Context
Thales is a global leader in defense, aerospace and digital security. I was engaged to audit their existing Rancher RKE2 infrastructure and design a target architecture for migrating to OpenShift, with a strong focus on security and operational excellence.
Responsibilities
- Conducted infrastructure workshops and audited existing Rancher RKE2 production and non-production environments
- Assessed cluster deployment methods, automation maturity and infrastructure resilience
- Designed target architecture for OpenShift cluster automation using Ansible and GitOps
- Defined storage architecture: block (Portworx/Ceph), object and file storage configuration
- Designed logging (Loki, Vector), cluster and application monitoring (Prometheus, Grafana) architectures
- Specified internal registry setup to make container images available to development teams
- Designed CI/CD environment provisioning (GitLab, ArgoCD, Bitbucket integration)
- Defined cluster security posture: authentication, RBAC, privilege management, Kyverno network policies, hardening
- Assessed application security and provided containerization recommendations
- Delivered recommendations and a prioritized migration roadmap
Key Achievements
- Delivered a comprehensive audit covering 8 clusters and 200+ running workloads
- Provided a detailed remediation plan covering security, reliability and operational efficiency
- Architecture documents adopted as the standard blueprint for future Thales cluster deployments
Technical environment: OpenShift, Rancher RKE2, ArgoCD, Ansible, Kyverno, MetalLB, Prometheus, Grafana, Bitbucket