The following building blocks are needed to set up an active-passive deployment with synchronous replication.
The building blocks link to a blueprint with an example configuration. They are listed in the order in which they need to be installed.
We provide these blueprints to show a minimal functionally complete example with a good baseline performance for regular installations. You would still need to adapt it to your environment and your organization’s standards and security best practices. |
Understanding the concepts laid out in the Concepts for active-passive deployments guide.
Ensures that synchronous replication is available for both the database and the external Infinispan.
Suggested setup: Two AWS Availablity Zones within the same AWS Region.
Not considered: Two regions on the same or different continents, as it would increase the latency and the likelihood of network failures. Synchronous replication of databases as a services with Aurora Regional Deployments on AWS is only available within the same region.
Ensures that the instances are deployed and restarted as needed.
Suggested setup: Red Hat OpenShift Service on AWS (ROSA) deployed in each availability zone.
Not considered: A stretched ROSA cluster which spans multiple availability zones, as this could be a single point of failure if misconfigured.
A synchronously replicated database across two sites.
Blueprint: Deploy AWS Aurora in multiple availability zones.
A deployment of Infinispan that leverages the Infinispan’s Cross-DC functionality.
Blueprint: Deploy Infinispan for HA with the Infinispan Operator using the Infinispan Operator, and connect the two sites using Infinispan’s Gossip Router.
Not considered: Direct interconnections between the Kubernetes clusters on the network layer. It might be considered in the future.
A clustered deployment of Keycloak in each site, connected to an external Infinispan.
Blueprint: Deploy Keycloak for HA with the Keycloak Operator together with Connect Keycloak with an external Infinispan and the Aurora database.
A load balancer which checks the /lb-check
URL of the Keycloak deployment in each site.
Blueprint: Deploy an AWS Route 53 loadbalancer.
Not considered: AWS Global Accelerator as it supports only weighted traffic routing and not active-passive failover. To support active-passive failover, additional logic using, for example, AWS CloudWatch and AWS Lambda would be necessary to simulate the active-passive handling by adjusting the weights when the probes fail.