mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-06 14:59:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add documentation for lb-check

Browse Source 
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>

(cherry picked from commit cafc238ff2)
This commit is contained in:
Michal Hajas
2023-11-30 13:47:06 +01:00
committed by Alexander Schwartz
parent 1d50fcd162
commit 8ffb91a34a
10 changed files with 58 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/guides/high-availability/bblocks-active-passive-sync.adoc
View File

@@ -57,9 +57,9 @@ A clustered deployment of {project_name} in each site, connected to an external
</@tmpl.guide>
== Loadbalancer
== Load balancer
A loadbalancer which checks the `/health/live` URl of the {project_name} deployment in each site.
A load balancer which checks the `/lb-check` URl of the {project_name} deployment in each site.
*Blueprint:* <@links.ha id="deploy-aws-route53-loadbalancer"/>.

6
docs/guides/high-availability/connect-keycloak-to-external-infinispan.adoc
View File

@@ -69,11 +69,11 @@ include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn]
<1> Custom cache configuration XML file definition, which includes configuration for remote or embedded {jdgserver_name} store.
<2> The hostname and port of the remote cache {jdgserver_name} cluster.
<3> The credentials required, username and password, to access the remote cache {jdgserver_name} cluster.
<4> `jboss.site.name` is an arbitrary {jdgserver_name} site name which {project_name} needs for its embedded {jdgserver_name} deployment when a remote store is used.
This site name is related only to the embedded {jdgserver_name} and does not need to match any value from the external {jdgserver_name} deployment.
<5> Mounting the cache configuration Volume in Kubernetes.
<4> Mounting the cache configuration Volume in Kubernetes.
However, matching the `jboss.site.name` with the external {jdgserver_name} deployment site name helps debugging possible future issues.
If you are using multiple sites for {project_name} in a cross-DC setup such as <@links.ha id="deploy-infinispan-kubernetes-crossdc" />, the site name must be different in each site.
<5> `jboss.site.name` is an arbitrary {jdgserver_name} site name which {project_name} needs for its embedded {jdgserver_name} deployment when a remote store is used.
This site name is related only to the embedded {jdgserver_name} and does not need to match any value from the external {jdgserver_name} deployment.
<6> Defining the cache configuration Volume using the already created ConfigMap in Kubernetes.
</@tmpl.guide>

3
docs/guides/high-availability/deploy-aws-route53-loadbalancer.adoc
View File

@@ -90,6 +90,7 @@ aws elb describe-load-balancers \
}
]
----
<1> Utilise the Hosted Zone ID retrieved in the previous step
+
. Create Route53 health checks
+
@@ -108,7 +109,7 @@ function createHealthCheck() {
--health-check-config '
{
"Type": "HTTPS",
"ResourcePath": "/health/live",
"ResourcePath": "/lb-check",
"FullyQualifiedDomainName": "'$1'",
"Port": 443,
"RequestInterval": 30,

1
docs/guides/high-availability/deploy-infinispan-kubernetes-crossdc.adoc
View File

@@ -183,7 +183,6 @@ For `{site-b}`, the Cache CR is similar except in point 2.
include::examples/generated/ispn-site-b.yaml[tag=infinispan-cache-sessions]
----
[#verifying-the-deployment]
== Verifying the deployment
Confirm that the {jdgserver_name} cluster is formed, and the cross-site connection is established between the {ocp} clusters.

