Requirements
| Requirement | Details |
|---|---|
| GCP projects | Single project with resources in two different regions. Two separate projects are also available but should be considered Beta — cross-project IAM for GCS, GLB, and service account impersonation requires additional role bindings not covered here. |
| Terraform state backend | GCS bucket (or equivalent) accessible from both regions |
| Cloud DNS zone | A managed zone for the global hostname used by both clusters (see below) |
| LogScale license | The same license key must be used on both primary and secondary |
| Service accounts | Service accounts in both regions with the required IAM roles (GKE, GCS, DNS, Compute) |
| Terraform and gcloud CLI | Installed and authenticated for both regions |
Create the Cloud DNS Managed Zone
The DR module uses data.google_dns_managed_zone to look up the zone at plan time. This data source runs unconditionally, so the zone must exist before any terraform plan or terraform apply on a DR-enabled worker, even for steps that do not involve DNS.
shell
gcloud dns managed-zones create <zone-name> \
--dns-name="<your-domain>." \
--description="DR failover zone" \
--project=<project-id>
Set global_dns_zone_name in the worker config to match:
terraform
global_dns_zone_name: "<zone-name>"