GUIDE / KUBERNETES · BUSINESS WORKLOADS

    Legacy Applications on Kubernetes: Migrate the Workload Without Hiding Its Problems

    Kubernetes can run an older application inside a container. That doesn't mean the application has become cloud native — the stronger question is whether it can survive the Kubernetes operating model.

    Updated July 2026·14 min read·Business Workload series
    01

    Containerization is not modernization

    A legacy workload may still depend on one server, local files, a fixed hostname, a static IP, manual installation, in-memory sessions, a shared writable directory, an unsupported operating system, or a hardware-bound licence. Packaging it into a container does not remove any of that.

    Modernization may additionally require externalizing configuration, moving files to persistent or object storage, removing machine-specific dependencies, adding meaningful health checks, supporting graceful shutdown, and separating application and database lifecycles.

    SOURCE / Reality check

    A containerized monolith may still be a monolith. That is not automatically a failure — a well-operated monolith in Kubernetes can beat a poorly operated monolith on an unmanaged server. The improvement must be measured honestly.

    02

    Why migrate — and why not

    Potential benefitsReasons not to migrate
    Repeatable deployment across dev/test/prodApplication is approaching retirement
    Standardized monitoring, secrets, backup, image scanningVendor support excludes containers
    Faster recovery when local state isn't requiredHardware-bound licensing cannot be changed
    Better infrastructure utilization across workloadsMigration risk exceeds business value
    Declarative rollout and rollbackExisting VM recovery is already reliable

    A sound Kubernetes programme rejects unsuitable migrations — success isn't measured by the percentage of applications moved.

    03

    Six placement options

    PathBest when
    Containerize and rehostDeployment consistency is the main benefit; app already runs unattended on a supported OS
    ReplatformThe app has continued business value and moderate change is acceptable — externalize sessions, add health endpoints
    RefactorLong-term value exists and the current architecture blocks reliability or delivery
    Kubernetes-hosted VM (KubeVirt)The OS can't be containerized but central Kubernetes-based management is still desired
    Keep on virtual machinesVendor support requires it; workload has machine-specific dependencies
    Replace or retireA SaaS product exists, or the app no longer justifies migration cost
    04

    Choosing the controller, and Windows applications

    A Deployment is generally appropriate when any replica can serve traffic and state is external — web front ends, stateless APIs, document-processing workers. A StatefulSet is for genuinely stateful legacy candidates that need stable identity or ordered scaling; don't use it merely because an app writes files.

    SOURCE / Kubernetes documentation

    Kubernetes supports Windows worker nodes alongside Linux nodes. The control plane remains Linux-based, while workloads can be scheduled to Windows or Linux nodes as appropriate. Current documentation lists Windows Server 2022 and 2025 as supported node operating systems.

    ×Do not assume a Windows application can run in a Linux container.
    ×Kubernetes does not support Windows containers using Hyper-V isolation — review process isolation, CNI/CSI support, and Group Managed Service Account requirements before migrating.
    05

    Migrating state, filesystem and configuration

    A container filesystem is not a durable data location — when a Pod is replaced, writable container-layer data may disappear. Classify every path as read-only content, temporary data, cache, log, configuration, or persistent business data, then map it deliberately:

    1Read-only application content → image
    2Temporary data → emptyDir
    3Non-confidential configuration → ConfigMap
    4Confidential values → Secret / external secret manager
    5Persistent business data → PersistentVolume or object storage

    Test a legacy shared directory's real behaviour before trusting it on new storage — file locking, case sensitivity, symbolic links, atomic rename and maximum path length can all differ.

    06

    Health checks, graceful shutdown and session state

    A startup probe protects a slow-initializing legacy app from being killed by ordinary liveness checks before it's ready. A readiness probe should confirm the app can safely receive traffic — avoid making it depend on every optional external service, or one minor outage removes every replica from service. A liveness probe should detect conditions that require restart, not a remote database outage, which could trigger a restart loop across every replica.

    During shutdown the application should stop receiving new work, finish or checkpoint current work, close connections, and exit within the termination window — test real termination rather than assuming it works.

    Session state

    A web app storing sessions in memory may fail across replicas. Options include session affinity as a bridge, Redis- or database-backed sessions, or stateless tokens — affinity can support transition but should not hide a resilience requirement indefinitely.

    07

    Database and scheduled-task migration

    Separating application migration from database migration reduces risk — a practical first phase often containerizes the application while retaining the established database, addressing database modernization in a later phase.

