logo
allArticlesConferencesPresentations

How DoD Uses K8s and Flux to Achieve Compliance and Deployment Consistency

Conference:  KubeCon + CloudNativeCon Europe 2021

Authors:   Michael Medellin, Gordon Tillman

Summary

The presentation discusses the challenges faced by the platform engineering environment in delivering capability effectively to the end user and the solutions they have implemented using tools like Flux and Kubernetes.
  • The platform engineering environment faces challenges in delivering capability effectively to the end user
  • The compliance and regulatory challenge is a major issue
  • Continuous Authority to Operate (ATO) is a solution to reduce the time to get an ATO down to days and months
  • Tools like Flux and Kubernetes help manage the complexity of the infrastructure
  • GitLab is used as the single source of truth for everything that's being deployed
  • Cluster API is used to manage the deployment of worker clusters
  • Cluster API provides node downtime security patching and Kubernetes upgrades
The major challenge faced by the platform engineering environment is the compliance and regulatory challenge. The traditional process of achieving an ATO was very tedious and time-consuming, which led to stagnant and stale systems within the Department of Defense. Kessel Run pushed the ball forward by reducing the time to get an ATO down to days and months and implementing guard rails and static scanning tools to identify vulnerabilities in code bases before shipping them to production. Tools like Flux and Kubernetes help manage the complexity of the infrastructure and GitLab is used as the single source of truth for everything that's being deployed. Cluster API provides node downtime security patching and Kubernetes upgrades, which helps in scaling workers both horizontally and vertically.

Abstract

Like many other organizations, the DoD also started the journey to K8s and had its own challenges. Due to the nature of DoD systems, there are applications that are deployed in a more relaxed environment such as AWS GovCloud and also in a more restricted air-gapped environments with no internet or external connectivity. In the beginning, it was all about manual deployment and operations. By introducing Helm and Flux, DoD moved to a more declarative model where everything is version controlled and deployed by Flux thereby reducing manual operations, improving deployment consistency and also bringing more compliance with regard to change management and application life cycle. This session will walk through the migration steps, what it takes to operate Flux in an air-gapped environment and how we achieved parity when applications are deployed to environments with different constraints.
Materials:
Slides
Tags:

Post a comment

Related work

K8s in a Submarine: Optimizing Delivery for Some of the Hardest-to-reach Systems on Earth

Conference:  ContainerCon 2022
Authors: Jeff McCoy
2022-06-21

Your code might be secure, but what about your pipeline? Challenges of securing build/deployment environment.

Conference:  OWASP 20th Anniversary Event
Authors: Marcin Szydłowski
2021-09-24

Case Study : Improving Resilience of Applications in Telco Environments

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Samar Sidharth, Uma Mukkara
2021-10-13

Self Healing GitOps: Continuous, Secure GitOps Using Argo CD, Helm and OPA

Conference:  Cloud Native SecurityCon North America 2023
Authors: Upkar Lidder

How to Make Kubernetes Rhyme with Prod-Readiness

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Matthias Haeussler, Tiffany Jernigan
2023-04-21

DevSecOps : What, Why and How

Conference:  BlackHat USA 2019
Authors:
2019-08-08