We are running keycloak 10.0.2 in k8s in a standalone-ha setup with an external PG database.
We have about 5 million offline tokens right now and it`s a huge pain to update/restart the keycloak pod.
If a single pod is restarted then we lose about 1/3 of offline sessions. They are still in DB and the only way to restore them is to scale keycloak to 0 replicas and then start it again. It takes about an hour to cold start it, but it rereads all offline tokens back to the cache.
We tried to add an external infinispan but looks like it doesn’t replace internal one, but extends it.
So on our demo setup, we have an infinispan cluster of 6 nodes, 3 of which are inside of keycloak pods.
This setup still has the same problems.
Any advice?
Is it possible to use only an external infinispan and don’t use one inside the keycloak containers?