From 30196dfe1208cd3f80343335b131a9bfc052d7e0 Mon Sep 17 00:00:00 2001 From: Pedro Ruivo Date: Fri, 29 Nov 2024 11:25:45 +0000 Subject: [PATCH] Update Infinispan examples in the High Availability guide Closes #35451 Signed-off-by: Pedro Ruivo --- .../deploy-infinispan-kubernetes-crossdc.adoc | 27 +- .../examples/generated/ispn-single.yaml | 44 +- .../examples/generated/ispn-site-a.yaml | 33 +- .../examples/generated/ispn-site-b.yaml | 35 +- .../examples/generated/ispn-volatile.yaml | 579 ++++++++++++++++++ .../examples/generated/keycloak-ispn.yaml | 11 +- .../examples/generated/keycloak.yaml | 11 +- 7 files changed, 701 insertions(+), 39 deletions(-) create mode 100644 docs/guides/high-availability/examples/generated/ispn-volatile.yaml diff --git a/docs/guides/high-availability/deploy-infinispan-kubernetes-crossdc.adoc b/docs/guides/high-availability/deploy-infinispan-kubernetes-crossdc.adoc index 59bb492b056..5994c5c2a0d 100644 --- a/docs/guides/high-availability/deploy-infinispan-kubernetes-crossdc.adoc +++ b/docs/guides/high-availability/deploy-infinispan-kubernetes-crossdc.adoc @@ -198,11 +198,30 @@ The following example shows the `Cache` CR for `{site-a}`. + -- . In `{site-a}` create a `Cache` CR for each of the caches mentioned above with the following content. -This is an example for the `authenticationSessions` cache: ++ +.Cache `actionTokens` +[source,yaml] +---- +include::examples/generated/ispn-site-a.yaml[tag=infinispan-cache-actionTokens] +---- ++ +.Cache `authenticationSessions` [source,yaml] ---- include::examples/generated/ispn-site-a.yaml[tag=infinispan-cache-authenticationSessions] ---- ++ +.Cache `loginFailures` +[source,yaml] +---- +include::examples/generated/ispn-site-a.yaml[tag=infinispan-cache-loginFailures] +---- ++ +.Cache `work` +[source,yaml] +---- +include::examples/generated/ispn-site-a.yaml[tag=infinispan-cache-work] +---- <1> The transaction mode. <2> The locking mode used by the transaction. <3> The remote site name. @@ -218,7 +237,7 @@ The example above is the recommended configuration to achieve the best data cons Deadlocks may occur in an active-active setup as entries are modified concurrently in both sites. -The `transaction.mode: NON_XA` ensures that the transaction is rolled back keeping the data consistent if this occurs. +The `transaction.mode: NON_DURABLE_XA` ensures that the transaction is rolled back keeping the data consistent if this occurs. The setting `backup.failurePolicy: FAIL` is required in this case. It will throw an error that allows the transaction to be safely rolled back. When this occurs, {project_name} will attempt a retry. @@ -234,10 +253,10 @@ The `backup.timeout` must always be higher than the `locking.acquireTimeout`. + For `{site-b}`, the `Cache` CR is similar, except for the `backups.` outlined in point 3 of the above diagram. + -.authenticationSessions `Cache` CR in `{site-b}` +.Example for `actionTokens` cache in `{site-b}` [source,yaml] ---- -include::examples/generated/ispn-site-b.yaml[tag=infinispan-cache-authenticationSessions] +include::examples/generated/ispn-site-b.yaml[tag=infinispan-cache-actionTokens] ---- == Verifying the deployment diff --git a/docs/guides/high-availability/examples/generated/ispn-single.yaml b/docs/guides/high-availability/examples/generated/ispn-single.yaml index cdb4412a47a..a820756add4 100644 --- a/docs/guides/high-availability/examples/generated/ispn-single.yaml +++ b/docs/guides/high-availability/examples/generated/ispn-single.yaml @@ -57,7 +57,7 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" @@ -85,10 +85,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RootAuthenticationSessionEntity # end::infinispan-cache-authenticationSessions[] --- @@ -113,10 +117,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RemoteAuthenticatedClientSessionEntity # end::infinispan-cache-clientSessions[] --- @@ -141,10 +149,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.LoginFailureEntity # end::infinispan-cache-loginFailures[] --- @@ -169,10 +181,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RemoteAuthenticatedClientSessionEntity # end::infinispan-cache-offlineClientSessions[] --- @@ -197,10 +213,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RemoteUserSessionEntity # end::infinispan-cache-offlineSessions[] --- @@ -225,10 +245,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RemoteUserSessionEntity # end::infinispan-cache-sessions[] --- @@ -253,7 +277,7 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" @@ -281,12 +305,14 @@ spec: expose: type: Route configMapName: "cluster-config" - image: quay.io/infinispan-test/server:15.0.x + image: quay.io/infinispan/server:15.0.11.Final version: 15.0.4 configListener: enabled: false container: extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000' + cpu: 4:2 + memory: 2Gi:1Gi logging: categories: org.infinispan: info diff --git a/docs/guides/high-availability/examples/generated/ispn-site-a.yaml b/docs/guides/high-availability/examples/generated/ispn-site-a.yaml index b60479fa21b..fa331d38a82 100644 --- a/docs/guides/high-availability/examples/generated/ispn-site-a.yaml +++ b/docs/guides/high-availability/examples/generated/ispn-site-a.yaml @@ -100,7 +100,11 @@ metadata: name: crossdc-push-state-status namespace: keycloak data: - batch: site push-site-status --all-caches --site=site-b + batch: |- + site push-site-status --cache=actionTokens + site push-site-status --cache=authenticationSessions + site push-site-status --cache=loginFailures + site push-site-status --cache=work # end::infinispan-crossdc-push-state-status[] --- # Source: ispn-helm/templates/infinispan.yaml @@ -111,7 +115,11 @@ metadata: name: crossdc-reset-push-state-status namespace: keycloak data: - batch: site clear-push-state-status --all-caches --site=site-b + batch: |- + site clear-push-site-status --cache=actionTokens + site clear-push-site-status --cache=authenticationSessions + site clear-push-site-status --cache=loginFailures + site clear-push-site-status --cache=work # end::infinispan-crossdc-reset-push-state-status[] --- # Source: ispn-helm/templates/infinispan.yaml @@ -122,12 +130,11 @@ metadata: name: crossdc-clear-caches namespace: keycloak data: - batch: |+ + batch: |- clearcache actionTokens clearcache authenticationSessions clearcache loginFailures clearcache work - # end::infinispan-crossdc-clear-caches[] --- # Source: ispn-helm/templates/infinispan-alerts.yaml @@ -184,7 +191,7 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" @@ -219,10 +226,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RootAuthenticationSessionEntity backups: site-b: # <3> backup: @@ -254,10 +265,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.LoginFailureEntity backups: site-b: # <3> backup: @@ -289,7 +304,7 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" @@ -324,7 +339,7 @@ spec: expose: type: Route configMapName: "cluster-config" - image: quay.io/infinispan-test/server:15.0.x + image: quay.io/infinispan/server:15.0.11.Final version: 15.0.4 configListener: enabled: false diff --git a/docs/guides/high-availability/examples/generated/ispn-site-b.yaml b/docs/guides/high-availability/examples/generated/ispn-site-b.yaml index 5a5784d678b..e730098c1a0 100644 --- a/docs/guides/high-availability/examples/generated/ispn-site-b.yaml +++ b/docs/guides/high-availability/examples/generated/ispn-site-b.yaml @@ -100,7 +100,11 @@ metadata: name: crossdc-push-state-status namespace: keycloak data: - batch: site push-site-status --all-caches --site=site-a + batch: |- + site push-site-status --cache=actionTokens + site push-site-status --cache=authenticationSessions + site push-site-status --cache=loginFailures + site push-site-status --cache=work # end::infinispan-crossdc-push-state-status[] --- # Source: ispn-helm/templates/infinispan.yaml @@ -111,7 +115,11 @@ metadata: name: crossdc-reset-push-state-status namespace: keycloak data: - batch: site clear-push-state-status --all-caches --site=site-a + batch: |- + site clear-push-site-status --cache=actionTokens + site clear-push-site-status --cache=authenticationSessions + site clear-push-site-status --cache=loginFailures + site clear-push-site-status --cache=work # end::infinispan-crossdc-reset-push-state-status[] --- # Source: ispn-helm/templates/infinispan.yaml @@ -122,12 +130,11 @@ metadata: name: crossdc-clear-caches namespace: keycloak data: - batch: |+ + batch: |- clearcache actionTokens clearcache authenticationSessions clearcache loginFailures clearcache work - # end::infinispan-crossdc-clear-caches[] --- # Source: ispn-helm/templates/infinispan-alerts.yaml @@ -184,7 +191,7 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" @@ -219,10 +226,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RootAuthenticationSessionEntity backups: site-a: # <3> backup: @@ -254,10 +265,14 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.LoginFailureEntity backups: site-a: # <3> backup: @@ -289,7 +304,7 @@ spec: locking: acquireTimeout: "4000" transaction: - mode: "NON_XA" # <1> + mode: "NON_DURABLE_XA" # <1> locking: "PESSIMISTIC" # <2> stateTransfer: chunkSize: "16" @@ -324,12 +339,14 @@ spec: expose: type: Route configMapName: "cluster-config" - image: quay.io/infinispan-test/server:15.0.x + image: quay.io/infinispan/server:15.0.11.Final version: 15.0.4 configListener: enabled: false container: extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000' + cpu: 4:2 + memory: 2Gi:1Gi logging: categories: org.infinispan: info diff --git a/docs/guides/high-availability/examples/generated/ispn-volatile.yaml b/docs/guides/high-availability/examples/generated/ispn-volatile.yaml new file mode 100644 index 00000000000..d126a78e587 --- /dev/null +++ b/docs/guides/high-availability/examples/generated/ispn-volatile.yaml @@ -0,0 +1,579 @@ +--- +# Source: ispn-helm/templates/infinispan-alerts.yaml +# tag::fencing-secret[] +apiVersion: v1 +kind: Secret +type: kubernetes.io/basic-auth +metadata: + name: webhook-credentials +stringData: + username: 'keycloak' # <1> + password: 'changme' # <2> +# end::fencing-secret[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# There are several callouts in this YAML marked with `# <1>' etc. See 'running/infinispan-deployment.adoc` for the details.# tag::infinispan-credentials[] +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: connect-secret + namespace: keycloak +data: + identities.yaml: Y3JlZGVudGlhbHM6CiAgLSB1c2VybmFtZTogZGV2ZWxvcGVyCiAgICBwYXNzd29yZDogc3Ryb25nLXBhc3N3b3JkCiAgICByb2xlczoKICAgICAgLSBhZG1pbgo= # <1> +# end::infinispan-credentials[] +--- +# Source: ispn-helm/templates/infinispan.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-config + namespace: keycloak +data: + infinispan-config.yaml: > + infinispan: + cacheContainer: + metrics: + namesAsTags: true + histograms: false + server: + endpoints: + - securityRealm: default + socketBinding: default + connectors: + rest: + restConnector: + authentication: + mechanisms: BASIC + hotrod: + hotrodConnector: null +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-crossdc-status[] +apiVersion: v1 +kind: ConfigMap +metadata: + name: crossdc-status + namespace: keycloak +data: + batch: site status --all-caches --site=site-b +# end::infinispan-crossdc-status[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-crossdc-disconnect[] +apiVersion: v1 +kind: ConfigMap +metadata: + name: crossdc-disconnect + namespace: keycloak +data: + batch: site take-offline --all-caches --site=site-b +# end::infinispan-crossdc-disconnect[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-crossdc-connect[] +apiVersion: