[keycloak-user] kubernetes discovery protocol for JGroups

Wed Oct 31 05:13:11 EDT 2018

Hello Sebastian,
I aggree with both of you and I'm also using DNS_PING.
But what's missing is the dns_query property value usage. It's an
additionnal propery that is required when using the DNS_PING protocol and I
would like to know which value is better suited for it.
Meissa

Le mer. 31 oct. 2018 à 09:12, Sebastian Laskawiec <slaskawi at redhat.com> a
écrit :

> Hey Meissa,
>
> Graham is 100% correct.
>
> The only thing I could add is that OpenShift Pods are not allowed to query
> Kubernetes API by default (you need to create a RoleBinding and a
> ServiceAccount to do that). Therefore, I recommend DNS_PING for OpenShift
> and KUBE_PING/DNS_PING (depending whether you'd like to create an
> additional HeadlessService) for vanilla Kube.
>
> Thanks,
> Sebastian
>
> On Tue, Oct 30, 2018 at 5:14 PM Graham Burgess <graham.burgess at razer.com>
> wrote:
>
>> Meissa,
>>
>> I believe the difference is in how it gets the data about the instances
>> in the cluster. DNS_PING obviously will use DNS, in a Kubernetes env you
>> will want to setup a headless service for that so it gets all the IPs for
>> all the instances. As for KUBE_PING, well that uses the Kubernetes API
>> directly to determine the IPs of the instances.
>>
>> I run vanilla Kubernetes clusters so I don't know how the difference with
>> OS will effect my beliefs. However, I would probably recommend just using
>> DNS_PING and making sure that there is a headless service as well as a
>> normal service for Keycloak. It would seem to be the more generic method
>> for sure.
>>
>> Best regards,
>> Graham Burgess
>> RΛZΞR|stormmore
>> Sr. DevOps Engineer (USA)
>> Email: graham.burgess at razer.com
>> DID: (415) 374 0639 <(415)%20374-0639>
>> Razer Inc. Stock Code: 1337.HK
>> IMPORTANT NOTICE: This e-mail may be confidential, legally privileged or
>> otherwise protected from disclosure. If you are not an intended recipient,
>> do not copy, distribute or use its contents. Do inform the sender that you
>> have received the message in error and delete it from your system. E-mails
>> are not secure and may suffer errors, computer viruses, delay, interception
>> and amendment. Razer accepts neither risk nor liability for any damage or
>> loss caused by this e-mail. To the extent permitted by applicable law,
>> Razer reserves the right to retain, monitor and intercept e-mails to and
>> from its systems.
>>
>> -----Original Message-----
>> From: keycloak-user-bounces at lists.jboss.org <
>> keycloak-user-bounces at lists.jboss.org> On Behalf Of Meissa M'baye Sakho
>> Sent: Tuesday, October 30, 2018 3:56 AM
>> To: keycloak-user <keycloak-user at lists.jboss.org>
>> Subject: [keycloak-user] kubernetes discovery protocol for JGroups
>>
>> Hello everyone,
>> Can someone tell me the difference between the dns.DNS_PING and
>> kubernetes.KUBE_PING protocols that we could use to enable keycloak
>> clustering?
>> It seems like both of them could be used in a kubernetes environment but
>> I can't see a documentation clearly explaining the difference between them.
>> I would like to knwo which one is relevant in a openshift environnement
>> which one is in a non openshift environnement.
>> The official githup repo [1] does not say a lot about that?
>> [1]=https://github.com/jgroups-extras/jgroups-kubernetes/
>> Regards,
>> Meissa
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>