385 lines
9.7 KiB
YAML
385 lines
9.7 KiB
YAML
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/infinispan-deployment.adoc` for the details.# tag::infinispan-credentials[]
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
type: Opaque
|
||
|
metadata:
|
||
|
name: connect-secret
|
||
|
namespace: keycloak
|
||
|
data:
|
||
|
identities.yaml: Y3JlZGVudGlhbHM6CiAgLSB1c2VybmFtZTogZGV2ZWxvcGVyCiAgICBwYXNzd29yZDogc3Ryb25nLXBhc3N3b3JkCiAgICByb2xlczoKICAgICAgLSBhZG1pbgo= # <1>
|
||
|
# end::infinispan-credentials[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: cluster-config
|
||
|
namespace: keycloak
|
||
|
data:
|
||
|
infinispan-config.yaml: >
|
||
|
infinispan:
|
||
|
cacheContainer:
|
||
|
metrics:
|
||
|
namesAsTags: true
|
||
|
gauges: true
|
||
|
histograms: false
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-crossdc-status[]
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: crossdc-status
|
||
|
namespace: keycloak
|
||
|
data:
|
||
|
batch: site status --all-caches --site=site-b
|
||
|
# end::infinispan-crossdc-status[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-crossdc-disconnect[]
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: crossdc-disconnect
|
||
|
namespace: keycloak
|
||
|
data:
|
||
|
batch: site take-offline --all-caches --site=site-b
|
||
|
# end::infinispan-crossdc-disconnect[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-crossdc-connect[]
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: crossdc-connect
|
||
|
namespace: keycloak
|
||
|
data:
|
||
|
batch: site bring-online --all-caches --site=site-b
|
||
|
# end::infinispan-crossdc-connect[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-crossdc-push-state[]
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: crossdc-push-state
|
||
|
namespace: keycloak
|
||
|
data:
|
||
|
batch: site push-site-state --all-caches --site=site-b
|
||
|
# end::infinispan-crossdc-push-state[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-crossdc-push-state-status[]
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: crossdc-push-state-status
|
||
|
namespace: keycloak
|
||
|
data:
|
||
|
batch: site push-site-status --all-caches --site=site-b
|
||
|
# end::infinispan-crossdc-push-state-status[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-crossdc-reset-push-state-status[]
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: crossdc-reset-push-state-status
|
||
|
namespace: keycloak
|
||
|
data:
|
||
|
batch: site clear-push-state-status --all-caches --site=site-b
|
||
|
# end::infinispan-crossdc-reset-push-state-status[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-crossdc-clear-caches[]
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: crossdc-clear-caches
|
||
|
namespace: keycloak
|
||
|
data:
|
||
|
batch: |+
|
||
|
clearcache actionTokens
|
||
|
clearcache authenticationSessions
|
||
|
clearcache clientSessions
|
||
|
clearcache loginFailures
|
||
|
clearcache offlineClientSessions
|
||
|
clearcache offlineSessions
|
||
|
clearcache sessions
|
||
|
clearcache work
|
||
|
|
||
|
# end::infinispan-crossdc-clear-caches[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-cache-actionTokens[]
|
||
|
apiVersion: infinispan.org/v2alpha1
|
||
|
kind: Cache
|
||
|
metadata:
|
||
|
name: actiontokens
|
||
|
namespace: keycloak
|
||
|
spec:
|
||
|
clusterName: infinispan
|
||
|
name: actionTokens
|
||
|
template: |-
|
||
|
distributedCache:
|
||
|
