BRAC POC — OpenShift Container Platform¶
Status: Planning complete, execution about to begin
Timeline: 2026-04-25 → 2026-04-30 (6 days) Demo: Day 6
What this is¶
A 6-day proof-of-concept deploying OpenShift Container Platform (4.21.9) for BRAC Bank's enterprise platform evaluation. Nine integrated components demonstrate production-grade Kubernetes operations, security, observability, and compliance.
The cluster is installed on dedicated virtual machines in comptech-lab's hosting environment, giving BRAC a live, hands-on look at what a production deployment would include — with FIPS mode, Tang-bound disk encryption, Keycloak OIDC identity, and Compliance Operator scans against PCI-DSS v4.0 + CIS OpenShift Benchmark.
Quick links for BRAC teams¶
-
Status & progress
Day-by-day progress, open blockers, session outcomes.
-
Architecture
How the 9 components fit together, decision rationale, compliance design.
-
Compliance & security
PCI-DSS v4.0 + CIS OpenShift Benchmark posture. FIPS, LUKS/Tang, audit, Keycloak IdP.
-
Planning artifacts
Critical path, risks, assumptions, definition of done.
Critical path · Risks · DoD
-
Operations
Deployment procedures, validation steps, troubleshooting recipes.
-
Team & process
Roles, communication cadence, escalation paths.
The 9 components¶
| # | Component | Role | Primary evidence |
|---|---|---|---|
| 1 | OpenShift 4.21.9 | Container platform | Live cluster, kubeadmin replaced by Keycloak OIDC |
| 2 | OpenTelemetry + SigNoz | Observability | Traces + metrics + logs flowing end-to-end |
| 3 | WSO2 APIM + Identity Server | API management + SSO | API gateway with SAML/OIDC demo |
| 4 | GitLab HA + Jenkins HA | CI/CD | Pipeline triggering on push, image build + deploy |
| 5 | Compliance Operator + ACS | Security posture | PCI-DSS v4 + OCP4-CIS scan reports |
| 6 | Kafka KRaft | Event backbone | 3-broker cluster, Schema Registry |
| 7 | Redis Sentinel | HA cache | Automated failover demo |
| 8 | NGINX + Open Liberty | Middleware + LB | Canary routing (10/90 split) |
| 9 | Trivy + SBOM | Supply chain | Critical-CVE image blocked at deploy |
Plus supporting infrastructure: Nexus (artifact repo), ArgoCD (GitOps), JBoss (domain mode), PowerDNS (zone), HAProxy (TCP LB), Keycloak (IdP), Tang (disk-encryption key server).
Timeline at a glance¶
gantt
title BRAC POC — 6-Day Execution
dateFormat YYYY-MM-DD
section Phase 1 — Foundation
OpenShift + Kafka + Redis + CI/CD :2026-04-25, 2d
section Phase 2 — K8s Components
Compliance + OTel + WSO2 + Middleware :2026-04-27, 3d
section Phase 3 — Supporting
Trivy + Nexus + ArgoCD + JBoss :2026-04-29, 2d
section Demo
Live demo + handoff :2026-04-30, 1d
Contact¶
- Project Lead — zeshaq@gmail.com
- BRAC Bank contact — Aman Ullah Sarker (aman.sarker@bracbank.com)
- Repository — comptech-lab/brac-poc
This site auto-updates on every git push to main. Last build: 2026-04-24.