National Lampoon's\u00a0Animal House\u00a0is a 1978 American, comedy film\u00a0with an iconic scene. Bluto (played by John Bulushi) yells \u201cFood fiiiiiiiight!\u201d, and a crazy chaos ensues as the students wildly fling food all over the cafeteria.\nAs I listen to CIOs describe how their employees are installing the free, open source Kubernetes software, that food fight scene plays out in my mind. So why is there so much chaos concerning Kubernetes installations? Well, because it\u2019s free--meaning anyone can install it anywhere and at any time.\nRemember shadow IT and public cloud?\nLet\u2019s back up and give some context to the current Kubernetes dilemma. I find the current Kubernetes food fight reminiscent of what happened with shadow IT several years ago. Developers were frustrated with the extended length of time it took their central IT organizations to provide them with compute resources, so they headed to the public cloud to obtain the resources they needed \u2013 quickly and efficiently. Although the developers\u2019 intentions were good, chaos reigned. Lack of governance and loss of control were the norm.\nThe same thing is happening with Kubernetes \u2013 today\u2019s go-to open source, container orchestration tool. Kubernetes allows you to take containers and put them in the right place and manage them. And because it is open source\u2014and free\u2014lots of people are installing it. Without visibility and control by central IT, three primary problems can occur.\n1. The first issue is pretty obvious: security breaches. Numerous analysts have highlighted configuration errors as the primary security risk with Kubernetes. That\u2019s because having many uncontrolled instances makes it nearly impossible to get security right everywhere. Put another way, somebody will get it wrong, possibly grievously wrong!\n2. The second problem is more of a hidden one: excess cost. Although the software is free, the resources are not. You still need to run it on something. If you install it on AWS, you need to pay for the AWS services. If you install it on hardware located on premises, you still must pay for that.\n3. Lastly, inconsistency is a big issue. And when you have inconsistent processes, lots of problems ensue. In a typical enterprise, each person or group is probably running Kubernetes with different tools. Although the version of Kubernetes that OpenShift provides is the same exact version that AWS provides, there are significant behavioral differences between the two, caused by the Kubernetes configuration and the installed tools (aka, Operators\/CSI\/CNI plugins, etc.).\nKubernetes is flexible and does not mandate which tools you choose to use. Let\u2019s say one group in your enterprise likes one vendors\u2019 networking tools; another group prefers the storage tools from a different vendor. The applications deployed may have poorly understood dependencies on a given vendors\u2019 networking or storage tools, causing the applications to run differently \u2013 if the tools are changed. No one wants to introduce this kind of risk, so they won\u2019t want to change vendors. In other words, if it works, leave it alone. \u00a0\nThe result is a big messy food fight between different groups within the enterprise.\nGain control by accepting 4 realities\nThe primary mandate for any CIO in the midst of this Kubernetes food fight is to gain control. Now keep in mind that controlling something is not the same thing as stopping someone from using it. Gaining control means finding a way to enable people to use the version of Kubernetes they want AND the vendor they want. Yet, IT still must have visibility and control of Kubernetes across all of the groups throughout the entire enterprise.\nHow do you gain control? You must first accept some key realities:\n\nReality #1. You will manage multiple versions of Kubernetes. You will need to provide multiple versions of Kubernetes across multiple private and public installations. Marketing may want Kubernetes version 1.1.3 on Amazon and your finance group may want version 1.6.6 on Azure.\nReality #2. You will need to manage Kubernetes on different platforms.Different groups within your organization will not only ask for different versions of the Kubernetes distribution, they will want it on the platform of their choice. Some will want it through public cloud providers and some will ask for it within your own datacenter.\nReality #3. You will need to be able to upgrade each of these versions independent of each other. Yes, of course this process will be time-consuming. But it is a reality.\nReality #4. You will need to provide access to data in a consistent manner across your private and public data sources. Even though you have the three realities above\u2014inconsistent versions, platforms, and processes\u2014you must provide consistency.\n\nBefore moving forward, every CIO must accept these four realities, or you will waste valuable time and energy fighting them.\nHow to control the uncontrollable\nGiven these four realities, what\u2019s a CIO to do? Develop what I like to call a control plane. Just as a control plane in networking is responsible for routing traffic, your IT team must develop a control plane for how you control all the Kubernetes realities.\nTo prepare yourself, you need to ask questions and really understand what\u2019s going on. Then you need to develop processes that are consistent with your current models.\nFor example, here\u2019s a starting list of some questions you should be asking.\n\nHow many clusters does your control system manage?\nHow do you consistently maintain identity and access management across multiple vendors\u2019 Kubernetes clusters?\nHow do you maintain a consistent global namespace for your data fabric across multiple Kubernetes clusters in different geographies on different platforms?\nHow do you secure applications with different versions of Kubernetes running on different public and private infrastructure?\nHow does someone unify logging and monitoring across dissimilar platforms and Kubernetes distributions?\n\nAs I mentioned, this list is only the beginning. By sitting down with IT and reviewing all control issues, you will likely come up with many more items. Once you identify your issues, then you can start to resolve them. And you accomplish this by developing controls.\nStopping the Kubernetes food fight\nIt\u2019s time to gain control and stop the Kubernetes food fight. Experts in the container team at Hewlett Packard Enterprise (HPE) have worked with customers all over the world finding solutions that help gain back control. To solve this issue as quickly as possible, organizations find it helpful to work with people who have been there and done that. To learn more, visit the HPE Ezmeral software page. To read more articles by Robert Christiansen, visit HPE Ezmeral: Uncut.\n____________________________________\nAbout Robert Christiansen\n\nRobert Christiansen is a key executive in the CTO Office at Hewlett Packard Enterprise, setting the strategy and evangelizing the company's vision. In this role, Robert is dedicated to key global clients and partners, deepening the relationships and aligning the joint technology efforts to improve the way people live and work.\nRobert is a contributing writer for CIO, Forbes, TechTarget, and numerous industry magazines and is a major contributor to The Doppler, the cloud industry\u2019s thought-leadership publication. He is also a keynote speaker at numerous technology and HPE led events, clearly articulating technology shifts while having a great time doing it!