Hi all,
I am looking for some high-level guidance for setting up a Keycloak cluster on AWS Fargate (serverless ECS).
I found a number of posts suggesting to use jdbc_ping for discovery, however that seems to require an entire custom cache config file, which I would very much like to avoid.
An alternative would be to use the AWS CloudMap service: if my understanding is correct this implies configuring keycloak to use the “kubernetes” cache stack (https://www.keycloak.org/server/caching)
One concern I have is that in this CDK extension:
https://github.com/rayova/cdk-ecs-keycloak
which unfortunately targets an older (Wildfly) version of Keycloak I find the comment below; this is beyond my expertise…
I am not using bridge-mode, I am using AWSVPC mode.
Does keycloak indeed require “two ports for clustering in either stack mode”?
Did anyone have success using CloudMap and DNS_PING for discovery on Fargate?
_getJGroupsDiscoveryProperties() {
// Note: SRV-based discovery isn't enough to handle bridged-mode networking.
// - Keycloak wants two ports for clustering in either stack mode
// - CloudMap currently supports only one service registry per ecs service
//
// To the reader: Got any suggestions? Open a PR. I'd love to run this on
// EC2 with bridged networking so that keycloak can be run in containers on
// bursting instance types where vpc trunking is not available.
return cdk.Fn.sub('dns_query=${ServiceName}.${ServiceNamespace},dns_record_type=${QueryType}', {
Thanks!
Franck