feat(lab-05): PostgreSQL integration -- PG multi-DB, Redis cache, Keycloak, Traefik LB, Prometheus

RedjiJB · RedjiJB · commit 78f6ecb65146 · 2026-02-28T17:30:44.000-05:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -34,8 +34,10 @@ jobs:
           echo "Validating: docker/docker-compose.sso.yml"
           docker compose -f docker/docker-compose.sso.yml config -q
           echo "OK: docker/docker-compose.sso.yml"
-          for f in docker/docker-compose.integration.yml \
-                   docker/docker-compose.integration.yml docker/docker-compose.production.yml; do
+          echo "Validating: docker/docker-compose.integration.yml"
+          docker compose -f docker/docker-compose.integration.yml config -q
+          echo "OK: docker/docker-compose.integration.yml"
+          for f in docker/docker-compose.production.yml; do
             echo "Checking scaffold: $f"
             docker compose -f "$f" config --no-interpolate -q 2>&1 && echo "OK: $f" \
               || echo "WARN: $f has placeholder variables (scaffold — not yet built out)"
@@ -226,4 +228,38 @@ jobs:
 
       - name: Cleanup
         if: always()
-        run: docker compose -f docker/docker-compose.sso.yml down -v
+        run: docker compose -f docker/docker-compose.sso.yml down -v
+
+  lab-05-smoke:
+    name: Lab 05 -- PG multi-DB + Keycloak + Redis + Traefik integration
+    runs-on: ubuntu-latest
+    needs: validate
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install tools
+        run: sudo apt-get install -y postgresql-client redis-tools curl netcat-openbsd
+
+      - name: Start integration stack
+        run: docker compose -f docker/docker-compose.integration.yml up -d
+
+      - name: Wait for Keycloak
+        run: timeout 200 bash -c 'until curl -sf http://localhost:8080/health/ready | grep -q UP; do sleep 5; done'
+
+      - name: Wait for PostgreSQL
+        run: timeout 60 bash -c 'until pg_isready -h localhost -p 5432 -U postgres; do sleep 3; done'
+
+      - name: Run Lab 03-05 test script
+        env:
+          PG_PASS: "Lab05Password!"
+          KC_PASS: "Lab05Password!"
+        run: bash tests/labs/test-lab-03-05.sh
+
+      - name: Collect logs on failure
+        if: failure()
+        run: docker compose -f docker/docker-compose.integration.yml logs
+
+      - name: Cleanup
+        if: always()
+        run: docker compose -f docker/docker-compose.integration.yml down -v
diff --git a/docker/docker-compose.integration.yml b/docker/docker-compose.integration.yml
@@ -1,26 +1,131 @@
-# Lab 05 — Advanced Integration: postgresql with full IT-Stack ecosystem
----
 services:
-  postgresql:
-    image: postgres:16
-    container_name: it-stack-postgresql
-    restart: unless-stopped
+
+  # ── PostgreSQL: serves as DB for Keycloak AND app ─────────────────
+  postgres:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_PASSWORD: Lab05Password!
+    command: >
+      postgres
+      -c shared_buffers=256MB
+      -c max_connections=200
+      -c log_connections=on
+    ports:
+      - "5432:5432"
+    networks:
+      - int-net
+    volumes:
+      - pg-int:/var/lib/postgresql/data
+      - ./integration/pg-init.sh:/docker-entrypoint-initdb.d/pg-init.sh:ro
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 3s
+      retries: 20
+
+  # ── Redis: session cache shared by app nodes ──────────────────────
+  redis:
+    image: redis:7.2-alpine
+    command: redis-server --requirepass Lab05Password! --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
     ports:
-      - "5432:$firstPort"
+      - "6379:6379"
+    networks:
+      - int-net
+    volumes:
+      - redis-int:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "-a", "Lab05Password!", "--no-auth-warning", "PING"]
+      interval: 5s
+      timeout: 3s
+      retries: 15
+
+  # ── Keycloak: uses PostgreSQL as its database ─────────────────────
+  keycloak:
+    image: quay.io/keycloak/keycloak:24.0
+    command: start-dev
+    depends_on:
+      postgres:
+        condition: service_healthy
     environment:
-      - IT_STACK_ENV=lab-05-integration
-      - KEYCLOAK_URL=
-      - DB_HOST=
-      - REDIS_HOST=
-      - SMTP_HOST=
-      - GRAYLOG_HOST=
-    extra_hosts:
-      - "lab-id1:10.0.50.11"
-      - "lab-db1:10.0.50.12"
-      - "lab-proxy1:10.0.50.15"
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: Lab05Password!
+      KC_DB: postgres
+      KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: Lab05Password!
+      KC_HTTP_PORT: "8080"
+      KC_HOSTNAME_STRICT: "false"
+      KC_PROXY: edge
     networks:
-      - it-stack-net
+      - int-net
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8080/health/ready || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 30
+      start_period: 60s
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.keycloak.rule=PathPrefix(`/auth`) || PathPrefix(`/realms`) || PathPrefix(`/admin`)"
+      - "traefik.http.routers.keycloak.entrypoints=web"
+      - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
+
+  # ── App node 1 (whoami — simulates app backed by PG + Redis) ──────
+  app-1:
+    image: traefik/whoami:latest
+    environment:
+      WHOAMI_NAME: "app-node-1"
+    networks:
+      - int-net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=PathPrefix(`/app`)"
+      - "traefik.http.routers.app.entrypoints=web"
+      - "traefik.http.services.app.loadbalancer.server.port=80"
+
+  # ── App node 2 (second replica — load balanced by Traefik) ────────
+  app-2:
+    image: traefik/whoami:latest
+    environment:
+      WHOAMI_NAME: "app-node-2"
+    networks:
+      - int-net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=PathPrefix(`/app`)"
+      - "traefik.http.routers.app.entrypoints=web"
+      - "traefik.http.services.app.loadbalancer.server.port=80"
+
+  # ── Traefik: routes to Keycloak + app ─────────────────────────────
+  traefik:
+    image: traefik:v3.0
+    command:
+      - --api.dashboard=true
+      - --api.insecure=true
+      - --entrypoints.web.address=:80
+      - --entrypoints.metrics.address=:8082
+      - --metrics.prometheus=true
+      - --metrics.prometheus.entrypoint=metrics
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --accesslog=true
+      - --accesslog.format=json
+    ports:
+      - "80:80"
+      - "8080:8080"
+      - "8082:8082"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - int-net
+    depends_on:
+      keycloak:
+        condition: service_healthy
 
 networks:
-  it-stack-net:
+  int-net:
     driver: bridge
+
+volumes:
+  pg-int:
+  redis-int:
diff --git a/docker/integration/pg-init.sh b/docker/integration/pg-init.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+# Create Keycloak database + user
+psql -v ON_ERROR_STOP=1 --username=postgres <<-EOSQL
+    CREATE USER keycloak WITH PASSWORD 'Lab05Password!';
+    CREATE DATABASE keycloak OWNER keycloak;
+    GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
+
+    CREATE USER labapp WITH PASSWORD 'Lab05Password!';
+    CREATE DATABASE labapp OWNER labapp;
+    GRANT ALL PRIVILEGES ON DATABASE labapp TO labapp;
+EOSQL
diff --git a/tests/labs/test-lab-03-05.sh b/tests/labs/test-lab-03-05.sh
