Pre-POC Readiness Checklist¶

Before Day 1 starts (2026-04-25), verify all items below.

✅ Go/No-Go Gating¶

This checklist determines if the POC is ready to launch. All CRITICAL items must be verified. WARNINGS must be mitigated or accepted.

Status	Category	Item	Owner	ETA
⬜	CRITICAL	Compute resources available (3 nodes, 8vCPU/32GB each)	Infra Lead	Before Day 1
⬜	CRITICAL	Cloud credentials valid & accessible	Infra Lead	Before Day 1
⬜	CRITICAL	Network open (Docker Hub, Terraform Registry, GitHub, Red Hat Registry)	Infra Lead	Before Day 1
⬜	CRITICAL	OpenShift pull-secret downloaded & current	Infra Lead	Before Day 1
⬜	CRITICAL	Terraform state backend configured (local or cloud)	Infra Lead	Before Day 1
⬜	CRITICAL	GitHub access confirmed, comptech-lab/brac-poc accessible	DevOps Lead	Before Day 1
⬜	CRITICAL	Required tools installed (terraform, kubectl, helm, docker, oc)	Infra Lead	Before Day 1
⬜	HIGH	Team briefed on security rules (no secrets in code)	Project Lead	Before Day 1
⬜	HIGH	Daily standup scheduled (time, attendees, format)	Project Lead	Before Day 1
⬜	HIGH	Demo date/format confirmed with BRAC	Project Lead	Before Day 1
⬜	MEDIUM	Terraform modules pre-downloaded (if offline access needed)	Infra Lead	Before Day 1
⬜	MEDIUM	Git feature branches created for Phase 1 issues	DevOps Lead	Before Day 1

🔍 Verification Steps¶

Step 1: Run Pre-POC Verification Script (15 minutes)¶

bash cd /Users/ze/Documents/Brac-POC ./scripts/pre-poc-verification.sh

Expected output: All 7 checks PASS. If any FAIL, fix before proceeding.

Step 2: Verify Cloud Credentials (10 minutes)¶

AWS: ```bash aws sts get-caller-identity

Should show: Account ID, User ARN, etc.¶

aws ec2 describe-account-attributes --attribute-names vpc-max-security-groups-per-interface

Should show: >= 3¶

```

GCP: ```bash gcloud auth list

Should show: ACTIVE account¶

gcloud compute instances list

Should show: Access to compute API¶

```

Azure: ```bash az account show

Should show: Active subscription¶

```

Step 3: Verify Network Connectivity (5 minutes)¶

```bash

Test all critical registries¶

curl -I https://registry.terraform.io curl -I https://docker.io curl -I https://registry.redhat.com curl -I https://api.github.com ```

All should return HTTP/2 200 or HTTP/1.1 200.

Step 4: Verify OpenShift Pull Secret (5 minutes)¶

```bash

Download if not already done:¶

https://cloud.redhat.com/openshift/install/pull-secret¶

Save to: ~/.pull-secret.json¶

Verify it's valid¶

cat ~/.pull-secret.json | jq . > /dev/null && echo "✅ Valid JSON"

Check it's not expired (should be recent)¶

stat ~/.pull-secret.json | grep Modify ```

Step 5: Verify Terraform Backend (5 minutes)¶

```bash cd /Users/ze/Documents/Brac-POC

If using local state:¶

terraform init

If using Terraform Cloud:¶

Make sure TF_TOKEN_app_terraform_io is set¶

echo $TF_TOKEN_app_terraform_io | grep -q "^" && echo "✅ Token configured"

terraform plan -out=/tmp/test.plan # Just test, don't apply rm /tmp/test.plan ```

Step 6: Verify GitHub Access (5 minutes)¶

```bash gh auth status

Should show: Logged in to github.com as [user]¶

gh repo view comptech-lab/brac-poc

Should show: repo details¶

```

Step 7: Verify Required Tools (5 minutes)¶

bash terraform version # >= 1.0 kubectl version --client # >= 1.24 helm version # >= 3.0 docker version # >= 20.0 oc version # >= 4.10 jq --version # >= 1.6

👥 Team Setup¶

[ ] Security Briefing¶

Date: Before Day 1
Duration: 15 minutes
Attendees: All team members
Content:

Rule 1: Never commit secrets to Git
What's protected: .tfvars, kubeconfig, *.key, pull-secrets, API keys
What's in .gitignore: Already configured ✅
Action: Review .gitignore in repo
Rule 2: Use environment variables for credentials
Example: export OPENSHIFT_TOKEN="xxx"
Example: export TF_VAR_admin_password="xxx"
Action: Set up .env.local (NOT committed)
Rule 3: Pre-commit checks
Before committing: git diff --cached | grep -i "password\|token\|secret\|key"
If found: git reset HEAD filename to unstage
Rule 4: Rotate credentials after POC
Before Day 6 EOD: Reset all admin passwords, delete temp API keys
Escalation: If credentials leaked
Stop work immediately
Rotate credential
Use git-filter-repo to remove from history
Force-push (only if repo not public)
Document incident

