From 08e8a96e7a5ac4b0d855bad2b166e2113cdb71c1 Mon Sep 17 00:00:00 2001
From: Nicole Rappe <nicole.rappe@bunny-lab.io>
Date: Sat, 13 Jul 2024 18:28:17 -0600
Subject: [PATCH] Update Docker & Kubernetes/Docker/Docker Compose/Keycloak.md

---
 .../Docker/Docker Compose/Keycloak.md         | 33 ++++++++++++++-----
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/Docker & Kubernetes/Docker/Docker Compose/Keycloak.md b/Docker & Kubernetes/Docker/Docker Compose/Keycloak.md
index 894aabc..5fd73ce 100644
--- a/Docker & Kubernetes/Docker/Docker Compose/Keycloak.md	
+++ b/Docker & Kubernetes/Docker/Docker Compose/Keycloak.md	
@@ -27,8 +27,8 @@
           timeout: 5s
           retries: 5
         networks:
-          docker_network:
-            ipv4_address: 192.168.5.3
+          keycloak_internal_network: # Network for internal communication
+            ipv4_address: 172.16.238.3 # Static IP for PostgreSQL in internal network
 
       keycloak:
         image: quay.io/keycloak/keycloak:23.0.6
@@ -37,14 +37,13 @@
           - /srv/containers/keycloak/themes:/opt/keycloak/themes
           - /srv/containers/keycloak/base-theme:/opt/keycloak/themes/base
         environment:
-          TZ: America/Denver # (1)
-          KC_PROXY_ADDRESS_FORWARDING: true # (2)
+          TZ: America/Denver
+          KC_PROXY_ADDRESS_FORWARDING: true
           KC_HOSTNAME_STRICT: false
-          KC_HOSTNAME: auth.bunny-lab.io # (3)
-          KC_PROXY: edge # (4)
+          KC_HOSTNAME: auth.bunny-lab.io
+          KC_PROXY: edge
           KC_HTTP_ENABLED: true
           KC_DB: postgres
-    #      KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB} # (5)
           KC_DB_USERNAME: ${POSTGRES_USER}
           KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
           KC_DB_URL_HOST: postgres
@@ -53,18 +52,28 @@
           KC_TRANSACTION_RECOVERY: true
           KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
           KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
-    #      KC_HOSTNAME_DEBUG: true # (6)
           KC_HEALTH_ENABLED: true
+          DB_POOL_MAX_SIZE: 20 # Maximum connections in the pool
+          DB_POOL_MIN_SIZE: 5 # Minimum idle connections in the pool
+          DB_POOL_ACQUISITION_TIMEOUT: 30 # Timeout for acquiring a connection from the pool
+          DB_POOL_IDLE_TIMEOUT: 300 # Timeout for closing idle connections
+          JDBC_PARAMS: "connectTimeout=30" # Timeout for establishing a new database connection
         ports:
           - 8080:8080
         restart: always
-
         depends_on:
           postgres:
             condition: service_healthy
+        healthcheck:
+          test: ["CMD", "curl", "-f", "http://localhost:8080/auth"] # Health check for Keycloak
+          interval: 30s # Health check interval
+          timeout: 10s # Health check timeout
+          retries: 3 # Health check retries
         networks:
           docker_network:
             ipv4_address: 192.168.5.2
+          keycloak_internal_network: # Network for internal communication
+            ipv4_address: 172.16.238.2 # Static IP for Keycloak in internal network
 
     networks:
       default:
@@ -72,6 +81,12 @@
           name: docker_network
       docker_network:
         external: true
+      keycloak_internal_network: # Internal network for private communication
+        driver: bridge # Network driver
+        ipam: # IP address management
+          config:
+            - subnet: 172.16.238.0/24 # Subnet for internal network
+
     ```
     
     1.  This sets the timezone of the Keycloak server to your timezone.  This is not really necessary according to the official documentation, however I just like to add it to all of my containers as a baseline environment variable to add