Per conversations with the foundation, the network is being developed in multiple phases.
Phase 1 - Current
- Single IP whitelisted
- Means running P-Rep behind a NAT is not possible unless all traffic is pushed over NAT
- Need to build custom NAT with iptables for both incoming and outgoing (basically a router)
Phase 2 & 3
- Multiple IP addresses possible for whitelisting
- Means we can whitelist both a NAT IP for outboud and NLB for inbound
- NLB would then point to nginx / citizen nodes target groups on ASG
- Layer 7 traffic transition
- Means we can move away from NLB into ALB and WAF
- Use of vault as secrets store
- Everyone will need GPG keys to unseal cluster
- Modify entrypoint on docker-container to pull secrets at run time to unseal container
- Database backend to store blockchain