<#import "/templates/guide.adoc" as tmpl> <#import "/templates/links.adoc" as links> <@tmpl.guide title="Connect {project_name} with an external {jdgserver_name}" summary="Building block for an Infinispan deployment on Kubernetes" preview="true" previewDiscussionLink="https://github.com/keycloak/keycloak/discussions/25269" tileVisible="false" > This topic describes advanced {jdgserver_name} configurations for {project_name} on Kubernetes. == Prerequisites * <@links.ha id="deploy-keycloak-kubernetes" /> as it will be extended. * <@links.ha id="deploy-infinispan-kubernetes-crossdc" />. == Procedure . Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml` which is part of the {project_name} distribution: .. For each `distributed-cache` entry, add the tags `` as shown following. + [source,xml,indent=0] ---- include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore] ---- <1> New tag `` to connect it to the remote store. <2> For the address to the remote store, reference two environment variables for host name and port number. <3> For authentication, reference two environment variables for username and password. <4> To secure the remote store connection, use the Kubernetes mechanisms of the pre-configured truststore. .. Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml`, which is part of the {project_name} distribution. For each `replicated-cache` entry, add the tag `` as shown below. For additional information on the infinispan configuration options, see the https://docs.jboss.org/infinispan/14.0/configdocs/infinispan-config-14.0.html[infinispan configuration schema reference]. + [source,xml,indent=0] ---- include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore-work] ---- . Place the {jdgserver_name} Cache configuration XML in a ConfigMap. + [source,yaml] ---- include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn-configmap] ... ---- . Create a Secret with the username and password to connect to the external {jdgserver_name} deployment: + [source,yaml] ---- include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn-secret] ---- . Extend the {project_name} Custom Resource with `additionalOptions` and extend the `podTemplate` as shown below. + [NOTE] ==== * The new `additionalOptions` entries starting with `remote-store` used here are not official {project_name} configurations. Instead, they provide their values to environment variables that are then referenced in the {jdgserver_name} XML configuration. * All the memory, resource and database configurations are skipped from the CR below as they have been described in <@links.ha id="deploy-keycloak-kubernetes" /> {section} already. Administrators should leave those configurations untouched. ==== + [source,yaml] ---- include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn] ---- <1> Custom cache configuration XML file definition, which includes configuration for remote or embedded {jdgserver_name} store. <2> The hostname and port of the remote cache {jdgserver_name} cluster. <3> The credentials required, username and password, to access the remote cache {jdgserver_name} cluster. <4> Mounting the cache configuration Volume in Kubernetes. However, matching the `jboss.site.name` with the external {jdgserver_name} deployment site name helps debugging possible future issues. If you are using multiple sites for {project_name} in a cross-DC setup such as <@links.ha id="deploy-infinispan-kubernetes-crossdc" />, the site name must be different in each site. <5> `jboss.site.name` is an arbitrary {jdgserver_name} site name which {project_name} needs for its embedded {jdgserver_name} deployment when a remote store is used. This site name is related only to the embedded {jdgserver_name} and does not need to match any value from the external {jdgserver_name} deployment. <6> Defining the cache configuration Volume using the already created ConfigMap in Kubernetes.