Rolling Upgrade

A rolling upgrade is the process used to apply changes or updates to your Keycloak cluster while keeping it fully operational. This process is typically performed by the Cloud-IAM technical teams, but also on the configurations that you made on your deployment from the Cloud-IAM console.

How Rolling Upgrade Works

During this phase, nodes in the Keycloak cluster are sequentially removed, upgraded to the new version or configuration, and then reintroduced back into the cluster one by one. This method ensures the cluster stays alive and responsive throughout the entire upgrade.

• Only a subset of nodes is offline at any time.
• Other nodes continue to serve user requests without interruption.
• The deployment runs a mixed-version cluster temporarily, where some nodes run the new version while others still run the previous one.

Cloud-IAM Console - Rolling Upgrade Schema

What are the benefits of Rolling Upgrades

• Zero downtime: End users experience no interruption during the upgrade.
• Risk minimization: Upgrading nodes sequentially reduces the chance of cluster-wide failures.
• Operational continuity: Services depending on Keycloak remain available and consistent throughout the upgrade process.

What does zero downtime mean?

It refers to the ability of an application to maintain uninterrupted operation, even when updates or deployments are performed. This involves the implementation of redundancy mechanisms to ensure that the application is always available for users, even during maintenance operations. This can improve the quality of service of the application for end users by ensuring that the application is always available for them, even during maintenance operations.

Do not confuse zero downtime with hot reload, which is a feature that allows developers to reload modifications to the source code of an application without interrupting its execution. This means that developers can immediately see the results of their modifications on the running application, without having to restart the application or even leave their development environment.

Zero downtime at Cloud IAM?

Cloud-IAM is designed to deliver zero downtime during normal operations. You can safely update your configuration or deploy custom extensions without any service interruption.

The only exceptions occur during certain Keycloak version upgrades or major use case version changes. In these cases, zero downtime is often possible, but we cannot guarantee it with 100% certainty. Please refer to the downtime version list, for details on versions that may require downtime.

Important Considerations

Please ensure strict adherence to backward compatibility principles so that all nodes can consistently share data, including attributes, cache, and database information, and that dependent services continue to function smoothly.

Note that certain operations may require a full restart of the entire Keycloak cluster.

Additionally, some Keycloak updates cannot be applied through rolling upgrades and will necessitate a complete cluster restart. For more information on upgrade procedures and best practices, please refer to the Keycloak Upgrade Reference.