Thank you Phillip, for your reply.
I would still like to find answers to my four questions:
1. What are the specific differences between using --server-config
standalone-ha.xml vs standalone.xml?
2. Is there communication between the pods that needs to happen when
running in "Standalone Clustered Mode"? (I ask this because I would need to
make sure that this is possible, possibly across VPCs.) If so, what is it?
I am hoping they just share a database.
3. Why doesn't the base jboss-dockerfiles/keycloak-server image also modify
the standalone-ha.xml file too, in the same way it modifies the
standalone.xml file: (
https://github.com/jboss-dockerfiles/keycloak/blob/
0a54ccaccd5e27e75105b904708ac4ccd80df5c5/server/Dockerfile#L23-L25)?
4. Is there any other documentation, etc that I should be looking at?
Thanks,
--Tonnis
--Tonnis
____________________
Tonnis Wildeboer
Autonomic.ai Engineering
650-204-0246
On Tue, Aug 29, 2017 at 2:51 AM, Phillip Fleischer <pcfleischer(a)outlook.com>
wrote:
My guess around configuration is expected default infrastructure is
truly
standalone on virtual infrastructure or openshift where ssl is terminated
on jboss and infrastructure supports multicast dns for ha.
We use our own standalone.xml similar to below. You'll probably want to
look at jgroups jdbc ping since multicast might not work. Someone recently
asked if you can just disable cache if you can avoid jgroups but I haven't
tried that myself or heard back that is a viable solution.
https://goldmann.pl/blog/2014/07/23/customizing-the-
configuration-of-the-wildfly-docker-image/
http://www.fafonso.com/jgroups/unicast/postgresql/
jdbc/ping/cluster/2016/08/07/jgroups-with-postgresql.html
_____________________________
From: Tonnis Wildeboer <tonnis(a)autonomic.ai>
Sent: Friday, August 25, 2017 1:33 PM
Subject: [keycloak-user] Keycloak in kubernetes cluster with AWS
postgress: standalone-ha?
To: <keycloak-user(a)lists.jboss.org>
I am attempting to run Keycloak in a kubernetes cluster with a shared
postgres (RDS) db. Everything is hosted on AWS. The keycloak instances are
deployed using Helm.
I have read the clustering documentation and from that it seems that the
appropriate clustering mode in this scenario would be "Standalone Clustered
Mode".Therefore, I am using the "jboss/keycloak-ha-postgres" Docker
image.
Since I am using the nginx Ingress controller I have the prescribed
PROXY_ADDRESS_FORWARDING=true environment variable. Upon inspection of the
Docker image, however, I noticed that the
$JBOSS_HOME/standalone/configuration/standalone-ha.xml file in that image
does not have the
proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING}" attribute in
the
<http-listener ...> element. I also noticed that the
jboss-dockerfiles/keycloak-server base image has a sed command to add this
to the standalone.xml file but not to the standalone-ha.xml file.
Also, of the exmaples I have found via Google searches, I have not found
examples of deploying Keycloak this way, which is surprising. I have seen
examples with a single instance using the standalone postres image, but not
"Standalone Clustered".
So here are my questions:
1. What are the specific differences between using --server-config
standalone-ha.xml vs standalone.xml?
2. Is there communication between the pods that needs to happen when
running in "Standalone Clustered Mode"? (I ask this because I would need to
make sure that this is possible, possibly across VPCs.) If so, what is it?
I am hoping they just share a database.
3. Why doesn't the base jboss-dockerfiles/keycloak-server image also
modify
the standalone-ha.xml file too, in the same way it modifies the
standalone.xml file: (
https://github.com/jboss-dockerfiles/keycloak/blob/
0a54ccaccd5e27e75105b904708ac4ccd80df5c5/server/Dockerfile#L23-L25
)?
4. Is there any other documentation, etc that I should be looking at?
Thank you,
Tonnis
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user