[keycloak-user] Keycloak Docker Domain Cluster
Stian Thorgersen
sthorger at redhat.com
Mon May 27 13:02:36 EDT 2019
That's assuming a old school cluster.
On Fri, 24 May 2019, 16:35 Frank Herrmann, <
frank.herrmann at modernizingmedicine.com> wrote:
> The Keycloak documentation seems to imply that domain mode is preferable
> to standalone-ha in clustered environments.
>
> From the server installation docs:
> "Running a cluster in standard mode can quickly become aggravating as the
> cluster grows in size. Every time you need to make a configuration change,
> you have perform it on each node in the cluster. Domain mode solves this
> problem by providing a central place to store and publish configuration. It
> can be quite complex to set up, but it is worth it in the end."
>
> We have domain working without issue. We are just looking into moving out
> deployment of Keycloak servers to docker. I'm working now on extending the
> official Docker image to customize it for our environment and configuration.
>
> Thanks again,
>
> -Frank
>
> On Thu, May 23, 2019 at 11:35 PM Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> Domain mode doesn't really make all that much sense with things like
>> Kubernetes and OpenShift as the platform adds the mechanisms itself so
>> there's no need for domain mode.
>>
>> On Thu, 23 May 2019, 15:56 Frank Herrmann, <
>> frank.herrmann at modernizingmedicine.com> wrote:
>>
>>> Thanks. That's what I figured. I always figured in a multi-server
>>> production environment, the domain model is better than standalone-ha.
>>> Since we have a lot of customization to Keycloak, with our themes and
>>> custom authenticators, I'll use the official Keycloak docker project as a
>>> guide and create one myself for our purposes. The domain configuration
>>> is a
>>> bit more complicated than standalone, so I can understand why it was left
>>> out.
>>>
>>> Thanks again,
>>>
>>> -Frank
>>>
>>> On Thu, May 23, 2019 at 2:52 AM Sebastian Laskawiec <slaskawi at redhat.com
>>> >
>>> wrote:
>>>
>>> > That is correct. The standalone (with or without HA) configuration is
>>> by
>>> > far the most popular.
>>> >
>>> > However, all the configuration files and scripts are there. I guess
>>> you'd
>>> > need to modify the bootstrap script to bootstrap domain (or host)
>>> > controllers.
>>> >
>>> > On Wed, May 22, 2019 at 9:22 PM Frank Herrmann <
>>> > frank.herrmann at modernizingmedicine.com> wrote:
>>> >
>>> >> Hello,
>>> >>
>>> >> As part of our upgrade to 6.0.1 we are looking to use the Keycloak
>>> docker
>>> >> images. Our currently installation (3.4.3) uses a domain cluster.
>>> While
>>> >> reviewing the Keycloak docker image, it appears that it only supports
>>> >> standalone or standalone-ha (for clustering). Am I missing something,
>>> or
>>> >> will I need to customize the Keycloak docker image for domain
>>> clustering?
>>> >> Or was it specifically left out of the official docker image for a
>>> good
>>> >> reason?
>>> >>
>>> >> Thanks,
>>> >> -Frank
>>> >>
>>> >> --
>>> >> FRANK HERRMANN
>>> >> ASSOCIATE SOFTWARE ARCHITECT
>>> >>
>>> >> T: 561-880-2998 x1563
>>> >>
>>> >> E: frank.herrmann at modmed.com
>>> >>
>>> >>
>>> >>
>>> >> [image: [ Modernizing Medicine ]] <http://www.modmed.com/>
>>> >> [image: [ Facebook ]] <http://www.facebook.com/modernizingmedicine>
>>> >> [image:
>>> >> [ LinkedIn ]] <http://www.linkedin.com/company/modernizing-medicine/>
>>> >> [image:
>>> >> [ YouTube ]] <http://www.youtube.com/user/modernizingmedicine>
>>> [image: [
>>> >> Twitter ]] <https://twitter.com/modmed> [image: [ Blog ]]
>>> >> <http://www.modmed.com/BlogBeyondEMR> [image: [ Instagram ]]
>>> >> <http://instagram.com/modernizing_medicine>
>>> >>
>>> >> [image: [ MOMENTUM 2019 ]] <https://momentum.modmed.com/>
>>> >>
>>> >> --
>>> >> *CONFIDENTIALITY NOTICE:* This e-mail message may contain material
>>> >> protected by the Health Insurance Portability and Accountability Act
>>> of
>>> >> 1996 and its implementing regulations and other state and federal laws
>>> >> and
>>> >> legal privileges. This message is only for the personal and
>>> confidential
>>> >> use of the individuals or organization to whom the message is
>>> addressed.
