Setup an Aurora PostgreSQL database #431
Conversation
|
Working as expected when an Aurora cluster is created in the same region as the Keycloak ROSA cluster, however there is an issue if these differ. Investigating.. |
provision/aws/rds/aurora_create.sh
Outdated
| aws rds create-db-instance \ | ||
| --db-cluster-identifier ${AURORA_CLUSTER} \ | ||
| --db-instance-identifier ${AURORA_INSTANCE} \ | ||
| --db-instance-class db.t4g.large \ |
There was a problem hiding this comment.
I think we may need the instance class to be customizable, as it affects performance, network throughput, etc.
Additionally, we may need to customize the storage type here, as the default "standard" magnetic storage has limited IOPS. I think we should use the gp2 general-purpose SSD storage at the minimum.
See options --allocated-storage, --storage-type, --iops, and: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html
There was a problem hiding this comment.
right we would need the PostgreSQL version configurable.
There was a problem hiding this comment.
I can add the --engine-version to the Aurora cluster no problem, as well as making the --db-instance-class configurable. However it's not possible to configure --allocated-storage, --storage-type, --iops as these are not applicable to Aurora DB instances.
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html
ahus1
changed the title
|
@mhajas Inter-region VPC is working as expected now. |
There was a problem hiding this comment.
Thanks @ryanemerson, works for me except for one small issue in Taskfile. See my comment in the code.
|
@ryanemerson / @mhajas - can this PR be merged with the change that Michal suggested? |
Co-authored-by: Michal Hajas <[email protected]>
|
@ahus1 I am ok with merging after my suggestion is addressed. Maybe a nice to have would be adding more logging into the scripts to have more insight into what is happening. However, I would say we can add this later if we encounter some problems. |
|
I've accepted the commit. I'm happy for it to be merged as is and we can improve logging etc as required. |
This PR allows for an AWS Aurora DB cluster to be created in a specified region and Keycloak can then be deployed to connect to that. I have made it so that Aurora DB can be deployed in a different region to the Keycloak instance, as this will be required for xsite deployments eventually.
My implementation is based upon this blog so that the DB is not exposed publicly and is limited to ROSA VPC -> Aurora VPC communication.
GH Action Workflow:
Aurora Create- Creates an Aurora DB cluster with a single instance in the specified regionKeycloak - Create deployment- Updated so that a peering connection is established between the Rosa Cluster VPC -> Aurora VPC, as well as updating the Keycloak deployment to use the Aurora endpoint for DB connections via an External K8s Service.Keycloak - Delete deployment- Updated to remove the peering connectionROSA Cluster - Delete- Also updated to remove peering connectionsUnfortunately with 2. I was hitting the max number of input fields allowed for a GH action (10), so I had to hack around this by providing multiple Aurora fields as JSON. Suggestions on better ways to approach this are very welcome 🙂
Couple of things missing still:
Closes #420