I wonder if it is possible - something which I’d imagine is a common practice of providing simple HA to many things - to have two(or more) Keycloaks containers each on different host, which Keycloaks do not know and do not want to know about one another, then…
database(in SQL) is replicated and that is the only way & the only thing which is “shared” between such Keycloaks, then…
only one Keycloak would be “exposed” for use at any given time.
would that work? Would such a “cluster” be healthy?
many thanks, L.
It will be “working”. But when you switch “containers”, then users won’t be authenticated, because, you are missing cache - Server Installation and Configuration Guide - that cache keeps also a state, so it must be “shared”.
I would say stick with known design - e.g. Keycloak - Search (datacenter is “container” in your use case), instead of doing custom legacy setup.
Your approach can be applicable for simple (stateless) apps, but it’s more complicated in the Keycloak case (as you see also cache is envolved to preserve state).