Today, ZEDEDA announced the support for Kubernetes at the distributed edge. You may be wondering, so what’s new about that? For starters, let’s look at the title of the press release — ZEDEDA Unveils Industry-First Secure Zero Touch Kubernetes Orchestration Solution for the Distributed Edge. Let me explain why it truly is unique for the edge and how it simplifies the deployment of Kubernetes clusters in the field. Let’s rewind a little.
Challenges of Deploying Kubernetes as the Edge
As the number of edge devices grow at a rapid pace, along with the ability to produce immense volumes of business-critical data, the need for low maintenance, highly resilient and available lightweight applications to analyze data closer to the source has become ever more important due to bandwidth, storage, security, privacy, and latency reasons. Hence the edge is emerging as the next frontier of computing and organizations are looking to extend cloud-native principles to the field for IoT, AI, 5G, networking, and security use cases.
Despite the popularity of containerized applications, deploying Kubernetes at the distributed edge — compared to centralized and heavier edge data centers — is a challenge due to infrastructure and software heterogeneity. The edge is complex both in terms of technology and logistics. Edge solutions require a multi-layer stack developed and operated by a variety of providers and skill sets. They require hardware, applications, connectivity providers and a mix of both cloud or on-prem systems. Integrating this diverse landscape without an open anchor point can result in siloed and fragmented solutions at the expense of flexibility and vendor lock-in, a problem that most customers want to avoid.
Further complicating edge deployments are a broad mix of software stacks, spanning existing investments like legacy Windows-based applications (e.g., SCADA, HMI, Historian, VMS, POS), monolithic Linux-based images, more modern containerized applications and container runtimes such as Docker/Moby, Azure IoT Edge and AWS Greengrass. In addition, Kubernetes solutions built for centralized data centers do not scale down to the distributed edge in terms of accommodating smaller edge node footprints, having an adequate zero trust security model, being appropriately priced by scale, and requiring specialized skill sets that are not commonly found in the field.
Furthermore, there are many emerging distributions of Kubernetes — K3s, K8S, KubeEdge, and microK8s. The first step is selecting the right Kubernetes distribution to meet the requirements of your edge hardware and deployment strategy. The next challenge is figuring out how to manage this Kubernetes cluster infrastructure in the field at scale. With the diversity of hardware, software and skill sets at the edge, the on-boarding experiences coupled with low level management of hardware with full control and visibility can be a nightmare.
In summary, a solution for deploying Kubernetes at the distributed edge must address the following challenges:
- Flexibility: Provide the ability to deploy any type of application, both brownfield and greenfield, including Kubernetes clusters, on lightweight edge computing hardware without any vendor lock-in, or requiring specialized IT skills in the field
- Scale: Support large deployments distributed across any geographical region
- Security: Eliminate vulnerabilities due to no physical or network perimeter
- Orchestration: Enable full-stack remote management, deployment and observability for edge hardware, apps, OS/firmware while automating the on-boarding process
How ZEDEDA Puts it Together
Before today, ZEDEDA, enabled customers to deploy virtual machines for brownfield applications (think legacy Windows-based applications or monolithic Linux-based images) alongside Docker containers for greenfield applications on the same edge compute node and outside of the data center. That data center reference here is that the compute nodes at the edge can be any hardware device with at least 512MB of memory, deployed on a wind turbine or closet in a retail store.
Today, ZEDEDA has added Kubernetes support that incorporates the ability to abstract all the complexities of remotely provisioning Kubernetes clusters at the distributed edge while automating clusters on target edge nodes within minutes. The ZEDEDA solution can support any Kubernetes distribution, including K3s, K8S, KubeEdge, and microK8s by simply adding images to the ZEDEDA app marketplace. ZEDEDA now enables simple field deployment of edge computing nodes with any combination of Kubernetes clusters, native Docker containers, and VMs to support any type of application deployment methodology. This is a one-of-a-kind solution in the edge computing space.
ZEDEDA Secure Zero Touch Kubernetes Cluster Orchestration at the Distributed Edge
As a first step, ZEDEDA is collaborating with SUSE, the pioneer for the K3s distribution optimized for edge environments. ZEDEDA selected this distribution as K3s strips out the features like drivers that are not relevant for the distributed edge and is designed for production workloads in unattended, resource-constrained, remote locations. K3s is a single binary of less than 40MB that completely implements the Kubernetes API. K3s is a fully CNCF (Cloud Native Computing Foundation) certified Kubernetes offering.
Zero Touch Automated On-Boarding
The ZEDEDA orchestration solution supports remote management and risk-free updates from the cloud, without requiring specialized IT skills. It supports autonomous field operation through an eventual consistency model in which edge nodes continue to run in the current state if they lose connection to the centralized orchestration service.
To further simplify Zero Touch deployment, ZEDEDA has partnered with leading OEMs of gateway and server hardware to preload EVE-OS from the factory. Once power and network are connected, all it takes are a few clicks to securely onboard a device, install a Kubernetes distribution, and deploy apps.
ZERO Trust Security Architecture
ZEDEDA’s Zero Trust security architecture assumes that edge nodes distributed in the field are physically accessible, in addition to not having a defined network perimeter. Features include support for silicon-based root of trust, measured boot, remote attestation, crypto-based ID (eliminating local device login), full disk encryption, remote port blocking, distributed firewall, and more. Distributed firewall capability enables secure routing of data between edge applications and both on-prem and cloud resources based on network-wide policies.
How ZEDEDA Enables Kubernetes Infrastructure Management
ZEDEDA’s cloud orchestration solution leverages the bare metal EVE-OS deployed on edge nodes. EVE-OS is an open, secure and universal operating system for distributed edge computing with vendor-neutral APIs, hosted within Project EVE in the Linux Foundation’s LF Edge organization. EVE-OS is the only OS that enables organizations to extend their cloud-like experience to edge deployments while also supporting legacy software investments. It provides an abstraction layer that decouples software from the diverse landscape of edge hardware to make application deployment easier, secure and interoperable (i.e., no vendor lock-in).
Full Visibility into Kubernetes Infrastructure
ZEDEDA provides a rich set of visibility for both day one and day two management of edge nodes (e.g., CPU, memory, and network usage, and network flow visualization), clusters, as well as device and application logs. This is both by single edge node or application and across a fleet deployment.
Full Visibility into Kubernetes Infrastructure
Putting It All Together
The trends towards containerization and deployment using Kubernetes continues unabated. However, there have been several significant impediments. Solutions initially built for the data center cannot seamlessly be retrofitted to meet the unique needs of the distributed edge in areas of available compute footprint, security, deployment scale and required skills — including Kubernetes expertise. With today’s announcement, ZEDEDA offers a simple and secure Zero Touch edge orchestration solution that adds Kubernetes support on top of existing capabilities for deploying and managing legacy applications and native Docker containers. Ultimately, this provides customers more flexibility to scale and future-proof their operations with no vendor lock-in.
Learn more about these new capabilities at a May 18 webinar at 10:00 am Pacific Time and hear speakers from ZEDEDA and SUSE discuss how our solution effortlessly eases the challenges of managed Kubernetes at the distributed edge. Register here today!