trying...
This commit is contained in:
sotiris
parent
2ff6ca6d66
commit
66911fd82e
1 changed files with 50 additions and 32 deletions
82
compose.yml
82
compose.yml
|
|
@ -4,41 +4,50 @@ networks:
|
||||||
keycloak-net:
|
keycloak-net:
|
||||||
driver: overlay
|
driver: overlay
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# ⬇⬇⬇ SWARM SECRETS DEFINITION (external:true → we created them beforehand) ⬇⬇⬇
|
||||||
|
###############################################################################
|
||||||
|
secrets:
|
||||||
|
kc_db_password: {external: true}
|
||||||
|
keycloak_admin_password: {external: true}
|
||||||
|
pg_superuser_password: {external: true}
|
||||||
|
repmgr_password: {external: true}
|
||||||
|
|
||||||
services:
|
services:
|
||||||
# ────────── KEYCLOAK ────────────────────────────────────────────────
|
# ────────── KEYCLOAK ───────────────────────────────────────────────────────
|
||||||
keycloak:
|
keycloak:
|
||||||
image: quay.io/keycloak/keycloak:26.2.1 # 23 Apr 2025 latest :contentReference[oaicite:0]{index=0}
|
image: quay.io/keycloak/keycloak:26.2.1 # 23 Apr 2025-latest
|
||||||
command: >
|
command: >
|
||||||
start --optimized
|
start --optimized
|
||||||
--cache=ispn
|
--cache=ispn
|
||||||
--hostname-strict=false
|
--hostname-strict=false
|
||||||
environment:
|
environment:
|
||||||
KC_DB: postgres
|
KC_DB: postgres
|
||||||
KC_DB_URL_HOST: pg-0 # <- new primary name
|
KC_DB_URL_HOST: pg-0
|
||||||
KC_DB_URL_PORT: 5432
|
KC_DB_URL_PORT: 5432
|
||||||
KC_DB_USERNAME: keycloak
|
KC_DB_USERNAME: keycloak
|
||||||
KC_DB_PASSWORD: ${KC_DB_PASSWORD}
|
KC_DB_PASSWORD_FILE: /run/secrets/kc_db_password # 👈 secret file
|
||||||
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
|
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin} # username ≠ secret
|
||||||
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
|
KEYCLOAK_ADMIN_PASSWORD_FILE: /run/secrets/keycloak_admin_password
|
||||||
depends_on: [pg-0]
|
depends_on: [pg-0]
|
||||||
networks: [keycloak-net]
|
networks: [keycloak-net]
|
||||||
|
secrets:
|
||||||
|
- kc_db_password
|
||||||
|
- keycloak_admin_password
|
||||||
deploy:
|
deploy:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
restart_policy: { condition: on-failure }
|
restart_policy: {condition: on-failure}
|
||||||
placement:
|
|
||||||
constraints:
|
|
||||||
- node.role == worker
|
|
||||||
|
|
||||||
# ────────── POSTGRESQL-REPMGR HA CLUSTER ────────────────────────────
|
# ────────── POSTGRESQL-REPMGR HA CLUSTER ──────────────────────────────────
|
||||||
pg-0: # primary
|
pg-0: # primary
|
||||||
image: bitnami/postgresql-repmgr:17
|
image: bitnami/postgresql-repmgr:17
|
||||||
environment:
|
environment:
|
||||||
POSTGRESQL_POSTGRES_PASSWORD: ${PG_SUPERUSER_PASSWORD}
|
POSTGRESQL_POSTGRES_PASSWORD_FILE: /run/secrets/pg_superuser_password
|
||||||
POSTGRESQL_USERNAME: keycloak
|
POSTGRESQL_USERNAME: keycloak
|
||||||
POSTGRESQL_PASSWORD: ${KC_DB_PASSWORD}
|
POSTGRESQL_PASSWORD_FILE: /run/secrets/kc_db_password
|
||||||
POSTGRESQL_DATABASE: keycloak
|
POSTGRESQL_DATABASE: keycloak
|
||||||
REPMGR_USERNAME: repmgr
|
REPMGR_USERNAME: repmgr
|
||||||
REPMGR_PASSWORD: ${REPMGR_PASSWORD}
|
REPMGR_PASSWORD_FILE: /run/secrets/repmgr_password
|
||||||
REPMGR_NODE_ID: 1000
|
REPMGR_NODE_ID: 1000
|
||||||
REPMGR_NODE_NAME: pg-0
|
REPMGR_NODE_NAME: pg-0
|
||||||
REPMGR_NODE_NETWORK_NAME: pg-0
|
REPMGR_NODE_NETWORK_NAME: pg-0
|
||||||
|
|
@ -47,22 +56,25 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- /store/new-age/data/kc-pg-data-r0:/bitnami/postgresql
|
- /store/new-age/data/kc-pg-data-r0:/bitnami/postgresql
|
||||||
networks: [keycloak-net]
|
networks: [keycloak-net]
