K
Q

Keycloak cluster Production setup on Kubernetes - Google K8S Engine (GKE)

10/16/2018

I am trying to deploy Keycloak onto Kubernetes Engine in HA (cluster) mode. I am doing the deployment with an ingress service with TLS setting to be able to access externally.

The TLS setting was pretty straightforward, so got it done.

I placed the manifest files here https://github.com/vsomasvr/keycloak-gke/tree/master/keycloak

The issue is that the keycloak does not form the cluster, hence keycloak is not functioning, the authentication itself fails. This manifest works well for a single replica (which is not a cluster, so not helpful and not interested in sticky-session related config).

I think this is the crucial problem to be solved for the keycloak production installtion.

Any help is greatly appreciated.

-- Vsoma
google-kubernetes-engine
keycloak
keycloak-services
kubernetes

Similar Questions

vault for kubernetes (vault-operator)
How to disable the annotaion description from the alerts in Prometheus
Do I have to do service to a get shell from localhost?
Why the ambiguous outbound access from GKE private cluster?
cp_ cannot stat: no such file or directory: Error copying files from localhost to k8s pod through Ansible
Granting events view permission in terraform

1 Answer

3/5/2020

There is a blogpost on this here.

The only things I needed to do where the following:

1) Create own Docker image

FROM jboss/keycloak:latest

ADD cli/JDBC_PING.cli /opt/jboss/tools/cli/jgroups/discovery/

The JDBC_PING.cli can be found here

2) Update your deployment with an extra Env

- name: JGROUPS_DISCOVERY_PROTOCOL
  value: "JDBC_PING"

This did the job for me with 2 replicas on GKE.

-- SebastienPattyn
Source: StackOverflow