v1 +kind: ConfigMap +metadata: + name: crossdc-connect + namespace: keycloak +data: + batch: site bring-online --all-caches --site=site-b +# end::infinispan-crossdc-connect[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-crossdc-push-state[] +apiVersion: v1 +kind: ConfigMap +metadata: + name: crossdc-push-state + namespace: keycloak +data: + batch: site push-site-state --all-caches --site=site-b +# end::infinispan-crossdc-push-state[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-crossdc-push-state-status[] +apiVersion: v1 +kind: ConfigMap +metadata: + name: crossdc-push-state-status + namespace: keycloak +data: + batch: |- + site push-site-status --cache=actionTokens + site push-site-status --cache=authenticationSessions + site push-site-status --cache=clientSessions + site push-site-status --cache=loginFailures + site push-site-status --cache=offlineClientSessions + site push-site-status --cache=offlineSessions + site push-site-status --cache=sessions + site push-site-status --cache=work +# end::infinispan-crossdc-push-state-status[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-crossdc-reset-push-state-status[] +apiVersion: v1 +kind: ConfigMap +metadata: + name: crossdc-reset-push-state-status + namespace: keycloak +data: + batch: |- + site clear-push-site-status --cache=actionTokens + site clear-push-site-status --cache=authenticationSessions + site clear-push-site-status --cache=clientSessions + site clear-push-site-status --cache=loginFailures + site clear-push-site-status --cache=offlineClientSessions + site clear-push-site-status --cache=offlineSessions + site clear-push-site-status --cache=sessions + site clear-push-site-status --cache=work +# end::infinispan-crossdc-reset-push-state-status[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-crossdc-clear-caches[] +apiVersion: v1 +kind: ConfigMap +metadata: + name: crossdc-clear-caches + namespace: keycloak +data: + batch: |- + clearcache actionTokens + clearcache authenticationSessions + clearcache clientSessions + clearcache loginFailures + clearcache offlineClientSessions + clearcache offlineSessions + clearcache sessions + clearcache work +# end::infinispan-crossdc-clear-caches[] +--- +# Source: ispn-helm/templates/infinispan-alerts.yaml +# tag::fencing-alert-manager-config[] +apiVersion: monitoring.coreos.com/v1beta1 +kind: AlertmanagerConfig +metadata: + name: example-routing +spec: + route: + receiver: default + groupBy: + - accelerator + groupInterval: 90s + groupWait: 60s + matchers: + - matchType: = + name: alertname + value: SiteOffline + receivers: + - name: default + webhookConfigs: + - url: 'https://tjqr2vgc664b6noj6vugprakoq0oausj.lambda-url.eu-west-1.on.aws/' # <3> + httpConfig: + basicAuth: + username: + key: username + name: webhook-credentials + password: + key: password + name: webhook-credentials + tlsConfig: + insecureSkipVerify: true +# end::fencing-alert-manager-config[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-cache-actionTokens[] +apiVersion: infinispan.org/v2alpha1 +kind: Cache +metadata: + name: actiontokens + namespace: keycloak +spec: + clusterName: infinispan + name: actionTokens + template: |- + distributedCache: + mode: "SYNC" + owners: "2" + statistics: "true" + remoteTimeout: "5000" + encoding: + media-type: "application/x-protostream" + locking: + acquireTimeout: "4000" + transaction: + mode: "NON_DURABLE_XA" # <1> + locking: "PESSIMISTIC" # <2> + stateTransfer: + chunkSize: "16" + backups: + site-b: # <3> + backup: + strategy: "SYNC" # <4> + timeout: "4500" # <5> + failurePolicy: "FAIL" # <6> + stateTransfer: + chunkSize: "16" +# end::infinispan-cache-actionTokens[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-cache-authenticationSessions[] +apiVersion: infinispan.org/v2alpha1 +kind: Cache +metadata: + name: authenticationsessions + namespace: keycloak +spec: + clusterName: infinispan + name: authenticationSessions + template: |- + distributedCache: + mode: "SYNC" + owners: "2" + statistics: "true" + remoteTimeout: "5000" + encoding: + media-type: "application/x-protostream" + locking: + acquireTimeout: "4000" + transaction: + mode: "NON_DURABLE_XA" # <1> + locking: "PESSIMISTIC" # <2> + stateTransfer: + chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RootAuthenticationSessionEntity + backups: + site-b: # <3> + backup: + strategy: "SYNC" # <4> + timeout: "4500" # <5> + failurePolicy: "FAIL" # <6> + stateTransfer: + chunkSize: "16" +# end::infinispan-cache-authenticationSessions[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-cache-clientSessions[] +apiVersion: infinispan.org/v2alpha1 +kind: Cache +metadata: + name: clientsessions + namespace: keycloak +spec: + clusterName: infinispan + name: clientSessions + template: |- + distributedCache: + mode: "SYNC" + owners: "2" + statistics: "true" + remoteTimeout: "5000" + encoding: + media-type: "application/x-protostream" + locking: + acquireTimeout: "4000" + transaction: + mode: "NON_DURABLE_XA" # <1> + locking: "PESSIMISTIC" # <2> + stateTransfer: + chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RemoteAuthenticatedClientSessionEntity + backups: + site-b: # <3> + backup: + strategy: "SYNC" # <4> + timeout: "4500" # <5> + failurePolicy: "FAIL" # <6> + stateTransfer: + chunkSize: "16" +# end::infinispan-cache-clientSessions[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-cache-loginFailures[] +apiVersion: infinispan.org/v2alpha1 +kind: Cache +metadata: + name: loginfailures + namespace: keycloak +spec: + clusterName: infinispan + name: loginFailures + template: |- + distributedCache: + mode: "SYNC" + owners: "2" + statistics: "true" + remoteTimeout: "5000" + encoding: + media-type: "application/x-protostream" + locking: + acquireTimeout: "4000" + transaction: + mode: "NON_DURABLE_XA" # <1> + locking: "PESSIMISTIC" # <2> + stateTransfer: + chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.LoginFailureEntity + backups: + site-b: # <3> + backup: + strategy: "SYNC" # <4> + timeout: "4500" # <5> + failurePolicy: "FAIL" # <6> + stateTransfer: + chunkSize: "16" +# end::infinispan-cache-loginFailures[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-cache-offlineClientSessions[] +apiVersion: infinispan.org/v2alpha1 +kind: Cache +metadata: + name: offlineclientsessions + namespace: keycloak +spec: + clusterName: infinispan + name: offlineClientSessions + template: |- + distributedCache: + mode: "SYNC" + owners: "2" + statistics: "true" + remoteTimeout: "5000" + encoding: + media-type: "application/x-protostream" + locking: + acquireTimeout: "4000" + transaction: + mode: "NON_DURABLE_XA" # <1> + locking: "PESSIMISTIC" # <2> + stateTransfer: + chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RemoteAuthenticatedClientSessionEntity + backups: + site-b: # <3> + backup: + strategy: "SYNC" # <4> + timeout: "4500" # <5> + failurePolicy: "FAIL" # <6> + stateTransfer: + chunkSize: "16" +# end::infinispan-cache-offlineClientSessions[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-cache-offlineSessions[] +apiVersion: infinispan.org/v2alpha1 +kind: Cache +metadata: + name: offlinesessions + namespace: keycloak +spec: + clusterName: infinispan + name: offlineSessions + template: |- + distributedCache: + mode: "SYNC" + owners: "2" + statistics: "true" + remoteTimeout: "5000" + encoding: + media-type: "application/x-protostream" + locking: + acquireTimeout: "4000" + transaction: + mode: "NON_DURABLE_XA" # <1> + locking: "PESSIMISTIC" # <2> + stateTransfer: + chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RemoteUserSessionEntity + backups: + site-b: # <3> + backup: + strategy: "SYNC" # <4> + timeout: "4500" # <5> + failurePolicy: "FAIL" # <6> + stateTransfer: + chunkSize: "16" +# end::infinispan-cache-offlineSessions[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-cache-sessions[] +apiVersion: infinispan.org/v2alpha1 +kind: Cache +metadata: + name: sessions + namespace: keycloak +spec: + clusterName: infinispan + name: sessions + template: |- + distributedCache: + mode: "SYNC" + owners: "2" + statistics: "true" + remoteTimeout: "5000" + encoding: + media-type: "application/x-protostream" + locking: + acquireTimeout: "4000" + transaction: + mode: "NON_DURABLE_XA" # <1> + locking: "PESSIMISTIC" # <2> + stateTransfer: + chunkSize: "16" + indexing: + enabled: true + indexed-entities: + - keycloak.RemoteUserSessionEntity + backups: + site-b: # <3> + backup: + strategy: "SYNC" # <4> + timeout: "4500" # <5> + failurePolicy: "FAIL" # <6> + stateTransfer: + chunkSize: "16" +# end::infinispan-cache-sessions[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-cache-work[] +apiVersion: infinispan.org/v2alpha1 +kind: Cache +metadata: + name: work + namespace: keycloak +spec: + clusterName: infinispan + name: work + template: |- + distributedCache: + mode: "SYNC" + owners: "2" + statistics: "true" + remoteTimeout: "5000" + encoding: + media-type: "application/x-protostream" + locking: + acquireTimeout: "4000" + transaction: + mode: "NON_DURABLE_XA" # <1> + locking: "PESSIMISTIC" # <2> + stateTransfer: + chunkSize: "16" + backups: + site-b: # <3> + backup: + strategy: "SYNC" # <4> + timeout: "4500" # <5> + failurePolicy: "FAIL" # <6> + stateTransfer: + chunkSize: "16" +# end::infinispan-cache-work[] +--- +# Source: ispn-helm/templates/infinispan.yaml +# tag::infinispan-crossdc[] +# tag::infinispan-single[] +apiVersion: infinispan.org/v1 +kind: Infinispan +metadata: + name: infinispan # <1> + namespace: keycloak + annotations: + infinispan.org/monitoring: 'true' # <2> +spec: + replicas: 3 + jmx: + enabled: true +# end::infinispan-single[] +# end::infinispan-crossdc[] + # This exposes the http endpoint to interact with its caches - more info - https://infinispan.org/docs/stable/titles/rest/rest.html + # We can optionally set the host in the below expose yaml block, otherwise it will be set to a default naming pattern. + expose: + type: Route + configMapName: "cluster-config" + image: quay.io/infinispan/server:15.0.11.Final + version: 15.0.4 + configListener: + enabled: false + container: + extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000' + cpu: 4:2 + memory: 2Gi:1Gi + logging: + categories: + org.infinispan: info + org.jgroups: info + # tag::infinispan-crossdc[] + # tag::infinispan-single[] + security: + endpointSecretName: connect-secret # <3> + service: + type: DataGrid + # end::infinispan-single[] + sites: + local: + name: site-1 # <4> + # end::infinispan-crossdc[] + discovery: + launchGossipRouter: true + heartbeats: + interval: 2000 + timeout: 8000 + # tag::infinispan-crossdc[] + expose: + type: Route # <5> + maxRelayNodes: 128 + encryption: + transportKeyStore: + secretName: xsite-keystore-secret # <6> + alias: xsite # <7> + filename: keystore.p12 # <8> + routerKeyStore: + secretName: xsite-keystore-secret # <6> + alias: xsite # <7> + filename: keystore.p12 # <8> + trustStore: + secretName: xsite-truststore-secret # <9> + filename: truststore.p12 # <10> + locations: + - name: site-b # <11> + clusterName: infinispan + namespace: keycloak # <12> + url: openshift://api.site-b # <13> + secretName: xsite-token-secret # <14> + + # end::infinispan-crossdc[] +--- +# Source: ispn-helm/templates/infinispan-alerts.yaml +# tag::fencing-prometheus-rule[] +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: xsite-status +spec: + groups: + - name: xsite-status + rules: + - alert: SiteOffline + expr: 'min by (namespace, site) (vendor_jgroups_site_view_status{namespace="default",site="site-b"}) == 0' # <4> + labels: + severity: