K3s and NATS
Posted on Jun 16th, 2022
As innovation takes off at the Edge, one aspect we’re all trying to avoid is complexity. There is simply no room at the Edge for complexity— or much else for that matter. Simple, fast, robust, small yet powerful and dynamic is the name of the game. These demands are high. Enter ‘cloud native’ tech with its lack of assumptions, microservices architectures, container-based applications and dynamic orchestration of compute, storage, and networking resources and it’s quickly becoming apparent how fit for purpose cloud native is for the Edge.
The team of engineers at Synadia, a SUSE One partner, in conjunction with Community Maintainers, develop and maintain the open source NATS project, part of the Cloud Native Computing Foundation. The NATS communications system is used for all kinds of interesting implementations but we’ve invited Synadia to share two compelling Edge use cases from the energy sector demonstrating the power of cloud native solutions at the Edge. ~Bret
Bret Dayley has spent 30+ years in high tech roles with various software companies. A fan of open source and all things good, Bret enjoys making things happen and having a good time while doing it. While fascinated with technology, on the weekends you’re likely to find Bret enjoying the great outdoors on a dual sport moto… with some gadgets along for the ride.
SUSE guest blog authored by Brian Flannery, VP Global Sales, Synadia
As workloads increasingly run at the edge, there is a massive paradigm shift underway to allow location dependent and independent applications to run on any device – securely and efficiently.
Complexity is not something developers want to introduce into edge architectures. Moreover, edge workloads need to be able to instantly work with cloud, hybrid, and on-premises applicationswithout any re-architecting. This is where K3s and NATS work superbly together.
NATS is an extremely lightweight, performant, and secure (Zero Trust design) messaging utility. The two together offer edge device and application orchestration (K3s) and communication and data ingestion (NATS), solving two critical design requirements for any developer.
Two interesting, recent real-world examples come from the Energy industry.
How Duke Energy uses K3s and NATS at the Edge
Duke Energy and its Emerging Technology Office (ETO) are committed to innovation in renewable energy resources, energy storage, distributed intelligent grid architectures, machine to machine interoperability through standards like OpenFMB, and best practice Zero Trust cybersecurity. Consequently, ETO has built a proof-of-concept system named ZTAG, “Zero Trust Applications for the Grid”.
ZTAG represents a multi-year effort to develop a best-in-class architecture for the Distribution Grid. The system has now been deployed at the ETO Mount Holly Microgrid using OpenFMB. Each OpenFMB node is a field device with compute resources like an industrial PC or gateway. The system provisions and deploys nodes, updates node applications, and automates key renewal through distributed PKI. The architecture leverages Docker for application containerization, Kubernetes for container management, SPIFFE/SPIRE with Trusted Platform Module (TPM) identity management for workload attestation, and NATS for secure publish and subscribe communications. The system is scalable and secure from the data center to field devices. The goal is for all field devices to adopt node attributes.
SUSE’s K3s is a critical component in the ZTAG architecture. Multiple distributed OpenFMB nodes form logical clusters that work in small groups to implement distributed intelligent (DI) applications at the electric grid edge. These small “edge” clusters are grouped together in a hierarchy of clusters to perform higher level grid functionality. K3s enables quick, secure workload/application updates providing an environment for the development of secure DI applications.
The ZTAG team also works closely with Synadia’s team, as NATS is also a key component of ZTAG. NATS provides low-latency, multi-path, asymmetric, and event driven data flows from device-to-device, device-to-application, and application-to-application throughout the ZTAG architecture. NATS also provides distributed security allowing actors to only communicate with other authorized actors. These features enable the electric grid to no longer be bound by only north-south data flows from devices in the field to so-called “head end” systems in the back office. This new east-west, peer-to-peer messaging architecture enabled by NATS is foundational for distributed applications in the future electric grid.
How PowerFlex uses K3s, Rancher, and NATS at the Edge
PowerFlex is a leading national provider of intelligent onsite energy solutions that support carbon-free electrification and transportation. As a single full-service provider, PowerFlex customizes clean technology solutions to help clients achieve their energy and sustainability goals. Through the comprehensive PowerFlex X platform, PowerFlex leverages patented smart software to control, monitor, and optimize a client’s distributed energy resources to reduce cost and maximize return on investment.
SUSE’s K3s is a critical part of how PowerFlex builds and manages highly distributed bare-metal systems on the edge. When PowerFlex added Rancher to the mix, it provided an extra layer of observability while keeping hardware and software secure. PowerFlex developers can hit the ground running with K3S on hardware or in VMs, and they value the access that Rancher gives them to pre-production environments. The PowerFlex Sight Reliability Engineering team has confidence in their ability to address issues in production thanks to the rapid and secure access Rancher provides.
Ted Lee, Principal Software Engineer at PowerFlex, and Robbie Hughes, Full Stack Software Developer on the PowerFlex Cloud X team, are replacing legacy REST services with an event-based architecture with NATS at the center. Ted said, “I’m excited that NATS provides a secure connection between our cloud and edge services where messages are just there.” Robbie echoes his excitement and adds that “the leaf node topology is amazing because it allows our sites to operate independently even when networks go offline.”
Interested in getting started at the Edge with NATS? Contact firstname.lastname@example.org.
Additional resources on using K3s and NATS:
- NATS & K3S | Extend Your Apps to the Edge in Under 60 Seconds
- SUSECON 2022 session: Running a Distributed K3s Control Plane at the Edge with NATS JetStream [TUT-1217]
About the Author
Brian Flannery is VP Global Sales at Synadia, and has experience scaling the business at multiple technology companies during the blast-off phase of growth. Prior to Synadia he was the CRO for a Salesforce development services partner, and also spent time at Open Source Software providers such as Eucalyptus and rPath prior to their acquisitions.