2023-11-23 12:27:47 +00:00
---
2024-08-07 08:22:59 +00:00
# Source: ispn-helm/templates/infinispan-alerts.yaml
# tag::fencing-secret[]
apiVersion : v1
kind : Secret
type : kubernetes.io/basic-auth
metadata :
name : webhook-credentials
stringData :
username : 'keycloak' # <1>
password : 'changme' # <2>
# end::fencing-secret[]
---
2023-11-23 12:27:47 +00:00
# Source: ispn-helm/templates/infinispan.yaml
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/infinispan-deployment.adoc` for the details.# tag::infinispan-credentials[]
apiVersion : v1
kind : Secret
type : Opaque
metadata :
name : connect-secret
namespace : keycloak
data :
identities.yaml : Y3JlZGVudGlhbHM6CiAgLSB1c2VybmFtZTogZGV2ZWxvcGVyCiAgICBwYXNzd29yZDogc3Ryb25nLXBhc3N3b3JkCiAgICByb2xlczoKICAgICAgLSBhZG1pbgo= # <1>
# end::infinispan-credentials[]
---
# Source: ispn-helm/templates/infinispan.yaml
apiVersion : v1
kind : ConfigMap
metadata :
name : cluster-config
namespace : keycloak
data :
infinispan-config.yaml : >
infinispan :
cacheContainer :
metrics :
namesAsTags : true
gauges : true
histograms : false
2023-11-30 12:47:06 +00:00
server :
endpoints :
- securityRealm : default
socketBinding : default
connectors :
rest :
restConnector :
authentication :
mechanisms : BASIC
hotrod :
hotrodConnector : null
2023-11-23 12:27:47 +00:00
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-status[]
apiVersion : v1
kind : ConfigMap
metadata :
name : crossdc-status
namespace : keycloak
data :
batch : site status --all-caches --site=site-b
# end::infinispan-crossdc-status[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-disconnect[]
apiVersion : v1
kind : ConfigMap
metadata :
name : crossdc-disconnect
namespace : keycloak
data :
batch : site take-offline --all-caches --site=site-b
# end::infinispan-crossdc-disconnect[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-connect[]
apiVersion : v1
kind : ConfigMap
metadata :
name : crossdc-connect
namespace : keycloak
data :
batch : site bring-online --all-caches --site=site-b
# end::infinispan-crossdc-connect[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-push-state[]
apiVersion : v1
kind : ConfigMap
metadata :
name : crossdc-push-state
namespace : keycloak
data :
batch : site push-site-state --all-caches --site=site-b
# end::infinispan-crossdc-push-state[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-push-state-status[]
apiVersion : v1
kind : ConfigMap
metadata :
name : crossdc-push-state-status
namespace : keycloak
data :
batch : site push-site-status --all-caches --site=site-b
# end::infinispan-crossdc-push-state-status[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-reset-push-state-status[]
apiVersion : v1
kind : ConfigMap
metadata :
name : crossdc-reset-push-state-status
namespace : keycloak
data :
batch : site clear-push-state-status --all-caches --site=site-b
# end::infinispan-crossdc-reset-push-state-status[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-clear-caches[]
apiVersion : v1
kind : ConfigMap
metadata :
name : crossdc-clear-caches
namespace : keycloak
data :
batch : |+
clearcache actionTokens
clearcache authenticationSessions
clearcache clientSessions
clearcache loginFailures
clearcache offlineClientSessions
clearcache offlineSessions
clearcache sessions
clearcache work
2024-08-07 08:22:59 +00:00
2023-11-23 12:27:47 +00:00
# end::infinispan-crossdc-clear-caches[]
---
2024-08-07 08:22:59 +00:00
# Source: ispn-helm/templates/infinispan-alerts.yaml
# tag::fencing-alert-manager-config[]
apiVersion : monitoring.coreos.com/v1beta1
kind : AlertmanagerConfig
metadata :
name : example-routing
spec :
route :
receiver : default
matchers :
- matchType : =
name : alertname
value : SiteOffline
receivers :
- name : default
webhookConfigs :
- url : 'https://tjqr2vgc664b6noj6vugprakoq0oausj.lambda-url.eu-west-1.on.aws/' # <3>
httpConfig :
basicAuth :
username :
key : username
name : webhook-credentials
password :
key : password
name : webhook-credentials
tlsConfig :
insecureSkipVerify : true
