2025-04-24 20:42:29 +03:00
|
|
|
version: "3.9"
|
|
|
|
|
|
|
|
|
|
networks:
|
|
|
|
|
keycloak-net:
|
|
|
|
|
driver: overlay
|
|
|
|
|
|
2025-04-24 21:06:43 +03:00
|
|
|
###############################################################################
|
|
|
|
|
# ⬇⬇⬇ SWARM SECRETS DEFINITION (external:true → we created them beforehand) ⬇⬇⬇
|
|
|
|
|
###############################################################################
|
|
|
|
|
secrets:
|
|
|
|
|
kc_db_password: {external: true}
|
|
|
|
|
keycloak_admin_password: {external: true}
|
|
|
|
|
pg_superuser_password: {external: true}
|
|
|
|
|
repmgr_password: {external: true}
|
|
|
|
|
|
2025-04-24 20:42:29 +03:00
|
|
|
services:
|
2025-04-24 21:06:43 +03:00
|
|
|
# ────────── KEYCLOAK ───────────────────────────────────────────────────────
|
2025-04-24 20:42:29 +03:00
|
|
|
keycloak:
|
2025-04-24 21:06:43 +03:00
|
|
|
image: quay.io/keycloak/keycloak:26.2.1 # 23 Apr 2025-latest
|
2025-04-24 20:42:29 +03:00
|
|
|
command: >
|
|
|
|
|
start --optimized
|
2025-04-24 20:56:17 +03:00
|
|
|
--cache=ispn
|
2025-04-24 20:42:29 +03:00
|
|
|
--hostname-strict=false
|
|
|
|
|
environment:
|
|
|
|
|
KC_DB: postgres
|
2025-04-24 21:06:43 +03:00
|
|
|
KC_DB_URL_HOST: pg-0
|
2025-04-24 20:42:29 +03:00
|
|
|
KC_DB_URL_PORT: 5432
|
|
|
|
|
KC_DB_USERNAME: keycloak
|
2025-04-24 21:06:43 +03:00
|
|
|
KC_DB_PASSWORD_FILE: /run/secrets/kc_db_password # 👈 secret file
|
|
|
|
|
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin} # username ≠ secret
|
|
|
|
|
KEYCLOAK_ADMIN_PASSWORD_FILE: /run/secrets/keycloak_admin_password
|
2025-04-24 20:56:17 +03:00
|
|
|
depends_on: [pg-0]
|
|
|
|
|
networks: [keycloak-net]
|
2025-04-24 21:06:43 +03:00
|
|
|
secrets:
|
|
|
|
|
- kc_db_password
|
|
|
|
|
- keycloak_admin_password
|
2025-04-24 20:42:29 +03:00
|
|
|
deploy:
|
2025-04-24 20:56:17 +03:00
|
|
|
replicas: 1
|
2025-04-24 21:06:43 +03:00
|
|
|
restart_policy: {condition: on-failure}
|
2025-04-24 20:42:29 +03:00
|
|
|
|
2025-04-24 21:06:43 +03:00
|
|
|
# ────────── POSTGRESQL-REPMGR HA CLUSTER ──────────────────────────────────
|
|
|
|
|
pg-0: # primary
|
2025-04-24 20:42:29 +03:00
|
|
|
image: bitnami/postgresql-repmgr:17
|
|
|
|
|
environment:
|
2025-04-24 21:06:43 +03:00
|
|
|
POSTGRESQL_POSTGRES_PASSWORD_FILE: /run/secrets/pg_superuser_password
|
2025-04-24 20:42:29 +03:00
|
|
|
POSTGRESQL_USERNAME: keycloak
|
2025-04-24 21:06:43 +03:00
|
|
|
POSTGRESQL_PASSWORD_FILE: /run/secrets/kc_db_password
|
2025-04-24 20:42:29 +03:00
|
|
|
POSTGRESQL_DATABASE: keycloak
|
2025-04-24 20:56:17 +03:00
|
|
|
REPMGR_USERNAME: repmgr
|
2025-04-24 21:06:43 +03:00
|
|
|
REPMGR_PASSWORD_FILE: /run/secrets/repmgr_password
|
2025-04-24 20:56:17 +03:00
|
|
|
REPMGR_NODE_ID: 1000
|
|
|
|
|
REPMGR_NODE_NAME: pg-0
|
|
|
|
|
REPMGR_NODE_NETWORK_NAME: pg-0
|
|
|
|
|
REPMGR_PRIMARY_HOST: pg-0
|
|
|
|
|
REPMGR_PARTNER_NODES: pg-0,pg-1,pg-2
|
2025-04-24 20:42:29 +03:00
|
|
|
volumes:
|
2025-04-24 20:45:26 +03:00
|
|
|
- /store/new-age/data/kc-pg-data-r0:/bitnami/postgresql
|
2025-04-24 20:42:29 +03:00
|
|
|
networks: [keycloak-net]
|
2025-04-24 21:06:43 +03:00
|
|
|
secrets:
|
|
|
|
|
- pg_superuser_password
|
|
|
|
|
- kc_db_password
|
|
|
|
|
- repmgr_password
|
