Skip to content

Home

DEEPENING EAST AFRICAN COMMUNITY REGIONAL ECONOMIC INTEGRATION THROUGH ADVANCING THE CUSTOMS UNION AND PROMOTING FREE MOVEMENT OF SERVICES: - LOT 1: EAST AFRICAN COMMUNITY REGIONAL CUSTOMS INTERCONNECTIVITY INTEGRATION SYSTEM (RCIIS)

REF. INTA/DAR/2022/EA-RP/0090

RFS N. FED/2017/385-716

CONTRACTING AUTHORITY:

EAST AFRICAN COMMUNITY (EAC)

Regional Customs Interconnectivity Integration System (RCIIS) ICT Infrastructure, Hosting, Security & Network Architecture Configuration & Deployment Manual
Fischer Consulting DT Global
EAC Countries
European Union EU-EAC CORE Programme

Deployment Phases

Follow these phases in order to stand up a new environment from scratch.

  • 1. Plan

    Choose your deployment model, size the cluster, and define network and security requirements.

    Deployment Model

  • 2. Prepare

    Install tooling, configure provisioning parameters, set up access credentials, and prepare your environment.

    Install Tooling · Provisioning Config

  • 3. Build

    Provision compute, networking, load balancers, storage, and encryption using your chosen provisioning tool.

    Provision Compute · Network Fabric

  • 4. Install Talos

    Apply machine configurations, boot Talos Linux, and bootstrap the Kubernetes cluster.

    Boot & Install

  • 5. Install Platform Services

    Deploy the full platform layer: networking (Cilium, ingress-nginx), certificates (cert-manager), GitOps (FluxCD), storage (Rook-Ceph), observability (Prometheus, Loki, Grafana), data services (CloudNativePG, Strimzi), backup (Velero), and security (Kyverno, Trivy, Falco, Tracee, Keycloak).

    Platform Overview

  • 6. Configure Cloudflare

    Configure DNS zones, WAF rules, tunnels, and TLS certificates.

  • 7. Replication

    Cross-site data replication for S3 object storage, Kafka, PostgreSQL, and SQL Server.

    Replication Overview

  • 8. Validate the Environment

    Run connectivity tests, security audits, backup tests, and complete the handover checklist.

  • 9. Day-2 Operations

    Talos upgrades, certificate rotation, backup procedures, scaling, and incident response.

Deployment Models

This manual covers multiple deployment targets. Each page uses tab groups so you can switch between environments:

Model Description
AWS EC2 instances provisioned via Terraform
Bare Metal Physical servers with direct Talos installation
Proxmox VMs Virtual machines on Proxmox VE, provisioned via Terraform
Task Page
Install Terraform, AWS CLI, talosctl Install Tooling
Configure VPC, subnets, NAT gateways Network Fabric
Build and register a Talos AMI Provision Compute
Configure security groups and port rules Firewall Rules
Set up NLB for K8s and Talos API Load Balancing
EBS volumes and encryption Storage · Encryption
Task Page
Install talosctl, PXE tools, IPMI utilities Install Tooling
Configure VLANs, physical switches, routing Network Fabric
PXE boot or ISO install Talos on servers Provision Compute
Configure iptables/nftables firewall rules Firewall Rules
Set up HAProxy + Keepalived for API access Load Balancing
Local disk, RAID, LUKS encryption Storage · Encryption
Task Page
Install Terraform, Proxmox provider, talosctl Install Tooling
Configure bridges, VLANs, SDN in Proxmox Network Fabric
Create Talos VM template and clone VMs Provision Compute
Configure Proxmox firewall rules Firewall Rules
Set up kube-vip or HAProxy for API access Load Balancing
Storage pools and encryption Storage · Encryption