Installing Infinispan on OpenShift

Deploy one or more Infinispan clusters (with or without cross-site).

Prerequisites

Installing Infinispan on OpenShift

Check out the Git repository from https://github.com/keycloak/keycloak-benchmark/.
Change to the folder provision/infinispan.
Run the task <task-name> command to provision all containers on OpenShift.

Check Keycloak Customization on how to connect the Keycloak cluster to the Infinispan cluster.

Available Tasks

Infinispan can be installed with or without cross-site using a single or multiple Openshift clusters. The available tasks are as follows:

task: Available tasks for this project:
* crossdc:                     Creates a cross-site enabled Infinispan deployment between 2 OCP clusters
* crossdc-single:              Creates a cross-site enabled Infinispan deployment between 2 namespaces
* delete-crossdc:              Deletes the Infinispan CR from cross-site deployment
* delete-crossdc-single:       Deletes the Infinispan CR in a cross-site deployment in a single OCP cluster
* delete-infinispan:           Deletes the Infinispan CR
* single-cluster:              Creates a single cluster Infinispan deployment

Single cluster without cross-site

To install just a simple Infinispan cluster without cross-site, run the task single-cluser. This task has the following required variables:

Variable Details

Variable	Details
`ROSA_CLUSTER_NAME`	The ROSA cluster name. Use `rosa list clusters` for the available clusters name.
`OC_NAMESPACE`	The namespace to deploy the Infinispan cluster.

ROSA_CLUSTER_NAME

The ROSA cluster name. Use rosa list clusters for the available clusters name.

OC_NAMESPACE

The namespace to deploy the Infinispan cluster.

Example

task single-cluster ROSA_CLUSTER_NAME=gh-keycloak OC_NAMESPACE=infinispan

To delete the Infinispan cluster, run the task delete-infinispan with the same variables.

Example

task delete-infinispan ROSA_CLUSTER_NAME=gh-keycloak OC_NAMESPACE=infinispan

Cross-Site enabled Infinispan clusters in a single Openshift cluster

To deploy two Infinispan clusters with cross-site enabled, run the task crossdc-single. This task requires two different namespaces where each Infinispan cluster is going to be deployed. The required variables are:

Variable Details

Variable	Details
`ROSA_CLUSTER_NAME`	The ROSA cluster name. Use `rosa list clusters` for the available clusters name.
`OC_NAMESPACE_1`	The first namespace to install the first Infinispan cluster.
`OC_NAMESPACE_2`	The second namespace to install the second Infinispan cluster.

ROSA_CLUSTER_NAME

The ROSA cluster name. Use rosa list clusters for the available clusters name.

OC_NAMESPACE_1

The first namespace to install the first Infinispan cluster.

OC_NAMESPACE_2

The second namespace to install the second Infinispan cluster.

The variables OC_NAMESPACE_1 and OC_NAMESPACE_2 must be different.

Example

task crossdc-single ROSA_CLUSTER_NAME=gh-keycloak OC_NAMESPACE_1=ispn-1 OC_NAMESPACE_2=ispn-2

To delete this deployment, run the task delete-crossdc-single with the same variables.

Example

task delete-crossdc-single ROSA_CLUSTER_NAME=gh-keycloak OC_NAMESPACE_1=ispn-1 OC_NAMESPACE_2=ispn-2

Cross-Site enabled Infinispan clusters in two different Openshift clusters

Last, but not least, to deploy Infinispan with cross-site in two different Openshift clusters, run the task crossdc. The following variable are required:

Variable Details

Variable	Details
`ROSA_CLUSTER_NAME_1`	The first ROSA cluster name. Use `rosa list clusters` for the available clusters.
`ROSA_CLUSTER_NAME_2`	The second ROSA cluster name. Use `rosa list clusters` for the available clusters.
`OC_NAMESPACE_1`	The namespace to install the Infinispan cluster in the first ROSA cluster.
`OC_NAMESPACE_2`	The namespace to install the Infinispan cluster in the second ROSA cluster.

ROSA_CLUSTER_NAME_1

The first ROSA cluster name. Use rosa list clusters for the available clusters.

ROSA_CLUSTER_NAME_2

The second ROSA cluster name. Use rosa list clusters for the available clusters.

OC_NAMESPACE_1

The namespace to install the Infinispan cluster in the first ROSA cluster.

OC_NAMESPACE_2

The namespace to install the Infinispan cluster in the second ROSA cluster.

The variables ROSA_CLUSTER_NAME_1 and ROSA_CLUSTER_NAME_2 must be different.

The variables OC_NAMESPACE_1 and OC_NAMESPACE_2 can have the same value.

Example

task crossdc ROSA_CLUSTER_NAME_1=gh-keycloak ROSA_CLUSTER_NAME_2=gh-pruivo OC_NAMESPACE_1=infinispan OC_NAMESPACE_2=infinispan

To delete this deployment, run the task delete-crossdc with the same variables.

Example

task delete-crossdc ROSA_CLUSTER_NAME_1=gh-keycloak ROSA_CLUSTER_NAME_2=gh-pruivo OC_NAMESPACE_1=infinispan OC_NAMESPACE_2=infinispan

Optional Variables

Below is the list of variables to customize the Infinispan deployment. Some of them are used by all tasks and others are task-specific.

