# Multi-Region High Availability Workspace Configuration # Global deployment across 3 providers and 3 geographic regions [workspace] name = "multi-region-ha" environment = "production" owner = "platform-team" description = "High availability deployment across DigitalOcean (US), Hetzner (EU), and AWS (APAC)" # DigitalOcean Configuration - US East (Primary) [providers.digitalocean] enabled = true token_env = "DIGITALOCEAN_TOKEN" default_region = "nyc3" region_name = "us-east" [providers.digitalocean.settings] enable_monitoring = true enable_backups = true enable_ipv6 = true failover_primary = true # Hetzner Configuration - EU Central (Secondary) [providers.hetzner] enabled = true token_env = "HCLOUD_TOKEN" default_location = "nbg1" default_datacenter = "nbg1-dc8" region_name = "eu-central" [providers.hetzner.settings] enable_automount = false default_volume_format = "ext4" failover_secondary = true # AWS Configuration - Asia Pacific (Tertiary) [providers.aws] enabled = true region = "ap-southeast-1" access_key_env = "AWS_ACCESS_KEY_ID" secret_key_env = "AWS_SECRET_ACCESS_KEY" region_name = "asia-southeast" [providers.aws.settings] multi_az = true backup_retention_days = 30 enable_performance_insights = true failover_tertiary = true # Global DNS Configuration [dns] provider = "route53" domain = "api.example.com" ttl = 60 health_check_interval = 30 # Regional DNS Records [dns.regions.us_east] subdomain = "us" endpoint = "us.api.example.com" health_check_path = "/health" [dns.regions.eu_central] subdomain = "eu" endpoint = "eu.api.example.com" health_check_path = "/health" [dns.regions.asia_southeast] subdomain = "asia" endpoint = "asia.api.example.com" health_check_path = "/health" # Database Replication Configuration [database_replication] mode = "multi-master" primary_region = "us-east" replication_method = "logical" wal_level = "logical" max_wal_senders = 5 max_replication_slots = 5 replication_lag_tolerance_seconds = 300 backup_retention_days = 30 # VPN and Networking [networking] enable_vpn_tunnels = true vpn_protocol = "ipsec" vpn_encryption = "aes-256" vpn_authentication = "sha256" [networking.vpn_tunnels] us_to_eu = { name = "us-eu-vpn", source_network = "10.0.0.0/16", destination_network = "10.1.0.0/16" } eu_to_asia = { name = "eu-asia-vpn", source_network = "10.1.0.0/16", destination_network = "10.2.0.0/16" } asia_to_us = { name = "asia-us-vpn", source_network = "10.2.0.0/16", destination_network = "10.0.0.0/16" } # Deployment Settings [deployment] strategy = "rolling" batch_size = 1 health_check_wait = 60 rollback_on_failure = true order = ["us-east", "eu-central", "asia-southeast"] # Regional Monitoring Settings [monitoring] enabled = true metric_collection_interval = 60 alert_on_threshold_exceeded = true [monitoring.thresholds] cpu = 80 memory = 85 disk = 90 replication_lag = 600 [monitoring.alerts] high_cpu = { condition = "cpu > 80%", action = "scale-up", severity = "warning" } high_memory = { condition = "memory > 85%", action = "alert", severity = "warning" } replication_lag_critical = { condition = "replication_lag > 600s", action = "alert", severity = "critical" } region_down = { condition = "health_check_failed", action = "failover", severity = "critical" } # Backup and Disaster Recovery [backup] enabled = true frequency = "daily" retention_days = 30 compression = true encryption = true [backup.regions] us_east = { strategy = "automated", retention = "30 days" } eu_central = { strategy = "replica-backup", retention = "30 days" } asia_southeast = { strategy = "replica-backup", retention = "30 days" } # Health Checks [health_checks] us_east = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 } eu_central = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 } asia_southeast = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 } # Cost Tracking [cost_tracking] enabled = true budget_alert_threshold = 300 monthly_budget = 350 [cost_tracking.regional_budgets] us_east = 102 eu_central = 79 asia_southeast = 130 total_estimate = 311