I’m looking to set up Keycloak across multiple regions to accommodate a large global user base and minimize latency. I understand that having a single auth server may not be sufficient for my needs.
Has anyone implemented a multi-region Keycloak setup? If so, could you share insights on how your architecture is structured? Additionally, I’m interested in how the Infinispan cache is managed in this configuration.
I came across the information about multi-site deployment (Multi-site deployments - Keycloak), but it seems to focus on single AWS region setups. Any advice or experiences would be greatly appreciated!
@thebrijpatel Thanks for posting this query.
I have similar requirements but haven’t come across a good design or approach. Let’s hope for valuable suggestions from this forum or group.
Keycloak does not officially support multi-region clusters in an active-active way. The reason is latency. If you want to run something multi-region, you can only run in most reliably in an active-passive way with a failover scenario in case of an error of the active site to tear this down, and put up the passive site to become the active site. As the synchronizations of the Infinispan clusters and the databases are asychronously, there might be loss of some data/sessions.
See also a related discussion here: Keycloak active-active Docker - #5 by dasniko
1 Like