Reference: PRD Sections 4.3-4.5 - Multi-Region Architecture
This directory contains configuration samples for implementing multi-region deployments on the HelpDev platform.
Defines the phased rollout strategy for deploying services across multiple regions:
-
ConfigMap with rollout configuration defining:
- Regional deployment order (primary → secondary)
- Phase definitions with validation criteria
- Rollback triggers and strategy
- Service tier overrides
-
Argo Rollout example for canary deployments within a region:
- Progressive traffic shifting (10% → 25% → 50% → 75% → 100%)
- Integration with Istio for traffic routing
- Analysis-driven promotion
-
AnalysisTemplate for deployment validation:
- Success rate monitoring
- Latency threshold enforcement
Terraform configuration for DNS-based failover:
- Health Checks for each region monitoring
/healthzendpoint - Failover Routing - Primary (us-east-1) with automatic failover to secondary (sa-east-1)
- Latency-based Routing - Route users to nearest healthy region
- Weighted Routing - For controlled regional canary deployments
- CloudWatch Alarms for health check failures
Terraform configuration for cross-region data replication:
- ECR Replication - Automatic container image replication
- S3 Replication - Artifact and backup replication with versioning
- Secrets Manager Replication - Infrastructure secret synchronization
┌──────────────────┐
│ Route53 │
│ Health Checks │
└────────┬─────────┘
│
┌──────────────┴──────────────┐
│ │
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ us-east-1 │ │ sa-east-1 │
│ (Primary) │ │ (Secondary) │
│ │ │ │
│ ┌───────────┐ │ │ ┌───────────┐ │
│ │ EKS │ │ │ │ EKS │ │
│ │ eks-prod- │ │ │ │ eks-prod- │ │
│ │ use1 │ │ │ │ sae1 │ │
│ └───────────┘ │ │ └───────────┘ │
│ │ │ │
│ ┌───────────┐ │ ◄───► │ ┌───────────┐ │
│ │ ECR │──┼──────────┼──│ ECR │ │
│ │ Replicated│ │ │ │ Replica │ │
│ └───────────┘ │ │ └───────────┘ │
│ │ │ │
│ ┌───────────┐ │ ◄───► │ ┌───────────┐ │
│ │ Secrets │──┼──────────┼──│ Secrets │ │
│ │ Manager │ │ │ │ Replica │ │
│ └───────────┘ │ │ └───────────┘ │
│ │ │ │
│ ┌───────────┐ │ ◄───► │ ┌───────────┐ │
│ │ S3 │──┼──────────┼──│ S3 │ │
│ │ Artifacts │ │ │ │ Replica │ │
│ └───────────┘ │ │ └───────────┘ │
└─────────────────┘ └─────────────────┘
- Deploy to us-east-1 (primary)
- Run smoke tests
- Monitor for 15 minutes
- Validate success criteria:
- 100% pod health
- <0.1% error rate
- p95 latency <500ms
- Deploy to sa-east-1 (secondary)
- Run smoke tests
- Monitor for 10 minutes
- Final validation across all regions
- Error rate >1% for 5 minutes
- Pod health <80%
- p95 latency >2 seconds
cd samples/multi-region
terraform init
terraform plan -var="environment=prod" \
-var="primary_alb_dns=k8s-prod-use1-xxxx.us-east-1.elb.amazonaws.com" \
-var="primary_alb_zone_id=Z35SXDOTRQ7X7K" \
-var="secondary_alb_dns=k8s-prod-sae1-xxxx.sa-east-1.elb.amazonaws.com" \
-var="secondary_alb_zone_id=Z2P70J7HTTTPLU"
terraform apply# Apply from primary region
terraform apply -target=aws_ecr_replication_configuration.cross_regionApply the ConfigMap to the Argo CD namespace:
kubectl apply -f phased-rollout-config.yaml -n argocd- Region Isolation: Per PRD, regions are isolated - services do NOT communicate across regions
- Data Locality: Databases are regional; use Global Tables for DynamoDB if needed
- ECR Replication: Automatic for all
helpdev-*prefixed repositories - Secrets Replication: Only infrastructure secrets are replicated; application secrets are regional
- Health Checks: Use multiple Route53 health checker regions for reliability
- terraform/environments/ - Environment-specific configurations
- argocd/ - Argo CD ApplicationSets for multi-region
- observability/dashboards/multi-region.json - Multi-region dashboard