>>> >> If
>>> >> you are an unintended recipient, you have received this message in
>>> error,
>>> >> and any reading, distributing, copying or disclosure is unauthorized
>>> and
>>> >> strictly prohibited. All recipients are hereby notified that any
>>> >> unauthorized receipt does not waive any confidentiality obligations or
>>> >> privileges. If you have received this message in error, please notify
>>> the
>>> >> sender immediately at the above email address and confirm that you
>>> have
>>> >> deleted or destroyed the message.
>>> >> _______________________________________________
>>> >> keycloak-user mailing list
>>> >> keycloak-user at lists.jboss.org
>>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> >
>>> >
>>>
>>> --
>>> FRANK HERRMANN
>>> ASSOCIATE SOFTWARE ARCHITECT
>>>
>>> T: 561-880-2998 x1563
>>>
>>> E: frank.herrmann at modmed.com
>>>
>>>
>>>
>>> [image: [ Modernizing Medicine ]] <http://www.modmed.com/>
>>> [image: [ Facebook ]] <http://www.facebook.com/modernizingmedicine>
>>> [image:
>>> [ LinkedIn ]] <http://www.linkedin.com/company/modernizing-medicine/>
>>> [image:
>>> [ YouTube ]] <http://www.youtube.com/user/modernizingmedicine> [image: [
>>> Twitter ]] <https://twitter.com/modmed> [image: [ Blog ]]
>>> <http://www.modmed.com/BlogBeyondEMR> [image: [ Instagram ]]
>>> <http://instagram.com/modernizing_medicine>
>>>
>>> [image: [ MOMENTUM 2019 ]] <https://momentum.modmed.com/>
>>>
>>> --
>>> *CONFIDENTIALITY NOTICE:* This e-mail message may contain material
>>> protected by the Health Insurance Portability and Accountability Act of
>>> 1996 and its implementing regulations and other state and federal laws
>>> and
>>> legal privileges. This message is only for the personal and confidential
>>> use of the individuals or organization to whom the message is addressed.
>>> If
>>> you are an unintended recipient, you have received this message in
>>> error,
>>> and any reading, distributing, copying or disclosure is unauthorized and
>>> strictly prohibited. All recipients are hereby notified that any
>>> unauthorized receipt does not waive any confidentiality obligations or
>>> privileges. If you have received this message in error, please notify
>>> the
>>> sender immediately at the above email address and confirm that you have
>>> deleted or destroyed the message.
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>
> --
> FRANK HERRMANN
> ASSOCIATE SOFTWARE ARCHITECT
>
> T: 561-880-2998 x1563
>
> E: frank.herrmann at modmed.com
>
>
>
> [image: [ Modernizing Medicine ]] <http://www.modmed.com/>
> [image: [ Facebook ]] <http://www.facebook.com/modernizingmedicine> [image:
> [ LinkedIn ]] <http://www.linkedin.com/company/modernizing-medicine/> [image:
> [ YouTube ]] <http://www.youtube.com/user/modernizingmedicine> [image: [
> Twitter ]] <https://twitter.com/modmed> [image: [ Blog ]]
> <http://www.modmed.com/BlogBeyondEMR> [image: [ Instagram ]]
> <http://instagram.com/modernizing_medicine>
>
> [image: [ MOMENTUM 2019 ]] <https://momentum.modmed.com/>
>
>
> *CONFIDENTIALITY NOTICE:* This e-mail message may contain material
> protected by the Health Insurance Portability and Accountability Act of
> 1996 and its implementing regulations and other state and federal laws and
> legal privileges. This message is only for the personal and confidential
> use of the individuals or organization to whom the message is addressed. If
> you are an unintended recipient, you have received this message in error,
> and any reading, distributing, copying or disclosure is unauthorized and
> strictly prohibited. All recipients are hereby notified that any
> unauthorized receipt does not waive any confidentiality obligations or
> privileges. If you have received this message in error, please notify the
> sender immediately at the above email address and confirm that you have
> deleted or destroyed the message.
More information about the keycloak-user
mailing list