Skip to content

Multi-AZ Clusters - Create and Deploy Keycloak #37

Multi-AZ Clusters - Create and Deploy Keycloak

Multi-AZ Clusters - Create and Deploy Keycloak #37

name: Multi-AZ Clusters - Create and Deploy Keycloak
on:
workflow_dispatch:
inputs:
clusterPrefix:
description: 'The prefix to be used when creating the clusters'
type: string
region:
description: 'The AWS region to create both clusters in. Defaults to "vars.AWS_DEFAULT_REGION" if omitted.'
type: string
createCluster:
description: 'Check to Create Cluster.'
type: boolean
default: true
keycloakRepository:
description: 'The repository to deploy Keycloak from. If not set nightly image is used'
type: string
activeActive:
description: 'When true deploy an Active/Active Keycloak deployment'
type: boolean
default: false
enableExternalInfinispanFeature:
description: 'To enable the external Infinispan feature. It disables the embedded caches and only uses the remote caches.'
type: boolean
default: false
enableMultiSiteFeature:
description: 'To enable the Multi Site Feature'
type: boolean
default: true
keycloakBranch:
description: 'The branch to deploy Keycloak from. If not set nightly image is used'
type: string
computeMachineType:
description: 'Instance type for the compute nodes'
default: 'm7g.2xlarge'
type: string
workflow_call:
inputs:
clusterPrefix:
description: 'The prefix to be used when creating the clusters'
type: string
region:
description: 'The AWS region to create both clusters in. Defaults to "vars.AWS_DEFAULT_REGION" if omitted.'
type: string
createCluster:
description: 'Check to Create Cluster.'
type: boolean
default: true
keycloakRepository:
description: 'The repository to deploy Keycloak from. If not set nightly image is used'
type: string
activeActive:
description: 'When true deploy an Active/Active Keycloak deployment'
type: boolean
default: false
enableExternalInfinispanFeature:
description: 'To enable the external Infinispan feature. It disables the embedded caches and only uses the remote caches.'
type: boolean
default: false
enableMultiSiteFeature:
description: 'To enable the Multi Site Feature'
type: boolean
default: true
keycloakBranch:
description: 'The branch to deploy Keycloak from. If not set nightly image is used'
type: string
computeMachineType:
description: 'Instance type for the compute nodes'
default: 'm7g.2xlarge'
type: string
env:
CLUSTER_PREFIX: ${{ inputs.clusterPrefix || format('gh-{0}', github.repository_owner) }}
REGION: ${{ inputs.region || vars.AWS_DEFAULT_REGION }}
KC_EXTERNAL_INFINISPAN: ${{ inputs.enableExternalInfinispanFeature }}
KC_MULTI_SITE: ${{ inputs.enableMultiSiteFeature }}
jobs:
# Workaround required for passing env variables to reusable workflow declarations as ${{ env.* }} is not available
meta:
runs-on: ubuntu-latest
outputs:
clusterPrefix: ${{ env.CLUSTER_PREFIX }}
region: ${{ env.REGION }}
cidrA: ${{ steps.cidr.outputs.CIDR_A }}
cidrB: ${{ steps.cidr.outputs.CIDR_B }}
concurrency:
group: multi-az-meta
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup ROSA CLI
uses: ./.github/actions/rosa-cli-setup
with:
aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-default-region: ${{ vars.AWS_DEFAULT_REGION }}
rosa-token: ${{ secrets.ROSA_TOKEN }}
- name: Calculate Cluster CIDR
id: cidr
run: |
set -x
CIDRS=$(./rosa_machine_cidr.sh)
echo "CIDR_A=$(echo ${CIDRS} | jq -r .cidr_a )" >> ${GITHUB_OUTPUT}
echo "CIDR_B=$(echo ${CIDRS} | jq -r .cidr_b )" >> ${GITHUB_OUTPUT}
working-directory: provision/aws
env:
CLUSTER_PREFIX: ${{ env.CLUSTER_PREFIX }}
cluster:
if: ${{ inputs.createCluster }}
needs: meta
strategy:
matrix:
availabilityZone: [ a, b ]
fail-fast: false