Variable Default Used By Task Details

Variable	Default	Used By Task	Details
`CROSS_DC_ISPN_REPLICAS`	3	All	The number of Infinispan pods replicas to create.
`CROSS_DC_CPU_REQUESTS`	-	All	The CPU requests in the format of `<limit>:<requests>`. For example, `2000m:1000m` limits pods to a maximum of `2000m` of CPU and requests `1000m` of CPU for each pod at startup. Specifying a single value sets both the limit and request.
`CROSS_DC_MEMORY_REQUESTS`	-	All	The Memory requests in the format of `<limit>:<requests>`. For example, `2Gi:1Gi` limits pods to a maximum of `2Gi` of memory and requests `1Gi` of memory for each pod at startup. Specifying a single value sets both the limit and request.
`CROSS_DC_JVM_OPTS`	-	All	Extra JVM options for the Infinispan server. Can be used to set the Java’s heap memory as follows: `-Xmx750`
`CROSS_DC_HOT_ROD_PASSWORD`	Shared secret from AWS IAM or `changeme`	All	The credential for the Infinispan Hot Rod endpoint.
`CROSS_DC_HISTOGRAMS`	`false`	All	Enables the histograms metrics in the Infinispan cluster.
`CROSS_DC_MODE`	`SYNC`	`crossdc-single` and `crossdc`	Sets the cache cross-site strategy. It can be `SYNC` or `ASYNC` cross-site replication.
`CROSS_DC_STATE_TRANSFER_MODE`	`AUTO`	`crossdc-single` and `crossdc`	Sets the cache cross-site state transfer strategy. If `AUTO`, the state transfer will be automatically initiated when the cross-site connection is restored. Variable only used when `CROSS_DC_MODE=ASYNC`. It can be `AUTO` or `MANUAL`.
`CROSS_DC_SERVICE_ACCOUNT`	`xsite-sa`	`crossdc`	The service account required by the Infinispan operator to authenticate and configure the cross-site between different OpenShift clusters. The Infinispan operator uses this account to authenticate into the remote cluster.
`CROSS_DC_SA_TOKEN_SECRET`	`xsite-token-secret`	`crossdc`	The secret name where the service account token for the remote OpenShift cluster is stored.
`CROSS_DC_JGRP_TS_SECRET`	`xsite-truststore-secret`	`crossdc`	The secret where the truststore is stored. The truststore is used to allow TLS communication between Infinispan and Gossip Router pods.
`CROSS_DC_JGRP_KS_SECRET`	`xsite-keystore-secret`	`crossdc`	The secret where the keystore is stored. The keystore is used for the TLS communication between Infinispan and Gossip Router pods.

CROSS_DC_ISPN_REPLICAS

All

The number of Infinispan pods replicas to create.

CROSS_DC_CPU_REQUESTS

All

The CPU requests in the format of <limit>:<requests>. For example, 2000m:1000m limits pods to a maximum of 2000m of CPU and requests 1000m of CPU for each pod at startup. Specifying a single value sets both the limit and request.

CROSS_DC_MEMORY_REQUESTS

All

The Memory requests in the format of <limit>:<requests>. For example, 2Gi:1Gi limits pods to a maximum of 2Gi of memory and requests 1Gi of memory for each pod at startup. Specifying a single value sets both the limit and request.

CROSS_DC_JVM_OPTS

All

Extra JVM options for the Infinispan server. Can be used to set the Java’s heap memory as follows: -Xmx750

CROSS_DC_HOT_ROD_PASSWORD

Shared secret from AWS IAM or changeme

All

The credential for the Infinispan Hot Rod endpoint.

CROSS_DC_HISTOGRAMS

false

All

Enables the histograms metrics in the Infinispan cluster.

CROSS_DC_MODE

SYNC

crossdc-single and crossdc

Sets the cache cross-site strategy. It can be SYNC or ASYNC cross-site replication.

CROSS_DC_STATE_TRANSFER_MODE

AUTO

crossdc-single and crossdc

Sets the cache cross-site state transfer strategy. If AUTO, the state transfer will be automatically initiated when the cross-site connection is restored.

Variable only used when CROSS_DC_MODE=ASYNC.

It can be AUTO or MANUAL.

CROSS_DC_SERVICE_ACCOUNT

xsite-sa

crossdc

The service account required by the Infinispan operator to authenticate and configure the cross-site between different OpenShift clusters. The Infinispan operator uses this account to authenticate into the remote cluster.

CROSS_DC_SA_TOKEN_SECRET

xsite-token-secret

crossdc

The secret name where the service account token for the remote OpenShift cluster is stored.

CROSS_DC_JGRP_TS_SECRET

xsite-truststore-secret

crossdc

The secret where the truststore is stored. The truststore is used to allow TLS communication between Infinispan and Gossip Router pods.

CROSS_DC_JGRP_KS_SECRET

xsite-keystore-secret

crossdc

The secret where the keystore is stored. The keystore is used for the TLS communication between Infinispan and Gossip Router pods.