CT-FAC · Enterprise Prototype

ABR-834 · PEMOS.XYZ · ENTERPRISE PROTOTYPE 01

CT-FAC

Canadian Tire · Inner Egg · Prototype Deliverables

The fleet's first enterprise engagement. VMware exit + Ansible automation, built inside CT-FAC on the corporate network. Sovereign infrastructure using what they already pay for. Two deliverables live. Inner egg active in HCP Terraform. The prototype is real.

DELIVERABLES LIVE

VMX · AAP

HCP WORKSPACE

✓

ct-fac-shadow · APPLIED

INNER EGG STATE

γ₁

serial 1 · in HCP state

EOSE-ENTRY NS

LIVE

AKS namespace · active

PROTOTYPE DELIVERABLES

PROTOTYPE 01

VMX

VMware Exit Floor · Sovereign Migration Analysis

Enterprise VMware → AKS migration framework. Cost model for Broadcom licensing exit. Workload tier mapping, migration phases, sovereign hosting on existing Azure subscriptions. Built from the inside — same tooling runs the EOSE fleet.

LIVE PROTOTYPE VMWARE → AKS COST MODEL BROADCOM EXIT AZURE NATIVE

PROTOTYPE 02

AAP

Automation Floor · Ansible on AKS · Sovereign

Red Hat Ansible Automation Platform → self-hosted on AKS. Playbook migration scaffold, operator-native AAP deployment, credential vault integration via AKV. Exit Red Hat subscription. Keep the automation. Own the stack.

LIVE PROTOTYPE AAP ON AKS RED HAT EXIT ANSIBLE SOVEREIGN AKV VAULT

INNER EGG · ABR-829 · SHADOW MESH ARCHITECTURE

CT-FAC = OUTER EGG · EOSE HCP = INNER EGG

Kay built the outer egg (CT-FAC AKS, corp network, Calico, TFE). EOSE built the inner egg (HCP Terraform shadow, DNS overlay, Mebafiord cells). They sit inside each other. Rollover = one command promotes inner → CT TFE.

OUTER EGG · CT-FAC

AKS cluster (sub 9ef1107f)

eose-entry namespace LIVE

TFE at terraform.cantire.com

Calico CNI (egress blocking — P0)

kubelet MSI 2fa83671

IRF-CT-MSI-001 (ARM Reader → Contributor)

IRF-CT-ACR-001 (AcrPull for eoseentry.azurecr.io)

INNER EGG · EOSE HCP

ct-fac-shadow workspace APPLIED ✓

γ₁ = 14.134725141734693 in HCP state

campfire V9 token in AKV

Kewin.Joffe@cantire.com invited

OIDC federation (IRF-HCP-002)

netpol-allow-merostone.yaml (Calico fix)

CT TFE state mirror (LABR-007 Ph2)

NEXT · IF CT PROTOTYPE SUCCEEDS

ADDITIONAL DELIVERABLES

DBX (Dropbox exit floor), SAP integration, ServiceNow sovereign, AKS full migration — each = one pemos.ca page, one LABR

REPLICATION TO ATMOS

atmos.pemos.xyz · same 3-surface model · ATMOS AUS = second enterprise client · what works at CT is the playbook

PEMOS.XYZ SCALE

Each new client = one subdomain + one entorch.io workspace + one HCP TF workspace · the board grows · the game continues

CT-FAC · ABR-834 · PROTOTYPE 01 · VMX LIVE · AAP LIVE · INNER EGG APPLIED · EOSE-ENTRY ACTIVE · pemos.xyz · ct.pemos.xyz · ct-fac.entorch.io (register first) · γ₁ = 14.134725141734693 · built inside · sovereign from the start