging as the 'operating system' of the cloud
According to Dynatrace's Kubernetes in the Wild 2023 report, in 2021, in a typical Kubernetes cluster, application workloads accounted for most of the pods (59%). In contrast, all non-application workloads (system and auxiliary workloads) played a relatively smaller part.
In 2022, this picture was reversed. Auxiliary workloads outnumbered application workloads (63% vs. 37%) as organizations increasingly adopted advanced Kubernetes platform technologies like security controls, service meshes, messaging systems, and observability tools. At the same time, organizations used Kubernetes for a broader range of use cases like build pipelines, scheduled utility workloads, etc. Kubernetes became the platform for running almost anything - emerging as the “operating system” of the cloud.
Percentage of total workloads: application
versus auxiliary workloads, 2021 to 2022
Over 2021 to 2022, the growth of total auxiliary workloads outpaced that of total application workloads. The total number of auxiliary workloads in a typical Kubernetes cluster grew by 211% YoY, while the total number of application workloads grew by 30% YoY.
At Dynatrace, we use Kubernetes for any new software project, whether it's build pipelines or our SaaS offerings. We see the same trend with our customers. Kubernetes effectively has emerged as the operating system for the cloud.
Dynatrace VP Delivery
The adoption of CNCF incubated and graduated projects once again increased in 2022, with OpenTelemetry and Argo scoring the largest jumps in usage. The former rose from 4% in 2020 to 20% in 2022 and the later from 10% to 28%. Meanwhile Containerd (36% to 56%) and CoreDNS (48% to 56%) are the graduated projects with the greatest increase in use and evaluation.
Is your organization using in production or evaluating graduated /
incubating CNCF projects?
Small dips in adoption were felt by Linkerd and OPA. Both projects also saw fewer respondents evaluating the technologies, which is not shown in this chart. In 2021 25% were using or evaluating Linkerd, and that dropped to 17% in 2022. For OPA, it went from 30% to 23%.
Despite small drops in mindshare, there are also signs that usage among Linkerd's existing user base continues to increase. In fact, Buoyant, the creators of Linkerd, reported 100% year-on-year growth in 2022 Q3 of 30-day or older reporting clusters (the count of unique Linkerd-enabled clusters in the full open source Linkerd community).
30 DAY OR OLDER REPORTING CLUSTERS
According to Linkerd maintainers: mutual TLS continues to be the primary, though not only, driver of Linkerd adoption. Adopters are looking for ways to secure the communication between nodes in a cluster, and Linkerd's drop-in mTLS provides not just encryption but authentication based on strong workload identity. Zero trust is a big topic of discussion, and Linkerd's sidecar-based approach is a natural fit for this: each proxy acts as the enforcement point for its pod.
These numbers represent the normalized count unique Linkerd-enabled clusters in the full open source Linkerd community. Linkerd-enabled clusters younger than 30 days are excluded. All numbers have been normalized so that Q1 2020 is 100; actual cluster numbers are much higher but are not provided for competitive reasons. Not all clusters are reflected in these counts so they represent a lower bound on the true count.
Observability tools show biggest growth in production
Dynatrace's data revealed a similar picture to CNCF survey responses: the percentage of organizations using Kubernetes security tools increased from 22% in 2021 to 34% in 2022 - corresponding to an annual growth rate of 55%. That trend will likely continue as security awareness grows and a new class of security solutions becomes available.
71% of all organizations ran databases and caches in Kubernetes, representing a 48% year-on-year increase. Together with messaging systems (36% growth), organizations were increasingly using databases and caches to persist application workload states.
Continuous integration and delivery (CI/CD) technologies grew by 43% year-on-year, indicating that organizations are dedicating significantly more Kubernetes clusters to running software build, test, and deployment pipelines.
Kubernetes growth areas
Focusing on non-application workloads, enterprises used an increasing variety of technologies. This reflects the need to enhance Kubernetes with better observability, security, and service-to-service communications. Other technologies enable specific use cases like CI/CD tools or databases.
Across all categories, open source projects rank among the most frequently used solutions.
Technology adoption is much greater than previously thought
In our older surveys, we had only asked if technologies had been used in production. This year we differentiated between production, for most or all applications or business segments, and just selected usage.
Partly as a consequence, we saw a large bump in usage, with service mesh going from 27% in 2020 to 47% in 2022, and serverless architecture/FaaS moving from 30% to 53%. There has been a dramatic jump over the last year of service proxies being used among the CNCF community.
End user organizations that have used WebAssembly,
with WasmEdge and WAMR being the top runtimes
Have you or your organization ever deployed an
application using WebAssembly?
Have you used or are aware of the following
Security, documentation, and inactivity are the top challenges CNCF project users expect
The greatest concern for respondents using cloud native open source projects was that a project would become inactive. This was followed closely by security vulnerabilities and lack of documentation.
While we've archived a couple projects in the past, like rkt, opentracing etc. we don't have particularly inactive projects in CNCF that would meet the bar to be archived currently. Of course, adopting sandbox projects is a bit riskier than graduated ones, and this is reflected in CNCF's project maturity process - graduated projects are very safe to bet on.
Challenges When Using CNCF Projects in Production
However, the survey demonstrated the ways users are mitigating these concerns. We see that the adoption of security policies and GitOps are highly correlated. Use of CNCF security projects is also an indicator of an advanced approach to security. Meanwhile, Observability tools are deployed in many different environments.
What is the status of the following security and compliance related activities in your IT organization?
Fully implemented security / compliance activities by GitOps maturity
What is the status of the following security and compliance related activities in your IT organization?
Security projects at the time survey was fielded
A huge thank you to everyone who participated in our survey and the support we received from Buoyant, Datadog, and Dynatrace. As always, the full raw data from CNCF's survey is available on GitHub.
If you have any questions or feedback, please get in touch at email@example.com.
Methodologies - contributed production data
Buoyant's contributions represent the normalized count unique Linkerd-enabled clusters in the full open source Linkerd community. Linkerd-enabled clusters younger than 30 days were excluded.
The 2022 Container Research was updated in November 2022 and builds on previous editions of the container usage report, container orchestration report, and Docker research report.
For this report, Datadog examined more than 1.5 billion containers run by tens of thousands of customers to understand the state of the container ecosystem.
Dynatrace analyzed how enterprises actually use Kubernetes in production. The Kubernetes in the Wild Report 2023 is based on available production data from 4.1 billion Kubernetes pods created by thousands of Dynatrace customers in all global regions (excluding all Kubernetes clusters Dynatrace uses internally or for hosting SaaS offerings). The data covered the period of January 2021 through September 2022. Dynatrace customers represent the world's largest 15,000 organizations from all major industries, including financial services, retail and e-commerce, technology, transportation, manufacturing, healthcare, and public sector organizations.
Copyright © 2023 The Linux Foundation
This report is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International Public License.
To reference the work, please cite “Cloud Native Computing Foundation Annual Survey 2022.”