[keycloak-user] Keycloak Docker Domain Cluster

Frank Herrmann frank.herrmann at modernizingmedicine.com
Fri May 24 10:35:14 EDT 2019


The Keycloak documentation seems to imply that domain mode is preferable to
standalone-ha in clustered environments.

>From the server installation docs:
"Running a cluster in standard mode can quickly become aggravating as the
cluster grows in size. Every time you need to make a configuration change,
you have perform it on each node in the cluster. Domain mode solves this
problem by providing a central place to store and publish configuration. It
can be quite complex to set up, but it is worth it in the end."

We have domain working without issue. We are just looking into moving out
deployment of Keycloak servers to docker. I'm working now on extending the
official Docker image to customize it for our environment and configuration.

Thanks again,

-Frank

On Thu, May 23, 2019 at 11:35 PM Stian Thorgersen <sthorger at redhat.com>
wrote:

> Domain mode doesn't really make all that much sense with things like
> Kubernetes and OpenShift as the platform adds the mechanisms itself so
> there's no need for domain mode.
>
> On Thu, 23 May 2019, 15:56 Frank Herrmann, <
> frank.herrmann at modernizingmedicine.com> wrote:
>
>> Thanks. That's what I figured. I always figured in a multi-server
>> production environment, the domain model is better than standalone-ha.
>> Since we have a lot of customization to Keycloak, with our themes and
>> custom authenticators, I'll use the official Keycloak docker project as a
>> guide and create one myself for our purposes. The domain configuration is
>> a
>> bit more complicated than standalone, so I can understand why it was left
>> out.
>>
>> Thanks again,
>>
>> -Frank
>>
>> On Thu, May 23, 2019 at 2:52 AM Sebastian Laskawiec <slaskawi at redhat.com>
>> wrote:
>>
>> > That is correct. The standalone (with or without HA) configuration is by
>> > far the most popular.
>> >
>> > However, all the configuration files and scripts are there. I guess
>> you'd
>> > need to modify the bootstrap script to bootstrap domain (or host)
>> > controllers.
>> >
>> > On Wed, May 22, 2019 at 9:22 PM Frank Herrmann <
>> > frank.herrmann at modernizingmedicine.com> wrote:
>> >
>> >> Hello,
>> >>
>> >> As part of our upgrade to 6.0.1 we are looking to use the Keycloak
>> docker
>> >> images. Our currently installation (3.4.3) uses a domain cluster. While
>> >> reviewing the Keycloak docker image, it appears that it only supports
>> >> standalone or standalone-ha (for clustering). Am I missing something,
>> or
>> >> will I need to customize the Keycloak docker image for domain
>> clustering?
>> >> Or was it specifically left out of the official docker image for a good
>> >> reason?
>> >>
>> >> Thanks,
>> >> -Frank
>> >>
>> >> --
>> >> FRANK HERRMANN
>> >> ASSOCIATE SOFTWARE ARCHITECT
>> >>
>> >> T: 561-880-2998 x1563
>> >>
>> >> E: frank.herrmann at modmed.com
>> >>
>> >>
>> >>
>> >> [image: [ Modernizing Medicine ]] <http://www.modmed.com/>
>> >> [image: [ Facebook ]] <http://www.facebook.com/modernizingmedicine>
>> >> [image:
>> >> [ LinkedIn ]] <http://www.linkedin.com/company/modernizing-medicine/>
>> >> [image:
>> >> [ YouTube ]] <http://www.youtube.com/user/modernizingmedicine>
>> [image: [
>> >> Twitter ]] <https://twitter.com/modmed> [image: [ Blog ]]
>> >> <http://www.modmed.com/BlogBeyondEMR> [image: [ Instagram ]]
>> >> <http://instagram.com/modernizing_medicine>
>> >>
>> >> [image: [ MOMENTUM 2019 ]] <https://momentum.modmed.com/>
>> >>
>> >> --
>> >> *CONFIDENTIALITY NOTICE:* This e-mail message may contain material
>> >> protected by the Health Insurance Portability and Accountability Act of
>> >> 1996 and its implementing regulations and other state and federal laws
>> >> and
>> >> legal privileges. This message is only for the personal and
>> confidential
>> >> use of the individuals or organization to whom the message is
>> addressed.
>> >> If
>> >> you are an unintended recipient, you have received this message in
>> error,
>> >> and any reading, distributing, copying or disclosure is unauthorized
>> and
>> >> strictly prohibited.  All recipients are hereby notified that any
>> >> unauthorized receipt does not waive any confidentiality obligations or
>> >> privileges. If you have received this message in error, please notify
>> the
>> >> sender immediately at the above email address and confirm that you have
>> >> deleted or destroyed the message.
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> >
>>
>> --
>> FRANK HERRMANN
>> ASSOCIATE SOFTWARE ARCHITECT
>>
>> T: 561-880-2998 x1563
>>
>> E: frank.herrmann at modmed.com
>>
>>
>>
>> [image: [ Modernizing Medicine ]] <http://www.modmed.com/>
>> [image: [ Facebook ]] <http://www.facebook.com/modernizingmedicine>
>> [image:
>> [ LinkedIn ]] <http://www.linkedin.com/company/modernizing-medicine/>
>> [image:
>> [ YouTube ]] <http://www.youtube.com/user/modernizingmedicine> [image: [
>> Twitter ]] <https://twitter.com/modmed> [image: [ Blog ]]
>> <http://www.modmed.com/BlogBeyondEMR> [image: [ Instagram ]]
>> <http://instagram.com/modernizing_medicine>
>>
>> [image: [ MOMENTUM 2019 ]] <https://momentum.modmed.com/>
>>
>> --
>> *CONFIDENTIALITY NOTICE:* This e-mail message may contain material
>> protected by the Health Insurance Portability and Accountability Act of
>> 1996 and its implementing regulations and other state and federal laws
>> and
>> legal privileges. This message is only for the personal and confidential
>> use of the individuals or organization to whom the message is addressed.
>> If
>> you are an unintended recipient, you have received this message in error,
>> and any reading, distributing, copying or disclosure is unauthorized and
>> strictly prohibited.  All recipients are hereby notified that any
>> unauthorized receipt does not waive any confidentiality obligations or
>> privileges. If you have received this message in error, please notify the
>> sender immediately at the above email address and confirm that you have
>> deleted or destroyed the message.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

