The Zen of Kubernetes: building a secure edge demo for KubeCon Europe
Edge use cases are on the rise: from real-time inferencing in retail stores to AI-enabled healthcare applications, to autonomous, fruit-picking robots, there is a growing need for secure, full-lifecycle application management at the edge.
Enter Spectro Cloud’s Secure Edge Native Architecture (SENA); which was developed as part of an ongoing collaboration between Spectro Cloud and Intel. SENA provides a reference implementation for deploying, provisioning, operating and managing Kubernetes edge environments at scale.
As part of the SENA announcement, I was given the opportunity to develop a demo application that would be showcased at KubeCon Europe 2023.
We wanted to build a demo to highlight how Spectro Cloud Palette, Kairos, and Intel silicon provide a platform for achieving the principles outlined by SENA. If you’re looking for a deep dive on those principles, the SENA white paper is an excellent resource.
We were inspired by one of our pioneering edge customers, GE HealthCare, and started thinking about edge health sensing. It’s a great use case for the real world, but how could we make it fun for a stand demo?
Our Head of Product, Anton Smith, had a brainwave: challenge players to beat the first level of Super Mario as quickly as possible without increasing their heart rate. Given the general KubeCon hype and copious free coffee, we figured this would make for an exciting challenge!
Intel NUC is an ideal form factor for running Kubernetes at the edge, so I grabbed one from our office, ordered a Coospo armband heart rate monitor, read through Spectro Cloud’s new EdgeForge workflow, and started hacking. Here’s what I ended up building (shown here in the chaos of the KubeCon stand by Pedro Oliveira):
Zen of Kubernetes demo video
Landing page where users pair the armband, establish their baseline heart rate, then start the challenge
Here we go! (You can tell I was very excited at this point…)
Final results: a heart rate delta of 12 from baseline to max
What’s under the hood?
The Zen of Kubernetes application was designed to be deployed by Palette on an Intel NUC, where it leverages the NUC’s inbuilt Bluetooth adapter to interface with the armband heart rate monitor. Here is the complete edge stack, modeled as a Palette Cluster Profile, from the OS to the application:
Zen of Kubernetes Cluster Profile
The bottom two layers, Ubuntu and Palette Optimized K3s, were prepared by following the EdgeForge: building images instructions (which leverage Kairos under the hood) and are delivered to the NUC as a single, immutable container image.
While following the steps in the EdgeForge docs, I made the following customization to install BlueZ (the official Linux Bluetooth stack) in the autogenerated Dockerfile:
RUN apt install -y bluez libbluetooth-dev
The final phase of the EdgeForge workflow was to flash the installer ISO produced by Spectro Cloud’s edge installer CLI onto a USB stick (using BalenaEtcher) and use it to boot the NUC. The behavior of the installer ISO is configurable via cloud-init and supports automatic device registration via an Edge Host token, generated in advance on the Palette SaaS platform.
Therefore, once my bootable USB was ready, all I had to do was plug it into the NUC, turn the NUC on and let Spectro Cloud’s edge agent work its magic. After the initial boot process completed, the NUC automatically shut itself down. I then unplugged the USB, rebooted the NUC, and it automatically paired itself with Palette. Now that my Edge Host was ready, it was time to build my Cluster Profile.
I plugged the OS and installer images into the OS layer, along with some basic cloud-init user configuration.
For the Kubernetes layer, I chose Palette Optimized K3s and was careful to ensure that the cluster and service CIDRs would not overlap with my home network.
Next, I chose Calico for my CNI, and ensured that
CALICO_IPV4POOL_CIDR matched the pod CIDR range in the K8s layer.
Since I was planning to deploy this on my home network I could have gotten away with NodePort services, but in the spirit of following Kubernetes best practices, I chose to configure MetalLB and the NGINX Ingress Controller.
I provided a CIDR within my home network for the MetalLB pack’s addresses and added the NGINX Ingress Controller straight from Spectro Cloud’s public pack repository with no customizations.
Now I was ready for the final challenge: actually building the app!
The source code is available here, for the curious. There are two components: a Go backend and a React frontend. The server uses the https://github.com/tinygo-org/bluetooth library to pair with the Coospo armband and poll it for heart rate data. The React frontend leans heavily on Zarf’s DOS games example to run Super Mario directly in your browser using WASM.
Once things were working locally, I converted the Kubernetes manifests into a Spectro Cloud pack, uploaded the pack to my registry, and synchronized the pack registry with Palette. Then I was able to plug it into my Cluster Profile as the final layer:
Finally, I deployed my Zen of Kubernetes Cluster Profile onto the Edge Host. Palette pushed the Cluster Profile to an agent running on the NUC and within 5 minutes, the NUC had rebooted itself, pulled my custom OS/K8s images, and installed all of the addons mentioned above, including Zen of Kubernetes application.
From idea to app, play on easy mode
Simple, right? 😅. It may seem like a lot to absorb, but I promise that once you do, you’ll appreciate the tamper-proof immutability, continuously reconciled, declarative configuration, and rich addon ecosystem provided by Palette.
From our side, we went from “hey, wouldn’t it be cool if…” to a working demo on the KubeCon stand in just a week or two. Big events can be pretty stressful, but at least this once, we found our Zen.
Thanks for reading, and if you have any questions, don’t hesitate to reach out via email or LinkedIn.
Run Kubernetes your way, anywhere: Excited to Announce Boldstart’s Investment in Spectro CloudRead our article