After lots of experimentation, I found keycloak-mysql to be more useful
than keycloak-ha-postgres for HA in Kubernetes. See
https://github.com/jboss-dockerfiles/keycloak/pull/62
There is some more background in the JGroups mailing list thread "Expose
JGroups ports in Docker keycloak-ha-postgres".
/Staffan
On Tue, Nov 8, 2016 at 11:29 AM, Staffan <solsson(a)gmail.com> wrote:
Hi,
I've tried in different docker environments (compose, kubernetes,
standalone) to get a HA setup running using
https://hub.docker.com/r/
jboss/keycloak-ha-postgres/.
Keycloak nodes start all right, but are unaware of each other. Curiously I
fail to reach the JGroups ports from any other container or host system.
When I try -Djboss.bind.address.private=0.0.0.0 there's an error during
startup:
MSC000001: Failed to start service jboss.jgroups.channel.ee:
org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee:
java.security.PrivilegedActionException: java.net.BindException: [UDP] /
0.0.0.0 is not a valid address on any local network interface
at org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(
ChannelBuilder.java:80)
Caused by: java.security.PrivilegedActionException:
java.net.BindException: [UDP] /0.0.0.0 is not a valid address on any
local network interface
at org.wildfly.security.manager.WildFlySecurityManager.doChecked(
WildFlySecurityManager.java:640)
Caused by: java.net.BindException: [UDP] /0.0.0.0 is not a valid address
on any local network interface
at org.jgroups.util.Util.checkIfValidAddress(Util.java:3522)
... or if I switch to stack="tcp" in the jgroups subsystem:
MSC000001: Failed to start service jboss.jgroups.channel.ee:
org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee:
java.security.PrivilegedActionException: java.net.BindException: [TCP] /
0.0.0.0 is not a valid address on any local network interface
I guess this is a generic Wildfly topic, but I'm curious how the official
Keycloak docker containers are tested. In a docker context, the only two
interfaces I can bind to are 0.0.0.0 and 127.0.0.1.
regards
Staffan Olsson