 Hi, welcome to the CNCF Ends at Lounge Stream. And today I'll be speaking with Floron and Floron from Society General. I am a Uber Cursitik Angu CNCF Ambassador. Floron and Floron will be sharing with us their collaborative journey at Society General. Now, the video has already been recorded for this session due to compliance reason. So go ahead to play the video then come back to answer any questions you have. Enjoy. Yeah. Hi, welcome to the CNCF Ends at Lounge. Really explore how Planetive Technologies are adopted by end user organizations across different industries and sectors. The end user community is formed of more than 160 vendor neutral companies that use the open source software to deliver their product. I'm a Uber Cursitik Angu CNCF Ambassador. And today with me, I have Floron Fabias and Kar Floron as guest pickers. In this live stream, we bring end user members to showcase how the organization, now the kids, the cloud native ecosystem to build and distribute their services and products. Join us every 4th Thursday at 9 AM Pacific time. This is an official live stream of the CNCF and as such it's subjected to the CNCF Code of Conduct. Please do not add anything to the chat or questions that will be in violation of the Code of Conduct. Basically, we are saying please be respectful to all the fellow participants and presenters. If you have any questions for us, we will be monitoring them through our live stream. Make sure to ask your questions in the live chat. Now, this week we have Floron Fabias and Kar Floron here with us to talk about the cloud natives journey at Société Générale. And yeah, I will have some French today. Very good. Before we dive into the questions, Kar, I forgot to what I just learned. Floron, can you briefly introduce yourself please? Okay, I let you start Floron. Okay, so my name is Floron Carré. I am a cloud engineer at Société Générale. So we are one of the principal European financial services group present in more than 50 countries. And so I'm specifically in the future team in charge of orchestrated containers. The offer that is mainly based on alternative products today, infrastructure services. And on my side, Laurent Verbier. So I am a service manager of the Docker infrastructure and I manage a small team in charge of the run operation on all the our clusters. So all the interaction with clients and maintaining the cluster operational every day. Yeah, awesome. Glad to have from you all with such great experiences. But first let's start. Can you tell us more about the infrastructure setup at your company and what technical challenges do you currently face? Okay, so I can start and certainly Laurent will add some interesting points. So we are quite old company. We are a bank that is 157 years old. So it's a quite huge group. As I mentioned, we are present in 61 countries. I just checked. And so we have a longer IT journey behind us and also of course in front of us. So as most companies we have what we call traditional systems with physical servers, mainframe, of course physical network data centers. And we are for some years now we are in a transformation journey. So we are going to the cloud. We have an official target of 80% of workload in cloud. And we have a hybrid network. And we have a hybrid cloud strategy. So by hybrid I mean that we use a public cloud and also a private cloud. And so Laurent and I, we are more focused on the private part of the cloud. And today we can share about what we do with containers privately. Awesome. You want to add something, Lauren? No, I think Florian covered it all. Just maybe a small scale value. We are hosted, we have a clusters in three regions, America, Europe and Asia. Okay, so we are doing 24 seven run on the clusters and we have thousands now of containers running in production. Yeah, awesome. Yeah, and I know definitely part of your strategy is using cloud native tools like Kubernetes and so on, if not we won't be here. When did you start with Kubernetes and other cloud native technologies and why? The journey I think started in 2017, if I'm correct, with a very small Kubernetes, not Kubernetes at this time, but swarm cluster with Docker and Docker Enterprise. So it was very small offer to put a foot in the cloud world in fact and then to propose to clients a new way to develop and to be more agile on the development part and be more focused on the time to market and then to deliver more quickly. That was the first step. Yeah, awesome. Yeah, and what are the technologies do you have in your stack or component as site Kubernetes? So the core of our current offer is based on the Myrentis distribution. So as as Laurent mentioned, we started with Docker EE and Myrentis about Docker EE from Docker Inc. So now we are very happy to work with Myrentis. This is the core of the stack that we have. I would say that the underlying solutions that we use are PCs and services of our private cloud. So we have a compute services, network services, security services, storage services. So the usual services that you have in a public cloud but in a societal general flavor. Part of it is based on cloud native solution. I can mention that we use OpenStack, for example, as a foundation for our compute. And we also, so these are the foundations and in our own products, we use more and more cloud native products. We recently introduced Prometheus for some building use cases internally. We needed some specific metrics for that. Maybe we will talk a bit more about that if you're interested later. And we have also introduced OPA, Open Policy Agents, also for the same use case. And of course, after attending KubeCon, we have many IDs. And then it's, for us, we need to prioritize, that's maybe the main challenge when we see the cloud native landscape and all it offers. Yeah, also I think you've led to the next questions I have had. Were you able to, okay, you said you were able to attend KubeCon, any or the previous year? So myself, I have