The BC Gov OpenShift Container Platform Service is a multi-tenant container platform that government application development teams may use to develop and deploy modern, cloud native software applications. The service provides development teams with a set of isolated project spaces (namespaces) with associated resource quotas in which they can develop and deploy their applications and tools supporting their development lifecycle - from day-to-day development through to production.
The core of the service is an instance of Red Hat's OpenShift Container Platform (OCP) running in the government data centre in Kamloops. Details of the configuration of the BC Gov OCP instance are as follows:
- multi-tenant deployment, with RBAC and software defined network providing isolation between teams' environments
- highly-available OCP deployment with ability to perform maintenance with no/minimal impact to applications running on it
- 2 factor authentication and authorization provided via GitHub OAuth integration
- standard set of project spaces provided to teams is
tools(for development lifecycle support tools such as CI, automated testing, and code quality tools),
prod- each corresponding to a deployment stage.
- dynamically provisioned persistent storage backed by containerized Gluster (aka CNS and OCS) and/or dedicated NetApp storage
- resource quotas associated with each project space; these quotas have been set at levels adequate to support the development activities and production deployment workloads for many typical government applications
- a catalog of pre-defined technology stacks/tools to provide "application quick starts" or fully functional services to applications
The service is offered to BC government development teams who are engaged in building modern, custom, open source software for internal or citizen-facing applications using modern technology architecture, stacks and development approaches such as cloud native/12 factor, DevOps and continuous delivery.
In order to use the service, teams must:
- ensure their proposed application is architecturally suitable to run within a containerized environment
- commit to building their applications "in the open" meaning the underlying code is stored within the public 'bcgov' GitHub organization's repositories
- commit a named individual for the lifetime of the application who is responsible, and qualified to keep the application's code, libraries, and supporting tools (CI pipeline, etc.) functional, current and, secure.
- able to operate in an environment of continuous improvement and change. The former implies that teams will continue to enhance their applications after it is in production and the latter implies that the teams will set themselves up to be responsive to changes in the service, related technology/tools, or other factors such as security vulnerabilities.
For teams that do not have applications already on the platform and for teams with existing applications and wishing to add additional ones, the first step is to arrange a discussion with the DevOps Platform Services team. This can be arranged by contacting Olena Mitovska, Product Owner for Platform Services, BCDevExchange, Office of the Chief Information Officer. This will serve to confirm prerequisites are met and to determine overall suitability of the prospective application and team for the Service.
The request process is subject to change and can be found at the following URL: https://developer.gov.bc.ca/How-to-Request-a-New-OpenShift-Project
The Service is designed to be highly available such that maintenance activities can be completed while remaining operational. As such, there are no scheduled change windows. Planned and standard maintenance such as upgrades are generally performed during business hours with advance notice given to teams using the platform.
The Service also provides capabilities for applications hosted on it to be highly available. It is the responsibility of the development teams using the platform to ensure their applications leverage these capabilities appropriately and otherwise design their applications in a manner to be resilient to maintenance of the Service, and to provide the level of availability required for the lines of business they serve.
Assistance with using the Service (getting started, developing applications, etc.) is provided via the self-service links below. Peer/community assistance is also provided via a vibrant community on the DevOps Platform group messaging service's
Periodic internally-delivered training is provided by the DevOps Platform Services team. The internal training schedule is available [here] (https://developer.gov.bc.ca/ExchangeLab-Course:-Openshift-101). Commercial OpenShift training is also available from Red Hat. For details on the commercial training, contact Olena Mitovska, Product Owner for Platform Services.
During business hours, support for production issues with the Service itself are handled through the group messaging service's
#devops-operations channels, which are monitored by the OCIO DevOps Plaform Services team, and the Platform Technical Operations team, made up of DXC staff and their contracted platform operations experts. Outside of business hours, support requests can be submitted via the SSBC Help Desk (aka "77000").
Business hour support for issues with applications, components and services deployed by teams using the service will be provided by the DevOps Platform Services Team on a best effort, based on availability and priority. In general, teams should develop sufficient knowledge of the tools they deploy on the Service to be self-sufficient.
Below is a set of recommended resources that provide background materials related to developing and deploying applications on the OpenShift platform, which is the foundation of the Service.
- DevOps with OpenShift
- Deploying to OpenShift
- Get Started with the OpenShift Command Line
- OpenShift Developer Guide
There is currently no cost for use of the Service.
- resources for support - documentation, training, tools, monitoring
- what communication channels are used
- what types of messages/notices are distributed?
- request workflow(s)
- change management
- service improvements
- service level
- security reviews