    Inventory operating-system scheduler jobs, database scheduler jobs, and application-internal schedules, then map each to a CronJob, Job, queue worker, or external workflow platform — and prevent duplicate execution during cutover.

    SOURCE / Upgrade design

    Use an expand-and-contract database migration pattern where possible: add backward-compatible schema, deploy the compatible application, migrate data, then remove obsolete schema later. Do not combine an irreversible database migration with an untested application rollout.

    08

    Migration approaches

    ApproachBest fit
    Strangler migrationApplication has clear functional boundaries — move one route or function at a time behind a gateway
    Parallel deploymentMirrored traffic and read-only validation before a scheduled cutover — main challenge is keeping state consistent
    Blue-green migrationClear rollback and production-like testing matter more than avoiding double infrastructure cost
    Big-bang migrationParallel operation is impossible and rollback is proven — use only after rehearsal succeeds
    Phased replatformingMove with minimal change first, then improve sessions, storage and scaling in later releases
    09

    Cutover and rollback planning

    A cutover plan should define the change freeze, final backup, data synchronization, validation, traffic cutover stages, monitoring, and — critically — a rollback trigger and deadline.

    ×Rollback becomes difficult once the new environment has accepted writes. Define whether writes are allowed before acceptance, how new data returns to the old platform, and the maximum rollback window before removing the original environment.
    10

    Common legacy Kubernetes migration mistakes

    ×Moving the server filesystem into one large persistent volume

    This may reproduce the old server without improving architecture. Classify and separate files deliberately.

    ×Treating one successful container start as proof

    The application may fail during restart, upgrade, scaling or recovery. Test lifecycle events.

    ×Adding replicas before externalizing sessions

    Users may lose sessions or receive inconsistent behaviour. Fix or explicitly manage session state first.

    ×Using liveness to check every dependency

    A database outage may restart every application instance repeatedly. Design probes carefully.

    ×Moving the application and database simultaneously

    This combines multiple high-risk changes. Separate them where practical.

    ×Keeping configuration inside the image

    Every environment change requires a rebuild and may expose secrets. Externalize configuration.

    ×Ignoring scheduled tasks

    Reports, cleanup or integration jobs may silently stop after migration. Inventory host-level schedules.

    ×Removing the original environment immediately

    Real workloads may expose issues that testing missed. Keep rollback until acceptance criteria are satisfied.

    11

    Legacy application migration checklist

    0 / 24
    12

    Frequently asked questions

    Yes. Many older applications can run after containerization, but suitability depends on operating-system support, state, networking, configuration, licensing and recovery requirements.

    No. Containerization packages the application. Modernization may also require externalized state, automated deployment, health checks, security changes and operational redesign.

    It can when Kubernetes improves deployment or operations. The application does not need to be split into microservices merely to use Kubernetes.

    Use a Deployment when instances are interchangeable. Use a StatefulSet when stable identity, ordered operation, or replica-specific persistent storage is required.

    Yes. Kubernetes supports Windows worker nodes, subject to supported Windows Server versions, networking, container-runtime and application compatibility.

    No. Windows workers can join a cluster, but the Kubernetes control plane runs on Linux.

    Current Kubernetes documentation states that Kubernetes does not support Windows containers using Hyper-V isolation.

    Writable container-layer data is not a dependable persistent location. Use a PersistentVolume, object storage, database, or another approved external store for required data.

    Yes. Kubernetes can still improve packaging and deployment, but one replica does not provide application high availability.

    Not necessarily. Keeping the database on its existing platform or moving it to a managed service can reduce migration risk.

    Keep it on a VM when it depends on unsupported operating systems, hardware, interactive desktop use, vendor certification, or machine-specific behaviour that Kubernetes does not improve.

    There is no universal method. Phased replatforming, blue-green migration and parallel validation often reduce risk, but the choice depends on state synchronization and business constraints.

    Modernize deliberately

    Kubernetes can standardize images, configuration, deployment, monitoring, security controls, backup and recovery for a legacy application. It cannot remove architectural limitations that remain inside the application itself.

    Inventory the workload, find every state location, document operating-system and licensing dependencies, and choose whether to rehost, replatform, refactor, retain, replace or retire. Build a proof of concept around the hardest failure and recovery scenarios, then migrate only when Kubernetes creates a measurable improvement — not to disguise an old server as a Pod.