Xavier Kon-Sun-Tack

SmartConnect Project for Enedis - IOT Project

Management of an Enedis network monitoring platform through the supervision of structures and connected objects within a team of 30 people, composed of 3 teams (1 Back/Front team, 1 functional team, and 1 infrastructure team), in an agile context (Kanban/SCRUM). This platform allows referencing and supervising connected objects such as flood, intrusion, temperature, humidity, or tilt sensors, centralizing all data emitted by these sensors, and displaying it via a web interface to understand the status and quality of the Enedis network.

The platform is hosted on AWS and consists of numerous VPCs (application environments and a development factory).

Activities on the mission:

▪ Management of the AWS infrastructure with Terraform

o Automated creation/deletion of application and administration environments in dedicated VPCs, divided into isolated network zones

o Provisioning of EC2 instances, Load Balancers, Auto Scaling Groups

o Setup of DNS via Route53, in private and public hosted zones.

o Infrastructure security through the implementation of Security Groups for instances, Network ACLs for subnets, and WAF as a Firewall.

o Storage: Encrypted and versioned S3 Buckets, RDS with PostgreSQL for relational data, EFS for flat files.

o Setup of EKS clusters for the deployment and monitoring of Dockerized applications with Kubernetes. Setup of Route53 Resolver to address DNS resolution issues for private access EKS clusters (https://github.com/aws/containers-roadmap/issues/221#issuecomment-482101710)

o Setup of an ECS cluster (with EC2) for hosting the CI/CD platform (Continuous Integration, dedicated to Continuous Delivery, Continuous Deployment), entirely on Docker.

o On the monitoring side, setup of metric collection and alarms via Collectd and CloudWatch, monitoring and alerting of the budget via Budgets, SNS, and SQS.

▪ Configuration of the machine fleet with Ansible

o Creation of Ansible roles for tooling and application deployment: deployment via Kubernetes, installation of Kafka, ActiveMq, ElasticSearch, Kibana, SplunkForwarder, Datadog...

o Deployment of user SSH keys for machine access via secure storage on AWS S3

o Implementation of a lifecycle for software factory tools and environments with machine shutdown and restart during working hours to save costs

o Implementation of playbooks for the creation and restoration of database/flat file backups (PostgreSQL, elasticsearch, activemq, efs)

o Use of Packer to assist in the creation of dedicated AMIs (vault, consul, jenkins with ECS)

▪ Management of the Jenkins continuous integration platform

o Setup of Jenkins jobs for various aspects of the platform's development: build, release, tests (unit, acceptance, automated), deployment

o Setup of Groovy pipelines for process automation: continuous deployment, production release.

o Migration of the continuous integration platform from a classic EC2 instance to a fully Dockerized ECS cluster

▪ Tooling

o Creation and provision of dedicated Docker images (maven, infrastructure, npm, Inspect)

o Development of a Kafka lag monitoring tool for all application components.

o Setup of Helmfile and creation of Helm charts for deployment on Kubernetes

▪ Monitoring

o Setup of Splunk for monitoring application logs and EC2 system logs

o Collection of EC2 metrics via Collectd and monitoring via CloudWatch

o Deployment of the Kafka lag monitoring tool across all environments, with the creation of a Splunk dashboard for quick and easy metric visualization

o Migration from Splunk to Datadog, deployment of Datadog agents on a Kubernetes architecture via Helm.

▪ Security

o Implementation of network rules via EC2 security groups and Network ACLs to isolate different environments

o Assignment of user roles and appropriate policies via IAM (Least Privilege)

o Setup of JMX authentication for Kafka

o Setup of a Vault and Consul cluster for secret storage and provision, with an automatic secret provisioning system upon environment creation.

▪ Budget Monitoring

o Estimation and monitoring of AWS costs for the implementation of new AWS services (EKS, Route 53 Resolver, WAF...)

o Audit of AWS costs via Billing and Cost Explorer to reduce billing

o Monitoring and alerting regarding the budget via Budgets and SNS

▪ Tool Version Upgrades

o Upgrade of PostgreSQL application databases from 10.3 to 12.4

o Upgrade of software factory tools: Jenkins, Nexus, Bitbucket, Sonarqube, Terraform, Ansible, Packer

o Upgrade of various tools related to AWS services: EKS, ECS, AWS provider for Terraform, Kubernetes dashboard...

▪ Responsible for profile qualification for recruitment

SmartConnect Project for Enedis - IOT Project.

Management of an Enedis network monitoring platform through the supervision of structures and connected objects within a team of 15 people, in an agile context (Kanban/SCRUM). This platform allows referencing and supervising connected objects such as flood, intrusion, temperature, humidity, or tilt sensors, centralizing all data emitted by these sensors, and displaying it via a web interface to understand the status and quality of the Enedis network.

Activities on the mission

▪ Scrum Master

o Management of a team of 15 people

o Breakdown of the task backlog into sprints of 3 to 5 weeks

o Facilitation of agile ceremonies (daily meeting, sprint planning, sprint review, retrospective)

o Facilitation of weekly planning poker for task estimation

o Regular updates with the Product Owner and the development team

▪ Java Development

o Implementation of a micro-services architecture, containerized with Docker and Kubernetes

o Setup of SAML authentication for user authentication on the platform. Use of OKTA for development environments, and integration of Enedis's identity provider for staging/pre-production/production environments

o Implementation of secure services that regularly consume the TrackUnit API for managing GPS sensors for tracking power generators.

o Development of Spring Batch jobs for data integration into repositories or data migrations

o Setup of frameworks for developing tests and Spring Batch jobs

o Implementation of mail and SMS notification services via AWS SES (Simple Email Service) and SNS (Simple Notification Service) services

▪ Library version upgrades (Spring, jOOQ)

▪ Production monitoring and JVM issue analysis (Heap, Thread, Garbage Collection)

▪ Support for the development team and onboarding of new developers

▪ Responsible for profile qualification for recruitment

SmartConnect Project for Enedis - IOT Project.

Management of an Enedis network monitoring platform through the supervision of structures and connected objects within a team of 10 people, in an agile context (Kanban/SCRUM). This platform allows referencing and supervising connected objects such as flood, intrusion, temperature, humidity, or tilt sensors, centralizing all data emitted by these sensors, and displaying it via a web interface to understand the status and quality of the Enedis network.

Activities on the mission

▪ Participation in the SIDO hackathon in Lyon in 2016, winning first prize in collaboration with 5 people, including 4 consultants from the Enedis group.

▪ Development of the SmartConnect platform

o Implementation of a micro-services architecture, containerized with Docker and Kubernetes

o Setup of Spring Boot connectors for communication with the backends of connected object operators (Sigfox, LoRaWAN)

o Development of Spring Batch jobs for data integration into repositories or data migrations

o Rules engine (JBoss Drools) to respond to a given situation (alert/alert resolution)

▪ Versioning of data repositories

o Use of Liquibase for PostgreSQL database versioning

o Use of Beepbeep for Elasticsearch database versioning

▪ Tooling

o Development of JUnit rules for managing Drools and Elasticsearch tests

o Setup of a technical framework for PostgreSQL tests

▪ Library version upgrades (Spring, jOOQ)

▪ Production monitoring and JVM issue analysis (Heap, Thread, Garbage Collection)

▪ Responsible for profile qualification for recruitment