libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/docs/guides/high-availability/examples/generated/ispn-site-a.yaml
Ryan Emerson c0a51b94ea Update HA cache configurations to latest blueprint 
Closes #31029

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-08-07 19:06:14 +02:00

534 lines
14 KiB
YAML
Raw Blame History

---
# Source: ispn-helm/templates/infinispan-alerts.yaml
# tag::fencing-secret[]
apiVersion: v1
kind: Secret
type: kubernetes.io/basic-auth
metadata:
name: webhook-credentials
stringData:
username: 'keycloak' # <1>
password: 'changme' # <2>
# end::fencing-secret[]
---
# Source: ispn-helm/templates/infinispan.yaml
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/infinispan-deployment.adoc` for the details.# tag::infinispan-credentials[]
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: connect-secret
namespace: keycloak
data:
identities.yaml: Y3JlZGVudGlhbHM6CiAgLSB1c2VybmFtZTogZGV2ZWxvcGVyCiAgICBwYXNzd29yZDogc3Ryb25nLXBhc3N3b3JkCiAgICByb2xlczoKICAgICAgLSBhZG1pbgo= # <1>
# end::infinispan-credentials[]
---
# Source: ispn-helm/templates/infinispan.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: cluster-config
namespace: keycloak
data:
infinispan-config.yaml: >
infinispan:
cacheContainer:
metrics:
namesAsTags: true
gauges: true
histograms: false
server:
endpoints:
- securityRealm: default
socketBinding: default
connectors:
rest:
restConnector:
authentication:
mechanisms: BASIC
hotrod:
hotrodConnector: null
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-status[]
apiVersion: v1
kind: ConfigMap
metadata:
name: crossdc-status
namespace: keycloak
data:
batch: site status --all-caches --site=site-b
# end::infinispan-crossdc-status[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-disconnect[]
apiVersion: v1
kind: ConfigMap
metadata:
name: crossdc-disconnect
namespace: keycloak
data:
batch: site take-offline --all-caches --site=site-b
# end::infinispan-crossdc-disconnect[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-connect[]
apiVersion: v1
kind: ConfigMap
metadata:
name: crossdc-connect
namespace: keycloak
data:
batch: site bring-online --all-caches --site=site-b
# end::infinispan-crossdc-connect[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-push-state[]
apiVersion: v1
kind: ConfigMap
metadata:
name: crossdc-push-state
namespace: keycloak
data:
batch: site push-site-state --all-caches --site=site-b
# end::infinispan-crossdc-push-state[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-push-state-status[]
apiVersion: v1
kind: ConfigMap
metadata:
name: crossdc-push-state-status
namespace: keycloak
data:
batch: site push-site-status --all-caches --site=site-b
# end::infinispan-crossdc-push-state-status[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-reset-push-state-status[]
apiVersion: v1
kind: ConfigMap
metadata:
name: crossdc-reset-push-state-status
namespace: keycloak
data:
batch: site clear-push-state-status --all-caches --site=site-b
# end::infinispan-crossdc-reset-push-state-status[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc-clear-caches[]
apiVersion: v1
kind: ConfigMap
metadata:
name: crossdc-clear-caches
namespace: keycloak
data:
batch: |+
clearcache actionTokens
clearcache authenticationSessions
clearcache clientSessions
clearcache loginFailures
clearcache offlineClientSessions
clearcache offlineSessions
clearcache sessions
clearcache work
# end::infinispan-crossdc-clear-caches[]
---
# Source: ispn-helm/templates/infinispan-alerts.yaml
# tag::fencing-alert-manager-config[]
apiVersion: monitoring.coreos.com/v1beta1
kind: AlertmanagerConfig
metadata:
name: example-routing
spec:
route:
receiver: default
matchers:
- matchType: =
name: alertname
value: SiteOffline
receivers:
- name: default
webhookConfigs:
- url: 'https://tjqr2vgc664b6noj6vugprakoq0oausj.lambda-url.eu-west-1.on.aws/' # <3>
httpConfig:
basicAuth:
username:
key: username
name: webhook-credentials
password:
key: password
name: webhook-credentials
tlsConfig:
insecureSkipVerify: true
# end::fencing-alert-manager-config[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-actionTokens[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: actiontokens
namespace: keycloak
spec:
clusterName: infinispan
name: actionTokens
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NON_XA"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
site-b: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "FAIL"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-actionTokens[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-authenticationSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: authenticationsessions
namespace: keycloak
spec:
clusterName: infinispan
name: authenticationSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NON_XA"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
site-b: # <1>
backup:
strategy: "SYNC" # <2>
timeout: "4500"
failurePolicy: "FAIL"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-authenticationSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-clientSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: clientsessions
