Skip to content

Commit

Permalink
Add possibility to configure AWS JDBC Wrapper for Keycloak driver (#717)
Browse files Browse the repository at this point in the history 
Closes #698

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
  • Loading branch information
@mhajas @ahus1
mhajas and ahus1 authored Feb 21, 2024
1 parent b209fae commit 721a9bd
Show file tree
Hide file tree
Showing 13 changed files with 157 additions and 14 deletions.
7 changes: 7 additions & 0 deletions doc/kubernetes/modules/ROOT/pages/openshift/cross-site-rosa.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,3 +92,10 @@ Note: SSH repositories may not work in Github Actions as SSH keys may not be con

|===

=== Using AWS JDBC driver

AWS provides a https://github.com/awslabs/aws-advanced-jdbc-wrapper[JDBC driver wrapper] that is compatible with Aurora PostgreSQL we are using in our setup. This driver provides some additional features when using compatible databases. This wrapper is enabled by default in the Cross-site deployment.

To disable the AWS JDBC driver, set the `KC_USE_AWS_JDBC_WRAPPER` variable to `false`.

To specify the version of the AWS JDBC driver, set the `KC_AWS_JDBC_WRAPPER_URL` variable to the URL of corresponding jar file.
3 changes: 3 additions & 0 deletions provision/keycloak-tasks/Taskfile.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,3 +57,6 @@ tasks:
default:
cmds:
- task: utils:install-keycloak
uninstall:
cmds:
- task: utils:uninstall-keycloak
57 changes: 45 additions & 12 deletions provision/keycloak-tasks/Utils.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,26 @@ tasks:
- quarkus/dist/target/keycloak-*.tar.gz
- operator/target/keycloak-*.jar

install-keycloak-build-configs:
desc: "Install the Keycloak build configs"
internal: true
requires:
vars:
- NAMESPACE
- KUBECONFIG
cmds:
- KUBECONFIG="{{.KUBECONFIG}}" oc create namespace "{{.NAMESPACE}}" || true
- >
KUBECONFIG="{{.KUBECONFIG}}" helm upgrade --install keycloak-build-config --namespace "{{.NAMESPACE}}" ./keycloak-image-helm
--set namespace={{.NAMESPACE}}
--set customImage={{if .KC_REPOSITORY}}true{{else}}false{{end}}
{{ if eq .KC_USE_AWS_JDBC_WRAPPER "false"}}--set useAWSJDBCWrapper={{.KC_USE_AWS_JDBC_WRAPPER}}{{end}}
{{ if .KC_AWS_JDBC_WRAPPER_URL}}--set jdbcWrapperURL={{.KC_AWS_JDBC_WRAPPER_URL}}{{end}}
status:
- test -n "$(KUBECONFIG="{{.KUBECONFIG}}" helm list --namespace {{.NAMESPACE}} --filter keycloak-build-config -q)"
preconditions:
- test -f {{.KUBECONFIG}}

prepare-keycloak-images-openshift:
desc: "Create images for the current build of Keycloak distribution"
label: "{{.TASK}}-{{.ROSA_CLUSTER_NAME}}"
Expand All @@ -58,17 +78,8 @@ tasks:
ARCHIVE_NAME:
sh: ls .task/keycloak/quarkus/dist/target/keycloak-*.tar.gz | xargs -n 1 basename
cmds:
- KUBECONFIG="{{.KUBECONFIG}}" oc create namespace "{{.NAMESPACE}}" || true
- KUBECONFIG={{.KUBECONFIG}} helm uninstall --namespace {{.NAMESPACE}} keycloak-build-config || true
# Create custom Keycloak resources for both Keycloak and Keycloak operator
- >
KUBECONFIG="{{.KUBECONFIG}}" helm upgrade --install keycloak-build-config --namespace "{{.NAMESPACE}}"
--set "namespace={{.NAMESPACE}}"
--set "archiveName={{.ARCHIVE_NAME}}"
./keycloak-image-helm
# Start Keycloak image build
- cp "$(ls .task/keycloak/quarkus/dist/target/keycloak-*.tar.gz)" ".task/keycloak/quarkus/container/"
- cp "$(ls .task/keycloak/quarkus/dist/target/keycloak-*.tar.gz)" ".task/keycloak/quarkus/container/keycloak.tar.gz"
- KUBECONFIG="{{.KUBECONFIG}}" oc start-build -n {{.NAMESPACE}} keycloak --from-dir ".task/keycloak/quarkus/container" --follow
- echo "image-registry.openshift-image-registry.svc:5000/{{.NAMESPACE}}/keycloak:latest" > .task/var-CUSTOM_CONTAINER_IMAGE_FILE