mode: "SYNC"
|
||
|
owners: "2"
|
||
|
statistics: "true"
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
backups:
|
||
|
site-b: # <2>
|
||
|
backup:
|
||
|
strategy: "SYNC" # <3>
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
# end::infinispan-cache-actionTokens[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-cache-authenticationSessions[]
|
||
|
apiVersion: infinispan.org/v2alpha1
|
||
|
kind: Cache
|
||
|
metadata:
|
||
|
name: authenticationsessions
|
||
|
namespace: keycloak
|
||
|
spec:
|
||
|
clusterName: infinispan
|
||
|
name: authenticationSessions
|
||
|
template: |-
|
||
|
distributedCache:
|
||
|
mode: "SYNC"
|
||
|
owners: "2"
|
||
|
statistics: "true"
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
backups:
|
||
|
mergePolicy: ALWAYS_REMOVE # <1>
|
||
|
site-b: # <2>
|
||
|
backup:
|
||
|
strategy: "SYNC" # <3>
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
# end::infinispan-cache-authenticationSessions[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-cache-clientSessions[]
|
||
|
apiVersion: infinispan.org/v2alpha1
|
||
|
kind: Cache
|
||
|
metadata:
|
||
|
name: clientsessions
|
||
|
namespace: keycloak
|
||
|
spec:
|
||
|
clusterName: infinispan
|
||
|
name: clientSessions
|
||
|
template: |-
|
||
|
distributedCache:
|
||
|
mode: "SYNC"
|
||
|
owners: "2"
|
||
|
statistics: "true"
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
backups:
|
||
|
mergePolicy: ALWAYS_REMOVE # <1>
|
||
|
site-b: # <2>
|
||
|
backup:
|
||
|
strategy: "SYNC" # <3>
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
# end::infinispan-cache-clientSessions[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-cache-loginFailures[]
|
||
|
apiVersion: infinispan.org/v2alpha1
|
||
|
kind: Cache
|
||
|
metadata:
|
||
|
name: loginfailures
|
||
|
namespace: keycloak
|
||
|
spec:
|
||
|
clusterName: infinispan
|
||
|
name: loginFailures
|
||
|
template: |-
|
||
|
distributedCache:
|
||
|
mode: "SYNC"
|
||
|
owners: "2"
|
||
|
statistics: "true"
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
backups:
|
||
|
site-b: # <2>
|
||
|
backup:
|
||
|
strategy: "SYNC" # <3>
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
# end::infinispan-cache-loginFailures[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-cache-offlineClientSessions[]
|
||
|
apiVersion: infinispan.org/v2alpha1
|
||
|
kind: Cache
|
||
|
metadata:
|
||
|
name: offlineclientsessions
|
||
|
namespace: keycloak
|
||
|
spec:
|
||
|
clusterName: infinispan
|
||
|
name: offlineClientSessions
|
||
|
template: |-
|
||
|
distributedCache:
|
||
|
mode: "SYNC"
|
||
|
owners: "2"
|
||
|
statistics: "true"
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
backups:
|
||
|
mergePolicy: ALWAYS_REMOVE # <1>
|
||
|
site-b: # <2>
|
||
|
backup:
|
||
|
strategy: "SYNC" # <3>
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
# end::infinispan-cache-offlineClientSessions[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-cache-offlineSessions[]
|
||
|
apiVersion: infinispan.org/v2alpha1
|
||
|
kind: Cache
|
||
|
metadata:
|
||
|
name: offlinesessions
|
||
|
namespace: keycloak
|
||
|
spec:
|
||
|
clusterName: infinispan
|
||
|
name: offlineSessions
|
||
|
template: |-
|
||
|
distributedCache:
|
||
|
mode: "SYNC"
|
||
|
owners: "2"
|
||
|
statistics: "true"
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
backups:
|
||
|
mergePolicy: ALWAYS_REMOVE # <1>
|
||
|
site-b: # <2>
|
||
|
backup:
|
