From c9ce66e7fa7e02e8e02ff8234a350df5fd33e0ec Mon Sep 17 00:00:00 2001 From: knoflook Date: Thu, 2 Jun 2022 11:59:19 +0200 Subject: [PATCH] switch to postgres --- compose.mariadb.yml | 81 +++++++++++++++++++++++++++++++++++++++++++++ compose.yml | 23 ++++++++----- 2 files changed, 95 insertions(+), 9 deletions(-) create mode 100644 compose.mariadb.yml diff --git a/compose.mariadb.yml b/compose.mariadb.yml new file mode 100644 index 0000000..5343569 --- /dev/null +++ b/compose.mariadb.yml @@ -0,0 +1,81 @@ +--- +version: "3.8" + +services: + app: + image: "jboss/keycloak:16.1.1" + networks: + - proxy + - internal + secrets: + - admin_password + - db_password + environment: + - DB_ADDR=db + - JBDC_PARAMS="useSSL=false" + - DB_DATABASE=keycloak + - DB_PASSWORD_FILE=/run/secrets/db_password + - DB_USER=keycloak + - DB_VENDOR=mariadb + - KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password + - KEYCLOAK_USER=${ADMIN_USERNAME} + - PROXY_ADDRESS_FORWARDING=true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080"] + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m + volumes: + - "themes:/opt/jboss/keycloak/themes" + depends_on: + - mariadb + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + - "coop-cloud.${STACK_NAME}.version=4.0.1+16.1.1" + + db: + image: "mariadb:10.8" + environment: + - MYSQL_DATABASE=keycloak + - MYSQL_USER=keycloak + - MYSQL_PASSWORD_FILE=/run/secrets/db_password + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password + secrets: + - db_password + - db_root_password + volumes: + - "mariadb:/var/lib/mysql" + networks: + - internal + +networks: + internal: + proxy: + external: true + +secrets: + admin_password: + name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} + external: true + db_password: + name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} + external: true + db_root_password: + name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} + external: true + +volumes: + mariadb: + themes: diff --git a/compose.yml b/compose.yml index 8296884..0af0e0c 100644 --- a/compose.yml +++ b/compose.yml @@ -12,10 +12,11 @@ services: - db_password environment: - DB_ADDR=db + - JBDC_PARAMS="useSSL=false" - DB_DATABASE=keycloak - DB_PASSWORD_FILE=/run/secrets/db_password - DB_USER=keycloak - - DB_VENDOR=mariadb + - DB_VENDOR=postgres - KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password - KEYCLOAK_USER=${ADMIN_USERNAME} - PROXY_ADDRESS_FORWARDING=true @@ -44,18 +45,21 @@ services: - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "coop-cloud.${STACK_NAME}.version=4.0.1+16.1.1" + db: - image: "mariadb:10.6" - environment: - - MYSQL_DATABASE=keycloak - - MYSQL_USER=keycloak - - MYSQL_PASSWORD_FILE=/run/secrets/db_password - - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password + image: postgres:11 + networks: + - backend + secrets: + - db_password + environment: + POSTGRES_DB: keycloak + POSTGRES_USER: keycloak + POSTGRES_PASSWORD_FILE: /run/secrets/db_password secrets: - db_password - - db_root_password volumes: - - "mariadb:/var/lib/mysql" + - "postgres_data:/var/lib/postgresql/data" networks: - internal @@ -78,3 +82,4 @@ secrets: volumes: mariadb: themes: + postgres_data: