# Phase 2: Infrastructure Deployment - 36-Region Cloud for Sovereignty

## Status: ✅ Plan Complete, Ready for Deployment

## Overview

Phase 2 deploys the foundational infrastructure for the 36-region Cloud for Sovereignty landing zone, including resource groups, virtual networks, Key Vaults, Log Analytics workspaces, and AKS clusters across all 36 non-US commercial Azure regions.

---

## Deployment Plan Summary

### Regions: 36 Total

**Primary Regions (12):** 2 validators each
- West Europe, North Europe, France Central, Germany West Central
- UK South, Switzerland North, East Asia, Southeast Asia
- Japan East, Australia East, Central India, Canada Central

**Remaining Regions (24):** 1 validator each
- UK West, Sweden Central, Norway East, Poland Central, Spain Central
- Italy North, Austria East, Belgium Central, Japan West
- Korea Central, Korea South, Australia Southeast, New Zealand North
- West India, Indonesia Central, Malaysia West
- UAE North, Qatar Central, Israel Central
- Canada East, Brazil South, Chile Central, Mexico Central
- South Africa North

### Resources per Region

1. **Resource Groups (6):**
   - Network: `az-p-{region}-rg-net-001`
   - Compute: `az-p-{region}-rg-comp-001`
   - Storage: `az-p-{region}-rg-stor-001`
   - Security: `az-p-{region}-rg-sec-001`
   - Monitoring: `az-p-{region}-rg-mon-001`
   - Identity: `az-p-{region}-rg-id-001`

2. **Virtual Network:**
   - Name: `az-p-{region}-vnet-main`
   - Address Space: `10.0.0.0/16`
   - Subnets:
     - AKS: `10.0.1.0/24` (with delegation for Microsoft.ContainerService/managedClusters)
     - Nodes: `10.0.2.0/24`

3. **Key Vault:**
   - Name: `az-p-{region}-kv-secrets-001`
   - SKU: Standard

4. **Log Analytics Workspace:**
   - Name: `az-p-{region}-law-main`
   - Note: westindia and belgiumcentral use nearest supported region (westeurope)

5. **Storage Account:**
   - Name: `azp{region}tfstate001`
   - Purpose: Terraform state storage

6. **AKS Cluster:**
   - Name: `az-p-{region}-aks-main`
   - Kubernetes Version: 1.32
   - System Node Pool: 2 nodes (Standard_D2s_v3)
   - Validator Node Pool: 1-2 nodes (Standard_B2s) based on region type

---

## Deployment Steps

### Step 1: Review Plan (✅ Complete)

```bash
cd terraform/well-architected/cloud-sovereignty
terraform show tfplan-36regions.out
```

### Step 2: Apply Plan

```bash
# Option A: Use deployment script
./scripts/deployment/deploy-36-region-infrastructure.sh

# Option B: Apply directly
cd terraform/well-architected/cloud-sovereignty
terraform apply tfplan-36regions.out
```

### Step 3: Verify Deployment

```bash
./scripts/deployment/verify-36-region-clusters.sh
```

---

## Expected Results

### After Deployment

- ✅ 216 Resource Groups (6 × 36 regions)
- ✅ 36 Virtual Networks with delegated AKS subnets
- ✅ 36 Key Vaults
- ✅ 36 Log Analytics Workspaces
- ✅ 36 Storage Accounts
- ✅ 36 AKS Clusters
- ✅ 72 System Nodes (2 per region)
- ✅ 48 Validator Nodes (1-2 per region)
- ✅ Total: 120 VMs, 240 vCPUs

### Cluster Status

All clusters should reach:
- `provisioningState = "Succeeded"`
- `powerState = "Running"`
- System node pool: 2/2 nodes ready
- Validator node pool: 1-2/1-2 nodes ready (based on region type)

---

## Deployment Time Estimates

- **Infrastructure Foundation:** 15-30 minutes
  - Resource Groups: ~2 minutes
  - Virtual Networks: ~3-5 minutes
  - Key Vaults: ~5 minutes
  - Log Analytics: ~5 minutes
  - Storage Accounts: ~3 minutes

- **AKS Clusters:** 30-60 minutes (parallel)
  - Cluster creation: ~15-20 minutes per region
  - System node pool: ~10 minutes
  - Validator node pool: ~10 minutes
  - With parallelism=128: All regions deploy concurrently

- **Total:** 45-90 minutes for complete deployment

---

## Configuration Files

- **Terraform Variables:** `terraform.tfvars.36regions`
- **Plan File:** `tfplan-36regions.out`
- **Deployment Script:** `scripts/deployment/deploy-36-region-infrastructure.sh`
- **Verification Script:** `scripts/deployment/verify-36-region-clusters.sh`

---

## Troubleshooting

### Common Issues

1. **Quota Exceeded:**
   - Check regional vCPU quotas
   - Verify: 10 vCPUs per region limit
   - Primary regions: 8 vCPUs (within limit)
   - Remaining regions: 6 vCPUs (within limit)

2. **Subnet Delegation Error:**
   - Ensure AKS subnet has delegation block
   - Verify: `Microsoft.ContainerService/managedClusters`

3. **Cluster Creation Failed:**
   - Check Azure Activity Logs
   - Verify subscription has necessary permissions
   - Check regional service availability

### Monitoring Deployment

```bash
# Watch cluster status
watch -n 10 './scripts/deployment/verify-36-region-clusters.sh'

# Check Terraform apply log
tail -f /tmp/terraform-apply-36regions.log
```

---

## Next Phase

After infrastructure deployment is complete:
- ✅ **Phase 2:** Infrastructure Deployment (current)
- ⏭️ **Phase 3:** Kubernetes Configuration
- ⏭️ **Phase 4:** Besu Network Deployment
- ⏭️ **Phase 5:** Application Stack Deployment
- ⏭️ **Phase 6:** Cross-Chain & Integration
- ⏭️ **Phase 7:** Verification & Testing
- ⏭️ **Phase 8:** Documentation & Handoff

---

**Last Updated:** $(date)
**Status:** ✅ Plan Complete, Ready for Apply