Insight by Spectro Cloud

Cloud native in the government: Challenges and opportunities

Federal agencies can overcome challenges around Kubernetes, and even open up new opportunities, with the right strategies.

As federal agencies continue to adopt new methods of digital innovation to move faster, they can add a significant amount of complexity. Applications have to work the same way on-premises, in whatever public clouds they’ve adopted, and more increasingly, at the edge. Containerization is making that possible, and while Kubernetes has emerged as the default infrastructure for container orchestration across all these environments, that comes with its own challenges as well.

In Spectro Cloud’s independent research report, 2023 State of Production Kubernetes, they found that 98% of respondents encountered challenges using Kubernetes in production. Further, 75% suffered issues caused by interoperability between software elements running in their clusters. That’s up from 66% in 2022.

“The challenge for IT teams that have to manage Kubernetes infrastructure is that they don’t just manage Kubernetes, but a specific ‘stack’ of cloud native software required for those applications to run”, says Mark Shayda, senior solutions architect at Spectro Cloud. “And those skills are not easy to find, especially in the public sector, which extrapolates the challenge.”

Indeed – 40% of respondents said they lack the skills or headcount to manage Kubernetes infrastructure, up from 36% in 2022.

Another dimension to this is technology debt: Most of the government’s application workloads are currently hosted on virtual machines (VMs).

“In the public sector it’s been virtual machines since the early 2000s. That was a shift from large monolithic applications running on individual servers to running them in VMs,” Shayda said.

Finally, there’s the challenge of edge. Among certain agencies especially, endpoints in the field have proliferated massively, from drones and sensors to Raspberry Pis and military field kits.

Deploying and especially managing edge devices and applications is not easy, especially when it has to be easy enough for users in the field to understand them – think of a warfighter on the ground that is carrying a backpack that runs an edge app. And of course, security is necessary from the physical device to the application.

Overcoming the challenges 

How can the public sector overcome those challenges? Establishing processes and tools that ensure that every Kubernetes cluster is not a “snowflake” is the only way to scale, especially when thinking about deploying applications to more challenging environments such as the edge.

A key first requirement is building a strategy around repeatability, with the end goal being to centrally manage and orchestrate complete Kubernetes “stacks” at scale, purposely-built for each individual application use case. “The industry has already acknowledged the need for a simplified way to manage Kubernetes infrastructure in a ‘declarative’ manner with projects like CNCF’s Cluster API,” says William Crum, software engineer at Spectro Cloud. “This means being able to prescribe how the environments’ desired state should look like, similar to how Kubernetes itself works with containers in a declarative way. The key requirement is to establish a mechanism for defining “blueprints” of complete stacks that includes all the necessary software elements for applications to work, and then centrally managing them across any location”.

Repeatability also provides consistency across the lifecycle, making it easier for agency employees in the Defense Department and warfighters to navigate the complexity of cloud native infrastructure and Kubernetes. The right management platform can enable the creation of known-good configurations of clusters and can make deployment easier, ensuring that all the environments remain consistent over time. This is important for mission-critical infrastructure. Having the right tools can allow users to perform common tasks in intuitive ways by using graphical user interfaces, or automating complex tasks like onboarding new edge hosts simplifies technical processes for warfighters.

“I think that specifically provides value for not only service members but the Defense organization as a whole,” said Crum. “A lot of this complexity can be abstracted with very easy to use and simple user interfaces where I don’t have to teach Marines or soldiers how to understand all the intricacies of Kubernetes. I can simply just show them the user interface and how that represents the architecture.”

“To me, money and saving lives, in the end, is really what it’s all about. How can we do things better, cheaper, faster, and to where, in the end, we’re saving warfighters lives?” added Sheyda.

When it comes to legacy workloads running on existing VMs, the always-maturing cloud native ecosystem around Kubernetes can also provide opportunities for more efficiency through consolidation, especially after the turmoil that last year’s Broadcom acquisition of VMware has caused in the industry.

“Virtual machines work; they’ve worked for 20 years,” said Crum. “Sometimes that leads technology experts at federal agencies to adopt an ‘if it’s not broke, don’t fix it’ mindset. But now more than before, they should be asking whether they can improve on current dynamics. Doing so can allow them to reduce costs and focus more resources on their missions, especially national security.”

If an agency is running both VMs and Kubernetes, they have two parallel environments and platforms managed by different teams with different skill sets. It may not be possible to completely eliminate VMs, as some workloads still require them due to their stability and maturity. But some of those workloads can be brought into Kubernetes clusters with one unified platform to manage, so that the same policies, controls and management practices can be applied to them.

“That can improve both governance and efficiency, ultimately speeding up application innovation” said Crum.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories