keycloak/docs/guides/high-availability/single-cluster/deploy-keycloak.adoc

<#import "/templates/guide.adoc" as tmpl>
<#import "/templates/links.adoc" as links>

<@tmpl.guide
title="Deploying {project_name} across multiple availability-zones with the Operator"
summary="Deploy {project_name} for high availability with the {project_name} Operator as a building block."
tileVisible="false" >

This {section} describes advanced {project_name} configurations for {kubernetes} which are load tested and will recover availability-zone
failures.

These instructions are intended for use with the setup described in the <@links.ha id="single-cluster-concepts"/> {section}.
Use it together with the other building blocks outlined in the <@links.ha id="single-cluster-building-blocks"/> {section}.

[#single-cluster-deploy-keycloak-prerequisites]
== Prerequisites

* {kubernetes} cluster deployed across multiple availability-zones with a worker-pool configured for each.
* Understanding of a <@links.operator id="basic-deployment" /> of {project_name} with the {project_name} Operator.
* AWS Aurora database deployed using the <@links.ha id="single-cluster-deploy-aurora" /> {section}.

[#single-cluster-deploy-keycloak-procedure]
== Procedure

. Determine the sizing of the deployment using the <@links.ha id="single-cluster-concepts-memory-and-cpu-sizing" /> {section}.

. Install the {project_name} Operator as described in the <@links.operator id="installation" /> {section}.

. Notice the configuration file below contains options relevant for connecting to the Aurora database from <@links.ha id="single-cluster-deploy-aurora" anchor="single-cluster-aurora-connecting" />

. Build a custom {project_name} image which is link:{links_server_db_url}#preparing-keycloak-for-amazon-aurora-postgresql[prepared for usage with the Amazon Aurora PostgreSQL database].

. Deploy the {project_name} CR with the following values with the resource requests and limits calculated in the first step:
+
[source,yaml]
----
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  labels:
    app: keycloak
  name: keycloak
  namespace: keycloak
spec:
  hostname:
    hostname: <KEYCLOAK_URL_HERE>
  resources:
    requests:
      cpu: "2"
      memory: "1250M"
    limits:
      cpu: "6"
      memory: "2250M"
  db:
    vendor: postgres
    url: jdbc:aws-wrapper:postgresql://<AWS_AURORA_URL_HERE>:5432/keycloak
    poolMinSize: 30 # <1>
    poolInitialSize: 30
    poolMaxSize: 30
    usernameSecret:
      name: keycloak-db-secret
      key: username
    passwordSecret:
      name: keycloak-db-secret
      key: password
  image: <KEYCLOAK_IMAGE_HERE> # <2>
  startOptimized: false # <2>
  additionalOptions:
    - name: log-console-output
      value: json
    - name: metrics-enabled # <3>
      value: 'true'
    - name: event-metrics-user-enabled
      value: 'true'
    - name: db-driver
      value: software.amazon.jdbc.Driver
  http:
    tlsSecret: keycloak-tls-secret
  instances: 3
----
<1> The database connection pool initial, max and min size should be identical to allow statement caching for the database.
Adjust this number to meet the needs of your system.
As most requests will not touch the database due to the {project_name} embedded cache, this change can server several hundreds of requests per second.
See the <@links.ha id="single-cluster-concepts-database-connections" /> {section} for details.
<2> Specify the URL to your custom {project_name} image. If your image is optimized, set the `startOptimized` flag to `true`.
<3> To be able to analyze the system under load, enable the metrics endpoint.

<#include "/high-availability/partials/building-blocks/verifying-deployment.adoc" />

<#include "/high-availability/partials/building-blocks/load-shedding.adoc" />

<#include "/high-availability/partials/building-blocks/sticky-sessions.adoc" />

</@tmpl.guide>