# end::fencing-alert-manager-config[]
---
2023-11-23 12:27:47 +00:00
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-actionTokens[]
apiVersion : infinispan.org/v2alpha1
kind : Cache
metadata :
name : actiontokens
namespace : keycloak
spec :
clusterName : infinispan
name : actionTokens
template : |-
distributedCache :
mode : "SYNC"
owners : "2"
statistics : "true"
2024-08-07 08:22:59 +00:00
remoteTimeout : 5000
locking :
acquireTimeout : 4000
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
backups :
site-b : # <2>
backup :
strategy : "SYNC" # <3>
2024-08-07 08:22:59 +00:00
timeout : 4500
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
# end::infinispan-cache-actionTokens[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-authenticationSessions[]
apiVersion : infinispan.org/v2alpha1
kind : Cache
metadata :
name : authenticationsessions
namespace : keycloak
spec :
clusterName : infinispan
name : authenticationSessions
template : |-
distributedCache :
mode : "SYNC"
owners : "2"
statistics : "true"
2024-08-07 08:22:59 +00:00
remoteTimeout : 5000
locking :
acquireTimeout : 4000
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
backups :
2024-08-07 08:22:59 +00:00
site-b : # <1>
2023-11-23 12:27:47 +00:00
backup :
2024-08-07 08:22:59 +00:00
strategy : "SYNC" # <2>
timeout : 4500
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
# end::infinispan-cache-authenticationSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-clientSessions[]
apiVersion : infinispan.org/v2alpha1
kind : Cache
metadata :
name : clientsessions
namespace : keycloak
spec :
clusterName : infinispan
name : clientSessions
template : |-
distributedCache :
mode : "SYNC"
owners : "2"
statistics : "true"
2024-08-07 08:22:59 +00:00
remoteTimeout : 5000
locking :
acquireTimeout : 4000
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
backups :
2024-08-07 08:22:59 +00:00
site-b : # <1>
2023-11-23 12:27:47 +00:00
backup :
2024-08-07 08:22:59 +00:00
strategy : "SYNC" # <2>
timeout : 4500
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
# end::infinispan-cache-clientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-loginFailures[]
apiVersion : infinispan.org/v2alpha1
kind : Cache
metadata :
name : loginfailures
namespace : keycloak
spec :
clusterName : infinispan
name : loginFailures
template : |-
distributedCache :
mode : "SYNC"
owners : "2"
statistics : "true"
2024-08-07 08:22:59 +00:00
remoteTimeout : 5000
locking :
acquireTimeout : 4000
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
backups :
site-b : # <2>
backup :
strategy : "SYNC" # <3>
2024-08-07 08:22:59 +00:00
timeout : 4500
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
# end::infinispan-cache-loginFailures[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineClientSessions[]
apiVersion : infinispan.org/v2alpha1
kind : Cache
metadata :
name : offlineclientsessions
namespace : keycloak
spec :
clusterName : infinispan
name : offlineClientSessions
template : |-
distributedCache :
mode : "SYNC"
owners : "2"
statistics : "true"
2024-08-07 08:22:59 +00:00
remoteTimeout : 5000
locking :
acquireTimeout : 4000
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
backups :
2024-08-07 08:22:59 +00:00
site-b : # <1>
2023-11-23 12:27:47 +00:00
backup :
2024-08-07 08:22:59 +00:00
strategy : "SYNC" # <2>
timeout : 4500
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
# end::infinispan-cache-offlineClientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineSessions[]
apiVersion : infinispan.org/v2alpha1
kind : Cache
metadata :
name : offlinesessions
namespace : keycloak
spec :
clusterName : infinispan
name : offlineSessions
template : |-
distributedCache :
mode : "SYNC"
owners : "2"
statistics : "true"
2024-08-07 08:22:59 +00:00
remoteTimeout : 5000
locking :
acquireTimeout : 4000
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
backups :
2024-08-07 08:22:59 +00:00
site-b : # <1>
2023-11-23 12:27:47 +00:00
backup :
2024-08-07 08:22:59 +00:00
strategy : "SYNC" # <2>
timeout : 4500
