Keycloak 17 Container with DNS Ping Clustering

Hi,

Does anyone have documentation on how to configure clustering for Keycloak 17 running in Docker container? I am specifically interested in using DNS ping. Previously in version 15 I was doing this:

docker run -d -p 8080:8080 \
    -e JGROUPS_DISCOVERY_PROTOCOL=dns.DNS_PING \
    -e JGROUPS_DISCOVERY_PROPERTIES=dns_query=keycloak-ha.not-a-real-domain.net \
    -e CACHE_OWNERS_COUNT=1 \
    jboss/keycloak

Thanks in advance.

JGroups discovery protocol was one of the things that changed quite a bit in the new distribution. See the new guide here: Keycloak - Server - Configuring distributed caches

If you end up needing to write your own Infinispan config file, there a discussion here about it. Even though JDBC_PING is discussed, you can use the same method for any custom configuration: Use of JDBC_PING with Keycloak 17 (Quarkus distro)

If you are trying to create the cluster on Kubernetes, the below properties will help you.

–auto-build
–cache-stack=kubernetes

A headless Kubernetes service should be created pointing to the Keycloak pod set and its DNS name should be set as an environment variable by name ‘jgroups.dns.query’.

For example:
env:

  • name: jgroups.dns.query
    value: headless-keycloak-service.my-namespace.svc.cluster.local
1 Like