lassedesignen - Fotolia

Kubernetes consulting: Helping with the basics, security issues

The Kubernetes container management system has become a source of growing consulting opportunities for IT service providers such as Accenture and Sapient Consulting.

IT services firms are providing Kubernetes consulting services to help customers navigate the container management technology.

The services are an outgrowth of service providers' container, microservices and cloud offerings, which companies typically sell to DevOps groups, cloud developers and line-of-business buyers driving digital transformation projects. Kubernetes, an open source platform that originated with Google, is part of a broader containerization technology market opportunity for channel partners.

Industry executives see a range Kubernetes needs among customers, from learning the fundamentals to understanding the finer points of deploying the container management system.

"Currently, we're seeing the most demand around basic consulting and professional services, as many of our clients are still taking the first steps in their container journeys," said Oscar Renalias, senior manager and technology architect at Accenture.

He said such clients look to Accenture to "figure out how to best leverage containers, how containers fit into their DevOps processes, how to integrate containers with the rest of their enterprise application estate and how to govern containers."

Kubernetes can prove complicated, even for customers with a basic grasp of the technology. That knowledge gap creates an opening for Kubernetes consulting service providers.

"Kubernetes is an extremely powerful technology, but it's also growing increasingly complex after each new release as more features and extension points are added to it," Renalias said.

He said most Accenture clients have a solid grasp of basic Kubernetes concepts such as Kubernetes pods, but lack awareness of how some of the newest developments can help improve their platforms. He pointed to Istio, an open platform for connecting and securing microservices that can be deployed on Kubernetes. Istio is an example of a service mesh, which manages interconnections between microservices.

Kubernetes is an extremely powerful technology, but it's also growing increasingly complex after each new release as more features and extension points are added to it.
Oscar Renaliassenior manager and technology architect, Accenture

"Service meshes like Istio is an example of a great feature more clients should know about it," Renalias said.

Sapient Consulting, an IT consultancy focusing on digital transformation, also offers Kubernetes guidance to customers. Diptesh Mishra, senior director of technology at Sapient Consulting, said the company's clients typically have some in-house expertise in Kubernetes or other container orchestration products such as Docker Swarm, Mesos or OpenShift. Those clients, he said, tap Sapient to define and implement the overall container orchestration framework, using Kubernetes or other container orchestration products.

"We work in a close partnership with our clients to identify and implement the right container orchestration product that is best suited for their needs, typically as a part of an overall cloud implementation program," Mishra explained.

Diagram showing how a service mesh architecture works
Kubernetes consultants can help clients with the finer points of container management such as service mesh architectures.

Storage, security challenges

Customers deploying container management system technology can encounter a few technical snags along the way. Mishra said typical challenges include linking Kubernetes with persistent storage, but he said the arrival of the Container Storage Interface "makes it simpler to integrate Kubernetes with external persistent storage."

Kubernetes announced a beta implementation of the Container Storage Interface in April 2018.

Container security is another challenge.

"The stateless nature of Kubernetes makes it difficult to accurately determine access privileges to applications running within it, leaving it vulnerable to exploits unless carefully secured," Mishra noted.

He said each client organization represents a different set of security challenges with regard to securing the host, the Kubernetes system and resources, the network, and the managed containers for production systems. However, knowledge and skill sharing among Sapient Consulting teams help minimize the magnitude of those challenges, he added.

Accenture's Renalias said Kubernetes container security is an especially hot topic "for clients who are ahead of the pack and are already running a sizable container footprint."

As the number of containers grows, customers have become increasingly worried about a number of fundamental security issues, he said. Those include:

  • How much can the contents of a container be trusted?
  • Is there any sort of control around containers talking to each other?
  • What are the security vulnerabilities in containers?

Renalias said Accenture has been helping several clients run Kubernetes platforms that meet the needs of a chief security officer or operational lead in addition to satisfying developer needs around agility.

Acquiring Kubernetes consulting skills

IT service providers use a combination of certification programs, project experience and internal training to establish their Kubernetes consulting services.

Mishra said Sapient Consulting sees value in Cloud Native Computing Foundation (CNCF) certifications such as the Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer programs.

"We also value experience with Kubernetes -- and other container orchestration products -- in an enterprise-grade production cluster," he said. "We have an active learning and development program for our people and encourage team members to go for industry standard certifications."

As of May, the Cloud Native Computing Foundation said it had granted 404 CKA certifications and noted that 39 companies had become Kubernetes Certified Service Providers (KCSPs). CNCF launched its KCSP program last year to foster a group of vetted service providers offering "Kubernetes support, consulting, professional services and training," according to the organization.

To qualify as a KCSP, a company must have three or more engineers pass the CKA exam, demonstrable activity in the Kubernetes community, and a business model that supports enterprise end users.

Consulting firms with KCSP certification include Accenture and Booz Allen Hamilton.

Container management system services: A growth market

Renalias noted that the market for Kubernetes consulting services has "grown exponentially" over the last few months and said that expansion has occurred across a range of industries. He said the financial services market is perhaps the sector with the fastest Kubernetes growth.

"Many large financial institutions are currently embarked in large API and microservices programs where Kubernetes pretty much is the only choice as the runtime," he said.

He expects the momentum to continue in the second half of 2018.

"We expect an increased demand for our managed services and support services now that many of our clients already have or will shortly have Kubernetes workloads in production," Renalias said.

Dig Deeper on MSP technology services