-- 
FRANK HERRMANN
ASSOCIATE SOFTWARE ARCHITECT

T: 561-880-2998 x1563

E: frank.herrmann at modmed.com



[image: [ Modernizing Medicine ]] <http://www.modmed.com/>
[image: [ Facebook ]] <http://www.facebook.com/modernizingmedicine> [image:
[ LinkedIn ]] <http://www.linkedin.com/company/modernizing-medicine/> [image:
[ YouTube ]] <http://www.youtube.com/user/modernizingmedicine> [image: [
Twitter ]] <https://twitter.com/modmed> [image: [ Blog ]]
<http://www.modmed.com/BlogBeyondEMR> [image: [ Instagram ]]
<http://instagram.com/modernizing_medicine>

[image: [ MOMENTUM 2019 ]] <https://momentum.modmed.com/>

-- 
*CONFIDENTIALITY NOTICE:* This e-mail message may contain material 
protected by the Health Insurance Portability and Accountability Act of 
1996 and its implementing regulations and other state and federal laws and 
legal privileges. This message is only for the personal and confidential 
use of the individuals or organization to whom the message is addressed. If 
you are an unintended recipient, you have received this message in error, 
and any reading, distributing, copying or disclosure is unauthorized and 
strictly prohibited.  All recipients are hereby notified that any 
unauthorized receipt does not waive any confidentiality obligations or 
privileges. If you have received this message in error, please notify the 
sender immediately at the above email address and confirm that you have 
deleted or destroyed the message.


More information about the keycloak-user mailing list