709165a90a
* Remove connecting Infinispan to Keycloak building block * Rephrase two sites restriction limitation * Update the KCB generated yaml files for HA guide * Remove setting number of owners to 1 for session caches as it is no longer necessary * Add multi-site feature * Remove histrograms and slos * Replace stonith with fencing * Switch for DG in community and product Closes #31029 Signed-off-by: Michal Hajas <mhajas@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
302 lines
7.3 KiB
YAML
302 lines
7.3 KiB
YAML
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/infinispan-deployment.adoc` for the details.# tag::infinispan-credentials[]
|
|
apiVersion: v1
|
|
kind: Secret
|
|
type: Opaque
|
|
metadata:
|
|
name: connect-secret
|
|
namespace: keycloak
|
|
data:
|
|
identities.yaml: Y3JlZGVudGlhbHM6CiAgLSB1c2VybmFtZTogZGV2ZWxvcGVyCiAgICBwYXNzd29yZDogc3Ryb25nLXBhc3N3b3JkCiAgICByb2xlczoKICAgICAgLSBhZG1pbgo= # <1>
|
|
# end::infinispan-credentials[]
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: cluster-config
|
|
namespace: keycloak
|
|
data:
|
|
infinispan-config.yaml: >
|
|
infinispan:
|
|
cacheContainer:
|
|
metrics:
|
|
namesAsTags: true
|
|
histograms: false
|
|
server:
|
|
endpoints:
|
|
- securityRealm: default
|
|
socketBinding: default
|
|
connectors:
|
|
rest:
|
|
restConnector:
|
|
authentication:
|
|
mechanisms: BASIC
|
|
hotrod:
|
|
hotrodConnector: null
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# tag::infinispan-cache-actionTokens[]
|
|
apiVersion: infinispan.org/v2alpha1
|
|
kind: Cache
|
|
metadata:
|
|
name: actiontokens
|
|
namespace: keycloak
|
|
spec:
|
|
clusterName: infinispan
|
|
name: actionTokens
|
|
template: |-
|
|
distributedCache:
|
|
mode: "SYNC"
|
|
owners: "2"
|
|
statistics: "true"
|
|
remoteTimeout: "5000"
|
|
encoding:
|
|
media-type: "application/x-protostream"
|
|
locking:
|
|
acquireTimeout: "4000"
|
|
transaction:
|
|
mode: "NONE"
|
|
locking: "PESSIMISTIC"
|
|
stateTransfer:
|
|
chunkSize: "16"
|
|
|
|
# end::infinispan-cache-actionTokens[]
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# tag::infinispan-cache-authenticationSessions[]
|
|
apiVersion: infinispan.org/v2alpha1
|
|
kind: Cache
|
|
metadata:
|
|
name: authenticationsessions
|
|
namespace: keycloak
|
|
spec:
|
|
clusterName: infinispan
|
|
name: authenticationSessions
|
|
template: |-
|
|
distributedCache:
|
|
mode: "SYNC"
|
|
owners: "2"
|
|
statistics: "true"
|
|
remoteTimeout: "5000"
|
|
encoding:
|
|
media-type: "application/x-protostream"
|
|
locking:
|
|
acquireTimeout: "4000"
|
|
transaction:
|
|
mode: "NONE"
|
|
locking: "PESSIMISTIC"
|
|
stateTransfer:
|
|
chunkSize: "16"
|
|
|
|
# end::infinispan-cache-authenticationSessions[]
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# tag::infinispan-cache-clientSessions[]
|
|
apiVersion: infinispan.org/v2alpha1
|
|
kind: Cache
|
|
metadata:
|
|
name: clientsessions
|
|
namespace: keycloak
|
|
spec:
|
|
clusterName: infinispan
|
|
name: clientSessions
|
|
template: |-
|
|
distributedCache:
|
|
mode: "SYNC"
|
|
owners: "2"
|
|
statistics: "true"
|
|
remoteTimeout: "5000"
|
|
encoding:
|
|
media-type: "application/x-protostream"
|
|
locking:
|
|
acquireTimeout: "4000"
|
|
transaction:
|
|
mode: "NONE"
|
|
locking: "PESSIMISTIC"
|
|
stateTransfer:
|
|
chunkSize: "16"
|
|
|
|
# end::infinispan-cache-clientSessions[]
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# tag::infinispan-cache-loginFailures[]
|
|
apiVersion: infinispan.org/v2alpha1
|
|
kind: Cache
|
|
metadata:
|
|
name: loginfailures
|
|
namespace: keycloak
|
|
spec:
|
|
clusterName: infinispan
|
|
name: loginFailures
|
|
template: |-
|
|
distributedCache:
|
|
mode: "SYNC"
|
|
owners: "2"
|
|
statistics: "true"
|
|
remoteTimeout: "5000"
|
|
encoding:
|
|
media-type: "application/x-protostream"
|
|
locking:
|
|
acquireTimeout: "4000"
|
|
transaction:
|
|
mode: "NONE"
