[keycloak-user] running 2 different keycloak clusters sharing the same database ( 1 cluster to create new realms, and another for all other access)

Madhu kkcmadhu at yahoo.com
Tue Nov 20 23:06:31 EST 2018


Hi,
Have a weird question,  I want to run 2 different keycloak clusters, one for creating realms and another for accessing realms/login and all other activity.
Is this kind of setup possible, have any body tried it before?
The 1st cluster just takes requests for provisioning new realms and any one time setup (like creating the admin user in realm, giving him specific access only etc)
After that, all interactions login, token creating, provisioning further user etc will take place through the other cluster.. 
I see that realm creation in my case ( realm has few user groups, client scopes, mappers (java script mapper), other custom mappers, about 10 clients, client specific roles etc) is a cpu intensive process and realm creation when we have about 80 to 100 relams(tenants) takes any where between 20 to 30 sec with cpu usage spiking to 100%.
So, wanted to test if having a separate instance/cluster for realm creation will help and ease the load on other cluster which servers typical login/logout and all other requests. Any insights here will be much appreciated.
- Would like to know if this could corrupt the keycloak schema?- I am ok if the new realms are not eagerly loaded in infispan cache (of the other cluster which handles regular request), but this should start loading the new realm the moment a login request comes ( i am ok for the first few logins to be slow).

RegardsMadhu


More information about the keycloak-user mailing list