Keycloak
66 строк · 2.8 Кб
1<#import "/templates/guide.adoc" as tmpl>
2<#import "/templates/links.adoc" as links>
3
4<@tmpl.guide
5title="Building blocks active-passive deployments"
6summary="Overview of building blocks, alternatives and not considered options" >
7
8The following building blocks are needed to set up an active-passive deployment with synchronous replication.
9
10The building blocks link to a blueprint with an example configuration.
11They are listed in the order in which they need to be installed.
12
13include::partials/blueprint-disclaimer.adoc[]
14
15== Prerequisites
16
17* Understanding the concepts laid out in the <@links.ha id="concepts-active-passive-sync"/> {section}.
18
19== Two sites with low-latency connection
20
21Ensures that synchronous replication is available for both the database and the external {jdgserver_name}.
22
23*Suggested setup:* Two AWS Availablity Zones within the same AWS Region.
24
25*Not considered:* Two regions on the same or different continents, as it would increase the latency and the likelihood of network failures.
26Synchronous replication of databases as a services with Aurora Regional Deployments on AWS is only available within the same region.
27
28== Environment for {project_name} and {jdgserver_name}
29
30Ensures that the instances are deployed and restarted as needed.
31
32*Suggested setup:* Red Hat OpenShift Service on AWS (ROSA) deployed in each availability zone.
33
34*Not considered:* A stretched ROSA cluster which spans multiple availability zones, as this could be a single point of failure if misconfigured.
35
36== Database
37
38A synchronously replicated database across two sites.
39
40*Blueprint:* <@links.ha id="deploy-aurora-multi-az"/>.
41
42== {jdgserver_name}
43
44An {jdgserver_name} deployment which leverages the {jdgserver_name}'s Cross-DC functionality.
45
46*Blueprint:* <@links.ha id="deploy-infinispan-kubernetes-crossdc" /> using the {jdgserver_name} Operator, and connect the two sites using {jdgserver_name}'s Gossip Router.
47
48*Not considered:* Direct interconnections between the Kubernetes clusters on the network layer.
49It might be considered in the future.
50
51== {project_name}
52
53A clustered deployment of {project_name} in each site, connected to an external {jdgserver_name}.
54
55*Blueprint:* <@links.ha id="deploy-keycloak-kubernetes" /> together with <@links.ha id="connect-keycloak-to-external-infinispan"/> and the Aurora database.
56
57</@tmpl.guide>
58
59== Load balancer
60
61A load balancer which checks the `/lb-check` URL of the {project_name} deployment in each site.
62
63*Blueprint:* <@links.ha id="deploy-aws-route53-loadbalancer"/>.
64
65*Not considered:* AWS Global Accelerator as it supports only weighted traffic routing and not active-passive failover.
66To support active-passive failover, additional logic using, for example, AWS CloudWatch and AWS Lambda would be necessary to simulate the active-passive handling by adjusting the weights when the probes fail.
67
68