Keycloak 19.0.3 quarkus - ha in azure - jgroup configuration azure_ping

Hi,
Here is configuration that works for me. We are running Keycloak 24.0.1 (Quarkus Engine) in Azure Container Apps, but the same config should work with Azure VMs as well.

  1. We build a custom docker container to add some parameters and plugins needed.
FROM quay.io/keycloak/keycloak:24.0.1 as builder

# Configure a database vendor
ENV KC_DB=mysql

WORKDIR /opt/keycloak
COPY jar/azure-storage-8.6.6.jar /opt/keycloak/providers/azure-storage-8.6.6.jar
COPY jar/jgroups-azure-2.0.2.Final.jar /opt/keycloak/providers/jgroups-azure-2.0.2.Final.jar
RUN /opt/keycloak/bin/kc.sh build --health-enabled=true --metrics-enabled=true --cache=ispn --cache-stack=azure

FROM quay.io/keycloak/keycloak:24.0.1
COPY --from=builder /opt/keycloak/ /opt/keycloak/

ENV KC_HTTP_RELATIVE_PATH=/auth
ENV KC_HEALTH_ENABLED=true

Here in the jar folder, I put 2 plugins:
Link to jars:
https://repo1.maven.org/maven2/org/jgroups/azure/jgroups-azure/2.0.2.Final/jgroups-azure-2.0.2.Final.jar
https://repo1.maven.org/maven2/com/microsoft/azure/azure-storage/8.6.6/azure-storage-8.6.6.jar
2. You need to have Azure Storage account created with a container in it to store ISPN cache and pass this info via JAVA_OPTS_APPEND

JAVA_OPTS_APPEND
-Djboss.jgroups.azure_ping.storage_account_name="${storage_account_name}"
-Djboss.jgroups.azure_ping.storage_access_key="${storage_access_key}" 
-Djboss.jgroups.azure_ping.container="${storage_container}"

Here I passed storage_account_name, storage_access_key and storage_container as parameters.

Hope it will help. I spent couple of days to figure it out :slight_smile:

1 Like