[ ] Daily Standup Scheduled¶

Time: [TBD - Suggest 9:00 AM or 4:00 PM]
Duration: 15 minutes
Format: - Status of each Phase 1 issue (what's done, what's blocked) - Blockers & escalations - Plan for next 4 hours

Attendees: Infrastructure Lead, Platform Lead, DevOps Lead, Project Lead
Channel: Slack/Email/Video call [TBD]

[ ] Demo Confirmed with BRAC¶

Contact: Aman Ullah Sarker (aman.sarker@bracbank.com)
Questions to clarify: - [ ] Demo date: Day 6, what time? (Morning? Afternoon?) - [ ] Demo format: Live demo or pre-recorded video? - [ ] Who attends: Aman only? Team? - [ ] Duration: 30 min? 1 hour? - [ ] What's critical to demo: All 9 components? Observability flow? Compliance scan?

Action: Send email before Day 1:

``` Subject: BRAC POC - Week of Apr 25: Demo Confirmation Needed

Hi Aman,

We're beginning the BRAC POC this week (Apr 25-30). Before we start, I need to confirm a few details about the final demo:

Demo Date/Time: We're targeting Day 6 (Thursday, Apr 30). What time works best for you? (Morning 9am, afternoon 2pm?)
Demo Format: Would you prefer a live walkthrough of the deployed components, or a pre-recorded video to minimize demo-day risk?
Key Focus Areas: What's most important to see?
All 9 components deployed ✓
End-to-end observability (traces flowing)
Compliance/security scanning
API gateway + routing
HA/failover tests
Who should attend the demo?
Just you
Your team
Stakeholders

Let me know, and we'll make sure to nail the demo.

Best regards, [Name] ```

🛠️ Git Setup¶

[ ] Feature Branches Created for Phase 1¶

Owner: DevOps Lead

Create the following branches for Phase 1 work:

```bash cd /Users/ze/Documents/Brac-POC

OpenShift provisioning¶

git checkout -b infra/openshift-terraform git push origin infra/openshift-terraform

Kafka KRaft¶

git checkout -b infra/kafka-kraft git push origin infra/kafka-kraft

Redis Sentinel¶

git checkout -b infra/redis-sentinel git push origin infra/redis-sentinel

GitLab + Jenkins¶

git checkout -b devops/gitlab-jenkins-ha git push origin devops/gitlab-jenkins-ha

Return to develop¶

git checkout develop ```

📋 Day 1 Checklist¶

Before standup on Day 1 morning:

Verification script passes
Team has read SECURITY-AND-COMPLIANCE-GUIDE.md
Standup is scheduled (calendar invite sent)
Demo confirmed with BRAC
Feature branches created
Team ready to execute

❌ Red Flags (Do NOT Start Day 1 If...)¶

🚫 Stop. Do not proceed to Day 1 if ANY of these are true:

Red Flag	Action
Verification script fails any CRITICAL check	Fix the issue, then re-run
Cloud credentials invalid or expired	Contact cloud provider, generate new creds
Cannot reach GitHub, Docker Hub, or Red Hat Registry	Check firewall/proxy, escalate to IT
OpenShift pull-secret missing or expired	Download fresh secret from Red Hat
Terraform state backend not initialized	Run `terraform init`
Team hasn't been briefed on security rules	Schedule briefing NOW
Demo date NOT confirmed with BRAC	Email Aman immediately

✅ Go/No-Go Decision Point¶

Before 8am on Day 1 (2026-04-25), confirm:

``` ☐ All CRITICAL verification items: PASS ☐ All tools installed and working ☐ Team briefed and ready ☐ Demo confirmed ☐ We are GO for Phase 1

OR

☐ Blocker found: [Describe] ☐ We are NO-GO, delaying to [date] ```

📊 Success Criteria¶

Phase 1 is done when ALL of these are true:

✅ OpenShift: 3 nodes Ready, ODF storage configured, kubeconfig exported
✅ Kafka: 3 brokers running, topics created, messages flowing
✅ Redis: Master elected, replication working, failover tested
✅ GitLab + Jenkins: Both accessible, sample pipeline triggers
✅ Code: All infrastructure in Git, feature branches merged to develop
✅ Documentation: CURRENT-STATUS.md updated with completion status

Status: Ready for Go/No-Go review
Last Updated: 2026-04-24
Owner: Project Lead
Decision Point: 2026-04-25, 8:00 AM