attended the last year, the European KubeCon online. And this year, the plan was to go to Los Angeles and be on site, but unfortunately, it was not possible. So we attended at very late in the evening, so virtually. And also it was very nice to have the ability to see the replay during the day so that it was easier to avoid the jet lag or kind of virtual jet lag, I would say. I think for me personally, one part I love most was the fact that there's this thing where if you attend physically and it talk as past, you can't really watch it. But for the virtual or hybrid version, even if it talk just ended, you can just play it for yourself, which was exciting. So what talks did you, stood out to you during KubeCon and the ones that are probably going, like you mentioned earlier, how are going to influence a certain decision making within your organization? Personally, I was very impressed by the FogGuru demo on MultiCluster. I think MultiCluster is a very hot topic for us at the moment. Maybe not for just now, but for the coming years. As we are in a hybrid cloud setup, it's important for us to be able to move from one cloud to another cloud with reversibility and also to offer more and more bridges between a private cloud and public cloud. So that's our end users or maybe our end users or more application owner that they are able to take advantages of the best of each world. We know that we cannot compete in terms of catalog with public cloud, but we can offer a very good security setup. And for some use cases, there are awesome tools in public cloud that we cannot have in the private cloud or that are just for a short period of time. And for these kind of use cases, it's very interesting for us to have MultiCloud and be able to move the workload. And that was the demo of FogGuru. Yeah, awesome. Lauren, did you get a chance to watch any? In fact, I watched some, not as much as I wanted to, but I was mostly interested in all that involve security topics because it's a major topic for us. And also all the presentation around auto scaling because it is a big part of what we will do next year, I think, try to optimize our cluster, be more efficient, reduce the number of VMs on the cluster and all that part. It's very interesting. Yeah, awesome. Yeah, so going back to Kubernetes, I can imagine definitely the Internet usage growth within your organization since you are now scaling from using your monolith and your mainframes to going in MultiCloud. It will have brought some challenges. How did you handle cluster growth and adoption of these technologies within your organization given that you are now switching from a traditional way of doing things to a modern way of doing things? Let me put it that way. It's a complex topic, in fact, because in our team we only manage the infrastructure and not the development part of the application. And so we try a lot to teach, to share our knowledge of Kubernetes because it's not widely spread in the development teams for the moment, and they have a basic knowledge of Kubernetes so that it works. What are the basic principles? But there is a big part of teaching to do with them and explaining what are the more complex part of Kubernetes, for example, one that come to mind is the function, the usage of request limits when you deploy on Kubernetes. It is something that is not natural to people coming from monolith application, even if it can relate to GVM sizing, for example, but it's not really the same and it's complex for them to understand this and to apply it every day on their development. Oh, awesome. Yeah, so in relation to that, you mentioned earlier that you have both private cloud and public, can you tell us more about how you distribute workloads and if you rely on multi-tenant cluster deployments, what challenges does that bring? So the decision, there are some decision trees in different business units. They don't have all the same type of application. So depending on the application, it is eligible or not to the public cloud because of course we have a huge focus on data protection and in case of, for example, customer data, we don't want to expose it and we want to make sure that we have all the security in place to protect that data. And so this is regarding your first question regarding public or private and regarding the kind of cluster that we have, we have a stretch cluster across multi-availability zone regarding the private cloud. So we are able, if we lose one availability zone to have a zero downtime on our application based on that setup. Well, awesome. Now, how do you manage cluster automation then? Upgrades, versioning, testing and rolling out new features. So that's part of my team, mainly, even if we are helped by the developers of Florence team. In fact, we are working in cattle mode now for the underlying the hosts of the cluster and we renew every host every two months. That is our principle. Every two months we renew the host with a new version of operating system with the updated engine. And once every quarter, we upgrade the version of Miranti cluster and this is done in place. We never create new clusters for the new version. So we do upgrade in place. Most of the time it's transparent for user but there is a huge challenge. It's to work with developers to anticipate deprecated feature from Kubernetes. That is our biggest challenge and nowadays it's this one. Oh, okay, awesome. Yeah, now you just mentioned one of the biggest challenges you have. What other problems are you currently facing between me or clusters? The problems, it's the multitenant part. In fact, for me, that is the biggest problem because we provide the namespace as a service in fact, in a city to general, it's not cluster as a service. So many teams are using the same cluster and one team doing something wrong can impact the other team running on the same cluster. So this is what we deal. We are every day, we have to check what is running on the cluster, challenge