Keycloak cluster in version 17

[pham lan]

Hello,

Could anyone point me to the documentation to setup a cluster of Keycloak version 17?

All i can find is the pinting to caches configuration. How about the setup for master/slave like in Wildfly?

Run Keycloak in a cluster

You’d not want every login to fail when your Keycloak instance goes down, so typical production deployments consist of two or more Keycloak instances.

Keycloak uses JGroups and Infinispan under the covers to provide a reliable, HA-ready stack to run in a clustered scenario. When deployed to a cluster the embedded Infinispan server communication should be secured. Either by enabling authentication and encryption, or through isolating the network used for cluster communication.

To find out more about using multiple nodes, the different caches and the right stack for your environment, see the Configuring distributed caches guide.

[Trevor Conley]

I too am interested in this. It looks like all of the information on the website is still talking about the standalone file which no longer exist. I am performing an upgrade from 11 to 17 so I'm not sure if 17 is when those files were dropped, presumably with the change to Quarkus from WildFly, but it would definitely be nice to know how to perform any of the configuration.

Or maybe, running on with a Kubernetes cluster is supposed to be the go to way now. Either way, would be nice to know.

[pham lan]

I did install KC v17 then upgraded to KC v18 already. I have 3 instances running on vms. They would join the cluster automatically as long as they can discover each other using udp multicast (i use tcp mode, but the member discovery is still using udp multicast, the transport protocol is tcp though).

The configuration on Quarkus seems to be way simplerer than the Wildfly one. Most of the configurations are performed in conf/keycloak.conf

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/3c617993-3909-41ea-9ca0-7c1856c19724n%40googlegroups.com.

[Trevor Conley]

If possible, would you mind sharing what options you added into the config file? I see a few labeled as 'cluster' but those options seem to be cache related. I'm not super familiar with all the workings of multicast, so as much help as you could provide would be greatly appreciated!

[Welton Torres]

Keycloak has infinispan and JGroups pre-configured, so it runs by default as a cluster, a single node cluster.

When you have more than one instance, you need a way for those nodes to find each other and form a single cluster. This is done by the discovery mechanism.

By default, they should find each other if running in VMs in the same subnet (in the cloud, you need to open the necessary ports in the security group). In Kubernetes, it should work if you provide a headless service.

So, the only configuration you need is probably cache-stack (https://www.keycloak.org/server/caching#_transport_stacks) set to UDP, which is already the default. If your VMs are not in the same subnet, you’ll need to use an additional cloud vendor configuration to allow discovery (https://www.keycloak.org/server/caching#_additional_transport_stacks).

All options are available as environment variables https://www.keycloak.org/server/all-config#_cluster

Note that replicas need a common database, so you’ll need an external database.

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/6520e074-7897-427e-ae06-a3026a0ed448n%40googlegroups.com.