232 lines
8.3 KiB
YAML
232 lines
8.3 KiB
YAML
version: "2.2"
|
|
|
|
networks:
|
|
# DC 1
|
|
dc1_keycloak:
|
|
ipam:
|
|
config:
|
|
- subnet: 10.1.1.0/24
|
|
# DC 2
|
|
dc2_keycloak:
|
|
ipam:
|
|
config:
|
|
- subnet: 10.2.1.0/24
|
|
# cross-DC
|
|
loadbalancing:
|
|
ipam:
|
|
config:
|
|
- subnet: 10.0.2.0/24
|
|
# cross-DC
|
|
db_replication:
|
|
ipam:
|
|
config:
|
|
- subnet: 10.0.3.0/24
|
|
# cross-DC
|
|
ispn_replication:
|
|
ipam:
|
|
config:
|
|
- subnet: 10.0.4.0/24
|
|
|
|
services:
|
|
|
|
infinispan_dc1:
|
|
build: infinispan
|
|
image: keycloak_test_infinispan:${KEYCLOAK_VERSION:-latest}
|
|
cpus: 1
|
|
networks:
|
|
- ispn_replication
|
|
- dc1_keycloak
|
|
environment:
|
|
PUBLIC_SUBNET: 10.1.1.0/24
|
|
PRIVATE_SUBNET: 10.0.4.0/24
|
|
MGMT_USER: admin
|
|
MGMT_USER_PASSWORD: admin
|
|
# APP_USER: keycloak
|
|
# APP_USER_PASSWORD: keycloak
|
|
# APP_USER_GROUPS: keycloak
|
|
JAVA_OPTS: ${INFINISPAN_JVM_MEMORY:--Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -XX:+DisableExplicitGC} -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
|
|
ports:
|
|
- "9991:9990"
|
|
|
|
infinispan_dc2:
|
|
build: infinispan
|
|
image: keycloak_test_infinispan:${KEYCLOAK_VERSION:-latest}
|
|
depends_on:
|
|
infinispan_dc1:
|
|
condition: service_healthy
|
|
cpus: 1
|
|
networks:
|
|
- ispn_replication
|
|
- dc2_keycloak
|
|
environment:
|
|
PUBLIC_SUBNET: 10.2.1.0/24
|
|
PRIVATE_SUBNET: 10.0.4.0/24
|
|
MGMT_USER: admin
|
|
MGMT_USER_PASSWORD: admin
|
|
# APP_USER: keycloak
|
|
# APP_USER_PASSWORD: keycloak
|
|
# APP_USER_GROUPS: keycloak
|
|
JAVA_OPTS: ${INFINISPAN_JVM_MEMORY:--Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -XX:+DisableExplicitGC} -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
|
|
ports:
|
|
- "9992:9990"
|
|
|
|
|
|
mariadb_dc1:
|
|
build: db/mariadb
|
|
image: keycloak_test_mariadb:${KEYCLOAK_VERSION:-latest}
|
|
cpus: 1
|
|
networks:
|
|
- db_replication
|
|
- dc1_keycloak
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: root
|
|
MYSQL_INITDB_SKIP_TZINFO: foo
|
|
MYSQL_DATABASE: keycloak
|
|
MYSQL_USER: keycloak
|
|
MYSQL_PASSWORD: keycloak
|
|
entrypoint: docker-entrypoint-wsrep.sh
|
|
command: --wsrep-new-cluster
|
|
ports:
|
|
- "3306:3306"
|
|
|
|
mariadb_dc2:
|
|
build: db/mariadb
|
|
image: keycloak_test_mariadb:${KEYCLOAK_VERSION:-latest}
|
|
depends_on:
|
|
mariadb_dc1:
|
|
condition: service_healthy
|
|
cpuset: ${DB_CPUSET:-1}
|
|
mem_limit: ${DB_MEMLIMIT:-1g}
|
|
networks:
|
|
- db_replication
|
|
- dc2_keycloak
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: root
|
|
MYSQL_INITDB_SKIP_TZINFO: foo
|
|
entrypoint: docker-entrypoint-wsrep.sh
|
|
command: --wsrep_cluster_address=gcomm://mariadb_dc1
|
|
ports:
|
|
- "3307:3306"
|
|
|
|
|
|
|
|
keycloak_dc1:
|
|
build:
|
|
context: ./keycloak
|
|
args:
|
|
REMOTE_CACHES: "true"
|
|
image: keycloak_test_keycloak:${KEYCLOAK_VERSION:-latest}
|
|
depends_on:
|
|
# wait for the db cluster to be ready before starting keycloak
|
|
mariadb_dc2:
|
|
condition: service_healthy
|
|
# wait for the ispn cluster to be ready before starting keycloak
|
|
infinispan_dc2:
|
|
condition: service_healthy
|
|
cpuset: ${KEYCLOAK_DC1_CPUSET:-2}
|
|
mem_limit: ${KEYCLOAK_MEMLIMIT:-2500m}
|
|
networks:
|
|
- dc1_keycloak
|
|
environment:
|
|
CONFIGURATION: standalone-ha.xml
|
|
PUBLIC_SUBNET: 10.1.1.0/24
|
|
PRIVATE_SUBNET: 10.1.1.0/24
|
|
MARIADB_HOSTS: mariadb_dc1:3306
|
|
MARIADB_DATABASE: keycloak
|
|
MARIADB_USER: keycloak
|
|
MARIADB_PASSWORD: keycloak
|
