BRAC POC — OpenShift Container Platform¶

Status: Planning complete, execution about to begin

Timeline: 2026-04-25 → 2026-04-30 (6 days) Demo: Day 6

What this is¶

A 6-day proof-of-concept deploying OpenShift Container Platform (4.21.9) for BRAC Bank's enterprise platform evaluation. Nine integrated components demonstrate production-grade Kubernetes operations, security, observability, and compliance.

The cluster is installed on dedicated virtual machines in comptech-lab's hosting environment, giving BRAC a live, hands-on look at what a production deployment would include — with FIPS mode, Tang-bound disk encryption, Keycloak OIDC identity, and Compliance Operator scans against PCI-DSS v4.0 + CIS OpenShift Benchmark.

Quick links for BRAC teams¶

Status & progress

Day-by-day progress, open blockers, session outcomes.

Current status · Session log · Progress tracking
Architecture

How the 9 components fit together, decision rationale, compliance design.

System architecture · OCP install plan · Compliance
Compliance & security

PCI-DSS v4.0 + CIS OpenShift Benchmark posture. FIPS, LUKS/Tang, audit, Keycloak IdP.

Compliance plan · Security guide · Decision log
Planning artifacts

Critical path, risks, assumptions, definition of done.

Critical path · Risks · DoD
Operations

Deployment procedures, validation steps, troubleshooting recipes.

Deployment · Validation · Troubleshooting
Team & process

Roles, communication cadence, escalation paths.

Team guide · Communication plan

The 9 components¶

#	Component	Role	Primary evidence
1	OpenShift 4.21.9	Container platform	Live cluster, kubeadmin replaced by Keycloak OIDC
2	OpenTelemetry + SigNoz	Observability	Traces + metrics + logs flowing end-to-end
3	WSO2 APIM + Identity Server	API management + SSO	API gateway with SAML/OIDC demo
4	GitLab HA + Jenkins HA	CI/CD	Pipeline triggering on push, image build + deploy
5	Compliance Operator + ACS	Security posture	PCI-DSS v4 + OCP4-CIS scan reports
6	Kafka KRaft	Event backbone	3-broker cluster, Schema Registry
7	Redis Sentinel	HA cache	Automated failover demo
8	NGINX + Open Liberty	Middleware + LB	Canary routing (10/90 split)
9	Trivy + SBOM	Supply chain	Critical-CVE image blocked at deploy

Plus supporting infrastructure: Nexus (artifact repo), ArgoCD (GitOps), JBoss (domain mode), PowerDNS (zone), HAProxy (TCP LB), Keycloak (IdP), Tang (disk-encryption key server).

Timeline at a glance¶

gantt
    title BRAC POC — 6-Day Execution
    dateFormat  YYYY-MM-DD
    section Phase 1 — Foundation
    OpenShift + Kafka + Redis + CI/CD       :2026-04-25, 2d
    section Phase 2 — K8s Components
    Compliance + OTel + WSO2 + Middleware   :2026-04-27, 3d
    section Phase 3 — Supporting
    Trivy + Nexus + ArgoCD + JBoss          :2026-04-29, 2d
    section Demo
    Live demo + handoff                     :2026-04-30, 1d

Contact¶

Project Lead — zeshaq@gmail.com
BRAC Bank contact — Aman Ullah Sarker (aman.sarker@bracbank.com)
Repository — comptech-lab/brac-poc

This site auto-updates on every git push to main. Last build: 2026-04-24.