Setup an Aurora PostgreSQL database (#431)

* Setup an Aurora PostgreSQL database. Resolves #420
keycloak · Jul 24, 2023 · 534f2c0 · 534f2c0
1 parent ec8d80c
commit 534f2c0
Show file tree

Hide file tree

Showing 30 changed files with 836 additions and 7 deletions.
diff --git a/.github/actions/aurora-create-database/action.yaml b/.github/actions/aurora-create-database/action.yaml
@@ -0,0 +1,27 @@
+name: Create Aurora Deployment
+description: Create AWS Aurora DB Deployment
+
+inputs:
+  name:
+    description: 'The name of the Aurora DB cluster to deploy'
+    required: true
+  region:
+    description: 'The AWS region used to host the Aurora DB'
+    required: true
+  engineVersion:
+    description: 'The Postgres engine version to use'
+  instanceClass:
+    description: 'Instance class for the Aurora DB'
+
+runs:
+  using: "composite"
+  steps:
+    - id: provision_aurora
+      shell: bash
+      run: ./aurora_create.sh
+      working-directory: provision/aws/rds
+      env:
+        AURORA_CLUSTER: ${{ inputs.name }}
+        AURORA_ENGINE_VERSION: ${{ inputs.engineVersion }}
+        AURORA_INSTANCE_CLASS: ${{ inputs.instanceClass }}
+        AWS_REGION: ${{ inputs.region }}
diff --git a/.github/actions/aurora-create-peering-connection/action.yaml b/.github/actions/aurora-create-peering-connection/action.yaml
@@ -0,0 +1,25 @@
+name: Create Aurora Peering Connection
+description: Create AWS Peering Connection between Aurora DB and a ROSA cluster
+
+inputs:
+  name:
+    description: 'The name of the Aurora DB cluster'
+    required: true
+  region:
+    description: 'The AWS region used to host the Aurora DB'
+    required: true
+  clusterName:
+    description: 'The name of the ROSA cluster'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - id: create_peering_connection
+      shell: bash
+      run: ./aurora_create_peering_connection.sh
+      working-directory: provision/aws/rds
+      env:
+        AURORA_CLUSTER: ${{ inputs.name }}
+        AURORA_REGION: ${{ inputs.region }}
+        CLUSTER_NAME: ${{ inputs.clusterName }}
diff --git a/.github/actions/aurora-delete-database/action.yaml b/.github/actions/aurora-delete-database/action.yaml
@@ -0,0 +1,21 @@
+name: Delete Aurora Deployment
+description: Delete AWS Aurora DB Deployment
+
+inputs:
+  name:
+    description: 'The name of the Aurora DB cluster to delete'
+    required: true
+  region:
+    description: 'The AWS region used to host the Aurora DB'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - id: provision_aurora
+      shell: bash
+      run: ./aurora_delete.sh
+      working-directory: provision/aws/rds
+      env:
+        AURORA_CLUSTER: ${{ inputs.name }}
+        AWS_REGION: ${{ inputs.region }}
diff --git a/.github/actions/aurora-delete-peering-connection/action.yaml b/.github/actions/aurora-delete-peering-connection/action.yaml
@@ -0,0 +1,25 @@
+name: Delete Aurora Peering Connection
+description: Delete AWS Peering Connection between Aurora DB and a ROSA cluster
+
+inputs:
+  clusterName:
+    description: 'The name of the ROSA cluster'
+    required: true
+  auroraCluster:
+    description: 'The name of the Aurora DB cluster'
+    required: true
+  auroraRegion:
+    description: 'The AWS region used to host the Aurora DB'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - id: delete_peering_connection
+      shell: bash
+      run: ./aurora_delete_peering_connection.sh
+      working-directory: provision/aws/rds
+      env:
+        AURORA_CLUSTER: ${{ inputs.auroraCluster }}
+        AURORA_REGION: ${{ inputs.auroraRegion }}
+        CLUSTER_NAME: ${{ inputs.clusterName }}
diff --git a/.github/actions/keycloak-create-deployment/action.yml b/.github/actions/keycloak-create-deployment/action.yml
@@ -27,6 +27,11 @@ inputs:
   otel:
     description: 'Enable OpenTelemetry'
     default: 'false'
+  database:
+    description: 'The Database type to be utilised by Keycloak'
+    default: 'postgres'
+  databaseUrl:
+    description: 'The external URL of the database'
 
