--- # Source: ispn-helm/templates/infinispan.yaml # There are several callouts in this YAML marked with `# <1>' etc. See 'running/infinispan-deployment.adoc` for the details.# tag::infinispan-credentials[] apiVersion: v1 kind: Secret type: Opaque metadata: name: connect-secret namespace: keycloak data: identities.yaml: Y3JlZGVudGlhbHM6CiAgLSB1c2VybmFtZTogZGV2ZWxvcGVyCiAgICBwYXNzd29yZDogc3Ryb25nLXBhc3N3b3JkCiAgICByb2xlczoKICAgICAgLSBhZG1pbgo= # <1> # end::infinispan-credentials[] --- # Source: ispn-helm/templates/infinispan.yaml apiVersion: v1 kind: ConfigMap metadata: name: cluster-config namespace: keycloak data: infinispan-config.yaml: > infinispan: cacheContainer: metrics: namesAsTags: true gauges: true histograms: false server: endpoints: - securityRealm: default socketBinding: default connectors: rest: restConnector: authentication: mechanisms: BASIC hotrod: hotrodConnector: null --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-crossdc-status[] apiVersion: v1 kind: ConfigMap metadata: name: crossdc-status namespace: keycloak data: batch: site status --all-caches --site=site-a # end::infinispan-crossdc-status[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-crossdc-disconnect[] apiVersion: v1 kind: ConfigMap metadata: name: crossdc-disconnect namespace: keycloak data: batch: site take-offline --all-caches --site=site-a # end::infinispan-crossdc-disconnect[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-crossdc-connect[] apiVersion: v1 kind: ConfigMap metadata: name: crossdc-connect namespace: keycloak data: batch: site bring-online --all-caches --site=site-a # end::infinispan-crossdc-connect[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-crossdc-push-state[] apiVersion: v1 kind: ConfigMap metadata: name: crossdc-push-state namespace: keycloak data: batch: site push-site-state --all-caches --site=site-a # end::infinispan-crossdc-push-state[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-crossdc-push-state-status[] apiVersion: v1 kind: ConfigMap metadata: name: crossdc-push-state-status namespace: keycloak data: batch: site push-site-status --all-caches --site=site-a # end::infinispan-crossdc-push-state-status[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-crossdc-reset-push-state-status[] apiVersion: v1 kind: ConfigMap metadata: name: crossdc-reset-push-state-status namespace: keycloak data: batch: site clear-push-state-status --all-caches --site=site-a # end::infinispan-crossdc-reset-push-state-status[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-crossdc-clear-caches[] apiVersion: v1 kind: ConfigMap metadata: name: crossdc-clear-caches namespace: keycloak data: batch: |+ clearcache actionTokens clearcache authenticationSessions clearcache clientSessions clearcache loginFailures clearcache offlineClientSessions clearcache offlineSessions clearcache sessions clearcache work # end::infinispan-crossdc-clear-caches[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-cache-actionTokens[] apiVersion: infinispan.org/v2alpha1 kind: Cache metadata: name: actiontokens namespace: keycloak spec: clusterName: infinispan name: actionTokens template: |- distributedCache: mode: "SYNC" owners: "2" statistics: "true" remoteTimeout: 14000 stateTransfer: chunkSize: 16 backups: site-a: # <2> backup: strategy: "SYNC" # <3> timeout: 13000 stateTransfer: chunkSize: 16 # end::infinispan-cache-actionTokens[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-cache-authenticationSessions[] apiVersion: infinispan.org/v2alpha1 kind: Cache metadata: name: authenticationsessions namespace: keycloak spec: clusterName: infinispan name: authenticationSessions template: |- distributedCache: mode: "SYNC" owners: "2" statistics: "true" remoteTimeout: 14000 stateTransfer: chunkSize: 16 backups: mergePolicy: ALWAYS_REMOVE # <1> site-a: # <2> backup: strategy: "SYNC" # <3> timeout: 13000 stateTransfer: chunkSize: 16 # end::infinispan-cache-authenticationSessions[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-cache-clientSessions[] apiVersion: infinispan.org/v2alpha1 kind: Cache metadata: name: clientsessions namespace: keycloak spec: clusterName: infinispan name: clientSessions template: |- distributedCache: mode: "SYNC" owners: "2" statistics: "true" remoteTimeout: 14000 stateTransfer: chunkSize: 16 backups: mergePolicy: ALWAYS_REMOVE # <1> site-a: # <2> backup: strategy: "SYNC" # <3> timeout: 13000 stateTransfer: chunkSize: 16 # end::infinispan-cache-clientSessions[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-cache-loginFailures[] apiVersion: infinispan.org/v2alpha1 kind: Cache metadata: name: loginfailures namespace: keycloak spec: clusterName: infinispan name: loginFailures template: |- distributedCache: mode: "SYNC" owners: "2" statistics: "true" remoteTimeout: 14000 stateTransfer: chunkSize: 16 backups: site-a: # <2> backup: strategy: "SYNC" # <3> timeout: 13000 stateTransfer: chunkSize: 16 # end::infinispan-cache-loginFailures[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-cache-offlineClientSessions[] apiVersion: infinispan.org/v2alpha1 kind: Cache metadata: name: offlineclientsessions namespace: keycloak spec: clusterName: infinispan name: offlineClientSessions template: |- distributedCache: mode: "SYNC" owners: "2" statistics: "true" remoteTimeout: 14000 stateTransfer: chunkSize: 16 backups: mergePolicy: ALWAYS_REMOVE # <1> site-a: # <2> backup: strategy: "SYNC" # <3> timeout: 13000 stateTransfer: chunkSize: 16 # end::infinispan-cache-offlineClientSessions[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-cache-offlineSessions[] apiVersion: infinispan.org/v2alpha1 kind: Cache metadata: name: offlinesessions namespace: keycloak spec: clusterName: infinispan name: offlineSessions template: |- distributedCache: mode: "SYNC" owners: "2" statistics: "true" remoteTimeout: 14000 stateTransfer: chunkSize: 16 backups: mergePolicy: ALWAYS_REMOVE # <1> site-a: # <2> backup: strategy: "SYNC" # <3> timeout: 13000 stateTransfer: chunkSize: 16 # end::infinispan-cache-offlineSessions[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-cache-sessions[] apiVersion: infinispan.org/v2alpha1 kind: Cache metadata: name: sessions namespace: keycloak spec: clusterName: infinispan name: sessions template: |- distributedCache: mode: "SYNC" owners: "2" statistics: "true" remoteTimeout: 14000 stateTransfer: chunkSize: 16 backups: mergePolicy: ALWAYS_REMOVE # <1> site-a: # <2> backup: strategy: "SYNC" # <3> timeout: 13000 stateTransfer: chunkSize: 16 # end::infinispan-cache-sessions[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-cache-work[] apiVersion: infinispan.org/v2alpha1 kind: Cache metadata: name: work namespace: keycloak spec: clusterName: infinispan name: work template: |- distributedCache: mode: "SYNC" owners: "2" statistics: "true" remoteTimeout: 14000 stateTransfer: chunkSize: 16 backups: site-a: # <2> backup: strategy: "SYNC" # <3> timeout: 13000 stateTransfer: chunkSize: 16 # end::infinispan-cache-work[] --- # Source: ispn-helm/templates/infinispan.yaml # tag::infinispan-crossdc[] # tag::infinispan-single[] apiVersion: infinispan.org/v1 kind: Infinispan metadata: name: infinispan # <1> namespace: keycloak annotations: infinispan.org/monitoring: 'true' # <2> spec: replicas: 3 # end::infinispan-single[] # end::infinispan-crossdc[] # This exposes the http endpoint to interact with its caches - more info - https://infinispan.org/docs/stable/titles/rest/rest.html # We can optionally set the host in the below expose yaml block, otherwise it will be set to a default naming pattern. expose: type: Route configMapName: "cluster-config" image: quay.io/infinispan/server:15.0.3.Final configListener: enabled: false container: extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000' logging: categories: org.infinispan: info org.jgroups: info # tag::infinispan-crossdc[] # tag::infinispan-single[] security: endpointSecretName: connect-secret # <3> service: type: DataGrid # end::infinispan-single[] sites: local: name: site-b # <4> # end::infinispan-crossdc[] discovery: launchGossipRouter: true heartbeats: interval: 2000 timeout: 8000 # tag::infinispan-crossdc[] expose: type: Route # <5> maxRelayNodes: 128 encryption: transportKeyStore: secretName: xsite-keystore-secret # <6> alias: xsite # <7> filename: keystore.p12 # <8> routerKeyStore: secretName: xsite-keystore-secret # <6> alias: xsite # <7> filename: keystore.p12 # <8> trustStore: secretName: xsite-truststore-secret # <9> filename: truststore.p12 # <10> locations: - name: site-a # <11> clusterName: infinispan namespace: keycloak # <12> url: openshift://api.site-a # <13> secretName: xsite-token-secret # <14> # end::infinispan-crossdc[]