The public sector is moving boldly into the cloud-native future.
It’s one thing to employ open source for streaming movies or ordering meals from the convenience of mobile apps. It’s a wholly different proposition when open source drives the military’s F-16 fighter jet, a $64 million marvel flying 1,300 miles per hour at 50,000 feet.
The open-source container orchestration tool Kubernetes and service mesh enabler Istio were installed on an F-16 fighter jet after the top brass in the U.S. Air Force challenged the military’s software team to deploy the tools on the aircraft’s legacy hardware in just 45 days.
“The jet is interesting, but it’s a tiny piece of the rest of the work we’re doing,” Nicolas Chaillan, chief software officer of the U.S. Air Force and Space Force, said during a presentation at KubeCon in 2019. “We have a lot of business systems moving to cloud-native environments, moving to microservices, being built right from the get-go.”
Battleships and decision tools
The F-16 fighter jet is indeed just one small part of the military’s open-source, cloud-native story. Military branches such as the U.S. Air Force have built strategic technology platforms around Kubernetes to solve software problems dynamically rather than starting from scratch.
“For us, Kubernetes is becoming the foundation of all the software we do on jets to bombers to ships and, let’s face it, to nuclear,” Chaillan said in an interview last year. “We have Kubernetes running across embedded systems at the edge on clouds, on classified clouds and air-gapped environments. It’s really the enabler for us not to get locked into a single tech stack.”
The military’s use of open source has become so pervasive that the Department of Defense was obliged to issue a service-wide advisory in late January to remind all branches of the guidelines for evaluating and acquiring open-source software.
Chaillan’s comments offer a hint of how widespread open source has become in the military. A recent discussion thread on HackerNews included a reference to the use of open-source tools, such as Apache NiFi, Kafka and Spark, by the U.S. Navy in the design of an information fusion system for deployment in the cloud. Fusion systems are used to assess complex situations more accurately by producing specific estimates about an activity or event.
Rapid deployment through microservices
In digitally transforming a historically rigid institution, microservices have proven a streamlined approach to translate open-source solutions for deployment amidst government’s rules-based structures.
Consider Platform One, the DoD’s DevSecOps services arm providing Kubernetes distributions from the Cloud Native Computing Foundation. Platform One offers templates and packages to leverage resources from multiple cloud vendors, including Amazon Web Services Inc. and Microsoft Azure, and enables the Air Force to deploy new software capabilities 21 times per day.
Earlier this year, the DoD’s Defense Innovation Unit selected Google Cloud and its Kubernetes-driven Anthos platform to provide secure cloud management services, setting the stage for potential broader adoption across defense agencies worldwide. The initiative was preceded by a pilot project between Google LLC and the Pentagon two years ago.
“The bigger story here is that it’s a huge win for Anthos,” Sean Feeney, former cloud practice director at digital business consultant Nerdery, said in a 2020 interview with SiliconANGLE. “Anthos comes into play for both the DoD’s on-premises and their multicloud systems, which will allow Google to become more embedded in the DoD’s overall architecture.”
The DoD’s software development effort has been nurtured by an ecosystem of microservices and suppliers, such as the Cloud Native Computing Foundation and startup Weaveworks Inc., in scaling cloud-native solutions and productizing around GitOps.
Starting with CNCF-compliant Kubernetes clusters and other open-source technologies, the DOD has expanded beyond Flux and Argo. Other CNCF projects used by the DoD include the Jaeger distributed tracing platform, the Open Policy Agent engine, the Fluentd data collector and the Prometheus monitoring system tool.
The DoD has also built a network of software factories around the U.S. in support of its cloud-native ecosystem. These include groups such as LevelUP, the Air Force’s cyber factory team that provides DevSecOps managed services with baked-in security. Space CAMP, located in Colorado, is focused on the continuous development and deployment of U.S. Space Force mission applications to the warfighter. Rogue Blue provides software development and integration across classified services for the country’s nuclear enterprise.
Scaling with GitOps
The DoD’s software development efforts have shown that it can scale cloud-native architectures securely. GitOps, a Git-centric approach to building and managing software systems, helps it scale and achieve developer velocity through self-service microservices.
This is no small feat. The DoD’s software development initiative relies on 100,000 government staff and contractors to secure the largest weapon arsenal in the world using DevSecOps and Platform One as a collection of approved, hardened CNCF-compliant Kubernetes distributions, code playbooks and containers.
One of the open-source vendors that has helped the DoD adopt the GitOps model is Weaveworks. The Air Force is a Weaveworks client and leverages GitOps to monitor container behavior for code drift or malicious activity. The DoD uses CNCF projects Flux and Argo along with open-source infrastructure-as-code software tool Terraform to implement GitOps.
“GitOps is game-changing for the industry,” the Air Force’s Chaillan said in comments posted on the Weaveworks site. “It is a replicable, automated, immutable construct for your change management. Everything happens in Git.”
A lot also happens in GitHub, where the DoD is well-represented. GitHub is the cloud-based Git repository where developers and companies build, ship and maintain software. It’s billed as the largest and most advanced development platform in the world.
The DoD has 49 repositories currently listed in GitHub. The space contains access to a number of commonly used open-source tools, along with a few specialized solutions.
Even beyond GitHub, the extensive network of suppliers and software factories highlights an open-source cloud-native story that captures a focus on security and scalability in a DevSecOps world.
“We learn fast, fail fast and don’t fail twice for the same reason,” Chaillan said in an interview for CNCF. “Particularly, when it comes to AI, machine learning and cybersecurity, everyone realized we have to move faster.”