Zero downtime upgrade


What would be your recommended approach for a zero downtime Keycloak upgrade in the following scenarios :

Scenario 1: standalone clustered

In this setup several Keycloak servers are connected to a single database. When one server is upgraded the user sessions are still available on the other nodes. But what about database schema updates ? Isn’t there a risk for a database lock on a particularly big setup with millions of users or if a massive re-indexing is required ?

Scenario 2: cross data-center replication
In this setup several Keycloak standalone clusters are connected thanks to Infinispan on one side and database clustering (such MariaDB + Galera) on the other side. If I upgrade one cluster, how are schema and data model updates handled ? Isn’t there a risk for conflict until all data center are upgraded ?

Thank you very much in advance for your feedback here.

I bumped into the same hurdle recently.

As far as I know, there isn’t any way to upgrade Keycloak without downtime risk.

There are some discussions here as well

1 Like