I just want to know if external infinispan is required for setting up Keycloak HA?
No, but you may need to configure the distributed cached Keycloak comes configured with.
Out of the box in the default configuration, with no intervention needed, N instances of Keycloak running on (virtual or physical) machines on the same subnet will automagically find each other via multicast UDP and form a cluster.
In a container environment, you’ll need to help Keycloak find the other instances. Take a look at Configuring distributed caches - Keycloak.
This documentation is somewhat sparse, but the idea is that you configure a discovery mechanism and (probably want to) leave the rest to jgroups (the underlying cluster engine used by keycloak).
For kubernetes, use
KC_STACK=kubernetes, create a headless service and set a property used by jgroups (
-Djgroups.dns.query=<headless-service-FQDN>) using environment variable
So, if your namespace is
my_namespace, your headless service is called
keycloak-headless, you have:
.my_namespace.svc.cluster.local part is optional, but included for the sake of completeness.
Please note that CLUSTERED MODE DEPENDS ON AN EXTERNAL DATABASE. Although Keycloak runs by default with an ephemeral in-memory database, to correctly run as a cluster, you’ll need an external database. It should be pretty simple. Just create a database, set the credentials and keycloak will create and populate the schema.
I have used same config as you have mentioned along with External DB.
I will tryout distributed caching setup.
I followed the same instruction mentioned by @weltonrodrigo and I was facing error on startup. However, I changed the Keycloak from k8s Deployment to k8s StateFulSet and issue was resolved.