[keycloak-user] Upgrade Documentation: Containers and Cross-Dc

Hayden Fuss hfuss at bandwidth.com
Fri Aug 31 17:11:48 EDT 2018 

Hello,

When going through the upgrade documentation, it was tailored towards very
mutable deployments of Keycloak on VMs. Will the docs soon describe
containerized deployments of Keycloak as well? Obviously, the config XML
changes won't be the issue, moreso just the deployment strategy.

The docs say

For standalone-high availability (HA) mode, all instances must be upgraded
> at the same time.


Which to me is a little vague, it almost sounds like you *have* to stop all
servers at the same time rather than in a rolling fashion. Does this mean
you can't deploy Keycloak with zero-downtime? Even in a containerized
environment which will more easily allow for rolling, blue/green, or canary
deployments?

For the cross-DC scenario thats even scarier since Keycloak would have to
be down in *all* DC's temporarily. Even if thats not the case, how does the
manual DB migration work, especially in the cross-DC case:

When you start the server with this configuration it checks if the database
> needs to be migrated. The required changes are written to an SQL file that
> you can review and manually run against the database
>

It sounds like you have to start the new version of the server to get the
migrations. What will the new version of the server do while the migrations
haven't been applied, will it still run or crash/return 5xxs since the
schema updates I would think it _requires_ don't exist?

Also this is in no way container feels friendly since you can get the
migrations off a container easily. The automated migrations seem like they
would require downtime too unless the changes are guaranteed to be
backwards compatible, but that contradicts "all instances must be upgraded
at the same time".

Also with the 4.4.0 release coming up, Infinispan will be upgraded a major
version that will likely be breaking release for those running the cross-DC
setup, or will they have the option to keep using Infinispan 8.2.8? Can we
expect lots of Infinispan upgrades in the future?

Sorry I know those are a lot of questions, thanks for any help clarifying
or providing past experiences with Keycloak upgrades.

Best,
Hayden

More information about the keycloak-user mailing list