- Deploying pure upstream Kubernetes to different DoD networks
- Scale their platform to support missions at different impact levels
- Seeking a partner to help contribute to the open source community
- Onboarded 80,000 personnel onto the platform
- Stand up clusters in a few hours vs days
- Successfully deploy Kubernetes with different classification levels
Enabling Secure Remote Work During COVID-19
There were, of course, a lot of challenges along the way. Before the Air Force embarked on this project, they ran into roadblocks deploying pure upstream Kubernetes to different DoD networks—many of which had strict security controls and were operating in offline, air-gapped environments that were not behind a common access guardrail. Despite months of significant engineering effort, they were unsuccessful in demonstrating repeatable and automated deployments to these nuanced environments.
In addition to strengthening their network capabilities, the Air Force wanted to scale their platform to support missions at a variety of impact levels. Implementing this change would require dozens of Kubernetes clusters that are all managed by impact level. Although the Air Force was using infrastructure as a code (IaC) with Terraform and Kubernetes, there was no coordination between all of those elements to scale.
To add to the complexity, the Air Force did not have the bandwidth, processes, or resources in place to ramp up quickly. Because of limited bandwidth and a number of security policies, projects would typically take weeks to months to get into production. And because they didn’t have experience contributing to the open-source community, they couldn’t tackle problems of great importance.
“We were looking for a partner who could meet our unique requirements and contribute to the open-source community on our behalf,” explained Jeff McCoy, Former CTO at DoD USAF Platform One. “From a Kubernetes perspective, D2iQ’s distribution was aligned with what we were already doing so it was an easy lift to move over.”
Modernizing Infrastructure with Security and Flexibility
In order to successfully deploy Kubernetes with different classification levels, D2iQ had to unify their development control plane to ensure it could run all of these core pieces. With D2iQ Kubernetes Platform (DKP) and other building blocks, the Air Force was able to deliver fully automated and repeatable deployments within any environment in a matter of days. And because DKP is infrastructure agnostic, it provided flexibility and modularity for many different programs of record and mission owners. “We wanted a stripped down version of a Kubernetes distribution so we could deploy our own stack, and the D2iQ team was very accommodating to that,” said McCoy. “The fact that they were able to strip out all the bells and whistles from DKP and have it still work was a huge advantage because other platforms can’t do that.”
In addition, DKP enabled their small core operational team to make a huge impact on mission critical initiatives. “With DKP, our engineers who had less experience with Kubernetes were able to rapidly stand up clusters in a consistent and repeatable manner. Before DKP, projects would take 1-3 days to get into production, so getting that down to just a few hours was pretty significant.”
Throughout the engagement, D2iQ provided expert guidance and continuous support to ensure the project led to a successful outcome. Whether it was texting senior-level staff or troubleshooting issues, D2iQ was able to establish a trusted relationship with the Air Force where they could comfortably communicate in an informal setting. “D2iQ was responsive to our needs and provided timely answers immediately,” said McCoy. “The D2iQ team provided a lot of great and timely feedback about how to avoid that specific problem in the future. Their proactive nature to get the answers we needed was very valuable.”
With D2iQ as a trusted partner, the Air Force was able to adapt their processes, demonstrate fully automated deployments, and empower their workforce during a time of uncertainty. The openness and flexibility of their platform not only keeps their missions from going uninterrupted, but sets the department for future mission success.