|
|
locking: "PESSIMISTIC"
|
|
stateTransfer:
|
|
chunkSize: "16"
|
|
|
|
# end::infinispan-cache-loginFailures[]
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# tag::infinispan-cache-offlineClientSessions[]
|
|
apiVersion: infinispan.org/v2alpha1
|
|
kind: Cache
|
|
metadata:
|
|
name: offlineclientsessions
|
|
namespace: keycloak
|
|
spec:
|
|
clusterName: infinispan
|
|
name: offlineClientSessions
|
|
template: |-
|
|
distributedCache:
|
|
mode: "SYNC"
|
|
owners: "2"
|
|
statistics: "true"
|
|
remoteTimeout: "5000"
|
|
encoding:
|
|
media-type: "application/x-protostream"
|
|
locking:
|
|
acquireTimeout: "4000"
|
|
transaction:
|
|
mode: "NONE"
|
|
locking: "PESSIMISTIC"
|
|
stateTransfer:
|
|
chunkSize: "16"
|
|
|
|
# end::infinispan-cache-offlineClientSessions[]
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# tag::infinispan-cache-offlineSessions[]
|
|
apiVersion: infinispan.org/v2alpha1
|
|
kind: Cache
|
|
metadata:
|
|
name: offlinesessions
|
|
namespace: keycloak
|
|
spec:
|
|
clusterName: infinispan
|
|
name: offlineSessions
|
|
template: |-
|
|
distributedCache:
|
|
mode: "SYNC"
|
|
owners: "2"
|
|
statistics: "true"
|
|
remoteTimeout: "5000"
|
|
encoding:
|
|
media-type: "application/x-protostream"
|
|
locking:
|
|
acquireTimeout: "4000"
|
|
transaction:
|
|
mode: "NONE"
|
|
locking: "PESSIMISTIC"
|
|
stateTransfer:
|
|
chunkSize: "16"
|
|
|
|
# end::infinispan-cache-offlineSessions[]
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# tag::infinispan-cache-sessions[]
|
|
apiVersion: infinispan.org/v2alpha1
|
|
kind: Cache
|
|
metadata:
|
|
name: sessions
|
|
namespace: keycloak
|
|
spec:
|
|
clusterName: infinispan
|
|
name: sessions
|
|
template: |-
|
|
distributedCache:
|
|
mode: "SYNC"
|
|
owners: "2"
|
|
statistics: "true"
|
|
remoteTimeout: "5000"
|
|
encoding:
|
|
media-type: "application/x-protostream"
|
|
locking:
|
|
acquireTimeout: "4000"
|
|
transaction:
|
|
mode: "NONE"
|
|
locking: "PESSIMISTIC"
|
|
stateTransfer:
|
|
chunkSize: "16"
|
|
|
|
# end::infinispan-cache-sessions[]
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# tag::infinispan-cache-work[]
|
|
apiVersion: infinispan.org/v2alpha1
|
|
kind: Cache
|
|
metadata:
|
|
name: work
|
|
namespace: keycloak
|
|
spec:
|
|
clusterName: infinispan
|
|
name: work
|
|
template: |-
|
|
distributedCache:
|
|
mode: "SYNC"
|
|
owners: "2"
|
|
statistics: "true"
|
|
remoteTimeout: "5000"
|
|
encoding:
|
|
media-type: "application/x-protostream"
|
|
locking:
|
|
acquireTimeout: "4000"
|
|
transaction:
|
|
mode: "NONE"
|
|
locking: "PESSIMISTIC"
|
|
stateTransfer:
|
|
chunkSize: "16"
|
|
|
|
# end::infinispan-cache-work[]
|
|
---
|
|
# Source: ispn-helm/templates/infinispan.yaml
|
|
# tag::infinispan-crossdc[]
|
|
# tag::infinispan-single[]
|
|
apiVersion: infinispan.org/v1
|
|
kind: Infinispan
|
|
metadata:
|
|
name: infinispan # <1>
|
|
namespace: keycloak
|
|
annotations:
|
|
infinispan.org/monitoring: 'true' # <2>
|
|
spec:
|
|
replicas: 3
|
|
jmx:
|
|
enabled: true
|
|
# end::infinispan-single[]
|
|
# end::infinispan-crossdc[]
|
|
# This exposes the http endpoint to interact with its caches - more info - https://infinispan.org/docs/stable/titles/rest/rest.html
|
|
# We can optionally set the host in the below expose yaml block, otherwise it will be set to a default naming pattern.
|
|
expose:
|
|
type: Route
|
|
configMapName: "cluster-config"
|
|
image: quay.io/infinispan-test/server:15.0.x
|
|
version: 15.0.4
|
|
configListener:
|
|
enabled: false
|
|
container:
|
|
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000'
|
|
logging:
|
|
categories:
|
|
org.infinispan: info
|
|
org.jgroups: info
|
|
# tag::infinispan-crossdc[]
|
|
# tag::infinispan-single[]
|
|
security:
|
|
endpointSecretName: connect-secret # <3>
|
|
service:
|
|
type: DataGrid
|
|
# end::infinispan-single[]
|
|
|
|
# end::infinispan-crossdc[]
|