-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setup an Aurora PostgreSQL database #431
Conversation
Working as expected when an Aurora cluster is created in the same region as the Keycloak ROSA cluster, however there is an issue if these differ. Investigating.. |
provision/aws/rds/aurora_create.sh
Outdated
aws rds create-db-instance \ | ||
--db-cluster-identifier ${AURORA_CLUSTER} \ | ||
--db-instance-identifier ${AURORA_INSTANCE} \ | ||
--db-instance-class db.t4g.large \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we may need the instance class to be customizable, as it affects performance, network throughput, etc.
Additionally, we may need to customize the storage type here, as the default "standard" magnetic storage has limited IOPS. I think we should use the gp2
general-purpose SSD storage at the minimum.
See options --allocated-storage
, --storage-type
, --iops
, and: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
right we would need the PostgreSQL version configurable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can add the --engine-version
to the Aurora cluster no problem, as well as making the --db-instance-class
configurable. However it's not possible to configure --allocated-storage
, --storage-type
, --iops
as these are not applicable to Aurora DB instances.
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html
@mhajas Inter-region VPC is working as expected now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @ryanemerson, works for me except for one small issue in Taskfile. See my comment in the code.
@ryanemerson / @mhajas - can this PR be merged with the change that Michal suggested? |
Co-authored-by: Michal Hajas <[email protected]>
@ahus1 I am ok with merging after my suggestion is addressed. Maybe a nice to have would be adding more logging into the scripts to have more insight into what is happening. However, I would say we can add this later if we encounter some problems. |
I've accepted the commit. I'm happy for it to be merged as is and we can improve logging etc as required. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work @ryanemerson!!
This PR allows for an AWS Aurora DB cluster to be created in a specified region and Keycloak can then be deployed to connect to that. I have made it so that Aurora DB can be deployed in a different region to the Keycloak instance, as this will be required for xsite deployments eventually.
My implementation is based upon this blog so that the DB is not exposed publicly and is limited to ROSA VPC -> Aurora VPC communication.
GH Action Workflow:
Aurora Create
- Creates an Aurora DB cluster with a single instance in the specified regionKeycloak - Create deployment
- Updated so that a peering connection is established between the Rosa Cluster VPC -> Aurora VPC, as well as updating the Keycloak deployment to use the Aurora endpoint for DB connections via an External K8s Service.Keycloak - Delete deployment
- Updated to remove the peering connectionROSA Cluster - Delete
- Also updated to remove peering connectionsUnfortunately with 2. I was hitting the max number of input fields allowed for a GH action (10), so I had to hack around this by providing multiple Aurora fields as JSON. Suggestions on better ways to approach this are very welcome 🙂
Couple of things missing still:
Closes #420