||
|
strategy: "SYNC" # <3>
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
# end::infinispan-cache-offlineSessions[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-cache-sessions[]
|
||
|
apiVersion: infinispan.org/v2alpha1
|
||
|
kind: Cache
|
||
|
metadata:
|
||
|
name: sessions
|
||
|
namespace: keycloak
|
||
|
spec:
|
||
|
clusterName: infinispan
|
||
|
name: sessions
|
||
|
template: |-
|
||
|
distributedCache:
|
||
|
mode: "SYNC"
|
||
|
owners: "2"
|
||
|
statistics: "true"
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
backups:
|
||
|
mergePolicy: ALWAYS_REMOVE # <1>
|
||
|
site-b: # <2>
|
||
|
backup:
|
||
|
strategy: "SYNC" # <3>
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
# end::infinispan-cache-sessions[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-cache-work[]
|
||
|
apiVersion: infinispan.org/v2alpha1
|
||
|
kind: Cache
|
||
|
metadata:
|
||
|
name: work
|
||
|
namespace: keycloak
|
||
|
spec:
|
||
|
clusterName: infinispan
|
||
|
name: work
|
||
|
template: |-
|
||
|
distributedCache:
|
||
|
mode: "SYNC"
|
||
|
owners: "2"
|
||
|
statistics: "true"
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
backups:
|
||
|
site-b: # <2>
|
||
|
backup:
|
||
|
strategy: "SYNC" # <3>
|
||
|
stateTransfer:
|
||
|
chunkSize: 16
|
||
|
# end::infinispan-cache-work[]
|
||
|
---
|
||
|
# Source: ispn-helm/templates/infinispan.yaml
|
||
|
# tag::infinispan-crossdc[]
|
||
|
# tag::infinispan-single[]
|
||
|
apiVersion: infinispan.org/v1
|
||
|
kind: Infinispan
|
||
|
metadata:
|
||
|
name: infinispan # <1>
|
||
|
namespace: keycloak
|
||
|
annotations:
|
||
|
infinispan.org/monitoring: 'true' # <2>
|
||
|
spec:
|
||
|
replicas: 3
|
||
|
# end::infinispan-single[]
|
||
|
# end::infinispan-crossdc[]
|
||
|
# This exposes the http endpoint to interact with its caches - more info - https://infinispan.org/docs/stable/titles/rest/rest.html
|
||
|
# We can optionally set the host in the below expose yaml block, otherwise it will be set to a default naming pattern.
|
||
|
expose:
|
||
|
type: Route
|
||
|
configMapName: "cluster-config"
|
||
|
image: quay.io/infinispan/server:14.0.16.Final
|
||
|
configListener:
|
||
|
enabled: false
|
||
|
container:
|
||
|
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000'
|
||
|
logging:
|
||
|
categories:
|
||
|
org.infinispan: info
|
||
|
org.jgroups: info
|
||
|
# tag::infinispan-crossdc[]
|
||
|
# tag::infinispan-single[]
|
||
|
security:
|
||
|
endpointSecretName: connect-secret # <3>
|
||
|
service:
|
||
|
type: DataGrid
|
||
|
# end::infinispan-single[]
|
||
|
sites:
|
||
|
local:
|
||
|
name: site-a # <4>
|
||
|
# end::infinispan-crossdc[]
|
||
|
discovery:
|
||
|
launchGossipRouter: true
|
||
|
# tag::infinispan-crossdc[]
|
||
|
expose:
|
||
|
type: Route # <5>
|
||
|
maxRelayNodes: 128
|
||
|
encryption:
|
||
|
transportKeyStore:
|
||
|
secretName: xsite-keystore-secret # <6>
|
||
|
alias: xsite # <7>
|
||
|
filename: keystore.p12 # <8>
|
||
|
routerKeyStore:
|
||
|
secretName: xsite-keystore-secret # <6>
|
||
|
alias: xsite # <7>
|
||
|
filename: keystore.p12 # <8>
|
||
|
trustStore:
|
||
|
secretName: xsite-truststore-secret # <9>
|
||
|
filename: truststore.p12 # <10>
|
||
|
locations:
|
||
|
- name: site-b # <11>
|
||
|
clusterName: infinispan
|
||
|
namespace: keycloak # <12>
|
||
|
url: openshift://api.site-b # <13>
|
||
|
secretName: xsite-token-secret # <14>
|
||
|
|
||
|
# end::infinispan-crossdc[]
|