Multi-AZ Clusters - Create and Deploy Keycloak #81
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Multi-AZ Clusters - Create and Deploy Keycloak | |
on: | |
workflow_dispatch: | |
inputs: | |
clusterPrefix: | |
description: 'The prefix to be used when creating the clusters' | |
type: string | |
region: | |
description: 'The AWS region to create both clusters in. Defaults to "vars.AWS_DEFAULT_REGION" if omitted.' | |
type: string | |
createCluster: | |
description: 'Check to Create Cluster.' | |
type: boolean | |
default: true | |
keycloakRepository: | |
description: 'The repository to deploy Keycloak from. If not set nightly image is used' | |
type: string | |
activeActive: | |
description: 'When true deploy an Active/Active Keycloak deployment' | |
type: boolean | |
default: false | |
enableExternalInfinispanFeature: | |
description: 'To enable the external Infinispan feature. It disables the embedded caches and only uses the remote caches.' | |
type: boolean | |
default: false | |
enableMultiSiteFeature: | |
description: 'To enable the Multi Site Feature' | |
type: boolean | |
default: true | |
keycloakBranch: | |
description: 'The branch to deploy Keycloak from. If not set nightly image is used' | |
type: string | |
workflow_call: | |
inputs: | |
clusterPrefix: | |
description: 'The prefix to be used when creating the clusters' | |
type: string | |
region: | |
description: 'The AWS region to create both clusters in. Defaults to "vars.AWS_DEFAULT_REGION" if omitted.' | |
type: string | |
createCluster: | |
description: 'Check to Create Cluster.' | |
type: boolean | |
default: true | |
keycloakRepository: | |
description: 'The repository to deploy Keycloak from. If not set nightly image is used' | |
type: string | |
activeActive: | |
description: 'When true deploy an Active/Active Keycloak deployment' | |
type: boolean | |
default: false | |
enableExternalInfinispanFeature: | |
description: 'To enable the external Infinispan feature. It disables the embedded caches and only uses the remote caches.' | |
type: boolean | |
default: false | |
enableMultiSiteFeature: | |
description: 'To enable the Multi Site Feature' | |
type: boolean | |
default: true | |
keycloakBranch: | |
description: 'The branch to deploy Keycloak from. If not set nightly image is used' | |
type: string | |
env: | |
CLUSTER_PREFIX: ${{ inputs.clusterPrefix || format('gh-{0}', github.repository_owner) }} | |
REGION: ${{ inputs.region || vars.AWS_DEFAULT_REGION }} | |
KC_EXTERNAL_INFINISPAN: ${{ inputs.enableExternalInfinispanFeature }} | |
KC_MULTI_SITE: ${{ inputs.enableMultiSiteFeature }} | |
jobs: | |
# Workaround required for passing env variables to reusable workflow declarations as ${{ env.* }} is not available | |
meta: | |
runs-on: ubuntu-latest | |
outputs: | |
clusterPrefix: ${{ env.CLUSTER_PREFIX }} | |
region: ${{ env.REGION }} | |
cidrA: ${{ steps.cidr.outputs.CIDR_A }} | |
cidrB: ${{ steps.cidr.outputs.CIDR_B }} | |
concurrency: | |
group: multi-az-meta | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Setup ROSA CLI | |
uses: ./.github/actions/rosa-cli-setup | |
with: | |
aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-default-region: ${{ vars.AWS_DEFAULT_REGION }} | |
rosa-token: ${{ secrets.ROSA_TOKEN }} | |
- name: Calculate Cluster CIDR | |
id: cidr | |
run: | | |
set -x | |
CIDRS=$(./rosa_machine_cidr.sh) | |
echo "CIDR_A=$(echo ${CIDRS} | jq -r .cidr_a )" >> ${GITHUB_OUTPUT} | |
echo "CIDR_B=$(echo ${CIDRS} | jq -r .cidr_b )" >> ${GITHUB_OUTPUT} | |
working-directory: provision/aws | |
env: | |
CLUSTER_PREFIX: ${{ env.CLUSTER_PREFIX }} | |
cluster: | |
if: ${{ inputs.createCluster }} | |
needs: meta | |
strategy: | |
matrix: | |
availabilityZone: [ a, b ] | |
fail-fast: false | |
uses: ./.github/workflows/rosa-cluster-create.yml | |
with: | |
cidr: ${{ matrix.availabilityZone == 'a' && needs.meta.outputs.cidrA || needs.meta.outputs.cidrB }} | |
clusterName: ${{ needs.meta.outputs.clusterPrefix }}-${{ matrix.availabilityZone }} | |
