Security, Kubernetes, Container Management, Enterprise Kubernetes, Air-Gapped Deployments, Public Sector

Military-Grade Kubernetes Best Practices: Digital Transformation

Nov 14, 2022

Alex Hisaka

D2iQ

SAIC Shares Military-Grade Kubernetes Best Practices for Digital Transformation

10 min read

Watch the full webinar on demand.

Science Applications International Corporation (SAIC), a major system integrator and solution provider to government agencies, chose the D2iQ Kubernetes Platform (DKP) as the foundation for providing Kubernetes solutions for its customers.   

 

In a recent webinar, SAIC CTO Bob Ritchie, Principal Solutions Architect at Amazon Web Services Adam Hesch, and D2iQ CEO Tobi Knaup shared insights and best practices for digital transformation powered by Kubernetes, including ways to ensure military-grade security.

 

The discussion centered on Kubernetes simplification and advanced cloud-native deployments, with the speakers providing tips on selecting a Kubernetes platform and overcoming Kubernetes skills gaps. 


Ritchie cited the reasons SAIC chose D2iQ as its Kubernetes solution provider, including the way in which DKP provides a fully integrated production-ready platform based on pure open source Kubernetes, and the ease with which an air-gapped environment can be deployed. 

 

Said Ritchie, “D2iQ has found a way to hit the sweet spot of democratization of Day 2 operations in Kubernetes, while still getting the value of upstream open source CNCF. Those two things together, plus the built for air-gap capability makes it a no-brainer.”

 

Key insights and recommendations that were brought to the forefront during the discussion included the following.

 

Establish a Kubernetes Foundation for Smart Cloud-Native Apps

More often than not, organizations spin up a DIY cluster so they can stay all the way upstream without understanding the Day 2 implications of what it means to DIY it and stay upstream. As Hesch explains, D2iQ has found a way to achieve successful Day 2 operations in Kubernetes while still getting the value of upstream open-source. The D2iQ Kubernetes Platform (DKP) is built using declarative APIs and Kubernetes resources, giving you the best of both worlds of proximity and upstream CNCF capability. D2iQ, said Ritchie, “is so close to upstream without the pain of DIY.” 

 

Building a product based on best-of-breed upstream open-source components and making them military-grade, interoperable and secure out-of-the-box means that there is an entire ecosystem of compatible products that military and government agencies can leverage to accelerate innovation.

 

Plan for Future Scalability and Repeatability 

Many organizations don’t think about scalability in the early stages of their Kubernetes journey. An important point, Knaup notes, is to plan for scalability right out of the gate. That doesn’t mean you need to over architect things, but you need to focus on automation. Automation is what will give you scalability later when you deploy to different environments or when you add new environments. You’ll also need automation for security and disaster recovery. Getting automation done right away will pay dividends down the road when you need to put in a security patch or quickly upgrade your clusters to a new version. 


In addition to scalability, Knaup recommends thinking about what you’re going to need in production from the start. While there are many resources available to help you get started quickly, you might lose sight of what’s really required to go to production and be successful on Day 2. By focusing on automation and Day 2 operations starting on Day 1 of your journey, you can future-proof your infrastructure for what’s ahead.

 

Ensure Military-Grade Security

Deploying military-grade Kubernetes is challenging when you have a heterogeneous fleet of environments with different classifications levels and various flavors of AWS cloud. What’s really critical is to have a single way to ensure and maintain military-grade Kubernetes security across all of these environments, including cloud, multi-cloud, on-premise, edge, and air-gapped. If there is a security flaw in the software, you need to respond and get the patch in as quickly as possible to address the issue. And if you build a bespoke Do It Yourself (DIY) flavor of Kubernetes in each of your environments, you’re going to end up with dozens of different ways to manage, upgrade, and monitor these environments, which costs you time and leaves the door open to attackers. 

 

It’s critical to have a single way to manage Kubernetes in any environment you choose, Knaup explains. DKP comes with built-in military-grade security, policy, and governance to meet the strict demands of national security. Because DKP has obtained the Federal Information Processing Standards (FIPS) 140-2 validation, it eliminates the need to obtain domain-specific expertise in encryption protocols. 

 

Overcome Kubernetes Skills Gaps

What does it mean to be the “weak link” or the “strong link” within the cloud landscape? According to Ritchie, the cloud-native and Kubernetes ecosystem has become a weak link problem that we’re solving with strong link approaches. As Ritchie explains, “we are superlatively engaging with a few people that are excelling at things like distributed application development, data-centric security, DIY Kubernetes clusters, but we’re leaving out an entire industrial base that’s invigorated to build these types of solutions.” As a result, there is a huge people gap in that regard. How do we address the problem of getting a broader and democratized skill base? Organizations need to adopt a culture of DevSecOps that empowers teams to understand the ecosystem, build their own solutions, and deliver capabilities. It’s really critical to find the right talent that can help you do Kubernetes the right way. As Knaup notes, “There’s many different ways to do Kubernetes, but there’s very few ways to do it right, secure, and stable.” Finding and leveraging external personnel that are CNCF certified trainers and consultants that can help you do the work around Kubernetes is important to help you and your team get up to speed and certified on these technologies. 

 

Focus on Your Mission

Many organizations are quickly adopting Kubernetes so they can launch new applications and keep up with the continued market. The reality is that you need dozens of other open-source pieces around Kubernetes to have a production-ready military-grade solution that meets all of your security and certification requirements. And there’s a lot of work that goes into assembling all of those pieces. Rather than building your own Kubernetes solution, Hesch recommends using a Kubernetes distribution to eliminate the undifferentiated heavy lifting associated with hosting servers and running your own data center.

 

The D2iQ Kubernetes Platform not only makes Day 2 operations very simple, but it also enables you to focus on your mission because it only takes one day to get that cluster up and running. As Ritchie explains, “that’s been my first hand experience with D2iQ where it went from having an air-gap binary distribution to getting a cluster up in an air-gap ecosystem in less than an hour that’s fully operational.”  

 

Hesch describes how SAIC, AWS, and D2iQ are a better together solution for military-grade Kubernetes. “There’s a natural pairing in this team of teams where AWS is able to assist you with the infrastructure, D2iQ can help you overcome the barriers associated with running Kubernetes at scale and at the edge, and SAIC can provide a continuous learning system to support both of these products.”  

 

In partnership with great companies like AWS, SAIC, and D2iQ, military and government agencies can be really laser focused on the core of their mission. 

 

The full webinar is available for viewing on demand.

 

To learn how D2iQ can help you acquire smart cloud-native capabilities, contact the D2iQ Kubernetes experts today. 

Ready to get started?