libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/docs/guides/high-availability/bblocks-multi-site.adoc
Michal Hajas 709165a90a
High availability guide updates (#32093) 
* Remove connecting Infinispan to Keycloak building block
* Rephrase two sites restriction limitation
* Update the KCB generated yaml files for HA guide
* Remove setting number of owners to 1 for session caches as it is no longer necessary
* Add multi-site feature
* Remove histrograms and slos
* Replace stonith with fencing
* Switch for DG in community and product

Closes #31029

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-19 13:29:11 +02:00

63 lines
2.6 KiB
Text
Raw Blame History

<#import "/templates/guide.adoc" as tmpl>
<#import "/templates/links.adoc" as links>
<@tmpl.guide
title="Building blocks multi-site deployments"
summary="Overview of building blocks, alternatives and not considered options" >
The following building blocks are needed to set up a multi-site deployment with synchronous replication.
The building blocks link to a blueprint with an example configuration.
They are listed in the order in which they need to be installed.
include::partials/blueprint-disclaimer.adoc[]
== Prerequisites
* Understanding the concepts laid out in the <@links.ha id="concepts-multi-site"/> {section}.
== Two sites with low-latency connection
Ensures that synchronous replication is available for both the database and the external {jdgserver_name}.
*Suggested setup:* Two AWS Availability Zones within the same AWS Region.
*Not considered:* Two regions on the same or different continents, as it would increase the latency and the likelihood of network failures.
Synchronous replication of databases as a services with Aurora Regional Deployments on AWS is only available within the same region.
== Environment for {project_name} and {jdgserver_name}
Ensures that the instances are deployed and restarted as needed.
*Suggested setup:* Red Hat OpenShift Service on AWS (ROSA) deployed in each availability zone.
*Not considered:* A stretched ROSA cluster which spans multiple availability zones, as this could be a single point of failure if misconfigured.
== Database
A synchronously replicated database across two sites.
*Blueprint:* <@links.ha id="deploy-aurora-multi-az"/>.
== {jdgserver_name}
A deployment of {jdgserver_name} that leverages the {jdgserver_name}'s Cross-DC functionality.
*Blueprint:* <@links.ha id="deploy-infinispan-kubernetes-crossdc" /> using the {jdgserver_name} Operator, and connect the two sites using {jdgserver_name}'s Gossip Router.
*Not considered:* Direct interconnections between the Kubernetes clusters on the network layer.
It might be considered in the future.
== {project_name}
A clustered deployment of {project_name} in each site, connected to an external {jdgserver_name}.
*Blueprint:* <@links.ha id="deploy-keycloak-kubernetes" /> that includes connecting to the Aurora database and the {jdgserver_name} server.
</@tmpl.guide>
== Load balancer
A load balancer which checks the `/lb-check` URL of the {project_name} deployment in each site, plus an automation to detect {jdgserver_name} connectivity problems between the two sites.
*Blueprint:* <@links.ha id="deploy-aws-accelerator-loadbalancer"/> together with <@links.ha id="deploy-aws-accelerator-fencing-lambda"/>.
Reference in a new issue View git blame Copy permalink