the team to reduce their usage if they are over consuming CPU or memory. And that is a big problem. Oh, okay, awesome. Yeah, you wanted to add something? Yes, regarding the CPU and the quota and everything, I think this is for us a focus because we are on premises and if our user requests more than what they need, actually they artificially increase the size of our infrastructure because behind, of course, there are physical servers. And so for us, it's very important to keep a good balance between what is necessary for the good work of the application and the cost and the environmental footprint of the infrastructure that we provide. Yeah, okay, awesome. So now let's talk about Double Pi experience. You shared your time, how you are trying to educate your developer team who don't have a lot of experience with communities on how to make use of it. Can you tell us more about what other developer experience initiative you have that played in the evolution of your clusters? So part of the answer is about the way they can consume our services. So as part of our private cloud, we have APIs for all services. And so in my team, for example, we are in charge of developing the API for the Kubernetes service. So it's not the native Kubernetes API or the Myrentes API. It's the API that is following all the private services and private cloud rules that we have in terms of security, integration with the whole ecosystem. And this API has the advantage for developers who have little knowledge about Kubernetes to get a namespace with a single API call. So just a post on the API and you get your namespace and you can also get a full routing mesh with a load balancer, a geographic load balancing, just with the single call depending on the options that you choose during this call. So this is a huge accelerator because when you have the proper documentation, getting up and running only takes a few minutes if you have already all the information that you need to do this post on the API. Awesome. So in line with that, you've already told us how you develop as interactivity clusters on the services. What is the typical life cycle of application development, maintainers and troubleshooting? Yeah, we don't have a lot of information on that part because it's managed by application team and I know that they are using mostly Jenkins pipeline to manage all this life cycle. They are also investigating the Git actions and Argo CD solution. So all this is ongoing but we don't have a lot of details about that on our side. Oh, okay. Awesome. Actually we want to be open as we have many business units. There are different software factories with different cultures, I would say. And depending on the type of workloads, they are free to use our service as they would do on a public cloud provider service, for example. Okay. Yeah, also one point we are looking at at the moment is to provide some operators to the clients. So classic standard products, I would say a MongoDB solution already packaged as an operator that they could use easily on their side, on their namespace. Okay, yeah, awesome. So now let's dive into your experience within the cloud native community in general. Can you share with us what your experience is so far in the community and the cloud native space? So my experience is mostly related to the Qcon where I was virtually. And it was a great experience. Also for the day-to-day job, the quality of the documentation is very important. And the fact that we know that everything is open, that we can go to the GitHub interact with the contributors become contributors maybe one day. This is very interesting. And for me, compared to the vendor world that we were used to for decades, it's really a huge improvement and a source of motivation. Yeah, awesome. Now, what are future cloud native challenges at your organization? Is there any projects that you are interested in? I mentioned the environmental impact of the infrastructure. I think this is for us more and more a concern. So a company just committed to be a carbon neutral in 2050. And so part of it is on the banking side. So I will not talk about that because I'm not directly involved in selling our products. But regarding the IT, we also have our responsibility. We know that at the global level, year after year, IT footprint is increasing. And so it's important for us to optimize our footprint to reduce it when possible. And so there are some cloud native initiatives that are growing, I would say, in this area, somewhere addressed at the KubeCon. For example, there were a presentation regarding KDA to have auto scaling of thoughts. Also, we were talking about multi cluster. When you have a multi cluster, if you have the ability to easily move from one cluster to the other, you can choose also to move the workload based on the footprint, for example, the environmental footprint. So these are areas where I think cloud native will bring more and more tools for us in the future. Yeah, awesome. Laurent, on your team, what challenges are you facing that you are looking at fixing with? What are your challenges? Main challenges for us is to automatize everything possible. And we want the cluster to be self-feeling, to be self-regenerating, to be auto scaling, to reduce to the minimum what we have to do and be able to provide more value to the client by adding new features and not having to deal with this day-to-day incident that are bringing nothing to the team, in fact. Yeah, sure. So the next KubeCon is in Valencia, Spain. Are you all planning to attend physically? Since it's in? Probably. If the situation permits it, yes, of course. So awesome. So now, is there anything else that we've not covered in this interview that you probably want to share or you want to talk about, your priority with Johnny? For me, it's OK. No, I just want to thank you for the opportunity to participate to this live event. And we'll be happy to take questions in a few minutes if people have