critical + reporter: site-1 # <5> + accelerator: a3da6a6cbd4e27b02.awsglobalaccelerator.com # <6> +# end::fencing-prometheus-rule[] diff --git a/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml b/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml index 4dffd88d25f..6b8f5bf36bb 100644 --- a/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml +++ b/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml @@ -54,7 +54,7 @@ metadata: name: keycloak-providers namespace: keycloak binaryData: - keycloak-benchmark-dataset-0.14-SNAPSHOT.jar: ... + keycloak-benchmark-dataset-0.15-SNAPSHOT.jar: ... --- # Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml apiVersion: v1 @@ -451,6 +451,7 @@ spec: startOptimized: false # <2> features: enabled: + - user-event-metrics - multi-site # <3> transaction: xaEnabled: false # <4> @@ -474,6 +475,8 @@ spec: value: json - name: metrics-enabled # <5> value: 'true' + - name: event-metrics-user-enabled + value: 'true' # tag::keycloak-ispn[] - name: cache-remote-host # <1> value: "infinispan.keycloak.svc" @@ -500,7 +503,7 @@ spec: podTemplate: metadata: annotations: - checksum/config: 90d2c8ddd9b32fd443c5823cee0ef790ce58657d13e9d668e48e1ad696b2403a-9bfd430c6539df907f0421bb34c92fb32194d461565bd342f7f96ff5a5408273--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/config: a6e4c8f98e1b1035942cd1121684f817d533021a392be90b5df784f474146350-9bfd430c6539df907f0421bb34c92fb32194d461565bd342f7f96ff5a5408273--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b spec: containers: - env: @@ -531,8 +534,8 @@ spec: # - 'true' volumeMounts: - name: keycloak-providers - mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.14-SNAPSHOT.jar - subPath: keycloak-benchmark-dataset-0.14-SNAPSHOT.jar + mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.15-SNAPSHOT.jar + subPath: keycloak-benchmark-dataset-0.15-SNAPSHOT.jar readOnly: true volumes: - name: keycloak-providers diff --git a/docs/guides/high-availability/examples/generated/keycloak.yaml b/docs/guides/high-availability/examples/generated/keycloak.yaml index 6680e6e9275..52271693980 100644 --- a/docs/guides/high-availability/examples/generated/keycloak.yaml +++ b/docs/guides/high-availability/examples/generated/keycloak.yaml @@ -41,7 +41,7 @@ metadata: name: keycloak-providers namespace: keycloak binaryData: - keycloak-benchmark-dataset-0.14-SNAPSHOT.jar: ... + keycloak-benchmark-dataset-0.15-SNAPSHOT.jar: ... --- # Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml apiVersion: v1 @@ -440,6 +440,7 @@ spec: startOptimized: false # <2> features: enabled: + - user-event-metrics - multi-site # <3> transaction: xaEnabled: false # <4> @@ -463,6 +464,8 @@ spec: value: json - name: metrics-enabled # <5> value: 'true' + - name: event-metrics-user-enabled + value: 'true' # end::keycloak[] # This block is just for documentation purposes as we need both versions of Infinispan config, with and without numbers to corresponding options # tag::keycloak[] @@ -490,7 +493,7 @@ spec: podTemplate: metadata: annotations: - checksum/config: 90d2c8ddd9b32fd443c5823cee0ef790ce58657d13e9d668e48e1ad696b2403a-9af6f9e8393229798cfb789798e36f84e39803616fe3e51b2a38e3ce05830565--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/config: a6e4c8f98e1b1035942cd1121684f817d533021a392be90b5df784f474146350-9af6f9e8393229798cfb789798e36f84e39803616fe3e51b2a38e3ce05830565--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b spec: containers: - env: @@ -521,8 +524,8 @@ spec: # - 'true' volumeMounts: - name: keycloak-providers - mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.14-SNAPSHOT.jar - subPath: keycloak-benchmark-dataset-0.14-SNAPSHOT.jar + mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.15-SNAPSHOT.jar + subPath: keycloak-benchmark-dataset-0.15-SNAPSHOT.jar readOnly: true volumes: - name: keycloak-providers