[keycloak-user] Keycloak in kubernetes cluster with AWS postgress: standalone-ha?

Phillip Fleischer pcfleischer at outlook.com
Wed Aug 30 21:00:38 EDT 2017 

I don't know I have the exact answers to your questions but...

1) if you diff the files my recollection was configuration settings for shared cache.
2) same as above. Not a stateless database connection. Cache uses infinispan and nodes communicate by multicast or jgroups.
3) docker could have been done either way, I could apply xsl to either file and change my entry point. It's up to the developer of the docker file.
4) the only resources I have found were not "keycloak" but more jboss. Personally haven't found a definitive source on the topic

Probably not what you're looking for, but maybe this helps.

________________________________
From: Tonnis Wildeboer <tonnis at autonomic.ai>
Sent: Wednesday, August 30, 2017 2:47:02 PM
To: Phillip Fleischer
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Keycloak in kubernetes cluster with AWS postgress: standalone-ha?

Thank you Phillip, for your reply.
I would still like to find answers to my four questions:

1. What are the specific differences between using --server-config standalone-ha.xml vs standalone.xml?
2. Is there communication between the pods that needs to happen when running in "Standalone Clustered Mode"? (I ask this because I would need to make sure that this is possible, possibly across VPCs.) If so, what is it? I am hoping they just share a database.
3. Why doesn't the base jboss-dockerfiles/keycloak-server image also modify the standalone-ha.xml file too, in the same way it modifies the standalone.xml file: (https://github.com/jboss-dockerfiles/keycloak/blob/0a54ccaccd5e27e75105b904708ac4ccd80df5c5/server/Dockerfile#L23-L25)?
4. Is there any other documentation, etc that I should be looking at?

Thanks,

--Tonnis



--Tonnis
____________________
Tonnis Wildeboer
Autonomic.ai Engineering
650-204-0246

On Tue, Aug 29, 2017 at 2:51 AM, Phillip Fleischer <pcfleischer at outlook.com<mailto:pcfleischer at outlook.com>> wrote:
My guess around configuration is expected default infrastructure is truly standalone on virtual infrastructure or openshift where ssl is terminated on jboss and infrastructure supports multicast dns for ha.

We use our own standalone.xml  similar to below. You'll probably want to look at jgroups jdbc ping since multicast might not work. Someone recently asked if you can just disable cache if you can avoid jgroups but I haven't tried that myself or heard back that is a viable solution.

https://goldmann.pl/blog/2014/07/23/customizing-the-configuration-of-the-wildfly-docker-image/

http://www.fafonso.com/jgroups/unicast/postgresql/jdbc/ping/cluster/2016/08/07/jgroups-with-postgresql.html


_____________________________
From: Tonnis Wildeboer <tonnis at autonomic.ai<mailto:tonnis at autonomic.ai>>
Sent: Friday, August 25, 2017 1:33 PM
Subject: [keycloak-user] Keycloak in kubernetes cluster with AWS postgress: standalone-ha?
To: <keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>



I am attempting to run Keycloak in a kubernetes cluster with a shared
postgres (RDS) db. Everything is hosted on AWS. The keycloak instances are
deployed using Helm.

I have read the clustering documentation and from that it seems that the
appropriate clustering mode in this scenario would be "Standalone Clustered
Mode".Therefore, I am using the "jboss/keycloak-ha-postgres" Docker image.
Since I am using the nginx Ingress controller I have the prescribed
PROXY_ADDRESS_FORWARDING=true environment variable. Upon inspection of the
Docker image, however, I noticed that the
$JBOSS_HOME/standalone/configuration/standalone-ha.xml file in that image
does not have the
proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING}" attribute in the
<http-listener ...> element. I also noticed that the
jboss-dockerfiles/keycloak-server base image has a sed command to add this
to the standalone.xml file but not to the standalone-ha.xml file.

Also, of the exmaples I have found via Google searches, I have not found
examples of deploying Keycloak this way, which is surprising. I have seen
examples with a single instance using the standalone postres image, but not
"Standalone Clustered".

So here are my questions:

1. What are the specific differences between using --server-config
standalone-ha.xml vs standalone.xml?
2. Is there communication between the pods that needs to happen when
running in "Standalone Clustered Mode"? (I ask this because I would need to
make sure that this is possible, possibly across VPCs.) If so, what is it?
I am hoping they just share a database.
3. Why doesn't the base jboss-dockerfiles/keycloak-server image also modify
the standalone-ha.xml file too, in the same way it modifies the
standalone.xml file: (
https://github.com/jboss-dockerfiles/keycloak/blob/0a54ccaccd5e27e75105b904708ac4ccd80df5c5/server/Dockerfile#L23-L25
)?
4. Is there any other documentation, etc that I should be looking at?

Thank you,

Tonnis
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list