The Kubernetes infrastructure of a major French real estate group hosted the entire portfolio of digital applications: PIM Akeneo for product data management, the Export Ligneurs batch processing pipeline, all corporate websites (branded as PWR - Pichet Web Resources), the company Intranet, the PSR partner leads API, the Tyk API Gateway, and various microservices including a connected housing IoT platform. The project spanned two major phases: on-premise Kubernetes clusters managed by Claranet (formerly Oxalide) from 2019 to 2021, followed by a full migration to AWS EKS (Elastic Kubernetes Service) on the eu-west-3 region from 2022 to 2024.

• Ensure high availability of all critical applications (websites, PIM, APIs) with zero unplanned downtime during business hours
• Industrialize deployments through GitLab CI + Helm, reducing deployment time from hours to minutes
• Migrate to AWS EKS for improved scalability, resilience and managed Kubernetes benefits
• Proactively monitor resources (CPU, memory, disk, SSL certificates) to prevent incidents
• Manage secure access through SSH bastions, VPN tunnels, and certificate management

The organization's entire digital presence depended on this infrastructure. With 5+ commercial websites serving thousands of daily visitors, a PIM system feeding product data to all channels, and batch processes synchronizing data with external partners, the stakes were considerable. The infrastructure team operated in a managed hosting model with Claranet, requiring close coordination between internal development teams and external operations engineers.

The infrastructure management required constant coordination between the internal development team at Groupe Pichet and the managed hosting team at Claranet (formerly Oxalide). As the primary consumer of the Kubernetes platform (PIM, Export Ligneurs) and deployment supervisor, I served as the bridge between development needs and infrastructure operations, receiving all monitoring alerts and participating directly in incident resolution.

• Deep expertise in Kubernetes operations: pod lifecycle management, resource limits, horizontal pod autoscaling, persistent volume claims, and ingress controllers
• Hands-on AWS cloud skills: EKS cluster management, S3 configuration, IAM policies, NLB load balancers, and bastion architecture
• Incident management maturity: developed systematic approaches to triaging, escalating, and resolving infrastructure incidents under pressure
• CI/CD pipeline design: GitLab CI + Helm Charts deployment automation, environment-specific configurations, and deployment safeguards
• Évolution from developer to infrastructure supervisor: this project fundamentally changed my understanding of the full software delivery lifecycle

After the AWS EKS migration was fully stabilized, the infrastructure entered a mature operational phase. The monitoring setup with Centreon and New Relic provided proactive alerting, and the Helm-based deployment pipeline enabled teams to deploy with confidence. The bastion access management, while initially challenging (ISS-423267 remained open for months), eventually provided a secure and auditable access path to production systems.

The Kubernetes platform continued operating beyond my departure from the group in March 2024. The architectural décisions made during the initial setup - standardized Helm charts, automated cert-manager for SSL/TLS, clear namespace séparation between environments - proved durable and enabled the infrastructure to scale with the organization's growing digital needs. The migration from on-premise to AWS EKS validated the cloud-first strategy and set the foundation for future cloud-native initiatives.

Today, the infrastructure principles established during this project - containerization, orchestration, automated deployments, proactive monitoring - are industry standards. The experience of managing a 5-year infrastructure lifecycle, from initial setup through a major cloud migration, provides a unique perspective on the long-term implications of infrastructure décisions. The lessons learned directly inform my current approach to infrastructure-as-code and cloud architecture.

• The GitLab CI + Helm industrialization was a major success. Standardized deployment pipelines across all applications brought consistency and reliability that dramatically reduced deployment-related incidents after the initial setup period.
• The dual-cluster strategy (preprod + prod) with clear environment séparation prevented many potential production issues. The incident where production config was deployed to preprod (SRQ0389097) actually reinforced the importance of environment guardrails.
• Proactive monitoring with Centreon + New Relic caught many issues before they impacted end users, transforming infrastructure management from reactive firefighting to proactive prevention.

• The resource planning during Phase 1 was insufficient. The July-October 2019 crisis with recurring node memory/load/swap alerts could have been avoided with better capacity planning and resource requests/limits on pods.
• The bastion access management (ISS-423267) dragged on for too long. A more structured access management process with pre-provisioned SSH keys and automated rotation would have saved significant coordination overhead.
• Documentation of infrastructure décisions and runbooks was inconsistent. Creating comprehensive runbooks for common incident patterns earlier would have accelerated onboarding and reduced resolution times.

With hindsight, I would have pushed for the AWS EKS migration earlier. The on-premise phase, while educational, consumed significant operational effort that managed Kubernetes would have eliminated. I would also have implemented GitOps practices (ArgoCD or Flux) from the start, and established infrastructure-as-code with Terraform for all cloud resources rather than relying on manual Claranet requests. Finally, I would have invested more in automated testing of Helm charts and Kubernetes manifests before deployment, catching configuration errors in CI rather than in production.

• Infrastructure is never "done" - it requires continuous attention, monitoring, and évolution. The 5-year lifecycle taught me that the initial architectural décisions have compound effects over time.
• The managed hosting model (Claranet) has both advantages (expertise, 24/7 support) and limitations (dependency, slower iteration). Understanding where to draw the line between managed and self-managed is a critical skill.
• Incident management is a skill that can only be developed through real practice. The pressure of production incidents with business impact taught me composure, systematic thinking, and clear communication under stress.