Multi-region environment and database writes

We are considering using Keycloak to provide authorization tokens in a multi-region environment on GCP. Since it will need to be very highly available we will want to have a Keycloak cluster in each region we runs services.

We are trying to decide on a database to use for this configuration. We need database instances in each region. We need the database instances to be consistent. Has anyone already run into this?

We are considering using postgreSQL with a master slave relationship between the database instances. All administrative updates would always be done on the same Keycloak cluster that would update the master postgreSQL instance. The master postgreSQL instance will update the others.

This will work only if Keycloak does not do any non-administrative database writes. Can anyone tell me if this is the case? Can I run keycloak cluster against a read-only database?


We are interested in this type of setup too but using AWS Aurora Global MySQL.

Tried to start Keycloak 6.0.1/7.0.1 on the readonly replica of a working Keycloak db, never pass the db updater even I have set migrationStrategy to manual

Hi there.

Would have been also interested on having a read-only DB endpoint feature for clustering.

Did you found an Solution/Setup that works with a read-only database?