WELLBEING PLATFORM

Challenge

  • Customer: Company which for many years supports the healthy and active lifestyle of employees from many companies in Poland.

  • Implementation: As a Single Sign-On (SSO) solution for the environment, Keycloak.

Scope of work

DevOpsi sp. z o.o. was asked to support in the scope of:

  • pre-implementation analysis;

  • installation of a Kubernetes cluster on the Customers infrastructure;

  • installation of Postgres cluster;

  • iperformance tests;

  • Keycloak image preparation;

  • production deployment;

  • in the next stage – also maintenance of the whole implemented solution.

Pre-implementation analysis

At this stage, the Customer received our support in making the final decision on choosing Keycloak as the Single Sign-On (SSO) solution, a centralized authentication server. Additionally, during the workshops, we worked out the location of Keycloak in the entire architecture of the Customer’s systems. We also established the complete infrastructure architecture, which in the next stage we mapped on the Customer’s development environment.

Infrastructure

  • In the development environment, we started a complete Kubernetes cluster.

  • We configured autoscaling. It was prepared for sudden spikes in motion.

  • Next, we installed and deployed a Postgres cluster.

  • Keycloak was installed on 3 Kubernetes nodes and the Postgres cluster.

  • Previously, we have appropriately customized the Keycloak image according to customer requirements (including custom encryption algorithms).

  • In the case of heavy traffic, Kubernetes automatically added additional nodes to distribute traffic evenly and ensure the desired system performance.

Custom Keycloak modifications

As part of the contract, we created a dedicated SPI – plug-in to Keycloak. It extends its basic functionality. The plug-in was created by the manufacturer’s recommendations in the JVM environment. It verified and tagged information about permissions. Depending on the needs, it performed the appropriate actions. We also performed the tests, prepared the installation package and implementation instructions.

Performance tests of Keycloak

Part of the ordered work was to perform performance tests of the entire service. The assumptions for the tests were clear:

  • the service had to withstand specific traffic of Unique Users per minute with growing traffic;

  • we were to determine the overload point, i.e. the maximum number of UU/min at which the infrastructure resources will be insufficient.

For testing purposes, we imported several million Unique Users into Keycloak. Thanks to this, we perfectly reproduced the production conditions. For the load test, a task we prepared using Apache JMeter. That involved increasing the number of sessions/logins every minute. We ran the tests from 3 independent locations of our infrastructure. The load test was successful. The environment worked flawlessly. The overload test was also prepared in Apache JMeter. It consisted in running 8000 threads, which automatically logged users from a pool of several million users. The overload tests were also successful – it was possible to surpass the assumptions of the load tests several times. During testing, the infrastructure was monitored using Prometheus and Grafana applications. After testing, the Customer received complete documentation of the tests.

Challenges

The biggest challenges we had to face were related to:

  • securing adequate hardware resources to ensure proper scaling and performance when increasing traffic during testing;

  • providing adequate traffic during performance testing.

Our experience with previous implementations of Keycloak, k8s clusters, and Postgres, allowed us to seamlessly overcome the challenges and complete the implementation successfully.

Summary

From the beginning, the project required special attention and individualized solutions. The DevOpsi team – which was responsible for the implementation project – did not lack knowledge and experience, therefore we were certain of the final success. That is why the Customer offered us to continue cooperation in maintaining the entire solution, providing its support and further development of the environment.:

Sales Leader

Marta Kosmala

If You want to know more information about project,
please contact with me on this form.

Let’s talk

Clients:

Category:

SSO

Date:

Newsletter