Can we use two separate Keycloak HA clusters with same DB as there backend?

Getting advice
,
1

Hello,

I want to have Keycloak instances which will support upto 3000 realms. I tried setting up Keycloak HA with external infinispan but it is giving me issues similar to Query related to Keycloak HA with separate Infinispan cache.

For testing I tried installing 2 Keycloak (idp1 and idp2) HA clusters pointing to same Database.

My observations from it :

  1. I have first installed idp1 cluster and created 100 realms in it. Then I have installed idp2 pointing to same database which is used in idp1. All the realms in idp1 are present in idp2.

  2. I have then created one realm (test-realm) in idp2, that is reflected in idp1 after I relogged-in into idp1 admin console. But when I have created realm in idp1, it is not reflected in idp2.

  3. I have created one user (user1) in test-realm in idp1, which is also present in idp2, then I have created user2 in test-realm in idp2, which is also present in idp1.

Can anyone please suggest me if it is okay to use same database for multiple keycloak instances?

Thanks

1 Like
2

Hi,

each Keycloak realm is independent, so, if your requirement don’t ask for totally separated instances (so that, say, you can give full admin powers to a tenant without impacting others), you can have a single keycloak cluster.

That is, you can have N instances with 1 database working as a single software, with a single admin panel.

Unless you have a complex giga deployment, you probably don’t need external infinispan.

So, what you need is to configure a load balancer in front of the keycloak instances and let them use the same database. If they are virtual machines in the same subnet, they also will automagically configure themselves in a infinispan cluster (if not, see Is external infinispan required for Keycloak HA? - #2 by weltonrodrigo)

If you need separate instances, you can use the same SERVER, just different DATABASES in the server.

1 Like
3

Thanks @weltonrodrigo for clearing the things.