Hey there!
I would like to build a high availability solution for Keycloak and would appreciate feedback on my deployment plan. My original idea was as shown in (A):
There are two VMs, each including a PostGres DB (one standby DB, one primary DB), and each including a KeyCloak instance. Both KeyCloak instances point to a shared virtual IP of the database systems. If one VM fails, the other KeyCloak instance should still run without any issue. Now, this means that if I connect a client (as a SAP system) to Keycloak, it always needs to be connected to two different KeyCloak instances.
I wondered if it was possible that the two KeyCloak instances also shared a virtual IP, and if it was possible to connect a client to this virtual IP, as sketched below in (B):
The client then should only see a single IP, which works even if one VM is shut down.
Did anyone ever try this out? Do you have any suggestions for improvement? Are there any best practices for such a scenario?
Thanks!