7
docs/guides/high-availability/deploy-keycloak-kubernetes.adoc
View File

@@ -33,14 +33,15 @@ include::examples/generated/keycloak.yaml[tag=keycloak]
Adjust this number to meet the needs of your system.
As most requests will not touch the database due to the {project_name} embedded cache, this change can server several hundreds of requests per second.
See the <@links.ha id="concepts-database-connections" /> {section} for details.
<2> To be able to analyze the system under load, enable the metrics endpoint.
<2> Enable additional features for multi-site support like the loadbalancer probe `/lb-check`.
<3> To be able to analyze the system under load, enable the metrics endpoint.
The disadvantage of the setting is that the metrics will be available at the external {project_name} endpoint, so you must add a filter so that the endpoint is not available from the outside.
Use a reverse proxy in front of {project_name} to filter out those URLs.
<3> The default setting for the internal JGroup thread pools is 200 threads maximum.
<4> The default setting for the internal JGroup thread pools is 200 threads maximum.
The number of all {project_name} threads in the StatefulSet should not exceed the number of JGroup threads to avoid a JGroup thread pool exhaustion which could stall {project_name} request processing.
You might consider limiting the number of {project_name} threads further because multiple concurrent threads will lead to throttling by Kubernetes once the requested CPU limit is reached.
See the <@links.ha id="concepts-threads" /> {section} for details.
<4> The JVM options set additional parameters:
<5> The JVM options set additional parameters:
* `jgroups.thread_dumps_threshold` ensures that a log message "`thread pool is full`" appears once the JGroup thread pool is full for the first time.
See the <@links.ha id="concepts-threads" /> {section} for details.
* Adjust the memory settings for the heap.

11
docs/guides/high-availability/examples/generated/ispn-single.yaml
View File

@@ -25,6 +25,17 @@ data:
namesAsTags: true
gauges: true
histograms: false
server:
endpoints:
- securityRealm: default
socketBinding: default
connectors:
rest:
restConnector:
authentication:
mechanisms: BASIC
hotrod:
hotrodConnector: null
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-actionTokens[]

11
docs/guides/high-availability/examples/generated/ispn-site-a.yaml
View File

@@ -25,6 +25,17 @@ data:
namesAsTags: true
gauges: true
histograms: false
server:
endpoints:
- securityRealm: default
socketBinding: default
connectors:
rest:
restConnector:
authentication:
mechanisms: BASIC
hotrod:
hotrodConnector: null
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-status[]

11
docs/guides/high-availability/examples/generated/ispn-site-b.yaml
View File

@@ -25,6 +25,17 @@ data:
namesAsTags: true
gauges: true
histograms: false
server:
endpoints:
- securityRealm: default
socketBinding: default
connectors:
rest:
restConnector:
authentication:
mechanisms: BASIC
hotrod:
hotrodConnector: null
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-status[]

