[keycloak-user] AWS ELB

Veit Guna veit.guna at gmx.de
Mon Aug 7 03:31:55 EDT 2017


Yeah something like this I had in mind.

Currently all our services a stateless REST services that don't need
something like a session or replication or such.
Having to setup some Wildfly specific cluster in AWS would put an extra
burden to our DevOps. Not sure how big the pain is though :).

So the question is not about Wildfly and how to setup a cluster in AWS,
but more like, what KC needs to function properly.
Does it heavily rely on Wildfly/JEE (EJBs, distributed TX etc.) to
function properly or is it just a "goodie" that comes with Wildfly
out-of-the-box (loadbalancing, failover etc.)?

E.g. does it really need session replication? What does the cache need
to function properly? Maybe it supports redis? Things like that.

I wonder If someone has a running setup working on AWS without spinning
up a Wildfly cluster and just relying on AWS ELB and maybe sticky
sessions with isolated KC instances.


Am 04.08.2017 um 16:32 schrieb Phillip Fleischer:
> I wonder if you completely disabled caching in configuration if that
> would work with no additional changes. Obviously not ideal for
> performance. 
>
> We definitely are using jgroups for this though. 
>
> ------------------------------------------------------------------------
> *From:* John Bartko <john.bartko at drillinginfo.com>
> *Sent:* Friday, August 4, 2017 10:18:45 AM
> *To:* Veit Guna; keycloak-user at lists.jboss.org; Phillip Fleischer
> *Subject:* Re: [keycloak-user] AWS ELB
>  
> I believe it is the case that either nodes must replicate the session
> cache, or the LB must use some sort of session affinity.
> ------------------------------------------------------------------------
> *From:* keycloak-user-bounces at lists.jboss.org
> <keycloak-user-bounces at lists.jboss.org> on behalf of Phillip Fleischer
> <pcfleischer at outlook.com>
> *Sent:* Friday, August 4, 2017 8:12:12 AM
> *To:* Veit Guna; keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] AWS ELB
>  
> I believe this is pretty well documented somewhere.
>
> Unless I recall incorrectly, Even with multiple node in standalone you
> still need clustering setup for many operations. Since clustering uses
> multicast by default you'll need to use jgroups backed by a database
> provider of some sort.
>
> If you search around I believe this is all out on documentation you
> might need to search jboss docs instead of keycloak though.
>
>
>
> ________________________________
> From: keycloak-user-bounces at lists.jboss.org
> <keycloak-user-bounces at lists.jboss.org> on behalf of Veit Guna
> <veit.guna at gmx.de>
> Sent: Friday, August 4, 2017 8:05:38 AM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] AWS ELB
>
> Hi.
>
> My company plans to use KC for central authentication and authorization
> for multiple microservice backends and frontends.
> Since all our services are running on AWS, we're wondering whether it is
> a problem to use the AWS ELBs and not the wildfly clustering.
>
> So my question is, is it a requirement to use the wildfly clustering
> capabilities to be able to get a working, scalable KC?
> What might not work or even break if we just load balance against
> isolated KC instances which maybe share the same storage/db?
>
> Thanks!
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list