 runs:
   using: "composite"
@@ -49,3 +54,5 @@ runs:
         KC_CPU_LIMITS: ${{ inputs.podCpuLimit }}
         KC_HEAP_MAX_MB: ${{ inputs.heapMaxSizeMB }}
         KC_OTEL: ${{ inputs.otel }}
+        KC_DATABASE: ${{ inputs.database }}
+        KC_DATABASE_URL: ${{ inputs.databaseUrl }}
diff --git a/.github/workflows/aurora-cluster-auto-delete-on-schedule.yml b/.github/workflows/aurora-cluster-auto-delete-on-schedule.yml
@@ -0,0 +1,18 @@
+name: Aurora Scheduled Delete
+
+on:
+  schedule:
+    # Runs every day at 7:10 PM UTC. This should be scheduled slightly after the ROSA auto-delete to ensure that no
+    # Peering Connections remain between the ROSA and Aurora VPCs.
+    - cron: '10 19 * * *'
+
+jobs:
+
+  checkout:
+    name: Aurora Scheduled Delete cluster(s)
+    runs-on: ubuntu-latest
+    steps:
+      - if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak-benchmark'
+        run: ./provision/aws/rds/aurora_cluster_reaper.sh
+        env:
+          AWS_REGION: ${{ vars.AWS_DEFAULT_REGION }}
diff --git a/.github/workflows/aurora-create-database.yaml b/.github/workflows/aurora-create-database.yaml
@@ -0,0 +1,43 @@
+name: Aurora Create
+
+on:
+  workflow_dispatch:
+    inputs:
+      name:
+        description: 'The name of the Aurora DB cluster'
+        type: string
+        required: true
+      region:
+        description: 'The AWS region used to host the Aurora DB'
+        type: string
+        required: true
+      engineVersion:
+        description: 'The Postgres engine version to use'
+        type: string
+      instanceClass:
+        description: 'Instance class for the Aurora DB'
+        type: string
+
+jobs:
+  prepare:
+    name: Create Aurora DB
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup ROSA CLI
+        uses: ./.github/actions/rosa-cli-setup
+        with:
+          aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-default-region: ${{ vars.AWS_DEFAULT_REGION }}
+          rosa-token: ${{ secrets.ROSA_TOKEN }}
+
+      - name: Create Aurora Cluster
+        uses: ./.github/actions/aurora-create-database
+        with:
+          name: ${{ inputs.name }}
+          region: ${{ inputs.region }}
+          engineVersion: ${{ inputs.engineVersion }}
+          instanceClass: ${{ inputs.instanceClass }}
diff --git a/.github/workflows/aurora-delete-database.yaml b/.github/workflows/aurora-delete-database.yaml
@@ -0,0 +1,35 @@
+name: Aurora Delete
+
+on:
+  workflow_dispatch:
+    inputs:
+      name:
+        description: 'The name of the Aurora DB cluster'
+        type: string
+        required: true
+      region:
+        description: 'The AWS region used to host the Aurora DB'
+        type: string
+        required: true
+
+jobs:
+  prepare:
+    name: Delete Aurora DB
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup ROSA CLI
+        uses: ./.github/actions/rosa-cli-setup
+        with:
+          aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-default-region: ${{ vars.AWS_DEFAULT_REGION }}
+          rosa-token: ${{ secrets.ROSA_TOKEN }}
+
+      - name: Delete Aurora
+        uses: ./.github/actions/aurora-delete-database
+        with:
+          name: ${{ inputs.name }}
+          region: ${{ inputs.region }}
diff --git a/.github/workflows/keycloak-create-deployment.yml b/.github/workflows/keycloak-create-deployment.yml
@@ -31,6 +31,12 @@ on:
       heapMaxSizeMB:
         description: 'Keycloak server maximum Java heap size (in MB)'
         type: string
+      # Hack to workaround the max limit of 10 inputes
+      additional_args:
+        description: JSON of additional options
+        type: string
+        default: '{}'
+        required: false
 
 env:
   PROJECT_PREFIX: runner- # same as default
@@ -40,6 +46,10 @@ jobs:
   prepare:
     name: Create Keycloak deployment
     runs-on: ubuntu-latest
+    env:
+      AURORA_CLUSTER: ${{ fromJson(inputs.additional_args).auroraDb }}
+      AURORA_REGION: ${{ fromJson(inputs.additional_args).auroraRegion }}
+      CLUSTER_NAME: ${{ inputs.clusterName || format('gh-{0}', github.repository_owner) }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
@@ -55,7 +65,7 @@ jobs:
       - name: Login to OpenShift cluster
         uses: ./.github/actions/oc-keycloak-login
         with:
-          clusterName: ${{ inputs.clusterName || format('gh-{0}', github.repository_owner) }}
+          clusterName: ${{ env.CLUSTER_NAME }}
 
