Did initial experiments on mod_auth_openidc to validate a Keycloak HA setup. Turns out that while docker images from this module behave predictably in kubernetes too, the same is not true for keycloak HA configuration. It must be tested in kubernetes, due to JGroups' heavy dependence on networks and naming.
Because Kubernetes isn't in scope in this repository we'll probably never merge this branch. We could howerer switch to keycloak-ha-mysql if a PR from https://github.com/Reposoft/keycloak-ha-kubernetes gets into an official such image, because mysql is a better fit for keycloak-ha in kubernetes than postgres is.
Did initial experiments on mod_auth_openidc to validate a Keycloak HA setup. Turns out that while docker images from this module behave predictably in kubernetes too, the same is not true for keycloak HA configuration. It must be tested in kubernetes, due to JGroups' heavy dependence on networks and naming.
Because Kubernetes isn't in scope in this repository we'll probably never merge this branch. We could howerer switch to keycloak-ha-mysql if a PR from https://github.com/Reposoft/keycloak-ha-kubernetes gets into an official such image, because mysql is a better fit for keycloak-ha in kubernetes than postgres is.
HA docs
https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.3/topics/clustering/troubleshooting.html
http://jgroups.org/manual4/index.html#protlist
Possibly something like https://kb.novaordis.com/index.php/WildFly_Clustering_without_Multicast