questions. Thanks to CNCF for the job because it's a challenging world. And Cloud World is a very challenging, very dynamic world. It's very difficult to follow all the topics every day and having a source, a main source of information is very important. Yeah, awesome. Thank you very much, Laurent and Florin. I have learned quite a lot of things on this call, especially some French. So thanks, everyone, for joining this latest episode of the Cloud Native End User Lounge. It was great having Laurent and Florin talking about Société Générale's usage of Cloud Native. We also really love the interaction and questions that the audience are going to be adding to this. So please ask them questions if you have for our audience. We will bring you the latest Cloud Native end user stories on the 4,000th day of every month at 9 AM Pacific time. So don't forget to join us at KubeCon, Cloud NativeCon EU in Valencia, Spain. It would definitely be hybrid again this time. So if you are unable to join physically, you can connect. It's to be happening May 17 to 28th, or 20th, 22. So you can come to hear about the latest technologies coming out of the Cloud Native community. It's like almost every day new technologies are coming on more end users, and more companies are contributing back to the community. And if you would like to showcase your usage of Cloud Native tools as an end user, you can join the end user community with more details on cncf.iu slash end user. Thanks for joining us today, and see you next time. Thank you. Thank you. Hi, and welcome back, Laurent. That was an interesting video to watch again. So there have been quite a lot of interactions in the chat before we get to that. Is there anything else you would like to add, or maybe some more things that have happened since we have coded the sessions? Yes. The day-to-day job is full of adventurers. So Laurent and I and all the teams at Société Générale, we are welcoming more and more workload every day because the transformation to Cloud Native is going on, and it's quite a success. So we are running today more than 1,000 nodes of Kubernetes clusters with roughly 30,000 pods. So it represents hundreds of applications for the bank. And what is very interesting for us as infrastructure people is that we have a quite important diversity of applications. And so for that, we try to customize the clusters that we provide with more and more security and more and more features. So for example, we are increasing the way we are doing the billing internally so that people are billed just for the CPU and memory they consume or their request. And this is for the application owner, but for the group as a whole, a way to optimize the way we use infrastructure because people are able to save compared to what they were doing on virtual machine, for example. And with this new improvements, we think that projects will be able to save up to 30% of their compute billing on our private cloud. So it's really interesting. And behind that, there is a reduction of energy that is consumed. And so it's also for us contributions to a carbon neutral objective that we have for 2050. Yeah, also, I think that leads to one of the questions from the audience. What will be the next big challenge for society in general? Well, the very big challenge is definitely, for me, carbon neutral 2050. I think it's a world challenge. So it's not only a society general challenge. For us, more focused on our Kubernetes work, we will be opening a new region in a few months. So that is a very interesting challenge. We already have Europe. And we have already two regions in Europe. We have one region in Asia. And so we will be happy to open a new region in America in a few months. Yeah, awesome. So I think I also asked when we were calling the call, one of the users also asking, should we be looking forward to you sharing more of your experience and use cases that keep calm Valencia? We will be happy to do that. Actually, I know that you receive a lot of proposals of call for paper. So depending on the competition, maybe we will be able to present our work in more detail. We were happy to do that last month in the South of France at a French event. And it was very great to share with other companies that are using cloud native technology, as well as universities also. And so for us, it's part of the open community. CNCF is about open services, cloud native. But there is also a lot of open source involved. So Société Générale is also trying to become an open source contributor. But it's not always as easy as it could be. And so we are already an open source of internal application that we have. And maybe in the future, we will have more. Yeah, awesome. Yeah, you were talking about carbon neutral. We all have to play our part. So it's not just a world problem. It's everybody's problem. OK, Christian just came in. How easy or difficult was the move from SWAM to Kubernetes? It's not easy. It's not easy for all application. It really depends, I think, on the teams. Some teams, some application owner and their developers, they were able to migrate quite fast because they have the skills, because they also can have that kind of priority in their backlog. Other teams, this is for them a technical story. And they have more business story to tackle before doing migration. So for them, it will take more time. In terms, I think, so this is a general answer. I think the difficulty is not technical. When you already have an application that is running within containers, moving from SWAM to Kubernetes is not that complicated. And also, as we mentioned a few minutes ago, we have worked a lot on improving the developer experience. So it's not difficult for our end user to get a namespace instead of Docker EE Workspace on SWAM. Also, we have been using the same line of products. We were with Docker Enterprise Edition at the SWAM period. And so now, Marinities, Kubernetes Engine, the Kubernetes distribution we use is also provided