Sysdig Report Shines Light on Container Usage Patterns

A report published by Sysdig suggests the types of applications being deployed on Kubernetes clusters along with the number of containers running per host is increasing significantly.

Based on an analysis of 2 million containers using the Sysdig monitoring platform, the report finds the median number of containers per host doubled to 30 from 2018. The report also finds 57% of the clusters monitored by Sysdig run StatefulSets, a tool used to deploy and scale Kubernetes Pods that run stateful applications.

At the same time, the report shows 77% of respondents are using Kubernetes, with 55% having deployed one cluster. Only 16% are running more than six clusters. However, 55% are running more than 10 nodes per cluster, with 51% running more than six distinct Kubernetes Namespace instances per cluster.

Eric Carter, director of product marketing for Sysdig, says the analysis suggests that once an organization stands up a Kubernetes cluster it’s not long before multiple applications are deployed on that cluster. While containers may be ripped and replaced frequently, the analysis also shows most organizations (53%) are making services based on containers available for more than two weeks.

The survey also makes it clear those container environments are highly dynamic. More than half of all containers (52%) are live only for five minutes or less. The number of containers that are alive for 10 seconds or less has doubled to 22% year over year.

Overall, nearly half of all organizations are running fewer than 250 containers. The most widely employed container runtime is Docker (79%), followed by Containerd (18%) and CRI-O (4%). The analysis shows the lighter-weight CRI-O instance of a container runtime optimized for Kubernetes clusters has yet to gain traction.

The report also shows there is a significant difference in approaches organizations are taking to deploying Kubernetes in on-premises environments versus the public cloud. In on-premises environments, the dominant platform is Red Hat OpenShift (43%), followed by instances of Kubernetes that IT organizations have downloaded themselves (34%). On public clouds, the most widely employed instance comes from Amazon Web Services (73%), followed by Google Cloud (19%), Microsoft Azure (14%) and IBM Cloud (5%).

The report also notes there has been a significant increase in reliance on Prometheus, with 46% of organizations now employing the open source monitoring software. As far as alert channels are concerned, the report finds the most widely employed are Slack (37%), PagerDuty (30%) and email (24%).

Finally, in terms of container registries, the report finds Docker is the most widely employed (34%), followed by Google Container Registries (28%) and Quay (14%).

However, the report also notes that 40% of organizations are using container images from public sources. The problem is that of all the images Sysdig scanned over a five-day period, more than half (52%) contained known vulnerabilities. Worse yet, the report also notes most customers have set images to run at root, largely because that’s the default setting.

Put it together and it’s clear a lot of progress is being made in terms of container adoption. However, in terms of security and compliance, some of that progress may actually represent two steps backward.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1615 posts and counting. See all posts by Mike Vizard