diff --git a/infra/gcp/bash/ensure-main-project.sh b/infra/gcp/bash/ensure-main-project.sh
index d6aa634174d..ecb5543d9bc 100755
--- a/infra/gcp/bash/ensure-main-project.sh
+++ b/infra/gcp/bash/ensure-main-project.sh
@@ -76,6 +76,7 @@ readonly TERRAFORM_STATE_BUCKET_ENTRIES=(
     k8s-infra-tf-aws:k8s-infra-aws-admins@kubernetes.io
     k8s-infra-tf-gcp:k8s-infra-gcp-org-admins@kubernetes.io
     k8s-infra-tf-monitoring:"${CLUSTER_ADMINS_GROUP}"
+    k8s-infra-tf-oci-proxy:"${CLUSTER_ADMINS_GROUP}"
     k8s-infra-tf-prow-clusters:k8s-infra-prow-oncall@kubernetes.io
     k8s-infra-tf-public-clusters:"${CLUSTER_ADMINS_GROUP}"
     k8s-infra-tf-public-pii:"${CLUSTER_ADMINS_GROUP}"
diff --git a/infra/gcp/terraform/k8s-infra-oci-proxy/README.md b/infra/gcp/terraform/k8s-infra-oci-proxy/README.md
new file mode 100644
index 00000000000..e74dcc9e28a
--- /dev/null
+++ b/infra/gcp/terraform/k8s-infra-oci-proxy/README.md
@@ -0,0 +1,7 @@
+# Sandbox Infrastructure for archeio
+
+[archeio](https://sigs.k8s.io/oci-proxy/cmd/archeio)
+
+Sandbox infrastructure using Cloud Run for archeio. This infrastructure is a work in progress.
+
+https://docs.google.com/document/d/1yNQ7DaDE5LbDJf9ku82YtlKZK0tcg5Wpk9L72-x2S2k/
diff --git a/infra/gcp/terraform/k8s-infra-oci-proxy/oci-proxy-sandbox.tf b/infra/gcp/terraform/k8s-infra-oci-proxy/oci-proxy-sandbox.tf
new file mode 100644
index 00000000000..3f5d6476e36
--- /dev/null
+++ b/infra/gcp/terraform/k8s-infra-oci-proxy/oci-proxy-sandbox.tf
@@ -0,0 +1,74 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+locals {
+  project_id = "k8s-infra-oci-proxy"
+  domain     = "proxy.k8s.io"
+  image      = "gcr.io/k8s-infra-staging-infra-tools/oci-proxy"
+
+  external_ips = {
+    sandbox = {
+      name = "${local.project_id}-sandbox",
+    },
+    sandbox-v6 = {
+      name = "${local.project_id}-sandbox-v6",
+      ipv6 = true
+    },
+  }
+}
+
+data "google_billing_account" "account" {
+  billing_account = "018801-93540E-22A20E"
+}
+
+data "google_organization" "org" {
+  domain = "kubernetes.io"
+}
+
+resource "google_project" "project" {
+  name            = local.project_id
+  project_id      = local.project_id
+  org_id          = data.google_organization.org.org_id
+  billing_account = data.google_billing_account.account.id
+}
+
+
+// Enable services needed for the project
+resource "google_project_service" "project" {
+  project = google_project.project.id
+
+  for_each = toset([
+    "compute.googleapis.com",
+    "containerregistry.googleapis.com",
+    "logging.googleapis.com",
+    "oslogin.googleapis.com",
+    "pubsub.googleapis.com",
+    "storage-api.googleapis.com",
+    "storage-component.googleapis.com"
+  ])
+
+  service = each.key
+}
+
+// Ensure IPv4 et IPv6 global addresses for oci-proxy
+resource "google_compute_global_address" "global_ips" {
+  project      = google_project.project.project_id
+  for_each     = local.external_ips
+  name         = each.value.name
+  description  = lookup(each.value, "description", null)
+  address_type = "EXTERNAL"
+  ip_version   = lookup(each.value, "ipv6", false) ? "IPV6" : "IPV4"
+}
diff --git a/infra/gcp/terraform/k8s-infra-oci-proxy/provider.tf b/infra/gcp/terraform/k8s-infra-oci-proxy/provider.tf
new file mode 100644
index 00000000000..4568d58efdc
--- /dev/null
+++ b/infra/gcp/terraform/k8s-infra-oci-proxy/provider.tf
@@ -0,0 +1,39 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/*
+This file defines:
+- Required provider versions
+- Storage backend details
+*/
+
+terraform {
+  backend "gcs" {
+    bucket = "k8s-infra-tf-oci-proxy"
+    prefix = "sanbox"
+  }
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.7.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 4.7.0"
+    }
+  }
+}
diff --git a/infra/gcp/terraform/k8s-infra-oci-proxy/variables.tf b/infra/gcp/terraform/k8s-infra-oci-proxy/variables.tf
new file mode 100644
index 00000000000..14fbcdb50a1
--- /dev/null
+++ b/infra/gcp/terraform/k8s-infra-oci-proxy/variables.tf
@@ -0,0 +1,20 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+variable "name" {
+  type    = string
+  default = "oci-proxy"
+}
diff --git a/infra/gcp/terraform/k8s-infra-oci-proxy/versions.tf b/infra/gcp/terraform/k8s-infra-oci-proxy/versions.tf
new file mode 100644
index 00000000000..5e7bcf2b4c6
--- /dev/null
+++ b/infra/gcp/terraform/k8s-infra-oci-proxy/versions.tf
@@ -0,0 +1,24 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/*
+This file defines:
+- Required Terraform version
+*/
+
+terraform {
+  required_version = "~> 1.1.0"
+}