[keycloak-user] kubernetes

Fri Jan 19 07:21:30 EST 2018

You will have a dependency to the DB anyways, so I guess it would not hurt to use it for cluster discovery using JDBC_PING. It basically creates a table  JGROUPSPING that gets updated as nodes join and leave the cluster. THowever, it seems to work a little differently depending on the DB type: on MySQL, the necessary table is created automatically while you have to do it yourself on Postgres (see https://github.com/jboss-dockerfiles/keycloak/pull/62) . Another reason to use a different mechanism like KUBE_PING could be if you want to experiment with different Keycloak clusters accessing the same database to move towards zero downtime updates (that's something sitting in my backlog). I lately also read recommendations to use DNS_PING (see https://github.com/jboss-dockerfiles/keycloak/pull/100) but I don’t have any personal experience with it...

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

Dr.-Ing.  Sebastian Schuster

Engineering and Support (INST/ESY1) 
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com
Tel. +49 30 726112-485 | Fax +49 30 726112-100 | Sebastian.Schuster at bosch-si.com

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B 
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn 

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Simon Payne
Sent: Freitag, 19. Januar 2018 11:48
To: keycloak-user <keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] kubernetes

thanks for the information both.

I've managed to get KUBE_PING working.  it appears that i was mainly
missing the socket binding.   I came across a pull request to
https://github.com/jboss-dockerfiles/keycloak which had a build for kubernetes using KUBE_PING which has helped me a lot.  With some modifications to the cache it appears to scale in kubernetes.  The original fork can be found here https://github.com/rayscunningham/keycloak

So how does JDBC_PING actually work and what is the dependency on mySQL?

I wanted a protocol which was only dependent on kubernetes rather than any other component or network infrastructure allowing our cluster to be portable across different kubernetes implementations .  Our production kubernetes will be hosted within another data centre

thanks

On Fri, Jan 19, 2018 at 8:29 AM, Iván Perdomo <ivan at akvo.org> wrote:

> Hi,
>
> We're running Keycloak in Kubernetes (in Google Cloud Platform) and 
> instead of KUBE_PING we're using JDBC_PING (with a hosted MySQL by Google).
>
> Our changes are available in the following repo:
>
> https://github.com/akvo/akvo-keycloak
>
> On 01/17/2018 12:03 PM, Simon Payne wrote:
> > Hi all,
> >
> > i'm trying to get keycloak clustered on google cloud using KUBE_PING.
> >
> > i have a starting keycloak server using docker based on the latest
> keycloak
> > and using kubernetes-0.9.3
> >
> > however, i get the message:
> >
> > [org.jgroups.protocols.kubernetes.KUBE_PING] (ServerService Thread 
> > Pool
> --
> > 51) namespace not set; clustering disabled
> >
> > i cant figure out how to add the namespace - all example are using 
> > infinispan which uses different markup to keycloak.
> >
> > my standalone-ha uses <protocol type="kubernetes.KUBE_PING"/>
> >
> > if i add any additional attributes on this tag then keycloak fails 
> > to
> start
> >
> > any help would be appreciated.
> >
> >
> > thanks
> >
> > Simon.
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Iván
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user