Reputation: 181
Configure TLS for infinispan in bitnami keycloak
CONFIGURE TLS FOR INIFISPAN
When deploying bitnami/keycloak in Kubernetes, it utilizes the default cache type of Infinispan within the pods. Although deploying multiple pods of bitnami keycloak ensures secure communication between them via SSL certificates internally, the communication between Infinispan instances within keycloak pods remains unsecured.
Is there a method to establish secure SSL communication among these Infinispan instances as they inevitably need to communicate with each other?
Upvotes: 0
Views: 204
Answers (1)
Reputation: 1344
Disclaimer: I didn't check bitnami/keycloak so my answer would be generic.
The latest version of Keycloak supports TLS encryption for Infinispan communication. Check the GitHub Issue #25702 and Keycloak Documentation.
If the feature is not available, you can manually configure JGroups to encrypt the data. For that, you need to change the Infinispan configuration XML file to add a custom stack. See the Infinispan documentation page about it.
In JGroups, this documentation page describes the way to encrypt the data. Please check section 6.17.1 for TLS, where JGroups use SSLSocket with TCP, or section 6.17.2, in which JGroups encrypt the payload before sending.
Upvotes: 1
Related Questions
- Could not establish trust relationship for SSL/TLS secure channel -- SOAP
- keycloak Invalid parameter: redirect_uri
- Is It possible to use Custom DNS Implementation within the Kubernetes Cluster?
- How can isolate Keycloak Infinispan between namespaces in one Kubernetes cluster to prevent KC pod from discovering and synchronizing from one other
- Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel
- Which communications security options MongoDB provides?
- How can I pre-configure the IP address of a pod in Kubernetes (GCP)?
- Istio (1.0) intra ReplicaSet routing - support traffic between pods in a Kubernetes Deployment
- Raw keys (RSA, AES) generation vs SSL/TLS performance