Red Hat SummitChapter 1. High availability overview
Explore the different Red Hat build of Keycloak high-availability architectures.
Red Hat build of Keycloak can be deployed in a number of high-availability architectures, allowing system administrators to pick the deployment type most suitable for their needs. Ease of deployment, cost and fault-tolerance guarantees are important considerations when determining the correct architecture for your deployments.
Any Red Hat build of Keycloak deployment must be installed on a properly configured OpenShift cluster that has been configured per the OpenShift installation instructions. For any Red Hat build of Keycloak installations on OpenShift clusters that span multiple sites (i.e. single cluster or multi-clusters across multiple availability zones) the OpenShift cluster must adhere to the Guidance for Red Hat OpenShift Container Platform Clusters.
Ultimately high availability architectures involve many components in addition to the software running and the responsibility for availability of the service is with the customer. This guide has recommended practices for using the Red Hat build of Keycloak in such high availability architectures.
1.1. Architectures
This document describes two high availability architectures in which to deploy Red Hat build of Keycloak: Single-cluster deployments and multi-cluster deployments.
1.1.1. Single-cluster deployments
Deploy Red Hat build of Keycloak in a single cluster, optionally across multiple availability-zones or data centers with the required network latency and database configuration, using Single-cluster deployments.
- Advantages
- No external dependencies
- Deployment in a single OpenShift cluster
- Tolerate availability-zone failure or data center failure, if deployed to multiple availability zones or data centers
- Disadvantages
OpenShift cluster is a single point of failure:
- Control-plane failures could impact all Red Hat build of Keycloak pods
1.1.2. Multi-cluster deployments
Connect two Red Hat build of Keycloak clusters deployed for example in different OpenShift clusters in two availability zones or data centers with the required network latency and database configuration using Multi-cluster deployments.
- Advantages
- Tolerate availability-zone failure
- Tolerate OpenShift cluster failure
- Bridge two networks that do not offer transparent networking
- Regulatory compliance when distinct deployments are required
- Disadvantages
Complexity:
- External load-balancer required
- Separate Data Grid cluster required on each site
Cost:
- Additional load-balancer required
- Additional compute is required for external Data Grid clusters
- Two OpenShift control-planes must be provisioned
- Not supported with three or more availability zones
1.1.3. Next Steps
To learn more about the different high-availability architectures and their supported configurations, please consult the individual chapters.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}