Hi Rafael,
In Keycloak, clustering is implemented via Infinispan [1] (a
distributed cache), which in turn uses JGroups [2] as a communication
layer. By default, nodes use IP multicast for discovery (MPING in
JGroups terminology). So as long as your nodes live in the same private
network that supports multicast, you should be fine.
If IP multicast is restricted (like e.g. on AWS), one can use alternate
discovery methods like JDBC_PING (using shared database) or S3_PING
(obviously, using S3).
See Keycloak documentation on network setup for clustering [3], as well
as Infinispan and JGroups docs on the same.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
[1]
http://infinispan.org
[2]
http://www.jgroups.org
[3]
https://www.keycloak.org/docs/latest/server_installation/index.html
#_clustering
On Sat, 2018-07-07 at 09:09 -0300, Rafael Weingärtner wrote:
Hello Keycloak communities,
I am configuring Keycloak for production, and we will need to use it
in a
clustered fashion. I have read about the two possible deployment
scenarios
“Standalone clustered mode” and “domain clustered mode”. It seems
that
the “Standalone clustered mode” is the simpler one. Also, we will be
using
Docker to deploy Keycloak. Therefore, we will not have the burden of
managing configuration files manually. The update (configurations
and/or
Keycloak versions) should always be a matter of stopping and starting
a new
version of the Docker container.
I have one doubt though. It seems pretty magical that to configure
Keycloak
in HA mode I only need to use “standalone-ha.xml”. How does the
discovery
process of nodes happen? I mean, are the replicates communicating
with each
other directly, or is everything via a shared database? Do I need to
expose
some specific port from my Keycloaks replicas to the network? Or only
the
standard 443/80 is enough?
Thanks in advance for your help ;)
--
Rafael Weingärtner
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user