This type of deployment is for when you want to run Keycloak in a cluster across multiple data centers, most typically using data center sites that are in different geographic regions. When using this mode, each data center will have its own cluster of Keycloak servers.
Eache keycloak cluster connects to an infinispan server and this infinispan server is who sends data to the other cluster via a hotrod connection to the others cluster's infinispan.
Keycloak will be deployed using the same configuration that for the high availability mode. With the addition of an init script and two more JAVA_OPTS:
-Dremote.cache.host=infinispan-server-hotrod
-Dkeycloak.connectionsInfinispan.hotrodProtocolVersion=2.8The first one sets the infinispan server address to where each keycloak will connect. The second one sets the protocol version.
Set the -Dremote.cache.host parameter to point to the hot-rod port of your infinispan cluster.
⚠️ The Infinispan cluster shall be up and running prior booting up Keycloak.
Besides KeyCloak, an additional infinispan cluster will be deployed:
- An "infinispan-server"
StatefulSetwith1replica. - An "infinispan-headless"
headless servicefor the StatefulSet. - An "infinispan-http"
Servicethat exposes porttcp/8080to access infinispan itself. - An "infinispan-server-hotrod"
Servicethat exposes porttcp/11222to access infinispan hot rod protocol. - An "infinispan"
ServiceAccountwithlistandgetpermissions on the namespace'spodsresource. This service account is needed in order to use theKUBE_PINGJGroups discovery method.
In the cloud-keycloak.xml configuration file you can find the definition of the keycloaks caches.