Why the Air Force put Kubernetes in an F-16
- By Susan Miller
- Jan 07, 2020
Anyone can run Kubernetes containers for office applications. But what if the office in question is an F-16 fighter jet?
As part of its work on the Defense Department's Enterprise DevSecOps Initiative, the Air Force is increasingly deploying solutions like Kubernetes, the open-source platform for managing containerized workloads and services, to deliver advanced capabilities to warfighters.
The Air Force's SoniKube software factory is one of the DOD enterprise development shops dedicated to delivering software tools and automated services so that programs can build and deploy secure, flexible and interoperable applications. SoniKube was challenged by Nicolas Chaillan, chief software officer for the Air Force and co-lead for the DOD Enterprise DevSecOps Initiative, to install Kubernetes on the legacy hardware in F-16s.
“One point for the team was to demonstrate that it could be done,” Chaillan said in his keynote presentation at KubeCon 2019 in San Diego. In just 45 days, the team got three concurrent Kubernetes clusters running on a jet, according to TheNewStack.
It wasn't easy. The Air Force had been tackling challenges faced by enterprises moving to agile and open development systems -- legacy waterfall methodology, skills shortages and culture clashes. Unlike many open source makeovers, however, the F-16's classified systems run in a disconnected environment so that they are protected from vulnerabilities introduced by connecting to the internet.
To get the containers working on the jets, the team had to "bring the entire stack with us,” Chaillan said.
That stack includes:
- The Cloud One infrastructure layer, which is a stable and secure common development, test and production environment. Authorities to operate are already in place so app developers and producers can use Microsoft Azure or Amazon Web Services clouds, depending on their needs. It also offers tools that can help reduce costs for software development.
- Platform One provides software enterprise services and hardened containers, continuous integration/ continuous delivery options and the service mesh layer, which brings in baked-in, zero-trust security and the architecture to enable microservices. It also offers training/on-boarding options and contracting support.
- The application layer allows development teams to build easily reusable modular software or microservices leveraging hardened containers that can be used across teams.
The DevSecOps ecosystem and program applications depend on the DOD Centralized Artifacts Repository of hardened and centrally accredited containers. The repository currently contains over 170 secure containers that have DOD-wide reciprocity across classifications and will be maintained by the Air Force team.
"We don't believe in a one-size-fits-all approach, so we give freedom to the team to swap containers, Chaillan said. "For us it's kind of Lego blocks." Developers can pick and choose different tools and access 16 programming languages and 23 databases. "That reopens the door to picking the best tool to get the job done," he said.
The benefits are significant.
The DevSecOps initiative will allow DOD developers to rapidly adapt to new challenges, work as a team with various technologies, including artificial intelligence and machine learning. The open source foundation avoids vendor lock in at the infrastructure and platform layers. Code can be reused for different apps that will run on any platform, especially important at DOD where there are myriad classified, disconnected environments. It also enables any DOD program to deploy a hardened solution within days, saving time and money, according to Chaillan's presentation.
The group is working with about 25 commercial vendors to certify their containers, which can then be used by other federal agencies.
"Seeing Kubernetes run in the jet is really quite a useful and interesting example, but … we're using it to power all the sort of normal business activities that the Air Force is doing," Chaillan said in his presentation. "We have a lot of business systems moving to cloud native environments, moving to microservices, being rebuilt right from the get-go."
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at [email protected] or @sjaymiller.