# Multi-Region High Availability Workspace Configuration # Global deployment across 3 providers and 3 geographic regions [workspace] description = "High availability deployment across DigitalOcean (US), Hetzner (EU), and AWS (APAC)" environment = "production" name = "multi-region-ha" owner = "platform-team" # DigitalOcean Configuration - US East (Primary) [providers.digitalocean] default_region = "nyc3" enabled = true region_name = "us-east" token_env = "DIGITALOCEAN_TOKEN" [providers.digitalocean.settings] enable_backups = true enable_ipv6 = true enable_monitoring = true failover_primary = true # Hetzner Configuration - EU Central (Secondary) [providers.hetzner] default_datacenter = "nbg1-dc8" default_location = "nbg1" enabled = true region_name = "eu-central" token_env = "HCLOUD_TOKEN" [providers.hetzner.settings] default_volume_format = "ext4" enable_automount = false failover_secondary = true # AWS Configuration - Asia Pacific (Tertiary) [providers.aws] access_key_env = "AWS_ACCESS_KEY_ID" enabled = true region = "ap-southeast-1" region_name = "asia-southeast" secret_key_env = "AWS_SECRET_ACCESS_KEY" [providers.aws.settings] backup_retention_days = 30 enable_performance_insights = true failover_tertiary = true multi_az = true # Global DNS Configuration [dns] domain = "api.example.com" health_check_interval = 30 provider = "route53" ttl = 60 # Regional DNS Records [dns.regions.us_east] endpoint = "us.api.example.com" health_check_path = "/health" subdomain = "us" [dns.regions.eu_central] endpoint = "eu.api.example.com" health_check_path = "/health" subdomain = "eu" [dns.regions.asia_southeast] endpoint = "asia.api.example.com" health_check_path = "/health" subdomain = "asia" # Database Replication Configuration [database_replication] backup_retention_days = 30 max_replication_slots = 5 max_wal_senders = 5 mode = "multi-master" primary_region = "us-east" replication_lag_tolerance_seconds = 300 replication_method = "logical" wal_level = "logical" # VPN and Networking [networking] enable_vpn_tunnels = true vpn_authentication = "sha256" vpn_encryption = "aes-256" vpn_protocol = "ipsec" [networking.vpn_tunnels] asia_to_us = { name = "asia-us-vpn", source_network = "10.2.0.0/16", destination_network = "10.0.0.0/16" } eu_to_asia = { name = "eu-asia-vpn", source_network = "10.1.0.0/16", destination_network = "10.2.0.0/16" } us_to_eu = { name = "us-eu-vpn", source_network = "10.0.0.0/16", destination_network = "10.1.0.0/16" } # Deployment Settings [deployment] batch_size = 1 health_check_wait = 60 order = ["us-east", "eu-central", "asia-southeast"] rollback_on_failure = true strategy = "rolling" # Regional Monitoring Settings [monitoring] alert_on_threshold_exceeded = true enabled = true metric_collection_interval = 60 [monitoring.thresholds] cpu = 80 disk = 90 memory = 85 replication_lag = 600 [monitoring.alerts] high_cpu = { condition = "cpu > 80%", action = "scale-up", severity = "warning" } high_memory = { condition = "memory > 85%", action = "alert", severity = "warning" } region_down = { condition = "health_check_failed", action = "failover", severity = "critical" } replication_lag_critical = { condition = "replication_lag > 600s", action = "alert", severity = "critical" } # Backup and Disaster Recovery [backup] compression = true enabled = true encryption = true frequency = "daily" retention_days = 30 [backup.regions] asia_southeast = { strategy = "replica-backup", retention = "30 days" } eu_central = { strategy = "replica-backup", retention = "30 days" } us_east = { strategy = "automated", retention = "30 days" } # Health Checks [health_checks] asia_southeast = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 } eu_central = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 } us_east = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 } # Cost Tracking [cost_tracking] budget_alert_threshold = 300 enabled = true monthly_budget = 350 [cost_tracking.regional_budgets] asia_southeast = 130 eu_central = 79 total_estimate = 311 us_east = 102