Skip to content

Commit

Permalink
Use new remote-store options in HA guides
Browse files Browse the repository at this point in the history
Fixes keycloak#27508

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
  • Loading branch information
pruivo committed Mar 13, 2024
1 parent a32808e commit 2b0d614
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 623 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -15,35 +15,6 @@ This topic describes advanced {jdgserver_name} configurations for {project_name}

== Procedure

. Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml` which is part of the {project_name} distribution:
.. For each `distributed-cache` entry, add the tags `<persistence />` as shown following.
+
[source,xml,indent=0]
----
include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore]
----
<1> New tag `<persistence />` to connect it to the remote store.
<2> For the address to the remote store, reference two environment variables for host name and port number.
<3> For authentication, reference two environment variables for username and password.
<4> To secure the remote store connection, use the Kubernetes mechanisms of the pre-configured truststore.

.. Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml`, which is part of the {project_name} distribution.
For each `replicated-cache` entry, add the tag `<persistence />` as shown below.
For additional information on the infinispan configuration options, see the https://docs.jboss.org/infinispan/14.0/configdocs/infinispan-config-14.0.html[infinispan configuration schema reference].
+
[source,xml,indent=0]
----
include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore-work]
----

. Place the {jdgserver_name} Cache configuration XML in a ConfigMap.
+
[source,yaml]
----
include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn-configmap]
...
----

. Create a Secret with the username and password to connect to the external {jdgserver_name} deployment:
+
[source,yaml]
Expand All @@ -55,8 +26,6 @@ include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn-secret]
+
[NOTE]
====
* The new `additionalOptions` entries starting with `remote-store` used here are not official {project_name} configurations.
Instead, they provide their values to environment variables that are then referenced in the {jdgserver_name} XML configuration.
* All the memory, resource and database configurations are skipped from the CR below as they have been described in <@links.ha id="deploy-keycloak-kubernetes" /> {section} already.
Administrators should leave those configurations untouched.
====
Expand All @@ -65,10 +34,12 @@ Administrators should leave those configurations untouched.
----
include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn]
----
<1> The `name` and `key` of the ConfigMap with the {jdgserver_name} Cache configuration XML created in the previous step.
<2> The hostname and port of the remote cache {jdgserver_name} cluster.
<3> The credentials required, username and password, to access the remote cache {jdgserver_name} cluster.
<4> The `spi-connections-infinispan-quarkus-site-name` is an arbitrary {jdgserver_name} site name which {project_name} needs for its embedded {jdgserver_name} deployment when a remote store is used.
<1> The hostname of the remote {jdgserver_name} cluster.
<2> The port of the remote {jdgserver_name} cluster.
This is optional and it default to `11222`.
<3> The Secret `name` and `key` with the {jdgserver_name} username credential.
<4> The Secret `name` and `key` with the {jdgserver_name} password credential.
<5> The `spi-connections-infinispan-quarkus-site-name` is an arbitrary {jdgserver_name} site name which {project_name} needs for its embedded {jdgserver_name} deployment when a remote store is used.
This site-name is related only to the embedded {jdgserver_name} and does not need to match any value from the external {jdgserver_name} deployment.
If you are using multiple sites for {project_name} in a cross-DC setup such as <@links.ha id="deploy-infinispan-kubernetes-crossdc" />, the site name must be different in each site.

Expand Down
Loading

0 comments on commit 2b0d614

Please sign in to comment.