|
KEYCLOAK_USER: admin
|
|
KEYCLOAK_PASSWORD: admin
|
|
INFINISPAN_HOST: infinispan_dc1
|
|
SITE: dc1
|
|
|
|
JAVA_OPTS: ${KEYCLOAK_JVM_MEMORY:--Xms64m -Xmx2g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m} -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
|
|
HTTP_MAX_CONNECTIONS: ${KEYCLOAK_HTTP_MAX_CONNECTIONS:-500}
|
|
AJP_MAX_CONNECTIONS: ${KEYCLOAK_AJP_MAX_CONNECTIONS:-500}
|
|
WORKER_IO_THREADS: ${KEYCLOAK_WORKER_IO_THREADS:-2}
|
|
WORKER_TASK_MAX_THREADS: ${KEYCLOAK_WORKER_TASK_MAX_THREADS:-16}
|
|
DS_MIN_POOL_SIZE: ${KEYCLOAK_DS_MIN_POOL_SIZE:-10}
|
|
DS_MAX_POOL_SIZE: ${KEYCLOAK_DS_MAX_POOL_SIZE:-100}
|
|
DS_POOL_PREFILL: "${KEYCLOAK_DS_POOL_PREFILL:-true}"
|
|
DS_PS_CACHE_SIZE: ${KEYCLOAK_DS_PS_CACHE_SIZE:-100}
|
|
ports:
|
|
- "8080"
|
|
- "9990"
|
|
|
|
|
|
keycloak_dc2:
|
|
build:
|
|
context: ./keycloak
|
|
args:
|
|
REMOTE_CACHES: "true"
|
|
image: keycloak_test_keycloak:${KEYCLOAK_VERSION:-latest}
|
|
depends_on:
|
|
# wait for first kc instance to be ready before starting another
|
|
keycloak_dc1:
|
|
condition: service_healthy
|
|
cpuset: ${KEYCLOAK_DC2_CPUSET:-3}
|
|
mem_limit: ${KEYCLOAK_MEMLIMIT:-2500m}
|
|
networks:
|
|
- dc2_keycloak
|
|
environment:
|
|
CONFIGURATION: standalone-ha.xml
|
|
PUBLIC_SUBNET: 10.2.1.0/24
|
|
PRIVATE_SUBNET: 10.2.1.0/24
|
|
MARIADB_HOSTS: mariadb_dc2:3306
|
|
MARIADB_DATABASE: keycloak
|
|
MARIADB_USER: keycloak
|
|
MARIADB_PASSWORD: keycloak
|
|
INFINISPAN_HOST: infinispan_dc2
|
|
SITE: dc2
|
|
|
|
JAVA_OPTS: ${KEYCLOAK_JVM_MEMORY:--Xms64m -Xmx2g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m} -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
|
|
HTTP_MAX_CONNECTIONS: ${KEYCLOAK_HTTP_MAX_CONNECTIONS:-500}
|
|
AJP_MAX_CONNECTIONS: ${KEYCLOAK_AJP_MAX_CONNECTIONS:-500}
|
|
WORKER_IO_THREADS: ${KEYCLOAK_WORKER_IO_THREADS:-2}
|
|
WORKER_TASK_MAX_THREADS: ${KEYCLOAK_WORKER_TASK_MAX_THREADS:-16}
|
|
DS_MIN_POOL_SIZE: ${KEYCLOAK_DS_MIN_POOL_SIZE:-10}
|
|
DS_MAX_POOL_SIZE: ${KEYCLOAK_DS_MAX_POOL_SIZE:-100}
|
|
DS_POOL_PREFILL: "${KEYCLOAK_DS_POOL_PREFILL:-true}"
|
|
DS_PS_CACHE_SIZE: ${KEYCLOAK_DS_PS_CACHE_SIZE:-100}
|
|
ports:
|
|
- "8080"
|
|
- "9990"
|
|
|
|
|
|
|
|
|
|
|
|
keycloak_lb_dc1:
|
|
build: load-balancer/wildfly-modcluster
|
|
image: keycloak_test_keycloak_lb:${KEYCLOAK_VERSION:-latest}
|
|
cpus: 1
|
|
networks:
|
|
- dc1_keycloak
|
|
# - loadbalancing
|
|
environment:
|
|
PRIVATE_SUBNET: 10.1.1.0/24
|
|
# PUBLIC_SUBNET: 10.0.2.0/24
|
|
JAVA_OPTS: ${KEYCLOAK_LB_JVM_MEMORY:--Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m} -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
|
|
HTTP_MAX_CONNECTIONS: ${KEYCLOAK_LB_HTTP_MAX_CONNECTIONS:-500}
|
|
WORKER_IO_THREADS: ${KEYCLOAK_LB_WORKER_IO_THREADS:-2}
|
|
WORKER_TASK_MAX_THREADS: ${KEYCLOAK_LB_WORKER_TASK_MAX_THREADS:-16}
|
|
ports:
|
|
- "8081:8080"
|
|
|
|
keycloak_lb_dc2:
|
|
build: load-balancer/wildfly-modcluster
|
|
image: keycloak_test_keycloak_lb:${KEYCLOAK_VERSION:-latest}
|
|
cpus: 1
|
|
networks:
|
|
- dc2_keycloak
|
|
# - loadbalancing
|
|
environment:
|
|
PRIVATE_SUBNET: 10.2.1.0/24
|
|
# PUBLIC_SUBNET: 10.0.2.0/24
|
|
JAVA_OPTS: ${KEYCLOAK_LB_JVM_MEMORY:--Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m} -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
|
|
HTTP_MAX_CONNECTIONS: ${KEYCLOAK_LB_HTTP_MAX_CONNECTIONS:-500}
|
|
WORKER_IO_THREADS: ${KEYCLOAK_LB_WORKER_IO_THREADS:-2}
|
|
WORKER_TASK_MAX_THREADS: ${KEYCLOAK_LB_WORKER_TASK_MAX_THREADS:-16}
|
|
ports:
|
|
- "8082:8080"
|
|
|