uses: ./.github/workflows/rosa-cluster-create.yml
with:
cidr: ${{ matrix.availabilityZone == 'a' && needs.meta.outputs.cidrA || needs.meta.outputs.cidrB }}
clusterName: ${{ needs.meta.outputs.clusterPrefix }}-${{ matrix.availabilityZone }}
region: ${{ needs.meta.outputs.region }}
availabilityZones: ${{ needs.meta.outputs.region }}${{ matrix.availabilityZone }}
computeMachineType: ${{ inputs.computeMachineType }}
secrets: inherit
deploy-keycloak:
runs-on: ubuntu-latest
if: ${{ (always() && needs.cluster.result == 'skipped' && !inputs.createCluster) || success()}}
needs: [cluster]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_wrapper: false
- name: Setup ROSA CLI
uses: ./.github/actions/rosa-cli-setup
with:
aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-default-region: ${{ vars.AWS_DEFAULT_REGION }}
rosa-token: ${{ secrets.ROSA_TOKEN }}
- name: Setup Go Task
uses: ./.github/actions/task-setup
- name: Setup Java
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
cache: maven
- name: Monitoring
working-directory: provision/rosa-cross-dc
run: task monitoring
env:
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b
- name: Create Route53 Loadbalancer
if: ${{ !inputs.activeActive }}
working-directory: provision/rosa-cross-dc
run: |
task route53 > route53
echo "KC_CLIENT_URL=$(grep -Po 'Client Site URL: \K.*' route53)" >> $GITHUB_ENV
echo "KC_HEALTH_URL_CLUSTER_1=$(grep -Po 'Primary Site URL: \K.*' route53)" >> $GITHUB_ENV
echo "KC_HEALTH_URL_CLUSTER_2=$(grep -Po 'Backup Site URL: \K.*' route53)" >> $GITHUB_ENV
env:
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b
- name: Deploy Active/Passive
if: ${{ !inputs.activeActive }}
working-directory: provision/rosa-cross-dc
run: task
env:
AURORA_CLUSTER: ${{ env.CLUSTER_PREFIX }}
AURORA_REGION: ${{ env.REGION }}
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b
KC_ACTIVE_ACTIVE: ${{ inputs.activeActive }}
KC_CPU_REQUESTS: 6
KC_INSTANCES: 3
KC_DISABLE_STICKY_SESSION: true
KC_CRYOSTAT: true
KC_IS_ACTIVE_PASSIVE: true
KC_EXTERNAL_INFINISPAN: ${{ env.KC_EXTERNAL_INFINISPAN }}
KC_MEMORY_REQUESTS_MB: 3000
KC_MEMORY_LIMITS_MB: 4000
KC_DB_POOL_INITIAL_SIZE: 30
KC_DB_POOL_MAX_SIZE: 30
KC_DB_POOL_MIN_SIZE: 30
KC_DATABASE: "aurora-postgres"
MULTI_AZ: "true"
CROSS_DC_XSITE_FAIL_POLICY: "WARN"
CROSS_DC_TX_MODE: "NONE"
KC_REPOSITORY: ${{ inputs.keycloakRepository }}
KC_BRANCH: ${{ inputs.keycloakBranch }}
- name: Create Accelerator Loadbalancer
if: ${{ inputs.activeActive }}
working-directory: provision/rosa-cross-dc
run: |
task global-accelerator-create
env:
ACCELERATOR_NAME: ${{ env.CLUSTER_PREFIX }}
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b
- name: Deploy Active/Active
if: ${{ inputs.activeActive }}
working-directory: provision/rosa-cross-dc
run: task active-active
env:
ACCELERATOR_DNS: ${{ env.ACCELERATOR_DNS }}
ACCELERATOR_NAME: ${{ env.CLUSTER_PREFIX }}
ACCELERATOR_WEBHOOK_URL: ${{ env.ACCELERATOR_WEBHOOK }}
ACCELERATOR_WEBHOOK_USERNAME: "keycloak"
ACCELERATOR_WEBHOOK_PASSWORD: ${{ env.KEYCLOAK_ADMIN_PASSWORD }}
AURORA_CLUSTER: ${{ env.CLUSTER_PREFIX }}
AURORA_REGION: ${{ env.REGION }}
ROSA_CLUSTER_NAME_1: ${{ env.CLUSTER_PREFIX }}-a
ROSA_CLUSTER_NAME_2: ${{ env.CLUSTER_PREFIX }}-b
KC_CPU_REQUESTS: 6
KC_INSTANCES: 3
KC_DISABLE_STICKY_SESSION: true
KC_CRYOSTAT: true
KC_IS_ACTIVE_PASSIVE: false
KC_EXTERNAL_INFINISPAN: ${{ env.KC_EXTERNAL_INFINISPAN }}
KC_MEMORY_REQUESTS_MB: 3000
KC_MEMORY_LIMITS_MB: 4000
KC_DB_POOL_INITIAL_SIZE: 30
KC_DB_POOL_MAX_SIZE: 30
KC_DB_POOL_MIN_SIZE: 30
KC_DATABASE: "aurora-postgres"
MULTI_AZ: "true"
KC_REPOSITORY: ${{ inputs.keycloakRepository }}
KC_BRANCH: ${{ inputs.keycloakBranch }}