Update the HA guide with the workaround for ISPN-15758

Closes #27353

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Michal Hajas 2024-02-28 16:56:15 +01:00 committed by GitHub
parent ade3b31a91
commit d7c6464ad6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 17 additions and 10 deletions

View file

@ -23,9 +23,10 @@ This topic describes advanced {jdgserver_name} configurations for {project_name}
include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore] include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore]
---- ----
<1> New tag `<persistence />` to connect it to the remote store. <1> New tag `<persistence />` to connect it to the remote store.
<2> For the address to the remote store, reference two environment variables for host name and port number. <2> This is a workaround for issue https://github.com/keycloak/keycloak/issues/27117[keycloak#27117] and will be removed in the following versions.
<3> For authentication, reference two environment variables for username and password. <3> For the address to the remote store, reference two environment variables for host name and port number.
<4> To secure the remote store connection, use the Kubernetes mechanisms of the pre-configured truststore. <4> For authentication, reference two environment variables for username and password.
<5> To secure the remote store connection, use the Kubernetes mechanisms of the pre-configured truststore.
.. Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml`, which is part of the {project_name} distribution. .. Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml`, which is part of the {project_name} distribution.
For each `replicated-cache` entry, add the tag `<persistence />` as shown below. For each `replicated-cache` entry, add the tag `<persistence />` as shown below.

View file

@ -224,7 +224,7 @@ spec:
expose: expose:
type: Route type: Route
configMapName: "cluster-config" configMapName: "cluster-config"
image: quay.io/infinispan/server:14.0.24.Final image: quay.io/infinispan/server:14.0.25.Final
configListener: configListener:
enabled: false enabled: false
container: container:

View file

@ -363,7 +363,7 @@ spec:
expose: expose:
type: Route type: Route
configMapName: "cluster-config" configMapName: "cluster-config"
image: quay.io/infinispan/server:14.0.24.Final image: quay.io/infinispan/server:14.0.25.Final
configListener: configListener:
enabled: false enabled: false
container: container:

View file

@ -363,7 +363,7 @@ spec:
expose: expose:
type: Route type: Route
configMapName: "cluster-config" configMapName: "cluster-config"
image: quay.io/infinispan/server:14.0.24.Final image: quay.io/infinispan/server:14.0.25.Final
configListener: configListener:
enabled: false enabled: false
container: container:

View file

@ -111,6 +111,9 @@ data:
raw-values="true" raw-values="true"
shared="true" shared="true"
segmented="false"> segmented="false">
<!-- This is a workaround for the following issue https://github.com/keycloak/keycloak/issues/27117 and should be removed when the issue is fixed -->
<write-behind modification-queue-size="1024"/>
<!-- End of the workaround -->
<remote-server host="${env.KC_REMOTE_STORE_HOST}" <remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/> <!--2--> port="${env.KC_REMOTE_STORE_PORT}"/> <!--2-->
<connection-pool max-active="16" <connection-pool max-active="16"
@ -790,7 +793,7 @@ spec:
podTemplate: podTemplate:
metadata: metadata:
annotations: annotations:
checksum/config: 2cae63c85a3485c135aebe1472971dd056b1dda42fb54ef2f891bc521e31fc1a-4832924b47210161956e3b1718daf07ff52d801545186a76c391485eaf1897d3-<KEYCLOAK_IMAGE_HERE>-56f92cd9012613402e2a7a61aded0f218d077b8c6345b22922ca7bf1a5c64984-v1.27.0 checksum/config: ebe9b8c121995f449a1a4e339af244b2bb67769af84b3cbdff61159948447e20-4832924b47210161956e3b1718daf07ff52d801545186a76c391485eaf1897d3-<KEYCLOAK_IMAGE_HERE>-dbc855dd9b7f7c0b828760ea8cd7427e8a2f5a5be303fba7dee0c6bbb68258d4-v1.27.0
spec: spec:
containers: containers:
- env: - env:

View file

@ -53,20 +53,23 @@
raw-values="true" raw-values="true"
shared="true" shared="true"
segmented="false"> segmented="false">
<!-- This is a workaround for the following issue https://github.com/keycloak/keycloak/issues/27117 and should be removed when the issue is fixed -->
<write-behind modification-queue-size="1024"/> <!--2-->
<!-- End of the workaround -->
<remote-server host="${env.KC_REMOTE_STORE_HOST}" <remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/> <!--2--> port="${env.KC_REMOTE_STORE_PORT}"/> <!--3-->
<connection-pool max-active="16" <connection-pool max-active="16"
exhausted-action="CREATE_NEW"/> exhausted-action="CREATE_NEW"/>
<security> <security>
<authentication server-name="infinispan"> <authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}" <digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}" password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/> <!--3--> realm="default"/> <!--4-->
</authentication> </authentication>
<encryption protocol="TLSv1.3" <encryption protocol="TLSv1.3"
sni-hostname="${env.KC_REMOTE_STORE_HOST}"> sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" <truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/> <!--4--> type="pem"/> <!--5-->
</encryption> </encryption>
</security> </security>
</remote-store> </remote-store>