Create infrastructure configs

infrastructure/.gitignore

@@ -0,0 +1,39 @@
+/.idea/
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

infrastructure/README.md

@@ -0,0 +1,97 @@
+Install k3s + Rancher with letsecrypt
+
+```
+sudo su
+```
+
+
+```
+export IP_ADDRESS_HOST=3.215.23.96
+
+dnf install htop -y
+curl -sfL https://get.k3s.io | sh -
+curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+alias k=kubectl
+export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
+
+helm repo add jetstack https://charts.jetstack.io
+helm install cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --create-namespace \
+  --set crds.enabled=true
+
+helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
+kubectl create namespace cattle-system
+
+helm upgrade -i rancher rancher-stable/rancher \
+  --namespace cattle-system \
+  --set hostname=$IP_ADDRESS_HOST.sslip.io \
+  --set bootstrapPassword=admin \
+  --set ingress.tls.source=letsEncrypt \
+  --set [email protected] \
+  --set letsEncrypt.ingress.class=traefik \
+  --set replicas=1 \
+  --set agentTLSMode=system-store
+
+echo https://$IP_ADDRESS_HOST.sslip.io/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')
+
+```
+
+Install k3s + Rancher self-signed certificate
+
+```
+sudo su
+
+dnf install htop -y
+
+curl -sfL https://get.k3s.io | sh -
+
+curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+
+alias k=kubectl
+
+export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
+
+helm repo add jetstack https://charts.jetstack.io
+helm install cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --create-namespace \
+  --set crds.enabled=true
+
+helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
+kubectl create namespace cattle-system
+
+helm upgrade -i rancher rancher-stable/rancher \
+  --namespace cattle-system \
+  --set hostname=ec2-54-166-76-61.compute-1.amazonaws.com \
+  --set bootstrapPassword=admin \
+  --set replicas=1
+
+echo https://ec2-54-166-76-61.compute-1.amazonaws.com/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')
+```
+
+Install ebs-csi driver
+
+```
+helm upgrade --install aws-ebs-csi-driver \
+    --namespace kube-system \
+    aws-ebs-csi-driver/aws-ebs-csi-driver --values aws-ebs-csi-driver-values.yaml
+```
+
+Then apply aws-secret.yaml
+
+```
+kubectl apply -f aws-secret.yaml
+```
+
+Install besu
+```
+git clone https://github.com/ConsenSys/quorum-kubernetes.git
+cd quorum-kubernetes/helm
+kubectl create namespace besu
+helm install genesis ./charts/besu-genesis --namespace besu --create-namespace --values ./values/genesis-besu.yml
+helm install bootnode-1 ./charts/besu-node --namespace besu --values ./values/bootnode.yml
+helm install bootnode-2 ./charts/besu-node --namespace besu --values ./values/bootnode.yml
+helm install validator-1 ./charts/besu-node --namespace besu --values ./values/validator.yml
+helm install validator-2 ./charts/besu-node --namespace besu --values ./values/validator.yml
+```

infrastructure/aws-ebs-csi-driver-values.yaml

@@ -0,0 +1,10 @@
+storageClasses:
+  - name: ebs-sc
+    #   annotations:
+    #     storageclass.kubernetes.io/is-default-class: "true"
+    volumeBindingMode: Immediate
+    reclaimPolicy: Delete
+controller:
+  serviceAccount:
+    annotations:
+      eks.amazonaws.com/role-arn: arn:aws:iam::{org_id}:role/k8s-ebs-csi

infrastructure/aws-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-secret
+  namespace: kube-system
+stringData:
+  key_id: ""
+  access_key: ""