Keycloak supports different high-availability architectures, allowing system administrators to pick the deployment type most suitable for their needs. Ease of deployment, cost and fault-tolerance guarantees are important considerations when determining the correct architecture for your deployments.
This document describes two architectures to deploy Keycloak: Single-cluster deployments and multi-cluster deployments.
Deploy Keycloak in a single cluster, optionally across multiple availability-zones in the same region, using Single-cluster deployments.
No external dependencies
Deployment in a single Kubernetes cluster or a set of virtual machines with transparent networking
Tolerate availability-zone failures if deployed to multiple availability zones
Kubernetes cluster is a single point of failure:
Control-plane failures could impact all Keycloak pods
Connect two Keycloak clusters deployed for example in different Kubernetes clusters in two availability zones to increase availability using Multi-cluster deployments.
Tolerate availability-zone failure
Tolerate Kubernetes cluster failure
Bridge two networks that do not offer transparent networking
Regulatory compliance when distinct deployments are required
Complexity:
External load-balancer required
Separate Infinispan cluster required on each site
Cost:
Additional load-balancer required
Additional compute is required for external Infinispan clusters
Two Kubernetes control-planes must be provisioned
Not supported with three or more availability zones