Cross-site deployment with Aurora DB, Infinispan and Keycloak
Deploy a Keycloak between two ROSA cluster with Infinispan (cross-site enabled) and a shared Aurora DB.
This steps creates the Aurora DB, if it does not exist yet, and configures the AWS VPC and AWS Route Tables to allow the ROSA clusters to access the Aurora DB instance.
Both Infinispan and Keycloak are deployed in the same namespace.
Installation steps
-
Check out the Git repository from https://github.com/keycloak/keycloak-benchmark/.
-
Create a Route53 entry as described in AWS Route 53 as loadbalancer for ROSA.
-
Change to the folder
provision/rosa-cross-dc. -
Provide the Required variables in the
.envfile in the folder. -
Run the
taskcommand to provision all containers on both OpenShift clusters (check below the required variables).
Available Tasks
Two tasks are available, one to deploy and the other to undeploy, as follows:
task: Available tasks for this project:
* default: Deploys Infinispan, Aurora DB and Keycloak in a Cross-Site deployment using ROSA clusters
* undeploy: Undeploy Infinispan and Keycloak in a Cross-Site deployment using ROSA clusters
The undeploy task does not remove the Aurora DB and it needs to be manually remove.
Check scripts in directory provision/aws/rds.
|
Required variables
| Variable | Details |
|---|---|
AURORA_CLUSTER |
The unique name for Aurora Database. |
AURORA_REGION |
The AWS region to deploy Aurora DB. |
ROSA_CLUSTER_NAME_1 |
The name of one ROSA cluster. |
ROSA_CLUSTER_NAME_2 |
The name of the other ROSA cluster. |
KC_CLIENT_URL |
URL as provided by AWS Route 53 as loadbalancer for ROSA |
KC_HEALTH_URL_CLUSTER_1 |
URL as provided by AWS Route 53 as loadbalancer for ROSA |
KC_HEALTH_URL_CLUSTER_2 |
URL as provided by AWS Route 53 as loadbalancer for ROSA |
Customize Aurora DB, Keycloak or Infinispan deployments.
This installation scripts support most of the variables defined by the original deployment scripts.
For Aurora DB variables, check the Aurora installation page.
For Infinispan deployment, check Infinispan installation page.
For Keycloak deployment, check Keycloak Customization page.
Note that not all variable are respected.
As an example, KC_ISPN_NAMESPACE is not possible to change since it is automatically computed by this installation script.
Customize Keycloak source
This setup, by default, deploys Keycloak from nightly build. To create a deployment for specific Keycloak source code, git repository and branch can be specified. This replaces deployments for both Keycloak and Keycloak operator. Specify the following variables for using custom source code:
| Variable | Details |
|---|---|
KC_REPOSITORY |
Git repository to clone Keycloak source code from. Example: https://github.com/keycloak/keycloak.git Note: SSH repositories may not work in Github Actions as SSH keys may not be configured. |
KC_BRANCH |
The branch within |
Using AWS JDBC driver
AWS provides a JDBC driver wrapper that is compatible with Aurora PostgreSQL we are using in our setup. This driver provides some additional features when using compatible databases. This wrapper is enabled by default in the Cross-site deployment.
To disable the AWS JDBC driver, set the KC_USE_AWS_JDBC_WRAPPER variable to false.
To specify the version of the AWS JDBC driver, set the KC_AWS_JDBC_WRAPPER_URL variable to the URL of corresponding jar file.
Warnings / Known issues
-
We know that sometimes during the ROSA cluster creation, few orphaned DHCP options sets are created. We can monitor and clean them up using a bash script, for more info on that see, how to Clean the orphaned DHCP options from a ROSA cluster creation.