[keycloak-user] Keycloak in kubernetes cluster with AWS postgress: standalone-ha?

Tonnis Wildeboer tonnis at autonomic.ai
Wed Aug 30 14:47:02 EDT 2017


Thank you Phillip, for your reply.
I would still like to find answers to my four questions:

1. What are the specific differences between using --server-config
standalone-ha.xml vs standalone.xml?
2. Is there communication between the pods that needs to happen when
running in "Standalone Clustered Mode"? (I ask this because I would need to
make sure that this is possible, possibly across VPCs.) If so, what is it?
I am hoping they just share a database.
3. Why doesn't the base jboss-dockerfiles/keycloak-server image also modify
the standalone-ha.xml file too, in the same way it modifies the
standalone.xml file: (https://github.com/jboss-dockerfiles/keycloak/blob/
0a54ccaccd5e27e75105b904708ac4ccd80df5c5/server/Dockerfile#L23-L25)?
4. Is there any other documentation, etc that I should be looking at?

Thanks,

--Tonnis



--Tonnis
____________________
Tonnis Wildeboer
Autonomic.ai Engineering
650-204-0246

On Tue, Aug 29, 2017 at 2:51 AM, Phillip Fleischer <pcfleischer at outlook.com>
wrote:

> My guess around configuration is expected default infrastructure is truly
> standalone on virtual infrastructure or openshift where ssl is terminated
> on jboss and infrastructure supports multicast dns for ha.
>
> We use our own standalone.xml  similar to below. You'll probably want to
> look at jgroups jdbc ping since multicast might not work. Someone recently
> asked if you can just disable cache if you can avoid jgroups but I haven't
> tried that myself or heard back that is a viable solution.
>
> https://goldmann.pl/blog/2014/07/23/customizing-the-
> configuration-of-the-wildfly-docker-image/
>
> http://www.fafonso.com/jgroups/unicast/postgresql/
> jdbc/ping/cluster/2016/08/07/jgroups-with-postgresql.html
>
>
> _____________________________
> From: Tonnis Wildeboer <tonnis at autonomic.ai>
> Sent: Friday, August 25, 2017 1:33 PM
> Subject: [keycloak-user] Keycloak in kubernetes cluster with AWS
> postgress: standalone-ha?
> To: <keycloak-user at lists.jboss.org>
>
>
>
> I am attempting to run Keycloak in a kubernetes cluster with a shared
> postgres (RDS) db. Everything is hosted on AWS. The keycloak instances are
> deployed using Helm.
>
> I have read the clustering documentation and from that it seems that the
> appropriate clustering mode in this scenario would be "Standalone Clustered
> Mode".Therefore, I am using the "jboss/keycloak-ha-postgres" Docker image.
> Since I am using the nginx Ingress controller I have the prescribed
> PROXY_ADDRESS_FORWARDING=true environment variable. Upon inspection of the
> Docker image, however, I noticed that the
> $JBOSS_HOME/standalone/configuration/standalone-ha.xml file in that image
> does not have the
> proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING}" attribute in
> the
> <http-listener ...> element. I also noticed that the
> jboss-dockerfiles/keycloak-server base image has a sed command to add this
> to the standalone.xml file but not to the standalone-ha.xml file.
>
> Also, of the exmaples I have found via Google searches, I have not found
> examples of deploying Keycloak this way, which is surprising. I have seen
> examples with a single instance using the standalone postres image, but not
> "Standalone Clustered".
>
> So here are my questions:
>
> 1. What are the specific differences between using --server-config
> standalone-ha.xml vs standalone.xml?
> 2. Is there communication between the pods that needs to happen when
> running in "Standalone Clustered Mode"? (I ask this because I would need to
> make sure that this is possible, possibly across VPCs.) If so, what is it?
> I am hoping they just share a database.
> 3. Why doesn't the base jboss-dockerfiles/keycloak-server image also
> modify
> the standalone-ha.xml file too, in the same way it modifies the
> standalone.xml file: (
> https://github.com/jboss-dockerfiles/keycloak/blob/
> 0a54ccaccd5e27e75105b904708ac4ccd80df5c5/server/Dockerfile#L23-L25
> )?
> 4. Is there any other documentation, etc that I should be looking at?
>
> Thank you,
>
> Tonnis
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>


More information about the keycloak-user mailing list