Kubernetes in an F-16! How the US Government is going Cloud Native

As DefenceSystems reports the US Air Force is installing Kubernetes in F-16 fighter planes.

In just 45 days the team got three concurrent Kubernetes clusters running on a jet.

TheNewStack provides this detailed analysis article, summarizing this KubeCon  presentation given by Nicholas Chaillan, Chief Software Officer for the U.S. Air Force.

As part of a culture shift away from legacy waterfall methodology the Air Force has been embracing a Cloud Native agile and open approach. A key challenge is the F-16’s classified systems run disconnected from the Internet, so to get the containers working on the jets, the team had to “bring the entire stack with us,” Chaillan said.

That entire stack includes the Cloud One infrastructure layer, a common development, test and production environment with ATOs (Authority to Operate) already in place so developers and producers can use Microsoft Azure or Amazon Web Services clouds, depending on their needs, ‘Platform One’ provides software enterprise services and hardened containers, continuous integration/ continuous delivery options and the service mesh layer, and the DevSecOps ecosystem and program applications depend on the DoD Centralized Artifacts Repository of hardened and centrally accredited containers.

In this CNCF video Nicholas explains how they were able to install the stack on to the legacy environment operating in the F-16s within 45 days, bringing to them the latest in security practices and the capabilities for AI and machine learning. They also describe on how it is also being deployed into battleships.

DevSecOps and Software Factories

Naturally for military scenarios security is of the utmost importance, and this is why the DoD program is headlined under a top level theme of ‘DevSecOps’, implemented within a context of ‘Software Factories’. It’s proving so successful other agencies like the Army are considering its adoption.

‘Platform One‘ is the DoD’s Enterprise DevSecOps Services initiative.

As FedScoop reported in Sep 19 the DOD has issued a detailed reference architecture for the adoption of DevSecOps practices, with a companion implementation document planned for release later this year.

For an overall context Paul Puckett deconstructs the DOD Cloud strategy in his Feb 19 Linkedin blog, describing the types of technical challenges that set the scene for their DevSecOps adoption.

It presents the vision for transforming DoD software acquisition into secure, responsive software factories, examining and exploring the utilization of modern software development processes and tools to revolutionize the Department’s ability to provide responsive, timely, and secure software capabilities.

The focus of the effort involves exploiting automated software tools, services, and standards so warfighters can rapidly create, deploy, and operate software applications in a secure, flexible, and interoperable manner.

Multi-Cloud Procurement

This all presents a very interesting perspective for the USA’s ongoing Cloud adoption strategy. The Federal News Network reports that IT-AAC recommends cancelling the contentious Jedi contract and instead follow the lead of the CIA and their C2E framework, although the DOD CIO argues for retaining it.

The ‘multi-cloud’ approach, versus a single supplier, is increasingly coming to the fore as a best practice. A Pentagon unit just signed a deal with Google to utilize their Anthos platform, centrally managed from the Google Cloud console, to enable them to run web services and applications across Google Cloud, Amazon Web Services, and Microsoft Azure.

With Anthos ushering in the Kubernetes Multi-cloud Era, married with these DevSecOps best practices defined and pioneered by the DoD, a best-in-class blueprint is emerging for a standardized approach to USA GovCloud Computing for all other agencies to follow.