Hello! we are running a 3 nodes cluster of keycloak 22.05 (we are not moving to the latest version of keycloak as we plan to move to RHBK soon).
Tonight we have been victim of two ddos where we got in a interval of 10 minutes around 250k request (mainly reset password requests).
What happened puzzle me: during the first of two of the three nodes died without raising any exception letting a single node to serve.
The single node that was hit by the second attack and it absorbed it without any issue at all.
It looks that a single node works better than a three cluster node!
My hypothesis is that the session sharing mechanism add an overhead on the nodes cluster causing them to use too much memory and then die.