24
docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
View File

@@ -129,7 +129,6 @@ data:
</security>
</remote-store>
</persistence>
<state-transfer enabled="false"/> <!--5-->
</distributed-cache>
<!--end::keycloak-ispn-remotestore[] -->
<distributed-cache name="authenticationSessions" owners="2" statistics="true">
@@ -158,7 +157,6 @@ data:
</security>
</remote-store>
</persistence>
<state-transfer enabled="false"/>
</distributed-cache>
<distributed-cache name="offlineSessions" owners="2" statistics="true">
<expiration lifespan="-1"/>
@@ -186,7 +184,6 @@ data:
</security>
</remote-store>
</persistence>
<state-transfer enabled="false"/>
</distributed-cache>
<distributed-cache name="clientSessions" owners="2" statistics="true">
<expiration lifespan="-1"/>
@@ -213,7 +210,6 @@ data:
</security>
</remote-store>
</persistence>
<state-transfer enabled="false"/>
</distributed-cache>
<distributed-cache name="offlineClientSessions" owners="2" statistics="true">
<expiration lifespan="-1"/>
@@ -240,7 +236,6 @@ data:
</security>
</remote-store>
</persistence>
<state-transfer enabled="false"/>
</distributed-cache>
<distributed-cache name="loginFailures" owners="2" statistics="true">
<expiration lifespan="-1"/>
@@ -267,7 +262,6 @@ data:
</security>
</remote-store>
</persistence>
<state-transfer enabled="false"/>
</distributed-cache>
<local-cache name="authorization" simple-cache="true" statistics="true">
<encoding>
@@ -342,7 +336,6 @@ data:
</security>
</remote-store>
</persistence>
<state-transfer enabled="false"/>
</distributed-cache>
</cache-container>
</infinispan>
@@ -713,10 +706,6 @@ spec:
path: /
pathType: ImplementationSpecific
---
# Source: keycloak/templates/cockroach-operator/cockroach-operator.yaml
# sourced from https://raw.githubusercontent.com/cockroachdb/cockroach-operator/master/install/operator.yaml
---
# Source: keycloak/templates/keycloak.yaml
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/keycloak-deployment.adoc` for the details.
# tag::keycloak[]
@@ -744,6 +733,9 @@ spec:
passwordSecret:
name: keycloak-db-secret
key: password
features:
enabled:
- multi-site # <2>
# tag::keycloak-ispn[]
additionalOptions:
- name: cache-config-file # <1>
@@ -752,7 +744,7 @@ spec:
# end::keycloak-ispn[]
value: json
- name: metrics-enabled # <2>
- name: metrics-enabled # <3>
value: 'true'
# tag::keycloak-ispn[]
- name: remote-store-host # <2>
@@ -778,7 +770,7 @@ spec:
# end::keycloak-ispn[]
metadata:
annotations:
checksum/config: c6c58fd5275c8f2be97e8dd2a535901ad5f3a6ad281890361c84e3f4b36c95f8-4832924b47210161956e3b1718daf07ff52d801545186a76c391485eaf1897d3--302cb302c7823761a9780d87abdb954ae8b71460dbf49779dbda7c66069b7938-v1.27.0
checksum/config: c6c58fd5275c8f2be97e8dd2a535901ad5f3a6ad281890361c84e3f4b36c95f8-4832924b47210161956e3b1718daf07ff52d801545186a76c391485eaf1897d3--56f92cd9012613402e2a7a61aded0f218d077b8c6345b22922ca7bf1a5c64984-v1.27.0
# tag::keycloak[]
# tag::keycloak-ispn[]
spec:
@@ -788,7 +780,7 @@ spec:
containers:
- env:
# end::keycloak-ispn[]
- name: 'QUARKUS_THREAD_POOL_MAX_THREADS' # <3>
- name: 'QUARKUS_THREAD_POOL_MAX_THREADS' # <4>
value: "200"
# end::keycloak[]
# tag::keycloak-queue-size[]
@@ -810,7 +802,7 @@ spec:
optional: false
# tag::keycloak[]
# tag::keycloak-ispn[]
- name: JAVA_OPTS_APPEND # <4>
- name: JAVA_OPTS_APPEND # <5>
value: >
-Djgroups.thread_dumps_threshold=1 -Djboss.site.name=keycloak
@@ -834,7 +826,7 @@ spec:
# - 'true'
# tag::keycloak-ispn[]
volumeMounts:
- name: kcb-infinispan-cache-config # <5>
- name: kcb-infinispan-cache-config # <4>
mountPath: /opt/keycloak/conf/kcb-infinispan-cache-remote-store-config.xml
subPath: kcb-infinispan-cache-remote-store-config.xml
readOnly: true

13
docs/guides/high-availability/examples/generated/keycloak.yaml
View File

@@ -400,10 +400,6 @@ spec:
path: /
pathType: ImplementationSpecific
---
# Source: keycloak/templates/cockroach-operator/cockroach-operator.yaml
# sourced from https://raw.githubusercontent.com/cockroachdb/cockroach-operator/master/install/operator.yaml
---
# Source: keycloak/templates/keycloak.yaml
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/keycloak-deployment.adoc` for the details.
# tag::keycloak[]
@@ -431,11 +427,14 @@ spec:
passwordSecret:
name: keycloak-db-secret
key: password
features:
enabled:
- multi-site # <2>
# tag::keycloak-ispn[]
additionalOptions:
- name: log-console-output
value: json
- name: metrics-enabled # <2>
- name: metrics-enabled # <3>
value: 'true'
http:
tlsSecret: keycloak-tls-secret
@@ -457,7 +456,7 @@ spec:
containers:
- env:
# end::keycloak-ispn[]
- name: 'QUARKUS_THREAD_POOL_MAX_THREADS' # <3>
- name: 'QUARKUS_THREAD_POOL_MAX_THREADS' # <4>
value: "66"
# end::keycloak[]
# tag::keycloak-queue-size[]
@@ -479,7 +478,7 @@ spec:
optional: false
# tag::keycloak[]
# tag::keycloak-ispn[]
- name: JAVA_OPTS_APPEND # <4>
- name: JAVA_OPTS_APPEND # <5>
value: >
-Xms512m -Xmx1524m -Djgroups.thread_dumps_threshold=1