2025-04-24 20:42:29 +03:00
|
|
|
deploy:
|
2025-04-24 21:06:43 +03:00
|
|
|
restart_policy: {condition: on-failure}
|
2025-04-24 20:42:29 +03:00
|
|
|
placement:
|
2025-04-24 21:06:43 +03:00
|
|
|
constraints: [node.labels.server_id == lnd1]
|
2025-04-24 20:42:29 +03:00
|
|
|
|
2025-04-24 21:06:43 +03:00
|
|
|
pg-1: # replica-1
|
2025-04-24 20:42:29 +03:00
|
|
|
image: bitnami/postgresql-repmgr:17
|
|
|
|
|
environment:
|
2025-04-24 21:06:43 +03:00
|
|
|
POSTGRESQL_POSTGRES_PASSWORD_FILE: /run/secrets/pg_superuser_password
|
2025-04-24 20:42:29 +03:00
|
|
|
POSTGRESQL_USERNAME: keycloak
|
2025-04-24 21:06:43 +03:00
|
|
|
POSTGRESQL_PASSWORD_FILE: /run/secrets/kc_db_password
|
2025-04-24 20:42:29 +03:00
|
|
|
POSTGRESQL_DATABASE: keycloak
|
|
|
|
|
POSTGRESQL_REPLICATION_MODE: slave
|
2025-04-24 20:56:17 +03:00
|
|
|
REPMGR_USERNAME: repmgr
|
2025-04-24 21:06:43 +03:00
|
|
|
REPMGR_PASSWORD_FILE: /run/secrets/repmgr_password
|
2025-04-24 20:56:17 +03:00
|
|
|
REPMGR_NODE_ID: 1001
|
|
|
|
|
REPMGR_NODE_NAME: pg-1
|
|
|
|
|
REPMGR_NODE_NETWORK_NAME: pg-1
|
|
|
|
|
REPMGR_PRIMARY_HOST: pg-0
|
|
|
|
|
REPMGR_PARTNER_NODES: pg-0,pg-1,pg-2
|
2025-04-24 20:42:29 +03:00
|
|
|
volumes:
|
2025-04-24 20:45:26 +03:00
|
|
|
- /store/new-age/data/kc-pg-data-r1:/bitnami/postgresql
|
2025-04-24 20:42:29 +03:00
|
|
|
networks: [keycloak-net]
|
2025-04-24 21:06:43 +03:00
|
|
|
secrets:
|
|
|
|
|
- pg_superuser_password
|
|
|
|
|
- kc_db_password
|
|
|
|
|
- repmgr_password
|
2025-04-24 20:42:29 +03:00
|
|
|
deploy:
|
2025-04-24 21:06:43 +03:00
|
|
|
restart_policy: {condition: on-failure}
|
2025-04-24 20:48:36 +03:00
|
|
|
placement:
|
2025-04-24 21:06:43 +03:00
|
|
|
constraints: [node.labels.server_id == nyc3]
|
2025-04-24 20:42:29 +03:00
|
|
|
|
2025-04-24 21:06:43 +03:00
|
|
|
pg-2: # replica-2
|
2025-04-24 20:42:29 +03:00
|
|
|
image: bitnami/postgresql-repmgr:17
|
|
|
|
|
environment:
|
2025-04-24 21:06:43 +03:00
|
|
|
POSTGRESQL_POSTGRES_PASSWORD_FILE: /run/secrets/pg_superuser_password
|
2025-04-24 20:42:29 +03:00
|
|
|
POSTGRESQL_USERNAME: keycloak
|
2025-04-24 21:06:43 +03:00
|
|
|
POSTGRESQL_PASSWORD_FILE: /run/secrets/kc_db_password
|
2025-04-24 20:42:29 +03:00
|
|
|
POSTGRESQL_DATABASE: keycloak
|
|
|
|
|
POSTGRESQL_REPLICATION_MODE: slave
|
2025-04-24 20:56:17 +03:00
|
|
|
REPMGR_USERNAME: repmgr
|
2025-04-24 21:06:43 +03:00
|
|
|
REPMGR_PASSWORD_FILE: /run/secrets/repmgr_password
|
2025-04-24 20:56:17 +03:00
|
|
|
REPMGR_NODE_ID: 1002
|
|
|
|
|
REPMGR_NODE_NAME: pg-2
|
|
|
|
|
REPMGR_NODE_NETWORK_NAME: pg-2
|
|
|
|
|
REPMGR_PRIMARY_HOST: pg-0
|
|
|
|
|
REPMGR_PARTNER_NODES: pg-0,pg-1,pg-2
|
2025-04-24 20:42:29 +03:00
|
|
|
volumes:
|
2025-04-24 20:45:26 +03:00
|
|
|
- /store/new-age/data/kc-pg-data-r2:/bitnami/postgresql
|
2025-04-24 20:42:29 +03:00
|
|
|
networks: [keycloak-net]
|
2025-04-24 21:06:43 +03:00
|
|
|
secrets:
|
|
|
|
|
- pg_superuser_password
|
|
|
|
|
- kc_db_password
|
|
|
|
|
- repmgr_password
|
2025-04-24 20:42:29 +03:00
|
|
|
deploy:
|
2025-04-24 21:06:43 +03:00
|
|
|
restart_policy: {condition: on-failure}
|
2025-04-24 20:48:36 +03:00
|
|
|
placement:
|
2025-04-24 21:06:43 +03:00
|
|
|
constraints: [node.labels.server_id == amd1]
|
2025-04-24 20:56:17 +03:00
|
|
|
|
