Deployed keycloak to k8s using bitnami’s helm packaged version.
Helm chart version: 14.2.0
Keycloak version: 21.0.2
Also we are using PostgreSQL db for the keycloak data storage and infinispan distributed cache is enabled as a cache backend (type: ispn, stack: kubernetes).
The main problem is - both keycloak admin web gui and API stop working once the connection to the database is intentionally destroyed (simulating db outage by shutting down the db server). Please note, that the cache was filled-in with the data (by browsing the keycloak web admin for some time OR making the indentical periodic requests to the API) before simulating the outage, so theoretically it shouldn’t make any new requests to the db at all.
Should it work that way? Or was the cache supposed to only replace some keycloak db queries (but not all of them) therefore the connection to db is always needed? Is it possible to configure the infinispan to cache almost every db request (in case it is not) to make both webgui and API still working in case of temporal db outages?
The infinispan distributed cache is enabled, here is config:
<?xml version="1.0" encoding="UTF-8"?>
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:11.0 http://www.infinispan.org/schemas/infinispan-config-11.0.xsd"
xmlns="urn:infinispan:config:11.0">
<cache-container name="keycloak">
<transport lock-timeout="60000"/>
<local-cache name="realms">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<local-cache name="users">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<distributed-cache name="sessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="authenticationSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="offlineSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="clientSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="offlineClientSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="loginFailures" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<local-cache name="authorization">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<replicated-cache name="work">
<expiration lifespan="-1"/>
</replicated-cache>
<local-cache name="keys">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="3600000"/>
<memory max-count="1000"/>
</local-cache>
<distributed-cache name="actionTokens" owners="2">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="-1" lifespan="-1" interval="300000"/>
<memory max-count="-1"/>
</distributed-cache>
</cache-container>
</infinispan>
keycloak config:
db = postgres
db-username = bn_keycloak
db-password = <obfuscated>
db-url = jdbc:postgresql://keycloak-postgresql:5432/bitnami_keycloak?currentSchema=public
metrics-enabled = false
proxy = edge
http-enabled = true
http-relative-path = /
http-port = 8080
https-port = 8443
hostname-strict = false
cache-stack = kubernetes
cache = ispn
log-level = info
log-console-output = default