Insight by Rancher Government Solutions

Kubernetes, containerization enable capable computing at the edge

Brandon Gulla, the chief technology officer of Rancher Government Solutions, said that virtualization is fast giving way to use of containerization managed unde...


Infrastructure Strategy

As new data centers come online that are more tactically, geographically located closer to the battlefield in this near-edge, far-edge model, satellite comms and 5g networks are enabling the scale to grow horizontally across geographies.


Kubernetes Overview

Kubernetes itself is an orchestration framework that's more of a collective ecosystem. It's intended to host applications at scale reliably across any computing infrastructure.

In the age of digital services and data generated pretty much anywhere, organizations must refresh their approaches to how and where they deploy applications and store data. More precisely, they need methodologies that combine agility and portability, high performance and efficiency in the emerging model of infrastructure. That model encompasses agency data centers, multiple commercial clouds and edge computers of varying capabilities.

Brandon Gulla, the chief technology officer of Rancher Government Solutions, said that, with those three elements of infrastructure, virtualization is fast giving way to use of containerization managed under Kubernetes. That combination of technologies lets IT organizations approach what Gulla called the three pillars of excellence – security, speed and scale.

“Security is number one,” Gulla said. He cited the recent Log4J episode, and the fact that many organizations don’t know fully if or where they have the vulnerable Java pieces running.

“We need to be working with our supply chain experts to ensure that we’re having attestation as well as full transparency on what software modules are being baked into tomorrow’s technology,” he added. That’s one reason agencies must obtain and know how to use software bills of material, as outlined in the White House executive order on cybersecurity issued last May.

“We’ve seen a lot of change just recently in the Kubernetes community of practice, focused on the signing of artifacts, the bill of materials,” Gulla said.

Knowing an application is built securely leads to confidence in deploying it at scale and in a high performance manner. A traditionally architected application that is insecure will be just as insecure after it is rendered as containers.

But, Gulla said, security established, containerization “promotes the item potency and the immutability that software can provide, allowing you to move an application from infrastructure to infrastructure…in a way that is flexible, and highly decoupled from the underlying infrastructure.” In other words, the definition of agile portability.

He said secure, well-managed containerization can enable applications in national security or military domains to move among classification levels and to the tactical edge.

Computers at the edge, for example in military applications, are increasingly compact and powerful, in effect field data centers. Gulla stressed the importance of ensure security of applications and data in edge facilities. That includes physical security. For the cyber side, he said Rancher is using the trusted platform module (TPM) approach to help ensure what he called the chain of trust from the hardware level on up.

“That way, we can validate hashes and ensure that these single board computers and other edge technology that are deployed in the field are immutable, and can have the integrity that our mission demands, both on the physical and digital sides,” Gulla said.

Emerging high-speed edge connectivity options – particularly wireless 5G and satellite communications – and sound security practices together enable scaling of applications to mission levels. True, Gulla said, commercial clouds have long enabled scaling thanks to their elasticity.

“But what we’ve seen is while [clouds] are focused on the individual data centers, we’re starting to see a scale from a geographic perspective,” Gulla said. “So as new data centers come online that are more tactically, geographically located closer to the battlefield, as well as this near-edge, far-edge model … that’s enabling the scale to grow horizontally.” That model helps maintain fast response times and more effective mission enablement, he said.

Gulla said growing number of organizations, including agencies, are containerizing, rather than virtualizing, applications, data, and their dependencies. And they’re managing and orchestrating the deployment of containers with Kubernetes. That approach enables administration of hundreds or thousands of instances of applications on as many commodity computers. Moreover, Kubernetes is open source, with companies like Rancher offering it with value-added services.

Gulla described Kubernetes as an orchestration framework for deploying container. As software, it’s also “a great community comprised of different special interest groups focusing on the different facets of computing. So there’s an entire ecosystem under security, under storage, under networking, under disaster recovery, multi cluster. It’s little fifedoms within a larger community that percolate up to be that platform we know as Kubernetes.”

The efficiencies that characterize the ability to rapidly spin up new instances of containerized applications from a single administration console extend upstream to the development process, Gulla pointed out. In fact, you get “efficiency up and down the stack, all the way from the actual system administrators responsible for the servers, to the developers themselves,” he said. “Not just in the creation of the software, but the maintenance from day two and beyond.” In DevSecOps environment such as that operated by the Air Force, an important goal is repeatable software builds through automation and validation testing.

Under the Kubernetes management regime, “it shouldn’t matter where a developer is writing code, they can push a code commit, and it will rebuild, rescan and re-implement those code changes all the way up, possibly directly into production. That is saving a huge amount of time. And everyone knows, time is money.”

Listen to the full show:

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Eric Goldstein, CISA Logo

    Second senior cyber leader this week to exit federal service

    Read more
    Getty Images/iStockphoto/gintas77Cybersecurity

    State Department employing continuous automated testing in software development

    Read more