Keycloak
62 строки · 3.3 Кб
1<#import "/templates/guide.adoc" as tmpl>
2<#import "/templates/links.adoc" as links>
3
4<@tmpl.guide
5title="Deploy AWS Aurora in multiple availability zones"
6summary="Building block for a database"
7tileVisible="false" >
8
9This topic describes how to deploy an Aurora regional deployment of a PostgreSQL instance across multiple availability zones to tolerate one or more availability zone failures in a given AWS region.
10
11This deployment is intended to be used with the setup described in the <@links.ha id="concepts-active-passive-sync"/> {section}.
12Use this deployment with the other building blocks outlined in the <@links.ha id="bblocks-active-passive-sync"/> {section}.
13
14include::partials/blueprint-disclaimer.adoc[]
15
16== Architecture
17
18Aurora database clusters consist of multiple Aurora database instances, with one instance designated as the primary writer and all others as backup readers.
19To ensure high availability in the event of availability zone failures, Aurora allows database instances to be deployed across multiple zones in a single AWS region.
20In the event of a failure on the availability zone that is hosting the Primary database instance, Aurora automatically heals itself and promotes a reader instance from a non-failed availability zone to be the new writer instance.
21
22.Aurora Multiple Availability Zone Deployment
23image::high-availability/aurora-multi-az.dio.svg[]
24
25See the https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html[AWS Aurora documentation] for more details on the semantics provided by Aurora databases.
26
27This documentation follows AWS best practices and creates a private Aurora database that is not exposed to the Internet.
28To access the database from a ROSA cluster, <<establish-peering-connections-with-rosa-clusters,establish a peering connection between the database and the ROSA cluster>>.
29
30== Procedure
31
32The following procedure contains two sections:
33
34* Creation of an Aurora Multi-AZ database cluster with the name "keycloak-aurora" in eu-west-1.
35* Creation of a peering connection between the ROSA cluster(s) and the Aurora VPC to allow applications deployed on the ROSA clusters to establish connections with the database.
36
37=== Create Aurora database Cluster
38
39include::partials/aurora/aurora-multiaz-create-procedure.adoc[]
40
41[#establish-peering-connections-with-rosa-clusters]
42=== Establish Peering Connections with ROSA clusters
43
44Perform these steps once for each ROSA cluster that contains a {project_name} deployment.
45
46include::partials/aurora/aurora-create-peering-connections.adoc[]
47
48== Verifying the connection
49
50include::partials/aurora/aurora-verify-peering-connections.adoc[]
51
52== Deploying {project_name}
53
54Now that an Aurora database has been established and linked with all of your ROSA clusters, the next step is to deploy {project_name} as described in the <@links.ha id="deploy-keycloak-kubernetes" /> {section} with the JDBC url configured to use the Aurora database writer endpoint.
55To do this, create a `{project_name}` CR with the following adjustments:
56
57. Update `spec.db.url` to be `jdbc:aws-wrapper:postgresql://$HOST:5432/keycloak` where `$HOST` is the
58<<aurora-writer-url, Aurora writer endpoint URL>>.
59
60. Ensure that the Secrets referenced by `spec.db.usernameSecret` and `spec.db.passwordSecret` contain usernames and passwords defined when creating Aurora.
61
62</@tmpl.guide>
63