regions fixes (#5246)

* fix: improve rollbacks

This addresses a few things.

The most obvious one is lowering the freshness of some frontline caches
to make rollbacks faster.

I also moved the entire deployment workflow to a virtual object, keyed
by workspace id. The reason is that we had some potential races and this
is the pragmatic fix for right now. I could've done it per app too, but
I actually think limiting concurrency in the beginning is not a bad
thing. afterall, we're paying for all of these resources.

* feat: scaling and region tables

* fix: replace AVAILABLE_REGIONS env var with clusterRegions table query

* fix: update instances mutation to use appScalingSettings table

* fix: update CPU mutation to use appScalingSettings table

* fix: update memory mutation to use appScalingSettings table

* fix: update regions mutation to use appScalingSettings and clusterRegions tables

* fix: revert cpu/memory mutations back to appRuntimeSettings

* feat: rename app_scaling_settings to app_regional_settings, add horizontal_autoscaling_policies table

* feat: replace regionConfig with appRegionalSettings across dashboard

* fix: remove AVAILABLE_REGIONS from .env.example

* feat: add migration script for region_config to app_regional_settings

* feat: add Heartbeat RPC to ClusterService proto

* feat: add heartbeat loop to krane agent

Krane now sends periodic heartbeats to the control plane every 30s,
reporting its region and platform. Also adds Platform config field,
fixes duplicate r.Recover()/r.DeferCtx calls, and updates mock client.

* feat: implement Heartbeat RPC handler and rename cluster_regions to regions

- Add Heartbeat handler on ctrl that upserts regions and clusters tables
- Rename cluster_regions table to regions for clarity
- Remove AvailableRegions config from ctrl api/worker
- Deploy workflow now fails with terminal error if no regions configured
- Certificate bootstrap queries regions from DB instead of config
- Add SQL queries: UpsertRegion, FindRegionByNameAndPlatform, ListRegions, UpsertCluster

* feat: deploy workflow reads from appRegionalSettings, add region_id to deployment_topology

- Deploy handler now reads regions from app_regional_settings table
  instead of deprecated regionConfig on app_runtime_settings
- Fails with terminal error if no regions are configured
- Added region_id column to deployment_topology table
- Added FindAppRegionalSettingsByAppAndEnv SQL query with regions join
- Updated integration harness to create regions before topologies

* fix: display region names in UI, add local region support

- Join regions table when fetching regional settings to get region name
- Use region name (not ID) for display in runtime settings
- Add "local" flag code to sentinel node types and REGION_INFO

* feat: add X-Krane-Platform header, app_id to ApplySentinel, and appId labels

- Add X-Krane-Platform header alongside X-Krane-Region in the krane
  interceptor so ctrl can identify regions by (name, platform) pair
- All ctrl RPC handlers now validate both region and platform from headers
- Add app_id field to ApplySentinel proto message
- Add AppID label to all sentinel sub-resources (Service, PDB, gossip
  Service, CiliumNetworkPolicy) for consistency with deployment labels
- Remove hardcoded region list from sentinel config validation (regions
  are now dynamic from DB)
- Add platform field to sentinel config

* fix: step conflict

* fix: rabbit

* fix: frontline uses correct platform/region

* feat: add running state

* fix: relation key

* fix: unique key

Author: chronark

dev/config/ctrl-api.toml

@@ -2,7 +2,6 @@ instance_id = "ctrl-api-dev"
 region = "local"
 http_port = 7091
 auth_token = "your-local-dev-key"
-available_regions = ["local.dev"]
 default_domain = "unkey.local"
 cname_domain = "unkey.local"
 

dev/config/krane.toml

@@ -1,4 +1,5 @@
-region = "local.dev"
+region = "local"
+platform = "dev"
 
 [control_plane]
 url = "http://ctrl-api:7091"

dev/k8s/manifests/ctrl-api.yaml

@@ -12,7 +12,6 @@ data:
     region = "local"
     http_port = 7091
     auth_token = "your-local-dev-key"
-    available_regions = ["local.dev"]
     default_domain = "unkey.local"
     cname_domain = "unkey.local"
 

dev/k8s/manifests/ctrl-worker.yaml

@@ -14,7 +14,6 @@ data:
     cname_domain = "unkey.local"
     build_platform = "linux/arm64"
     sentinel_image = "unkey/sentinel:latest"
-    available_regions = ["local.dev"]
 
     [database]
     primary = "unkey:password@tcp(mysql:3306)/unkey?parseTime=true&interpolateParams=true"

dev/k8s/manifests/frontline.yaml

@@ -6,7 +6,8 @@ metadata:
   namespace: unkey
 data:
   unkey.toml: |
-    region = "local.dev"
+    platform = "dev"
+    region = "local"
     challenge_port = 7070
     http_port = 7443
     apex_domain = "unkey.local"

dev/k8s/manifests/krane.yaml

@@ -8,7 +8,8 @@ metadata:
     component: krane
 data:
   unkey.toml: |
-    region = "local.dev"
+    region = "local"
+    platform = "dev"
 
     [control]
     url = "http://ctrl-api:7091"

docs/engineering/architecture/services/control-plane/api/configuration.mdx

@@ -40,9 +40,7 @@ Rotation is manual today. There is no built-in rotation mechanism.
 
 TODO: Replace with JWT-based auth once `auth.unkey.cloud` is in place.
 
-<ResponseField name="available_regions" type="string[]">
-  Regions available for deployments.
-</ResponseField>
+
 
 <ResponseField name="default_domain" type="string">
   Base domain for wildcard certificates.
@@ -117,7 +115,6 @@ prometheus_port = 9090
 region = "${UNKEY_REGION}"
 instance_id = "${POD_NAME}"
 auth_token = "${UNKEY_AUTH_TOKEN}"
-available_regions = ["eu-central-1.aws", "us-east-1.aws", "us-west-2.aws"]
 default_domain = "${UNKEY_DEFAULT_DOMAIN}"
 regional_domain = "${UNKEY_REGIONAL_DOMAIN}"
 cname_domain = "${UNKEY_CNAME_DOMAIN}"

docs/engineering/architecture/services/control-plane/worker/configuration.mdx

@@ -38,7 +38,6 @@ These fields must be set for production deployments.
 | `default_domain` | string | `unkey.app` | Used for sentinel bootstrapping.
 | `build_platform` | string | `linux/amd64` | Build platform, format `linux/{arch}`.
 | `sentinel_image` | string | `ghcr.io/unkeyed/unkey:local` | Sentinel image override.
-| `available_regions` | list | - | Regions allowed for deployments.
 | `acme` | object | - | ACME config for cert issuance.
 | `depot` | object | - | Depot.dev config for builds.
 | `registry` | object | - | Registry credentials for builds.
@@ -126,7 +125,6 @@ instance_id = "${POD_NAME}"
 default_domain = "${UNKEY_DEFAULT_DOMAIN}"
 build_platform = "linux/amd64"
 sentinel_image = "ghcr.io/unkeyed/unkey:v2.0.77"
-available_regions = ["eu-central-1.aws", "us-east-1.aws"]
 cname_domain = "${UNKEY_CNAME_DOMAIN}"
 
 [database]