Threat Research

A 2025 look at real-world Kubernetes version adoption

DataDogHQ
A 2025 look at real-world Kubernetes version adoption

As of October 1, 2025, 78% of Kubernetes hosts in Datadog’s dataset run mainstream supported versions (1.31+), 19% run extended support versions (1.28–1.30), and 3% run unsupported versions (earlier than 1.28). The introduction of LTS offerings by major cloud providers (EKS, GKE, AKS) has helped reduce unsupported clusters compared with 2022, though a long tail of very old versions remains. #EKS #GKE #AKS

Keypoints

  • As of 2025-10-01, 78% of Kubernetes hosts are on mainstream supported versions (1.31+).
  • 19% of hosts are on extended support versions (1.28–1.30) offered by major cloud distributions.
  • Only 3% of hosts are running unsupported Kubernetes versions (earlier than 1.28), with some clusters as old as 1.6.
  • Major cloud providers (Amazon EKS, Google GKE, Azure AKS) now offer long-term support (LTS) versions that extend upstream support lifecycles.
  • LTS offerings often come at increased cost but help organizations avoid jumping multiple versions for urgent security fixes.
  • Compared with 2022, the proportion of unsupported Kubernetes hosts has decreased significantly.
  • Despite improvements, organizations should continue upgrading to reduce the remaining long tail of unsupported instances.

MITRE Techniques

  • [T1606] Account Manipulation – No specific account manipulation techniques are described in the article; the article focuses on version distribution and support lifecycles rather than attacker techniques.
  • [T1190] Exploit Public-Facing Application – The article notes Kubernetes is commonly exposed to the internet, increasing risk of urgent security fixes being required, but does not describe a specific exploit: ‘Kubernetes is commonly exposed to the internet.’
  • [T1609] Container Image – Vulnerabilities in older Kubernetes versions may affect container workloads, but the article does not describe specific container image abuse or supply chain techniques.

Indicators of Compromise

  • [Kubernetes Versions] cluster version context – examples: 1.31 (mainstream supported), 1.28 (extended support), and older versions such as 1.6 (unsupported).
  • [Distributions] managed service context – examples: Amazon EKS, Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS).

Read more: https://securitylabs.datadoghq.com/articles/a-2025-look-at-real-world-kubernetes-adoption/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint