Project post cross-posted from the Weaveworks blog by Tamao Nakahara, Head of Developer Experience, Weaveworks and Flux community manager

Challenge

The DoD knew that it needed GitOps. Nicolas M. Chaillan, Chief Software Officer of the U.S. Air Force states that “The U.S. Department of Defense is the largest organization on the planet with over 100,000 developers. At that scale, you have to manage against node drift. We knew that GitOps was the solution to manage drift and to enable automation. The CNCF Flux project was a clear choice for us at Platform One because it provided fully-baked support for Helm, which provides a robust ecosystem of tools for our end users.” Read below for their use of Flux for U.S. Air Force U-2 jets and more!

Solution

Chaillan and team created Platform One, a DevSecOps platform for their many teams to build software safely. They wanted to use “CNCF-compliant Kubernetes clusters and other open source technologies across the DoD.” From the beginnings of Platform One, the team at the DoD designed it for declarative repeatability, automation, centralized configuration management, as well as Kubernetes cluster management, workloads, and zero trust architectures using service meshes.

For Nicolas M. Chaillan, Chief Software Officer of the U.S. Air Force, “Configuration as code was a shining star. The CNCF Flux project was a clear choice for us at Platform One because it provided fully-baked support for Helm, which provides a robust ecosystem of tools for our end users.”

For Chaillan, “Configuration as code was a shining star.” Once they set up the GitOps tooling, they could set up improved automation. 

The DoD were early adopters of many CNCF technologies and Chaillan worked to make the DoD the first government organization to become part of the CNCF. In addition to being powered by Flux and Helm, Project One leverages other CNCF projects including Jaeger, Open Policy Agent (OPA) Gatekeeper, Fluentd/Fluentbit, Kubernetes, Prometheus, Argo, and Envoy (Istio).

Impact

Flux and Helm are the only two projects in the Adopt category by the CNCF Tech Radar for CD! So it’s no surprise that the combination of the two projects would provide a fantastic solution. 

For DoD contractors on the projects,   Tom Runyon (Defense Unicorns) and Josh Wolf (Rancher Federal), Helm provides access to a whole ecosystem of community and corporate backed tools. Because Flux uses the native Helm SDK (using Flux’s Source Controller and Helm Controller), the team can take advantage of the vast Helm ecosystem and experience available for their GitOps needs.. The result is a richer experience for their end users within various departments in the DoD (for instance, the Air Force, Navy, etc.). As Wolf shares, “for the end users, all of your Helm knowledge and tooling transfers directly when using Flux because releases are still deployed as Helm releases using all the Helm hooks, etc.”

Contractors Tom Runyon and Josh Wolf trust Flux to deploy and manage their software on Air Force U-2 jets. Wolf says enthusiastically, “the Flux API is crazy stable!” 

Runyon and Wolf trust Flux to deploy and manage their software throughout their work with Platform One, Air Force, and Navy. Runyon is leveraging Flux and the Platform One ecosystem to create streamlined developer workflows for the U.S. Navy, and deploying apps on Navy boats. In addition, Wolf’s use of Flux on top of the CNCF certified and sandbox distribution k3s combine for a lightweight, automated, and declarative tactical edge deployment on military systems such as the Air Force’s U-2 DragonLady. A huge benefit for them is that Flux provides enterprise-level reliability. As Wolf says enthusiastically, “the Flux API is crazy stable!” Runyon adds, “With Flux, we can make upgrades seamless and regular. We can roll out weekly updates to Party Bus (the SaaS version of Platform One). Flux’s great backwards compatibility also means that we don’t need tight coupling between versions of Flux with versions of other software. Unlike with other solutions that have required tighter coupling (and more work for us), Flux gives us the freedom not to put additional cycles to that challenge.” The team uses Flux to roll out almost everything: Helm releases, Argo, Jaeger, and almost all of their tools.

The team uses Flux to deploy Helm charts, and the charts are used for all app lifecycle management. In addition, as Wolf notes, “Big Bang (Platform One’s CD tool that uses Flux) uses both Helm and operators. We use Helm to install those too.”

Finally, monitoring is a critical part of the process and Flux’s integrations with Prometheus and Grafana are essential for that.

For Runyon and Wolf, game-changing Flux capabilities include: 

How you can Get Started with Flux and Helm!

Top things to know about Flux:

Author: Tamao Nakahara, Head of Developer Experience, Weaveworks and Flux community manager. See www.gitopsdays.com for the next Flux ecosystem event.