Configuration Defects in Kubernetes

TL;DR

This paper presents an empirical study on Kubernetes configuration defects, identifying defect categories, evaluating static analysis tools, and developing a new linter that detects previously unknown critical defects.

Contribution

The paper introduces a comprehensive defect categorization, assesses existing tools, and develops a novel linter that detects critical defects missed by current tools.

Findings

8 of 15 defect categories detected by existing tools

The linter found 26 previously unknown defects

19 of these defects have been fixed by practitioners

Abstract

Kubernetes is a tool that facilitates rapid deployment of software. Unfortunately, configuring Kubernetes is prone to errors. Configuration defects are not uncommon and can result in serious consequences. This paper reports an empirical study about configuration defects in Kubernetes with the goal of helping practitioners detect and prevent these defects. We study 719 defects that we extract from 2,260 Kubernetes configuration scripts using open source repositories. Using qualitative analysis, we identify 15 categories of defects. We find 8 publicly available static analysis tools to be capable of detecting 8 of the 15 defect categories. We find that the highest precision and recall of those tools are for defects related to data fields. We develop a linter to detect two categories of defects that cause serious consequences, which none of the studied tools are able to detect. Our linter revealed 26 previously-unknown defects that have been confirmed by practitioners, 19 of which have already been fixed. We conclude our paper by providing recommendations on how defect detection and repair techniques can be used for Kubernetes configuration scripts. The datasets and source code used for the paper are publicly available online.