Using External Infinispan storage with new store

The deployment of Keycloak can use an external Infinispan instance when deployed with the new map storage.

This is different from the legacy setup where Keycloak used an embedded Infinispan instance.

Enabling Infinispan

Using an external Infinispan instance is available in Keycloak’s new HotRod map storage. It can be enabled via the following settings in the .env file in the provision/kubernetes folder:

KC_DATABASE=infinispan
KC_STORAGE=hotrod

See Customizing the deployment for a list of all configuration options.

After every change, re-run the task command to apply the changes to the minikube instance. Task will trigger the necessary scripts and will use the minimal steps to update the minikube. Running rebuild.sh is not required: It will destroy the complete instance and will take a lot longer to complete.

The deployment adds a new Infinispan pod to the minikube setup and removes all other storage pods that are no longer necessary. Every time the pod is restarted, the database is cleared.

Keycloak connects to the new Infinispan pod inside minikube, and Infinispan’s web console is available via the local browser.

minikube runtime view infinispan.dio

Verifying the setup

The automated script verifies that Keycloak starts up, which requires that Infinispan start up first. A user can test the setup by accessing Infinispan’s console.

Accessing the Infinispan console

Assuming the command minikube ip returned 192.168.39.39, the console is available on http://infinispan.192.168.39.39.nip.io.

minikube’s IP address changes every time the minikube instance is re-created.

The username is admin with the password admin.

Connecting a local application to Infinispan

Infinispan’s port is also available as a node port so that it can be accessed from a local application. Assuming the command minikube ip returned 192.168.39.39, point the local instance to 192.168.39.39:30011.

minikube’s IP address changes every time the minikube instance is re-created.
All ports are specified without the port offset. If you are using the configuration option KC_PORT_OFFSET you need to add the offset to port numbers. For the port offset XX (00-26) and the port number 300YY the resulting port will be 3XXYY.

It can be used, for example, with Infinispan’s command line client.

The username is admin with the password admin.

The infinispan instance running inside the pod advertises its pod IP address to the caller that is not accessible from the outside of minikube.

Due to this, accessing Infinispan from an application running outside minikube most likely fails until the required but yet unknown parameters are passed to either the application or the pod.