       - name: Set up JDK
         uses: actions/setup-java@v3
@@ -64,6 +74,20 @@ jobs:
           java-version: '17'
           cache: 'maven'
 
+      - if: ${{ env.AURORA_CLUSTER != '' }}
+        name: Aurora Peering Connection
+        uses: ./.github/actions/aurora-create-peering-connection
+        with:
+          name: ${{ env.AURORA_CLUSTER }}
+          region: ${{ env.AURORA_REGION }}
+          clusterName: ${{ env.CLUSTER_NAME }}
+
+      - if: ${{ env.AURORA_CLUSTER != '' }}
+        name: Aurora URL
+        run: |
+          echo "AURORA_URL=$(./provision/aws/rds/aurora_endpoint.sh)" >> $GITHUB_ENV
+          echo "DATABASE=aurora-postgres" >> $GITHUB_ENV
+
       - name: Create Keycloak deployment
         uses: ./.github/actions/keycloak-create-deployment
         with:
@@ -76,3 +100,5 @@ jobs:
           podCpuRequests: ${{ inputs.podCpuRequests }}
           podCpuLimit: ${{ inputs.podCpuLimit }}
           heapMaxSizeMB: ${{ inputs.heapMaxSizeMB }}
+          database: ${{ env.DATABASE }}
+          databaseUrl: ${{ env.AURORA_URL }}
diff --git a/.github/workflows/keycloak-delete-deployment.yml b/.github/workflows/keycloak-delete-deployment.yml
@@ -6,6 +6,12 @@ on:
       clusterName:
         description: 'Name of the cluster'
         type: string
+      auroraCluster:
+        description: 'The name of the Aurora DB cluster'
+        type: string
+      auroraRegion:
+        description: 'The AWS region used to host the Aurora DB'
+        type: string
 
 env:
   PROJECT: runner-keycloak
@@ -31,6 +37,14 @@ jobs:
         with:
           clusterName: ${{ inputs.clusterName || format('gh-{0}', github.repository_owner) }}
 
+      - if: ${{ inputs.auroraCluster != '' }}
+        name: Delete Aurora Peering Connections
+        uses: ./.github/actions/aurora-delete-peering-connection
+        with:
+          auroraCluster: ${{ inputs.auroraCluster }}
+          auroraRegion: ${{ inputs.auroraRegion }}
+          clusterName: ${{ inputs.clusterName || format('gh-{0}', github.repository_owner) }}
+
       - name: Delete Keycloak deployment
         uses: ./.github/actions/keycloak-delete-deployment
         with:

diff --git a/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc b/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc
@@ -48,6 +48,10 @@ Available options:
 +
 See xref:storage/postgres.adoc[] for more information.
 
+* `aurora-postgres` -- connect to an AWS Aurora PostgreSQL cluster.
++
+See xref:storage/aurora-postgres.adoc[] for more information.
+
 * `cockroach-single` -- deploy a single-node CockroachDB instance.
 +
 See xref:storage/cockroach-single.adoc[] for more information.
@@ -69,6 +73,12 @@ See xref:storage/postgres-infinispan.adoc[] for more information.
 See xref:storage/concurrent-hash-map.adoc[] for more information.
 --
 
+KC_DATABASE_URL::
+Define the external endpoint of databases that are deployed external to the Kubernetes cluster.
++
+Default value: ""
+
+
 [[KC_STORAGE,KC_STORAGE]]
 KC_STORAGE::
 Set the storage configuration parameter for Keycloak.

diff --git a/doc/kubernetes/modules/ROOT/pages/storage-configurations.adoc b/doc/kubernetes/modules/ROOT/pages/storage-configurations.adoc
@@ -26,6 +26,10 @@ The following table lists the different storages:
 |✅
 |✅
 
+|xref:storage/aurora-postgres.adoc[Aurora PostgreSQL]
+|✅
+|✅
+
 |xref:storage/cockroach-single.adoc[CockroachDB Single]
 |
 |✅