namespace: keycloak
spec:
clusterName: infinispan
name: clientSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NON_XA"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
site-b: # <1>
backup:
strategy: "SYNC" # <2>
timeout: "4500"
failurePolicy: "FAIL"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-clientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-loginFailures[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: loginfailures
namespace: keycloak
spec:
clusterName: infinispan
name: loginFailures
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NON_XA"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
site-b: # <1>
backup:
strategy: "SYNC" # <2>
timeout: "4500"
failurePolicy: "FAIL"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-loginFailures[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineClientSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: offlineclientsessions
namespace: keycloak
spec:
clusterName: infinispan
name: offlineClientSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NON_XA"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
site-b: # <1>
backup:
strategy: "SYNC" # <2>
timeout: "4500"
failurePolicy: "FAIL"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-offlineClientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: offlinesessions
namespace: keycloak
spec:
clusterName: infinispan
name: offlineSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "1" # <1>
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NON_XA"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
site-b: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "FAIL"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-offlineSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-sessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: sessions
namespace: keycloak
spec:
clusterName: infinispan
name: sessions
template: |-
distributedCache:
mode: "SYNC"
owners: "1" # <1>
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NON_XA"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
memory:
maxCount: 10000 # <2>
backups:
site-b: # <3>
backup:
strategy: "SYNC" # <4>
timeout: "4500"
failurePolicy: "FAIL"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-sessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-work[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: work
namespace: keycloak
spec:
clusterName: infinispan
name: work
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NON_XA"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
site-b: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "FAIL"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-work[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-crossdc[]
# tag::infinispan-single[]
apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
name: infinispan # <1>
namespace: keycloak
annotations:
infinispan.org/monitoring: 'true' # <2>
spec:
replicas: 3
# end::infinispan-single[]
# end::infinispan-crossdc[]
# This exposes the http endpoint to interact with its caches - more info - https://infinispan.org/docs/stable/titles/rest/rest.html
# We can optionally set the host in the below expose yaml block, otherwise it will be set to a default naming pattern.
expose:
type: Route
configMapName: "cluster-config"
image: quay.io/infinispan/server:15.0.7.Final
configListener:
enabled: false
container:
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000'
logging:
categories:
org.infinispan: info
org.jgroups: info
# tag::infinispan-crossdc[]
# tag::infinispan-single[]
security:
endpointSecretName: connect-secret # <3>
service:
type: DataGrid
# end::infinispan-single[]
sites:
local:
name: site-a # <4>
# end::infinispan-crossdc[]
discovery:
launchGossipRouter: true
heartbeats:
interval: 2000
timeout: 8000
# tag::infinispan-crossdc[]
expose:
type: Route # <5>
maxRelayNodes: 128
encryption:
transportKeyStore:
secretName: xsite-keystore-secret # <6>
alias: xsite # <7>
filename: keystore.p12 # <8>
routerKeyStore:
secretName: xsite-keystore-secret # <6>
alias: xsite # <7>
filename: keystore.p12 # <8>
trustStore:
secretName: xsite-truststore-secret # <9>
filename: truststore.p12 # <10>
locations:
- name: site-b # <11>
clusterName: infinispan
namespace: keycloak # <12>
url: openshift://api.site-b # <13>
secretName: xsite-token-secret # <14>
# end::infinispan-crossdc[]
---
# Source: ispn-helm/templates/infinispan-alerts.yaml
# tag::fencing-prometheus-rule[]
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: xsite-status
spec:
groups:
- name: xsite-status
rules:
- alert: SiteOffline
expr: 'min by (namespace, site) (vendor_jgroups_site_view_status{namespace="default",site="site-b"}) == 0' # <4>
labels:
severity: critical
reporter: site-a # <5>
accelerator: a3da6a6cbd4e27b02.awsglobalaccelerator.com # <6>
# end::fencing-prometheus-rule[]
Reference in a new issue View git blame Copy permalink