Phase II Amount
$2,246,900
The Kubernetes (k8s) community has developed the Kubernetes Operator Framework as a means to automate and manage the full lifecycle of containerized services. A Kubernetes Operator manages (automates) how a service is deployed, monitored, scaled, secured, upgraded, and responds to failure conditions. The Operator translates previously tribal knowledge into a codified, reusable set of Infrastructure as Code components. The Operator automates the best practice process of deploying and maintaining secure and stable services. The k8s community, has developed several open source projects such as the Operator Lifecyle Manager (OLM), Operator SDK, and the Operator Registry that form the foundation of the commercial Kubernetes Operator Framework. The Operator Framework is now being widely used by commercial / non-governmental organizations as the primary mechanism to automate service deployment in Kubernetes. Several commercial and open source PaaS offerings (Red Hat Open Shift, OKD, Rancher, etc.) now include the operator framework. Many open source and commercial software vendors are now providing Operators for their services (Enterprise DB, Elastic Search, etc.). This demonstrates widespread commercial viability, long term community and commercial adoption, and reduced technical risk. Despite the utility and popularity of the Kubernetes Operator Framework, there are impediments to direct use within the Air Force. Consider that there are many publicly available Docker / OCI Containers at sites like Docker Hub. However, the Air Force determined that these containers cannot be trusted, from a security, stability, and quality standpoint. Thus, the Air Force / DoD built the DoD Centralized Artifact Repository based on a set of popular open source projects to provide reusable vetted, hardened containers to the broader DoD / Air Force. Similarly, commercial industry has a public operator repository called OperatorHub, located at operatorhub.io. However, like the containers at DockerHub these operators are not vetted, and consumers need direct internet access to pull Operators from this public repository. To leverage the power of Operators in mission systems, the Air Force will require a DoD controlled repository that 1) contains security hardened, vetted Operators, 2) provides cyber security evidence in support of a Continuous ATO, and 3) can be deployed on non-internet accessible networks. Thus, SOLUTE proposes the development of the DoD Centralized Operator Registry (DCOR), which is analogous to DCAR but for vetted, secure Kubernetes Operators. The development of DCOR will significantly accelerate the Air Forces ability to leverage Kubernetes Operators an enable more rapid delivery of secure, scalable, and high-quality next generation mission systems. DCOR perfectly complements, leverages, and integrates with DCAR and aligns with the recently published DoD CIO DevSecOps Initiative Reference Design.