Skip to content

feat: Configurable Infinispan Replication, Load shedding, Threads Management and DB credentials via secrets #877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
disbeliefff wants to merge 5 commits into
base: master
Choose a base branch
from
Open

feat: Configurable Infinispan Replication, Load shedding, Threads Management and DB credentials via secrets #877

disbeliefff wants to merge 5 commits into from

Conversation

@disbeliefff
Copy link

@disbeliefff disbeliefff commented Jan 5, 2026

Summary

This PR adds comprehensive enhancements to the KeycloakX Helm chart to advanced Infinispan session replication, complete database credentials management, load shedding, and optimized thread management following Keycloak best practices

Key enhancements:

  • High availability session replication using configurable Infinispan cache owners

  • Database credentials management via Kubernetes Secrets

  • Built-in load shedding support to protect the cluster under high load

  • Explicit thread pool configuration for predictable resource usage

  • Templated JGroups JDBC_PING configuration for reliable node discovery

New Features Added

1. Advanced Infinispan Session Replication

infinispan:

owners:

sessions: 2

authenticationSessions: 2

userSessions: 2

offlineSessions: 2

clientSessions: 2

offlineClientSessions: 2

loginFailures: 2

2. Complete Database Credentials Management

database:

existingSecret: "keycloak-db-credentials"

existingSecretKeys:

username: "username"

password: "password"

hostname: "host"

port: "port"

database: "database"

vendor: "vendor"

3 Load Shedding

loadShedding:

enabled: true

httpMaxQueuedRequests: 1000

4 Thread Management

threads:

http:

poolMaxThreads: ""

jgroups:

maxThreads: ""

5. Enhanced JGroups Configuration

cache:

stack: jdbc-ping

jgroups:

config: |

<config>

<TCP bind_port="7800" />

<JDBC_PING

connection_username="{{ .Values.database.existingSecretKeys.username }}"

connection_password="{{ .Values.database.existingSecretKeys.password }}"

connection_url="jdbc:postgresql://{{ .Values.database.existingSecretKeys.hostname }}:{{ .Values.database.existingSecretKeys.port }}/{{ .Values.database.existingSecretKeys.database }}"

/>

</config>

Documentation References

https://www.keycloak.org/high-availability/multi-cluster/concepts-threads
https://www.keycloak.org/high-availability/multi-cluster/building-blocks
https://www.keycloak.org/high-availability/multi-cluster/concepts

@disbeliefff disbeliefff requested a review from a team as a code owner January 5, 2026 10:02
s.stoyanov added 5 commits January 5, 2026 12:05
feat: add advanced infinispan session replication, thread working and…
69b8487 
… database credential management

Signed-off-by: s.stoyanov <s.stoyanov@hostry.com>
feat: update nfinispan replication and load shedding
5752222 
Signed-off-by: s.stoyanov <s.stoyanov@hostry.com>
feat: update example
35d5980 
Signed-off-by: s.stoyanov <s.stoyanov@hostry.com>
feat: update values schema
a647c17 
Signed-off-by: s.stoyanov <s.stoyanov@hostry.com>
feat: fix readme
eeafd1e 
Signed-off-by: s.stoyanov <s.stoyanov@hostry.com>
@disbeliefff disbeliefff force-pushed the feature/enhanced-ha-production branch from 579a939 to eeafd1e Compare January 5, 2026 10:05
@disbeliefff disbeliefff changed the title feat: Configurable Infinispan Replication, Lload shedding, Threads Management and DB credentials via secrets, feat: Configurable Infinispan Replication, Load shedding, Threads Management and DB credentials via secrets, Jan 5, 2026
@disbeliefff disbeliefff changed the title feat: Configurable Infinispan Replication, Load shedding, Threads Management and DB credentials via secrets, feat: Configurable Infinispan Replication, Load shedding, Threads Management and DB credentials via secrets Jan 5, 2026
@disbeliefff
Copy link
Author

disbeliefff commented Jan 12, 2026

Any updates on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

KeycloakX

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@disbeliefff