keycloak-scim/docs/guides/high-availability/examples/generated/ispn-single.yaml
Michal Hajas 709165a90a
High availability guide updates (#32093)
* Remove connecting Infinispan to Keycloak building block
* Rephrase two sites restriction limitation
* Update the KCB generated yaml files for HA guide
* Remove setting number of owners to 1 for session caches as it is no longer necessary
* Add multi-site feature
* Remove histrograms and slos
* Replace stonith with fencing
* Switch for DG in community and product

Closes #31029

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-19 13:29:11 +02:00

302 lines
7.3 KiB
YAML

---
# Source: ispn-helm/templates/infinispan.yaml
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/infinispan-deployment.adoc` for the details.# tag::infinispan-credentials[]
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: connect-secret
namespace: keycloak
data:
identities.yaml: Y3JlZGVudGlhbHM6CiAgLSB1c2VybmFtZTogZGV2ZWxvcGVyCiAgICBwYXNzd29yZDogc3Ryb25nLXBhc3N3b3JkCiAgICByb2xlczoKICAgICAgLSBhZG1pbgo= # <1>
# end::infinispan-credentials[]
---
# Source: ispn-helm/templates/infinispan.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: cluster-config
namespace: keycloak
data:
infinispan-config.yaml: >
infinispan:
cacheContainer:
metrics:
namesAsTags: true
histograms: false
server:
endpoints:
- securityRealm: default
socketBinding: default
connectors:
rest:
restConnector:
authentication:
mechanisms: BASIC
hotrod:
hotrodConnector: null
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-actionTokens[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: actiontokens
namespace: keycloak
spec:
clusterName: infinispan
name: actionTokens
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-actionTokens[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-authenticationSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: authenticationsessions
namespace: keycloak
spec:
clusterName: infinispan
name: authenticationSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-authenticationSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-clientSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: clientsessions
namespace: keycloak
spec:
clusterName: infinispan
name: clientSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-clientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-loginFailures[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: loginfailures
namespace: keycloak
spec:
clusterName: infinispan
name: loginFailures
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-loginFailures[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineClientSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: offlineclientsessions
namespace: keycloak
spec:
clusterName: infinispan
name: offlineClientSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-offlineClientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: offlinesessions
namespace: keycloak
spec:
clusterName: infinispan
name: offlineSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-offlineSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-sessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: sessions
namespace: keycloak
spec:
clusterName: infinispan
name: sessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-sessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-work[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: work
namespace: keycloak
spec:
clusterName: infinispan
name: work
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-work[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc[]
# tag::infinispan-single[]
apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
name: infinispan # <1>
namespace: keycloak
annotations:
infinispan.org/monitoring: 'true' # <2>
spec:
replicas: 3
jmx:
enabled: true
# end::infinispan-single[]
# end::infinispan-crossdc[]
# This exposes the http endpoint to interact with its caches - more info - https://infinispan.org/docs/stable/titles/rest/rest.html
# We can optionally set the host in the below expose yaml block, otherwise it will be set to a default naming pattern.
expose:
type: Route
configMapName: "cluster-config"
image: quay.io/infinispan-test/server:15.0.x
version: 15.0.4
configListener:
enabled: false
container:
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000'
logging:
categories:
org.infinispan: info
org.jgroups: info
# tag::infinispan-crossdc[]
# tag::infinispan-single[]
security:
endpointSecretName: connect-secret # <3>
service:
type: DataGrid
# end::infinispan-single[]
# end::infinispan-crossdc[]