Multi-site deployments

Connect multiple Keycloak deployments in different sites to increase the overall availability

Keycloak supports deployments that consist of multiple Keycloak instances that connect to each other using its Infinispan caches; load balancers can distribute the load evenly across those instances. Those setups are intended for a transparent network on a single site.

The Keycloak high-availability guide goes one step further to describe setups across multiple sites. While this setup adds additional complexity, that extra amount of high availability may be needed for some environments.

The different guides introduce the necessary concepts and building blocks. For each building block, a blueprint shows how to set a fully functional example. Additional performance tuning and security hardening are still recommended when preparing a production setup.

Concept and building block overview

Concepts for active-passive deployments
Building blocks active-passive deployments
Concepts for database connection pools
Concepts for configuring thread pools
Concepts for sizing CPU and memory resources
Concepts to automate Infinispan CLI commands

Blueprints for building blocks

Deploy AWS Aurora in multiple availability zones
Deploy Keycloak for HA with the Keycloak Operator
Deploy Infinispan for HA with the Infinispan Operator
Connect Keycloak with an external Infinispan
Deploy an AWS Route 53 loadbalancer

Operational procedures

Fail over to the secondary site
Switch over to the secondary site
Recover from an out-of-sync passive site
Switch back to the primary site

On this page

Edit this guide