Expand All @@ -78,11 +89,23 @@ tasks:
sources:
- quarkus/dist/target/keycloak-*.tar.gz
- operator/target/keycloak-*.jar
status:
- test -n "$(KUBECONFIG="{{.KUBECONFIG}}" helm list --namespace {{.NAMESPACE}} --filter keycloak-build-config -q)"
preconditions:
- test -f {{.KUBECONFIG}}

prepare-keycloak-image-with-aws-jdbc-wrapper-openshift:
desc: "Create images for the current build of Keycloak distribution"
label: "{{.TASK}}-{{.ROSA_CLUSTER_NAME}}"
internal: true
requires:
vars:
- NAMESPACE
- KUBECONFIG
- ROSA_CLUSTER_NAME
cmds:
# Creates .task if it does not exist
- if [ ! -d .task ]; then mkdir .task; fi
- echo "image-registry.openshift-image-registry.svc:5000/{{.NAMESPACE}}/keycloak-with-aws-jdbc-wrapper:latest" > .task/var-CUSTOM_CONTAINER_IMAGE_FILE

install-keycloak-operator:
desc: "Install the Keycloak operator"
internal: true
Expand Down Expand Up @@ -156,12 +179,22 @@ tasks:
- ROSA_CLUSTER_NAME
vars:
CURRENT_KC_CONTAINER_IMAGE: '{{ ternary "$(cat .task/var-CUSTOM_CONTAINER_IMAGE_FILE 2> /dev/null || echo \"\")" .KC_CONTAINER_IMAGE (empty .KC_CONTAINER_IMAGE) }}'
KC_USE_AWS_JDBC_WRAPPER: '{{ .KC_USE_AWS_JDBC_WRAPPER | default "true" }}'
cmds:
- task: install-keycloak-build-configs
vars:
NAMESPACE: "{{.NAMESPACE}}"
KUBECONFIG: "{{.KUBECONFIG}}"
- task: '{{if .KC_REPOSITORY}}prepare-custom-images{{else}}no-op{{end}}'
vars:
KUBECONFIG: "{{.KUBECONFIG}}"
NAMESPACE: "{{.NAMESPACE}}"
ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME}}"
- task: '{{if eq .KC_USE_AWS_JDBC_WRAPPER "true"}}prepare-keycloak-image-with-aws-jdbc-wrapper-openshift{{else}}no-op{{end}}'
vars:
NAMESPACE: "{{.NAMESPACE}}"
KUBECONFIG: "{{.KUBECONFIG}}"
ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME}}"
- task: install-keycloak-operator
vars:
NAMESPACE: "{{.NAMESPACE}}"
Expand Down
2 changes: 2 additions & 0 deletions provision/keycloak-tasks/keycloak-image-helm/templates/keycloak-build-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.customImage }}
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
Expand Down Expand Up @@ -34,3 +35,4 @@ spec:
kind: ImageStreamTag
name: ubi9:latest
type: Docker
{{ end }}
20 changes: 20 additions & 0 deletions provision/keycloak-tasks/keycloak-image-helm/templates/keycloak-nightly-imagestream.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if and (.Values.useAWSJDBCWrapper) (not .Values.customImage) }}
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: keycloak
namespace: {{ .Values.namespace }}
spec:
lookupPolicy:
local: false
tags:
- name: latest
from:
kind: DockerImage
name: quay.io/keycloak/keycloak:nightly
generation: 2
importPolicy:
importMode: Legacy
referencePolicy:
type: Source
{{ end }}
2 changes: 2 additions & 0 deletions provision/keycloak-tasks/keycloak-image-helm/templates/keycloak-operator-build-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.customImage }}
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
Expand Down Expand Up @@ -31,3 +32,4 @@ spec:
kind: ImageStreamTag
name: ubi9:latest
type: Docker
{{ end }}
43 changes: 43 additions & 0 deletions provision/keycloak-tasks/keycloak-image-helm/templates/keycloak-with-AWS-JDBC-wrapper.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
{{- if .Values.useAWSJDBCWrapper }}
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: keycloak-with-aws-jdbc-wrapper
namespace: {{ .Values.namespace }}
labels:
build: keycloak
spec:
lookupPolicy:
local: false
---
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
labels:
build: keycloak
name: keycloak-with-aws-jdbc-wrapper
namespace: {{ .Values.namespace }}
spec:
output:
to:
kind: ImageStreamTag
name: keycloak-with-aws-jdbc-wrapper:latest
runPolicy: Serial
triggers:
- type: "ImageChange"
imageChange:
from:
kind: "ImageStreamTag"
name: "keycloak:latest"
strategy:
dockerStrategy:
from:
kind: "ImageStreamTag"
name: "keycloak:latest"
forcePull: true
source:
dockerfile: |
FROM keycloak:latest
ADD --chmod=0666 {{ .Values.jdbcWrapperURL }} /opt/keycloak/providers/
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
{{ end }}
2 changes: 2 additions & 0 deletions provision/keycloak-tasks/keycloak-image-helm/templates/ubi9-imagestream.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.customImage }}
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
Expand All @@ -16,3 +17,4 @@ spec:
importMode: Legacy
referencePolicy:
type: Source
{{ end }}
3 changes: 3 additions & 0 deletions provision/keycloak-tasks/keycloak-image-helm/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,6 @@
# Declare variables to be passed into your templates.

