Architecture
text
Region A (Primary) Region B (Secondary)
+-----------------------+ +-----------------------+
| GKE Cluster | | GKE Cluster |
| +-- Digest pods | | +-- Kafka brokers |
| +-- UI pods | | +-- cert-manager |
| +-- Ingest pods | | +-- humio-operator |
| +-- Kafka brokers | | (0 replicas) |
| +-- cert-manager | | |
| | | NOT running: |
| | | - LogScale pods |
| | | (epoch conflict if |
| | | started prematurely)|
| | | |
| GCS Bucket (R/W) | | GCS Bucket (own, R/W) |
| dr-primary-... | | dr-secondary-... |
+-----------------------+ +-----------------------+
| |
| Without bucket replication: |
+--- read-only cross-region access ---+
| (secondary reads primary bucket) |
| |
| With bucket replication: |
| (secondary reads local copy, |
| set GCP_RECOVER_FROM_REPLACE_ |
| BUCKET to rewrite paths) |
| |
+------ Global LB (health check) -----+
+------ Cloud DNS (failover) ---------+Key points:
The secondary cluster's GCS bucket is its own; it does not write to the primary's bucket.
The secondary reads the primary's bucket only during recovery (snapshot restore).
The GLB health check determines which backend receives traffic. When the primary fails, traffic shifts to the secondary.
Cloud DNS failover routing provides an alternative (or complementary) mechanism for DNS-level redirection.