bundled with SWAM. And so there are tools for people if they want to migrate Docker Compose to Kubernetes, for example, in the distribution. And we have also very good experts that have been with us for a few years now, since nearly the beginning of the journey. So they have been working with the applications to migrate to SWAM. And they are helping also the team to migrate to Kubernetes with a knowledge of their previous challenges. And so it's something that is feasible. Currently, I'm not aware of people who really want to stick on SWAM. For example, Kubernetes is evolving, has become our standard. I think it has become also an industry standard. So there is quite a lot of motivation from everybody to migrate to Kubernetes. And it's working quite well. Our goal is to close SWAM in a few weeks now. Yeah, another question just came in. Why have you chosen to stay on an open source solution? So not only of what we are doing is open source, but it's important for us to have Kubernetes as the core of orchestrating offer. Because we know the open source community driven by CNCF will provide us value release after release. And we will not remain on a product that is used by a small base of clients. Now there are thousands of Kubernetes clusters everywhere. And so we are not only learning from our own experience and a vendor experience, but from a much larger community. And this kind of ecosystem, for me, brings much more value and evolves faster than a traditional closed source product. Yeah, awesome, yeah. There's one question I'm meaning to ask since we recorded the last session. As a financial institution, there is often talks around that, oh, financial institutions are slow to adopt new technologies and so on. And I know it's because you are in a regulated industry. How do you manage regulation with innovation? So as part of our internal standards for private cloud, we have a system of labels. And these levels, each service has the obligation to meet these standards. So we have a first level, second level, and third level. And for each level, you know that your application can meet the regulator requirements when the service has reached the level. For example, if you have an application that is not very sensitive, not using customer data, but can use level one services, then the application owners know that it can host the application on services with the label level one. For more advanced information in terms of sensitivity, then the application owner will look at services with level two, same for level three. This is how it is organized. So behind these labels, there is a lot of work in terms of security, of architecture, of operation, and development standards that are written and audited. So actually, my team has spent the last three months just working to reach a new level of label so that we can host more and more sensitive application without risking security. And also, security is a very large topic. So it is about availability, about confidentiality, and many other things. OK, thank you. Yeah, we have a question here. It says, how do you do multi-tenancy inside your platform to separate business applications at cluster and namespace level and why? So we are relying on Kubernetes mechanisms. So basically, we have the possibility to segregate the network traffic with network policy. We have a resource quota limit range to guarantee the CPU and memory for each application inside a multi-tenant environment. And also, with the Kubernetes distribution, we have an airbag system that is built in based on an adapt directory. So each team of users is only able to access its own namespace and the related objects and is not able to access someone else's application. So these are the main characteristics of a technical architecture to meet that kind of challenge. Yeah, that's cool. Thank you. Yeah, one more question. How are you satisfied to collaborate with? With the Kubernetes distribution. So we are very satisfied. I mean, we have people from Myrentes working with us on a day-to-day basis. For us, it's as a financial institution. It's part of our requirements in terms of regulation to have support from external expertise. And so when we are dealing with complicated incidents or when we are doing some major upgrade for us, it's a security to work with Myrentes experts and to know that also there is a development team behind, not only the community with no contracts, but really the vendor that is providing its services to help us solve incidents. Yeah, awesome. Thank you. I think that's all the questions we have from the audience. It's been a very great interaction. Thank you very much for taking the time to join and answer the questions live. It's been an interesting session with all the questions. Thank you very much. Do you have anything else to add before we end the session? You mean, do you have something to add? Yeah, if you have anything else to add or say. Just can mention that Societe Generale is hiring in different places in the world. So do not hesitate to go to or carry your website to find position available. And maybe you will join me in your transformation journey. It will be interesting. And there is a lot of interesting challenges in front of us. Yeah, awesome. That's a very awesome closing. Yeah, so thank you very much, everyone, for watching. I'm just going to be watching the recording later. Once again, if you're an end user company and you would like to share your story, your cloud native journey, you can reach out to cncf at cncf.io slash end user, or if you want to be a part of the end user community. Also remember that the KubeCon, cloud native con EU 2021 happening in Valencia next year, May 17th to 20, the CFP is still open. I think it's closing mid December. So if you are interested in speaking, there's still time to get your talk submitted. And hopefully we see you all at Valencia spin physically. Okay, thank you very much for joining us. And bye-bye, everyone. Bye-bye.