From Bare Metal to Cloud-Native: A Unified Edge-to-Cloud Platform Emerges
In a bold move to unify virtualization and containerization across edge and core infrastructure, SUSE and HPE have introduced a cutting-edge stack that modernizes bare metal with zero-touch OS provisioning, Kubernetes orchestration, and virtual machines as pods.
This transformation is powered by:
- SUSE Rancher Elemental for automated operating system deployment,
- RKE2 or K3s for secure container orchestration,
- KubeVirt and Containerized Data Importer (CDI) for running legacy workloads as virtual machines within Kubernetes,
- All centrally managed through SUSE Rancher Prime.
The result is a cloud-native edge platform that enables organizations to consolidate infrastructure, improve agility, and reduce operational overhead.
Deploying SUSE Rancher Elemental on Bare-Metal Edge Nodes
As enterprises extend operations to remote locations and branch sites, OS provisioning at scale becomes a challenge. SUSE Rancher Elemental simplifies this with declarative, automated deployment of SLE Micro on physical machines.
Key Capabilities:
- PXE-boot and install SLE Micro using Elemental ISO and YAML-based cloud-init.
- Bind hosts to Rancher Prime using secure tokens.
- Apply roles and taints (e.g., edge worker, infra node) during install.
- Perform atomic OS updates and rollback using elemental upgrade.
“With Elemental, we deploy Kubernetes-ready bare-metal servers in minutes—no USBs, no SSH,” noted a cloud architect at a telco firm using Elemental at >2,000 edge sites.
Deploying RKE2 or K3s for Kubernetes Orchestration
Once machines are provisioned, RKE2 (hardened, enterprise-ready) or K3s (lightweight, edge-optimized) are installed as the Kubernetes layer.
SUSE Rancher Prime acts as the control tower, enabling:
- Centralized cluster registration, access control, and lifecycle management.
- GitOps-driven configuration enforcement with Fleet.
- Monitoring and logging with integrated Prometheus, Grafana, and Loki stacks.
RKE2 provides full CIS-compliance and FIPS validation, while K3s supports minimal hardware with a sub-100MB binary—ideal for retail stores, manufacturing, and edge gateways.
Running VMs as Pods Using KubeVirt and CDI
Many enterprises still run critical services in VMs. With KubeVirt, these VMs can now be run as first-class Kubernetes resources—side by side with containerized workloads.
CDI allows users to import VM images from external sources (HTTP, PVC, vSphere export) into Kubernetes storage. KubeVirt then launches these as pods with QEMU/KVM integration under the hood.
Workflow:
- Define a DataVolume with CDI to pull an image.
- Create a VirtualMachine CRD specifying the image.
- Rancher Prime reflects this VM in its dashboard.
- Access VMs via SSH, VNC, or cloud-init automation.
Example: A Ubuntu-Cloud VM can be imported and deployed across 500 retail edge nodes via GitOps, maintained with version-controlled manifests in Rancher Fleet.
Architecture Overview
Here's how the stack fits together across an edge-to-cloud topology:
Rancher Prime (HQ) – The Central Brain
At the heart of the system, Rancher Prime centrally manages all Kubernetes clusters—both core (data center) and edge—through:
- Fleet GitOps: Automatically pushes configurations and workloads to clusters.
- Multi-Cluster UI/API: Single pane of glass for managing clusters and VMs.
- RBAC: Secure user access per role, project, or namespace.
- Monitoring & Logging: Centralized metrics, alerts, and logs.
- Remote Access: Secure access to workloads and nodes at remote sites via WebSocket.
- RKE2 Cluster (Core Data Center)
This cluster runs in the data center and provides a secure, enterprise-grade Kubernetes environment for:
- Modern workloads (containers and microservices)
- Virtual machines using KubeVirt
- CDI for importing VM disk images
- Longhorn for distributed, persistent storage
Provisioned nodes join this cluster automatically through Elemental.
- K3s Cluster (Retail Edge Sites)
This lightweight cluster is designed for resource-constrained edge nodes. It supports:
- Lightweight containers and KubeVirt VMs
- CDI for VM storage at the edge
- Fast, easy deployment using GitOps from Rancher Prime
- Ideal for retail, telco, and branch offices
- Elemental Provisioning – Bare Metal Automation
Elemental automates the lifecycle of physical nodes (x86 or ARM) with:
- Secure Boot and Secure Join to clusters
- YAML-based cloud-init metadata
- Taints and labels for Kubernetes scheduling
- Used for both core and edge infrastructure provisioning
This eliminates manual OS installs and enables GitOps-driven Day 1 automation.
How It All Connects
- Elemental provisions OS on bare-metal nodes with SLE Micro.
- Nodes auto-join RKE2 or K3s clusters.
- Fleet GitOps from Rancher Prime deploys workloads (apps or VMs).
- KubeVirt manages VMs inside Kubernetes.
Logs, metrics, and remote access channels feed back to Rancher Prime.
Security and Governance
This platform is secure by design:
- RKE2/K3s hardened with SELinux, AppArmor, PodSecurityStandards.
- Elemental boot chain supports TPM and secure boot.
- NeuVector (optional) delivers runtime container firewalling and threat detection.
- Rancher Prime Projects & RBAC simplify tenant-level isolation at scale.
Real-World Use Case: Banking Edge Infrastructure
A national bank deployed the full stack across 800 branch sites. Each branch uses:
- 1–2 K3s nodes on SLE Micro installed via Elemental.
- KubeVirt for core banking VMs (e.g., teller app, compliance engine).
- GitOps from Rancher Prime HQ to push updates, VM templates, and policies.
Impact:
- 75% fewer manual touchpoints.
- Zero-downtime updates using Elemental + Fleet.
- Legacy app migration without forklift rehosting.
Conclusion: The Future of Hybrid Infrastructure Is Here
The convergence of Kubernetes, virtualization, and edge computing has found a home in the SUSE Rancher ecosystem. By combining Elemental, RKE2/K3s, and KubeVirt, enterprises can now deploy a unified, secure, and fully automated platform from data center to edge.
Rancher Prime ensures governance, visibility, and lifecycle control across all environments, empowering IT teams to deliver innovation faster, with fewer risks.
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
