OpenShift Plateform Building
This Project concern the implementation of a Container orchestration plateform.
Context
​
During October 2017, our team experienced a major change at Société Générale.
Initially we only worked for the bank of investment but a reorganization brought us closer to our counterparts of the retail bank.
As such and in the idea of ​​creating links between the two worlds, a common project was born responding to a need clearly identified in 2017: the creation of a container management platform.
I had the chance to join the team and to participate in implementing a V.0 platform of RedHat OpenShift.
For the implementation of this platform, we were accompanied by Redhat consultants for the validation of a minimal set.
The Project
​
Several aspects were to be taken into account when implementing this platform:
- We wanted 2 environments: Non production and production
- We wanted a security solution and risk estimation common to both environments (Non Prod / Prod)
- We wanted a tool to charge back to applications using the platform based on their consumption.
- We wanted an integrated monitoring solution
We have therefore embarked on the implementation of a platform articulated around:
- Openshift: For the management / orchestration of containers
- Cloudforms: For the ChargeBack part
- Twistlock: For the security of Containers, images and Openshift hosts.
​
When I arrived on the project, the installation Openshift in non prod had already been done by one of my new colleagues.
So I took the task of installing the production platform.
​
This installation is via playbooks ansible, I had to take the time to read them carefully before launching (to know exactly what was going to happen).
Having never managed a Containers management platform, I had to take the time to document myself in order to properly understand all these new concepts.
​
Encountering bug problems with the execution of playbooks in production, I had to make several tickets to the publisher of the Redhat solution.
​
I've seen that the new version of Openshift natively resolved some bugs, I proposed to install directly in production the latest version available.
This having solved our problems, we were able to move on (obviously after passing the update in non prod).
I was able to support the installation of the Twistlock security solution on the platform.
Meeting also some problems of operation, I took the initiative to put back the problems met with the editor and a new version of the application was especially delivered to us.
Thanks to this we were able to finalize the installation of this element.
The last brick of this new infrastructure was Cloudforms.
Here we have implemented the solution technically but we also had to develop the clouforms supply processes to the Openshift platform but also the metrics of the Openshift platform to Cloudforms.
These two solutions had to be interconnected by integrating the rules specific to Société Générale in order to respect production constraints so that they could generate automated consumption reports (of my creation) in order to manage the invoicing.
​
Once the solution was in place and stabilized, we waited for the validation of the top management for the validation of this project ... We are still waiting for it.
In the meantime, an application is currently in production and I make regular contact with the client to check his needs that we can only meet in best effort since the solution is still not official.
Future
​
The next challenge (if the project is accepted) will be to set up an image promotion process (not prod to prod) to fit into CI / CD and DevOps context.
​
I have already created a prototype on my side and I am waiting for the validation of the project to deploy it on a larger scale.
​
