ahus1
commented
10 months ago This will not be implemented in the Keycloak benchmark project. It will only be supported once the Keycloak operator supports it.
Closed ahus1 closed 10 months ago
ahus1
commented
10 months ago This will not be implemented in the Keycloak benchmark project. It will only be supported once the Keycloak operator supports it.
Description
In the KC22 vs RHSSO 7.6 setup, we found that there is a better performance when using reencrypt for routes.
To make this work, Keycloak needs to have a TLS secret that is trusted by the ingress of OpenShift.
This issue is about driving this forward. Some change in the Operator might be necessary to get this implemented. An annotation like
service.alpha.openshift.io/serving-cert-secret-name: keycloak-auto-tls-secrethelps with that.For the ingress, the following annotation helps with that:
route.openshift.io/termination: reencryptThere's the observation that the TLS connections between the route pod and the Keycloak pod could be a bit more persistent, and it would be good to look into that further once the first step of the setup is available.
Motivation
Provide an optimized setup for maximum performance