Kubernetes in the Department of Defense (DoD)

Kubernetes in the Department of Defense (DoD)

The DoD Enterprise DevSecOps reference design mandates the use of Cloud Native Computing Foundation-compliant Kubernetes clusters and other open-source technologies to achieve DoD-side continuous Authority to Operate (ATO).

Modern software infrastructure is built on a microservices framework, which leverages containers to run software reliably when moved from one computing environment to another. With the growth of Artificial Intelligence (AI), Machine Learning (ML), and cybersecurity, a critical need has emerged for DevSecOps in the U.S. DoD to solve the problem of long software development and delivery cycles. A primary focus of the DoD’s DevSecOps initiative is avoiding any vendor lock. Therefore, the DoD mandated Open Container Initiative (OCI) containers with no vendor lock-in to containers or container runtimes/builders. Since containers are immutable, this will allow the DoD to accredit and harden containers. Also, the DoD mandated Cloud Native Computing Foundation (CNCF) Kubernetes compliant cluster for container orchestration with no vendor lock-in for orchestration options, networking, or storage APIs.

Kubernetes brings the DoD many advantages: 1) Resiliency: when a container fails or crashes it can be automatically restarted, thereby providing a self-healing capability; 2) Baked-in Security: The DoD’s Sidecar Container Security Stack (SCSS) can be automatically injected into any Kubernetes cluster with Zero Trust; 3) Adaptability: There is no downtime when swapping out modular containers; 4) Automation: The GitOps model and Infrastructure as Code (IAC) enable automation; 5) Auto-scaling: Kubernetes automatically scales based on compute/memory needs; and 6) Abstraction layer: Since Kubernetes is managed by CNCF there is no fear of getting lock-in to Cloud APIs or a specific platform.

The DoD is moving to cloud-native environments and microservices, with many systems currently being designed for a microservices framework from the start. Kubernetes is quickly becoming the foundation for all software in the DoD, from jets to bombers to ships. Kubernetes is running across systems throughout the DoD, which can reside on embedded systems, at the edge, and in the cloud. In 2019, a team at Hill Air Force Base in Utah successfully demonstrated Kubernetes on an F-16 jet. Currently, teams are working on building applications on top of Kubernetes for all facets of weapons systems, from space systems to nuclear systems to jets.

Leave a reply