[keycloak-user] kubernetes discovery protocol for JGroups

Wed Oct 31 05:33:19 EDT 2018

The dns_query parameter needs to match your DNS query. Here's an example
for A records[1]:
jgroups-dns-ping.myproject.svc.cluster.local
- svc.cluster.local - tells Kubernetes that this is a service inside its
cluster
- myproject - this is the namespace I'm using
- jgroups-dns-ping - this is the service name I'm using

I hope this helps!

Thanks,
Sebastian

[1]
https://github.com/slaskawi/jgroups-dns-ping-example/blob/master/src/main/resources/config-test.xml#L30

On Wed, Oct 31, 2018 at 10:13 AM Meissa M'baye Sakho <msakho at redhat.com>
wrote:

> Hello Sebastian,
> I aggree with both of you and I'm also using DNS_PING.
> But what's missing is the dns_query property value usage. It's an
> additionnal propery that is required when using the DNS_PING protocol and I
> would like to know which value is better suited for it.
> Meissa
>
> Le mer. 31 oct. 2018 à 09:12, Sebastian Laskawiec <slaskawi at redhat.com> a
> écrit :
>
>> Hey Meissa,
>>
>> Graham is 100% correct.
>>
>> The only thing I could add is that OpenShift Pods are not allowed to
>> query Kubernetes API by default (you need to create a RoleBinding and a
>> ServiceAccount to do that). Therefore, I recommend DNS_PING for OpenShift
>> and KUBE_PING/DNS_PING (depending whether you'd like to create an
>> additional HeadlessService) for vanilla Kube.
>>
>> Thanks,
>> Sebastian
>>
>> On Tue, Oct 30, 2018 at 5:14 PM Graham Burgess <graham.burgess at razer.com>
>> wrote:
>>
>>> Meissa,
>>>
>>> I believe the difference is in how it gets the data about the instances
>>> in the cluster. DNS_PING obviously will use DNS, in a Kubernetes env you
>>> will want to setup a headless service for that so it gets all the IPs for
>>> all the instances. As for KUBE_PING, well that uses the Kubernetes API
>>> directly to determine the IPs of the instances.
>>>
>>> I run vanilla Kubernetes clusters so I don't know how the difference
>>> with OS will effect my beliefs. However, I would probably recommend just
>>> using DNS_PING and making sure that there is a headless service as well as
>>> a normal service for Keycloak. It would seem to be the more generic method
>>> for sure.
>>>
>>> Best regards,
>>> Graham Burgess
>>> RΛZΞR|stormmore
>>> Sr. DevOps Engineer (USA)
>>> Email: graham.burgess at razer.com
>>> DID: (415) 374 0639 <(415)%20374-0639>
>>> Razer Inc. Stock Code: 1337.HK
>>> IMPORTANT NOTICE: This e-mail may be confidential, legally privileged or
>>> otherwise protected from disclosure. If you are not an intended recipient,
>>> do not copy, distribute or use its contents. Do inform the sender that you
>>> have received the message in error and delete it from your system. E-mails
>>> are not secure and may suffer errors, computer viruses, delay, interception
>>> and amendment. Razer accepts neither risk nor liability for any damage or
>>> loss caused by this e-mail. To the extent permitted by applicable law,
>>> Razer reserves the right to retain, monitor and intercept e-mails to and
>>> from its systems.
>>>
>>> -----Original Message-----
>>> From: keycloak-user-bounces at lists.jboss.org <
>>> keycloak-user-bounces at lists.jboss.org> On Behalf Of Meissa M'baye Sakho
>>> Sent: Tuesday, October 30, 2018 3:56 AM
>>> To: keycloak-user <keycloak-user at lists.jboss.org>
>>> Subject: [keycloak-user] kubernetes discovery protocol for JGroups
>>>
>>> Hello everyone,
>>> Can someone tell me the difference between the dns.DNS_PING and
>>> kubernetes.KUBE_PING protocols that we could use to enable keycloak
>>> clustering?
>>> It seems like both of them could be used in a kubernetes environment but
>>> I can't see a documentation clearly explaining the difference between them.
>>> I would like to knwo which one is relevant in a openshift environnement
>>> which one is in a non openshift environnement.
>>> The official githup repo [1] does not say a lot about that?
>>> [1]=https://github.com/jgroups-extras/jgroups-kubernetes/
>>> Regards,
>>> Meissa
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>