region: ${{ needs.meta.outputs.region }} | |
availabilityZones: ${{ needs.meta.outputs.region }}${{ matrix.availabilityZone }} | |
secrets: inherit | |
deploy-keycloak: | |
runs-on: ubuntu-latest | |
if: ${{ (always() && needs.cluster.result == 'skipped' && !inputs.createCluster) || success()}} | |
needs: [cluster] | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Setup OpenTofu | |
uses: opentofu/setup-opentofu@v1 | |
with: | |
tofu_wrapper: false | |
- name: Setup ROSA CLI | |
uses: ./.github/actions/rosa-cli-setup | |
with: | |
aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-default-region: ${{ vars.AWS_DEFAULT_REGION }} | |
rosa-token: ${{ secrets.ROSA_TOKEN }} | |
- name: Setup Go Task | |
uses: ./.github/actions/task-setup | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
cache: maven | |
- name: Monitoring | |
working-directory: provision/rosa-cross-dc | |
run: task monitoring | |
env: | |
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a | |
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b | |
- name: Create Route53 Loadbalancer | |
if: ${{ !inputs.activeActive }} | |
working-directory: provision/rosa-cross-dc | |
run: | | |
task route53 > route53 | |
echo "KC_CLIENT_URL=$(grep -Po 'Client Site URL: \K.*' route53)" >> $GITHUB_ENV | |
echo "KC_HEALTH_URL_CLUSTER_1=$(grep -Po 'Primary Site URL: \K.*' route53)" >> $GITHUB_ENV | |
echo "KC_HEALTH_URL_CLUSTER_2=$(grep -Po 'Backup Site URL: \K.*' route53)" >> $GITHUB_ENV | |
env: | |
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a | |
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b | |
- name: Deploy Active/Passive | |
if: ${{ !inputs.activeActive }} | |
working-directory: provision/rosa-cross-dc | |
run: task | |
env: | |
AURORA_CLUSTER: ${{ env.CLUSTER_PREFIX }} | |
AURORA_REGION: ${{ env.REGION }} | |
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a | |
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b | |
KC_ACTIVE_ACTIVE: ${{ inputs.activeActive }} | |
KC_CPU_REQUESTS: 6 | |
KC_INSTANCES: 3 | |
KC_DISABLE_STICKY_SESSION: true | |
KC_CRYOSTAT: false | |
KC_IS_ACTIVE_PASSIVE: true | |
KC_EXTERNAL_INFINISPAN: ${{ env.KC_EXTERNAL_INFINISPAN }} | |
KC_MEMORY_REQUESTS_MB: 3000 | |
KC_MEMORY_LIMITS_MB: 4000 | |
KC_DB_POOL_INITIAL_SIZE: 30 | |
KC_DB_POOL_MAX_SIZE: 30 | |
KC_DB_POOL_MIN_SIZE: 30 | |
KC_DATABASE: "aurora-postgres" | |
MULTI_AZ: "true" | |
CROSS_DC_XSITE_FAIL_POLICY: "WARN" | |
CROSS_DC_TX_MODE: "NONE" | |
KC_REPOSITORY: ${{ inputs.keycloakRepository }} | |
KC_BRANCH: ${{ inputs.keycloakBranch }} | |
- name: Create Accelerator Loadbalancer | |
if: ${{ inputs.activeActive }} | |
working-directory: provision/rosa-cross-dc | |
run: | | |
task global-accelerator-create | |
env: | |
ACCELERATOR_NAME: ${{ env.CLUSTER_PREFIX }} | |
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a | |
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b | |
- name: Deploy Active/Active | |
if: ${{ inputs.activeActive }} | |
working-directory: provision/rosa-cross-dc | |
run: task active-active | |
env: | |
ACCELERATOR_DNS: ${{ env.ACCELERATOR_DNS }} | |
ACCELERATOR_NAME: ${{ env.CLUSTER_PREFIX }} | |
ACCELERATOR_WEBHOOK_URL: ${{ env.ACCELERATOR_WEBHOOK }} | |
ACCELERATOR_WEBHOOK_USERNAME: "keycloak" | |
ACCELERATOR_WEBHOOK_PASSWORD: ${{ env.KEYCLOAK_ADMIN_PASSWORD }} | |
AURORA_CLUSTER: ${{ env.CLUSTER_PREFIX }} | |
AURORA_REGION: ${{ env.REGION }} | |
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a | |
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b | |
KC_CPU_REQUESTS: 6 | |
KC_INSTANCES: 3 | |
KC_DISABLE_STICKY_SESSION: true | |
KC_CRYOSTAT: false | |
KC_IS_ACTIVE_PASSIVE: false | |
KC_EXTERNAL_INFINISPAN: ${{ env.KC_EXTERNAL_INFINISPAN }} | |
KC_MEMORY_REQUESTS_MB: 3000 | |
KC_MEMORY_LIMITS_MB: 4000 | |
KC_DB_POOL_INITIAL_SIZE: 30 | |
KC_DB_POOL_MAX_SIZE: 30 | |
KC_DB_POOL_MIN_SIZE: 30 | |
KC_DATABASE: "aurora-postgres" | |
MULTI_AZ: "true" | |
KC_REPOSITORY: ${{ inputs.keycloakRepository }} | |
KC_BRANCH: ${{ inputs.keycloakBranch }} |