44648e3206
- Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/
152 lines
4.0 KiB
TOML
152 lines
4.0 KiB
TOML
# Multi-Region High Availability Workspace Configuration
|
|
# Global deployment across 3 providers and 3 geographic regions
|
|
|
|
[workspace]
|
|
name = "multi-region-ha"
|
|
environment = "production"
|
|
owner = "platform-team"
|
|
description = "High availability deployment across DigitalOcean (US), Hetzner (EU), and AWS (APAC)"
|
|
|
|
# DigitalOcean Configuration - US East (Primary)
|
|
[providers.digitalocean]
|
|
enabled = true
|
|
token_env = "DIGITALOCEAN_TOKEN"
|
|
default_region = "nyc3"
|
|
region_name = "us-east"
|
|
|
|
[providers.digitalocean.settings]
|
|
enable_monitoring = true
|
|
enable_backups = true
|
|
enable_ipv6 = true
|
|
failover_primary = true
|
|
|
|
# Hetzner Configuration - EU Central (Secondary)
|
|
[providers.hetzner]
|
|
enabled = true
|
|
token_env = "HCLOUD_TOKEN"
|
|
default_location = "nbg1"
|
|
default_datacenter = "nbg1-dc8"
|
|
region_name = "eu-central"
|
|
|
|
[providers.hetzner.settings]
|
|
enable_automount = false
|
|
default_volume_format = "ext4"
|
|
failover_secondary = true
|
|
|
|
# AWS Configuration - Asia Pacific (Tertiary)
|
|
[providers.aws]
|
|
enabled = true
|
|
region = "ap-southeast-1"
|
|
access_key_env = "AWS_ACCESS_KEY_ID"
|
|
secret_key_env = "AWS_SECRET_ACCESS_KEY"
|
|
region_name = "asia-southeast"
|
|
|
|
[providers.aws.settings]
|
|
multi_az = true
|
|
backup_retention_days = 30
|
|
enable_performance_insights = true
|
|
failover_tertiary = true
|
|
|
|
# Global DNS Configuration
|
|
[dns]
|
|
provider = "route53"
|
|
domain = "api.example.com"
|
|
ttl = 60
|
|
health_check_interval = 30
|
|
|
|
# Regional DNS Records
|
|
[dns.regions.us_east]
|
|
subdomain = "us"
|
|
endpoint = "us.api.example.com"
|
|
health_check_path = "/health"
|
|
|
|
[dns.regions.eu_central]
|
|
subdomain = "eu"
|
|
endpoint = "eu.api.example.com"
|
|
health_check_path = "/health"
|
|
|
|
[dns.regions.asia_southeast]
|
|
subdomain = "asia"
|
|
endpoint = "asia.api.example.com"
|
|
health_check_path = "/health"
|
|
|
|
# Database Replication Configuration
|
|
[database_replication]
|
|
mode = "multi-master"
|
|
primary_region = "us-east"
|
|
replication_method = "logical"
|
|
wal_level = "logical"
|
|
max_wal_senders = 5
|
|
max_replication_slots = 5
|
|
replication_lag_tolerance_seconds = 300
|
|
backup_retention_days = 30
|
|
|
|
# VPN and Networking
|
|
[networking]
|
|
enable_vpn_tunnels = true
|
|
vpn_protocol = "ipsec"
|
|
vpn_encryption = "aes-256"
|
|
vpn_authentication = "sha256"
|
|
|
|
[networking.vpn_tunnels]
|
|
us_to_eu = { name = "us-eu-vpn", source_network = "10.0.0.0/16", destination_network = "10.1.0.0/16" }
|
|
eu_to_asia = { name = "eu-asia-vpn", source_network = "10.1.0.0/16", destination_network = "10.2.0.0/16" }
|
|
asia_to_us = { name = "asia-us-vpn", source_network = "10.2.0.0/16", destination_network = "10.0.0.0/16" }
|
|
|
|
# Deployment Settings
|
|
[deployment]
|
|
strategy = "rolling"
|
|
batch_size = 1
|
|
health_check_wait = 60
|
|
rollback_on_failure = true
|
|
order = ["us-east", "eu-central", "asia-southeast"]
|
|
|
|
# Regional Monitoring Settings
|
|
[monitoring]
|
|
enabled = true
|
|
metric_collection_interval = 60
|
|
alert_on_threshold_exceeded = true
|
|
|
|
[monitoring.thresholds]
|
|
cpu = 80
|
|
memory = 85
|
|
disk = 90
|
|
replication_lag = 600
|
|
|
|
[monitoring.alerts]
|
|
high_cpu = { condition = "cpu > 80%", action = "scale-up", severity = "warning" }
|
|
high_memory = { condition = "memory > 85%", action = "alert", severity = "warning" }
|
|
replication_lag_critical = { condition = "replication_lag > 600s", action = "alert", severity = "critical" }
|
|
region_down = { condition = "health_check_failed", action = "failover", severity = "critical" }
|
|
|
|
# Backup and Disaster Recovery
|
|
[backup]
|
|
enabled = true
|
|
frequency = "daily"
|
|
retention_days = 30
|
|
compression = true
|
|
encryption = true
|
|
|
|
[backup.regions]
|
|
us_east = { strategy = "automated", retention = "30 days" }
|
|
eu_central = { strategy = "replica-backup", retention = "30 days" }
|
|
asia_southeast = { strategy = "replica-backup", retention = "30 days" }
|
|
|
|
# Health Checks
|
|
[health_checks]
|
|
us_east = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
|
|
eu_central = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
|
|
asia_southeast = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
|
|
|
|
# Cost Tracking
|
|
[cost_tracking]
|
|
enabled = true
|
|
budget_alert_threshold = 300
|
|
monthly_budget = 350
|
|
|
|
[cost_tracking.regional_budgets]
|
|
us_east = 102
|
|
eu_central = 79
|
|
asia_southeast = 130
|
|
total_estimate = 311
|