107 lines
3.4 KiB
YAML
107 lines
3.4 KiB
YAML
|
version: "3.9"
|
||
|
|
|
||
|
|
networks:
|
||
|
|
keycloak-net:
|
||
|
|
driver: overlay
|
||
|
|
|
||
|
|
volumes:
|
||
|
|
pg0_data:
|
||
|
|
pg1_data:
|
||
|
|
pg2_data:
|
||
|
|
|
||
|
|
services:
|
||
|
|
# ---------- IDENTITY PROVIDER ----------
|
||
|
|
keycloak:
|
||
|
|
image: quay.io/keycloak/keycloak:26.2.1 # latest as of 2025-04-24
|
||
|
|
command: >
|
||
|
|
start --optimized
|
||
|
|
--cache=ispn # recommended default
|
||
|
|
--hostname-strict=false
|
||
|
|
environment:
|
||
|
|
KC_DB: postgres
|
||
|
|
KC_DB_URL_HOST: pg-primary # the service name below
|
||
|
|
KC_DB_URL_PORT: 5432
|
||
|
|
KC_DB_USERNAME: keycloak
|
||
|
|
KC_DB_PASSWORD: ${KC_DB_PASSWORD} # 🔑 secret
|
||
|
|
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN} # 🔑 secret
|
||
|
|
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} # 🔑
|
||
|
|
deploy:
|
||
|
|
replicas: 1 # scale horizontally if you like
|
||
|
|
placement:
|
||
|
|
constraints:
|
||
|
|
- node.role == worker
|
||
|
|
restart_policy:
|
||
|
|
condition: on-failure
|
||
|
|
networks: [keycloak-net]
|
||
|
|
depends_on: [pg-primary]
|
||
|
|
|
||
|
|
# ---------- POSTGRESQL HA CLUSTER ----------
|
||
|
|
# Primary ------------------------------------------------------------
|
||
|
|
pg-primary:
|
||
|
|
image: bitnami/postgresql-repmgr:17
|
||
|
|
environment:
|
||
|
|
POSTGRESQL_POSTGRES_PASSWORD: ${PG_SUPERUSER_PASSWORD} # 🔑
|
||
|
|
POSTGRESQL_USERNAME: keycloak
|
||
|
|
POSTGRESQL_PASSWORD: ${KC_DB_PASSWORD} # same as above
|
||
|
|
POSTGRESQL_DATABASE: keycloak
|
||
|
|
#
|
||
|
|
# repmgr config
|
||
|
|
REPMGR_PASSWORD: ${REPMGR_PASSWORD} # 🔑
|
||
|
|
REPMGR_PRIMARY_HOST: pg-primary
|
||
|
|
REPMGR_NODE_NAME: pg-primary
|
||
|
|
REPMGR_NODE_NETWORK_NAME: pg-primary
|
||
|
|
REPMGR_PARTNER_NODES: pg-primary,pg-replica-1,pg-replica-2
|
||
|
|
volumes:
|
||
|
|
- pg0_data:/bitnami/postgresql
|
||
|
|
networks: [keycloak-net]
|
||
|
|
deploy:
|
||
|
|
placement:
|
||
|
|
constraints:
|
||
|
|
- node.role == manager # keep leader on a manager if you wish
|
||
|
|
restart_policy:
|
||
|
|
condition: on-failure
|
||
|
|
|
||
|
|
# Replica-1 ----------------------------------------------------------
|
||
|
|
pg-replica-1:
|
||
|
|
image: bitnami/postgresql-repmgr:17
|
||
|
|
environment:
|
||
|
|
POSTGRESQL_POSTGRES_PASSWORD: ${PG_SUPERUSER_PASSWORD}
|
||
|
|
POSTGRESQL_USERNAME: keycloak
|
||
|
|
POSTGRESQL_PASSWORD: ${KC_DB_PASSWORD}
|
||
|
|
POSTGRESQL_DATABASE: keycloak
|
||
|
|
#
|
||
|
|
POSTGRESQL_REPLICATION_MODE: slave
|
||
|
|
REPMGR_PRIMARY_HOST: pg-primary
|
||
|
|
REPMGR_NODE_NAME: pg-replica-1
|
||
|
|
REPMGR_NODE_NETWORK_NAME: pg-replica-1
|
||
|
|
REPMGR_PASSWORD: ${REPMGR_PASSWORD}
|
||
|
|
REPMGR_PARTNER_NODES: pg-primary,pg-replica-1,pg-replica-2
|
||
|
|
volumes:
|
||
|
|
- pg1_data:/bitnami/postgresql
|
||
|
|
networks: [keycloak-net]
|
||
|
|
deploy:
|
||
|
|
restart_policy:
|
||
|
|
condition: on-failure
|
||
|
|
|
||
|
|
# Replica-2 ----------------------------------------------------------
|
||
|
|
pg-replica-2:
|
||
|
|
image: bitnami/postgresql-repmgr:17
|
||
|
|
environment:
|
||
|
|
POSTGRESQL_POSTGRES_PASSWORD: ${PG_SUPERUSER_PASSWORD}
|
||
|
|
POSTGRESQL_USERNAME: keycloak
|
||
|
|
POSTGRESQL_PASSWORD: ${KC_DB_PASSWORD}
|
||
|
|
POSTGRESQL_DATABASE: keycloak
|
||
|
|
#
|
||
|
|
POSTGRESQL_REPLICATION_MODE: slave
|
||
|
|
REPMGR_PRIMARY_HOST: pg-primary
|
||
|
|
REPMGR_NODE_NAME: pg-replica-2
|
||
|
|
REPMGR_NODE_NETWORK_NAME: pg-replica-2
|
||
|
|
REPMGR_PASSWORD: ${REPMGR_PASSWORD}
|
||
|
|
REPMGR_PARTNER_NODES: pg-primary,pg-replica-1,pg-replica-2
|
||
|
|
volumes:
|
||
|
|
- pg2_data:/bitnami/postgresql
|
||
|
|
networks: [keycloak-net]
|
||
|
|
deploy:
|
||
|
|
restart_policy:
|
||
|
|
condition: on-failure
|