|
||||||
|
secrets:
|
||||||
|
- pg_superuser_password
|
||||||
|
- kc_db_password
|
||||||
|
- repmgr_password
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy: { condition: on-failure }
|
restart_policy: {condition: on-failure}
|
||||||
placement:
|
placement:
|
||||||
constraints:
|
constraints: [node.labels.server_id == lnd1]
|
||||||
- node.labels.server_id == lnd1 # your pin
|
|
||||||
|
|
||||||
pg-1: # replica-1
|
pg-1: # replica-1
|
||||||
image: bitnami/postgresql-repmgr:17
|
image: bitnami/postgresql-repmgr:17
|
||||||
environment:
|
environment:
|
||||||
POSTGRESQL_POSTGRES_PASSWORD: ${PG_SUPERUSER_PASSWORD}
|
POSTGRESQL_POSTGRES_PASSWORD_FILE: /run/secrets/pg_superuser_password
|
||||||
POSTGRESQL_USERNAME: keycloak
|
POSTGRESQL_USERNAME: keycloak
|
||||||
POSTGRESQL_PASSWORD: ${KC_DB_PASSWORD}
|
POSTGRESQL_PASSWORD_FILE: /run/secrets/kc_db_password
|
||||||
POSTGRESQL_DATABASE: keycloak
|
POSTGRESQL_DATABASE: keycloak
|
||||||
POSTGRESQL_REPLICATION_MODE: slave
|
POSTGRESQL_REPLICATION_MODE: slave
|
||||||
REPMGR_USERNAME: repmgr
|
REPMGR_USERNAME: repmgr
|
||||||
REPMGR_PASSWORD: ${REPMGR_PASSWORD}
|
REPMGR_PASSWORD_FILE: /run/secrets/repmgr_password
|
||||||
REPMGR_NODE_ID: 1001
|
REPMGR_NODE_ID: 1001
|
||||||
REPMGR_NODE_NAME: pg-1
|
REPMGR_NODE_NAME: pg-1
|
||||||
REPMGR_NODE_NETWORK_NAME: pg-1
|
REPMGR_NODE_NETWORK_NAME: pg-1
|
||||||
|
|
@ -71,22 +83,25 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- /store/new-age/data/kc-pg-data-r1:/bitnami/postgresql
|
- /store/new-age/data/kc-pg-data-r1:/bitnami/postgresql
|
||||||
networks: [keycloak-net]
|
networks: [keycloak-net]
|
||||||
|
secrets:
|
||||||
|
- pg_superuser_password
|
||||||
|
- kc_db_password
|
||||||
|
- repmgr_password
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy: { condition: on-failure }
|
restart_policy: {condition: on-failure}
|
||||||
placement:
|
placement:
|
||||||
constraints:
|
constraints: [node.labels.server_id == nyc3]
|
||||||
- node.labels.server_id == nyc3
|
|
||||||
|
|
||||||
pg-2: # replica-2
|
pg-2: # replica-2
|
||||||
image: bitnami/postgresql-repmgr:17
|
image: bitnami/postgresql-repmgr:17
|
||||||
environment:
|
environment:
|
||||||
POSTGRESQL_POSTGRES_PASSWORD: ${PG_SUPERUSER_PASSWORD}
|
POSTGRESQL_POSTGRES_PASSWORD_FILE: /run/secrets/pg_superuser_password
|
||||||
POSTGRESQL_USERNAME: keycloak
|
POSTGRESQL_USERNAME: keycloak
|
||||||
POSTGRESQL_PASSWORD: ${KC_DB_PASSWORD}
|
POSTGRESQL_PASSWORD_FILE: /run/secrets/kc_db_password
|
||||||
POSTGRESQL_DATABASE: keycloak
|
POSTGRESQL_DATABASE: keycloak
|
||||||
POSTGRESQL_REPLICATION_MODE: slave
|
POSTGRESQL_REPLICATION_MODE: slave
|
||||||
REPMGR_USERNAME: repmgr
|
REPMGR_USERNAME: repmgr
|
||||||
REPMGR_PASSWORD: ${REPMGR_PASSWORD}
|
REPMGR_PASSWORD_FILE: /run/secrets/repmgr_password
|
||||||
REPMGR_NODE_ID: 1002
|
REPMGR_NODE_ID: 1002
|
||||||
REPMGR_NODE_NAME: pg-2
|
REPMGR_NODE_NAME: pg-2
|
||||||
REPMGR_NODE_NETWORK_NAME: pg-2
|
REPMGR_NODE_NETWORK_NAME: pg-2
|
||||||
|
|
@ -95,9 +110,12 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- /store/new-age/data/kc-pg-data-r2:/bitnami/postgresql
|
- /store/new-age/data/kc-pg-data-r2:/bitnami/postgresql
|
||||||
networks: [keycloak-net]
|
networks: [keycloak-net]
|
||||||
|
secrets:
|
||||||
|
- pg_superuser_password
|
||||||
|
- kc_db_password
|
||||||
|
- repmgr_password
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy: { condition: on-failure }
|
restart_policy: {condition: on-failure}
|
||||||
placement:
|
placement:
|
||||||
constraints:
|
constraints: [node.labels.server_id == amd1]
|
||||||
- node.labels.server_id == amd1
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue