The Complexity Crisis
“We're 10 years into Kubernetes and the foundations are starting to break, and we have to really rethink every layer of the system down to the lowest level," said Alex Zenla, founder and CTO of Edera told analyst Jason English. "People are getting a little tired of all the tools and all the various things that they have to install to make Kubernetes usable, when it should work out of the box and actually function."
Zenla's observation resonated throughout the conference halls. Consider a fundamental issue: Kubernetes doesn't ship with a default networking solution. Teams must choose between Cilium, Calico, or vendor-specific implementations. When organizations adopt managed Kubernetes from major cloud providers, they inherit custom container definitions, networking configurations, permissions frameworks, observability stacks, and pod scaling implementations—many locked to specific vendors.
This fragmentation doesn't just create operational overhead; it introduces security gaps at every layer of the stack.
Security Moves to the Runtime
Container security dominated technical sessions and booth conversations, with practitioners at vastly different maturity levels. Some teams are still discovering the basics of vulnerability scanning and using namespaces to isolate workloads, while others are exploring advanced runtime security approaches. The gap between cloud-native adoption and security readiness remains alarmingly wide.
The industry is beginning to recognize that reactive "detect and respond" approaches are insufficient. Organizations need proactive, architecture-level security that reduces attack surface from the hardware up. By addressing security at the lowest levels of the stack, teams can eliminate entire categories of vulnerabilities rather than continuously chasing CVEs.
Edera's approach exemplifies this shift: 95% attack surface reduction and dramatic decreases in security alerts aren't achieved by adding another scanning tool to the stack – they're the result of rethinking container isolation at the hardware level.
The Observability Explosion
OpenTelemetry continued its momentum at this year's event, with widespread adoption across the ecosystem. Yet standardization hasn't solved the fundamental problem: as organizations add more observability signals, data grows exponentially, straining systems and driving up infrastructure costs.
The observability challenge connects directly to the complexity crisis. When every layer of your Kubernetes stack requires separate monitoring – networking, security scanning, permissions, pod scaling – teams drown in telemetry data. A hardened runtime approach reduces this overhead by consolidating security functionality and dramatically decreasing the volume of alerts teams must triage.
The Path Forward
KubeCon 2025 offered an opportunity to step back and ask hard questions. Do we accept ever-increasing complexity as the price of cloud-native infrastructure? Or do we rebuild from the foundations up, creating systems that are secure by default and simple by design?
The answer lies in returning to first principles: reducing attack surface at the architecture level, eliminating unnecessary tooling sprawl, and building security into the runtime rather than bolting it on afterward. The next decade of Kubernetes depends on getting the foundations right.
Let’s Keep the Momentum Going
Multi-Tenancy Without the Mayhem (Live Webinar)
This Thursday, November 20, join Edera’s Lewis Denham-Parry and Amberwolf’s Iain Smart as they explore:
- Why shared-kernel multitenancy is difficult to secureThe risks organizations consistently underestimate
- How Edera enables secure multi-tenant Kubernetes without performance tradeoffs
See You at AWS re:Invent (Dec 1–5)
We’ll be at House of Kube in Las Vegas with hands-on demos and deep technical sessions.
Register for House of Kube here.
Ready to See Edera in Your Environment?
If you want to accelerate your shift to hardened runtime, we’d love to talk.
Schedule a call with our team here.
