Challenge:
Client: A company that has been supporting healthy and active lifestyles for employees from many companies in Poland on its wellbeing platform.
Implementation: As a Single Sign-On (SSO) solution for the environment, Keycloak.
Scope of work:
DevOpsi sp. z o.o. was asked to support in the scope of:
- pre-implementation analysis;
- installation of a Kubernetes cluster on the Customers infrastructure of the wellbeing platform;
- installation of Postgres cluster;
- performance tests;
- Keycloak image preparation;
- production deployment;
- in the next stage – also maintenance of the whole implemented solution.
Pre-implementation analysis:
At this stage, the Customer received our support in making the final decision on choosing Keycloak as the Single Sign-On (SSO) solution, a centralized authentication server. Additionally, during the workshops, we worked out the location of Keycloak in the entire architecture of the Customer’s systems. We also established the complete infrastructure architecture, which in the next stage we mapped on the Customer’s development environment.
Infrastructure:
- In the development environment, we started a complete Kubernetes cluster.
- We configured autoscaling. It was prepared for sudden spikes in motion.
- Next, we installed and deployed a Postgres cluster.
- Keycloak was installed on 3 Kubernetes nodes and the Postgres cluster.
- Previously, we have appropriately customized the Keycloak image according to customer requirements (including custom encryption algorithms).
- In the case of heavy traffic, Kubernetes automatically added additional nodes to distribute traffic evenly and ensure the desired system performance.
Custom Keycloak modifications:
As part of the contract, we created a dedicated SPI – plug-in for Keycloak. It extends its basic functionality. The plug-in was created by the manufacturer’s recommendations in the JVM environment. It verified and tagged information about permissions. Depending on the needs, it performed the appropriate actions. We also performed the tests and prepared the installation package and implementation instructions.
Performance tests of Keycloak:
Part of the ordered work was to perform performance tests of the entire service. The assumptions for the tests were clear:
- the service had to withstand specific traffic of Unique Users per minute with growing traffic;
- we were to determine the overload point, i.e. the maximum number of UU/min at which the infrastructure resources will be insufficient.
For testing purposes, we imported several million wellbeing platform Unique Users into Keycloak. Thanks to this, we perfectly reproduced the production conditions. For the load test, a task we prepared using Apache JMeter. That involved increasing the number of sessions/logins every minute. We ran the tests from 3 independent locations of our infrastructure. The load test was successful and the environment worked flawlessly. The overload test was also prepared in Apache JMeter. It consisted in running 8000 threads, which automatically logged users from a pool of several million users. The overload tests were also successful – it was possible to surpass the assumptions of the load tests several times. During testing, the infrastructure was monitored using Prometheus and Grafana applications. After testing, the Customer received complete documentation of the tests.
Challenges:
The biggest challenges we had to face were related to:
- securing adequate hardware resources to ensure proper scaling and performance when increasing traffic during testing;
- providing adequate traffic during performance testing.
Our experience with previous implementations of Keycloak, k8s clusters, and Postgres, allowed us to seamlessly overcome the challenges and complete the implementation successfully.
Summary:
From the beginning, the project required special attention and individualized solutions. The DevOpsi team – responsible for the implementation project – did not lack knowledge and experience, therefore, we were certain of the final success. Therefore, the client offered us further cooperation in maintaining the entire solution, supporting it, and developing the environment for its well-being platform.