namespace: keycloak
customImage: false
useAWSJDBCWrapper: true
jdbcWrapperURL: https://github.com/awslabs/aws-advanced-jdbc-wrapper/releases/download/2.3.3/aws-advanced-jdbc-wrapper-2.3.3.jar
2 changes: 1 addition & 1 deletion provision/minikube/keycloak/templates/aurora/aurora-service.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if eq .Values.database "aurora-postgres" }}
{{ if and (eq .Values.database "aurora-postgres") (not .Values.useAWSJDBCWrapper) }}
kind: Service
apiVersion: v1
metadata:
Expand Down
18 changes: 17 additions & 1 deletion provision/minikube/keycloak/templates/keycloak.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,11 @@ spec:
db:
{{ if or (eq .Values.database "aurora-postgres") (eq .Values.database "postgres") (eq .Values.database "postgres+infinispan") }}
vendor: postgres
{{- if .Values.useAWSJDBCWrapper}}
url: jdbc:aws-wrapper:postgresql://{{ .Values.dbUrl }}:5432/keycloak
{{- else }}
url: jdbc:postgresql://postgres:5432/keycloak
{{ end }}
{{ end }}
poolMinSize: {{ .Values.dbPoolMinSize }} # <1>
poolInitialSize: {{ .Values.dbPoolInitialSize }}
Expand Down Expand Up @@ -61,6 +65,10 @@ spec:
key: {{ base .Values.infinispan.configFile }} # <1>
# end::keycloak-ispn[]
{{- end }}
{{ if .Values.useAWSJDBCWrapper }}
transaction:
xaEnabled: false
{{ end }}
# tag::keycloak-ispn[]
additionalOptions:
# end::keycloak-ispn[]
Expand Down Expand Up @@ -130,6 +138,10 @@ spec:
name: keycloak-jgroups-pkcs12-password
key: password
{{- end }}
{{ if .Values.useAWSJDBCWrapper }}
- name: db-driver
value: software.amazon.jdbc.Driver
{{ end }}
http:
tlsSecret: keycloak-tls-secret
instances: {{ .Values.instances }}
Expand Down Expand Up @@ -243,9 +255,13 @@ spec:
# command:
# - 'true'
volumeMounts:
{{- range $path, $size := .Files.Glob "providers/**" }}
{{- $name := base $path }}
- name: keycloak-providers
mountPath: /opt/keycloak/providers
mountPath: /opt/keycloak/providers/{{ $name }}
subPath: {{ $name }}
readOnly: true
{{- end -}}
{{ if .Values.infinispan.jgroupsTls }}
- name: cache-embedded-mtls-volume
mountPath: /etc/cache-embedded-mtls
Expand Down
1 change: 1 addition & 0 deletions provision/minikube/keycloak/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ dbPoolInitialSize: 15
dbPoolMaxSize: 15
dbPoolMinSize: 15
dbUrl: ''
useAWSJDBCWrapper: true
storage: ''
database: postgres
disableCaches: false
Expand Down
11 changes: 11 additions & 0 deletions provision/rosa-cross-dc/Taskfile.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -601,6 +601,17 @@ tasks:
- >
echo 'WARNING: use the information above to configure your Keycloak deployment!'
route53-test-primary-used:
desc: "Checks if the primary cluster is active and prints it to the console"
dir: "{{.ROUTE53_DIR}}"
deps:
- common:split
- common:env
requires:
vars:
- KC_CLIENT_URL
cmd: (./route53_test_primary_used.sh {{substr 7 999999 .KC_CLIENT_URL}} && echo "Primary cluster is active") || echo "Primary cluster is NOT active"

dataset-import:
internal: true
requires:
Expand Down

0 comments on commit 721a9bd

Please sign in to comment.