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
# end::infinispan-cache-offlineSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-sessions[]
apiVersion : infinispan.org/v2alpha1
kind : Cache
metadata :
name : sessions
namespace : keycloak
spec :
clusterName : infinispan
name : sessions
template : |-
distributedCache :
mode : "SYNC"
2024-08-07 08:22:59 +00:00
owners : "1" # <1>
2023-11-23 12:27:47 +00:00
statistics : "true"
2024-08-07 08:22:59 +00:00
remoteTimeout : 5000
locking :
acquireTimeout : 4000
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
2024-08-07 08:22:59 +00:00
memory :
maxCount : 10000 # <2>
2023-11-23 12:27:47 +00:00
backups :
2024-08-07 08:22:59 +00:00
site-b : # <3>
2023-11-23 12:27:47 +00:00
backup :
2024-08-07 08:22:59 +00:00
strategy : "SYNC" # <4>
2024-02-19 09:41:49 +00:00
timeout : 13000
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
# end::infinispan-cache-sessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-work[]
apiVersion : infinispan.org/v2alpha1
kind : Cache
metadata :
name : work
namespace : keycloak
spec :
clusterName : infinispan
name : work
template : |-
distributedCache :
mode : "SYNC"
owners : "2"
statistics : "true"
2024-08-07 08:22:59 +00:00
remoteTimeout : 5000
locking :
acquireTimeout : 4000
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
backups :
site-b : # <2>
backup :
strategy : "SYNC" # <3>
2024-08-07 08:22:59 +00:00
timeout : 4500
2023-11-23 12:27:47 +00:00
stateTransfer :
chunkSize : 16
# end::infinispan-cache-work[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc[]
# tag::infinispan-single[]
apiVersion : infinispan.org/v1
kind : Infinispan
metadata :
name : infinispan # <1>
namespace : keycloak
annotations :
infinispan.org/monitoring : 'true' # <2>
spec :
replicas : 3
# end::infinispan-single[]
# end::infinispan-crossdc[]
# This exposes the http endpoint to interact with its caches - more info - https://infinispan.org/docs/stable/titles/rest/rest.html
# We can optionally set the host in the below expose yaml block, otherwise it will be set to a default naming pattern.
expose :
type : Route
configMapName : "cluster-config"
2024-08-07 09:18:54 +00:00
image : quay.io/infinispan/server:15.0.7.Final
2023-11-23 12:27:47 +00:00
configListener :
enabled : false
container :
2024-02-19 09:41:49 +00:00
extraJvmOpts : '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000'
2023-11-23 12:27:47 +00:00
logging :
categories :
org.infinispan : info
org.jgroups : info
# tag::infinispan-crossdc[]
# tag::infinispan-single[]
security :
endpointSecretName : connect-secret # <3>
service :
type : DataGrid
# end::infinispan-single[]
sites :
local :
name : site-a # <4>
# end::infinispan-crossdc[]
discovery :
launchGossipRouter : true
2024-02-19 09:41:49 +00:00
heartbeats :
interval : 2000
timeout : 8000
2023-11-23 12:27:47 +00:00
# tag::infinispan-crossdc[]
expose :
type : Route # <5>
maxRelayNodes : 128
encryption :
transportKeyStore :
secretName : xsite-keystore-secret # <6>
alias : xsite # <7>
filename : keystore.p12 # <8>
routerKeyStore :
secretName : xsite-keystore-secret # <6>
alias : xsite # <7>
filename : keystore.p12 # <8>
trustStore :
secretName : xsite-truststore-secret # <9>
filename : truststore.p12 # <10>
locations :
- name : site-b # <11>
clusterName : infinispan
namespace : keycloak # <12>
url : openshift://api.site-b # <13>
secretName : xsite-token-secret # <14>
2024-08-07 08:22:59 +00:00
2023-11-23 12:27:47 +00:00
# end::infinispan-crossdc[]
2024-08-07 08:22:59 +00:00
---
# Source: ispn-helm/templates/infinispan-alerts.yaml
# tag::fencing-prometheus-rule[]
apiVersion : monitoring.coreos.com/v1
kind : PrometheusRule
metadata :
name : xsite-status
spec :
groups :
- name : xsite-status
rules :
- alert : SiteOffline
expr : 'min by (namespace, site) (vendor_jgroups_site_view_status{namespace="default",site="site-b"}) == 0' # <4>
labels :
severity : critical
reporter : site-a # <5>
accelerator : a3da6a6cbd4e27b02.awsglobalaccelerator.com # <6>
# end::fencing-prometheus-rule[]