Keycloak 26 - High Availability (HA) Setup Debian Docker

Hey Community,

I currently struggle to work myself trough the HA documentation of keycloak. The whole guide seems to just cover some AWS instances and very fancy database setups, but not just a simple setup with two hosts / virtual machines / servers on a local site.

I’ve read that keycloak 26 improves the HA features a lot so the sessions are stored completely in the postgresql database - but that doesn’t help much with the setup itself.

I tought I could just setup 2 virtual machines, each with keycloak + postgres db + nginx reverse proxy using docker for easy maintenance - say they both would be available by kc1.domainDOTcom and kc2.domainDOTcom. Then configure DNS in a way that kc.domainDOTcom would balance the load between the 2 hosts (or always tries the first one, if that fails the second one). The setup of the machines and keycloak or the DNS entrys itself are not the issue.

But how to archive that the 2 keycloak hosts interact with each other and sync the database?
Would this work at all?

I want to archive that if one host is down due to any reason authentication is still possible.

Any help you be much appreciated.
Best, seal61

That is not how to do keycloak HA setups.

You need both a HA database and a HA keycloak instance.

Database: e.g. a HA postgres setup
For keycloak you also need to set up the infinispan cache for HA operation., in your case probably with JDBC ping as discovery protocol.

And probably the DNS round robin “loadbalacing” is also not ideal. Considering all these complexities, it may be easier to set up a small k8s cluster ( e.g. with k3s or minikube) and install everything there.

thanks for the hints, we might consider this at some time - but for now this still seems to be too complicated and overengineered for our first steps getting started with keycloak.

guess we’ll stick with just one virtual machine and keep it HA via hypervisor until the environment gets bigger.

thanks again!