diff --git a/.github/actions/infinispan-create-deployment/action.yml b/.github/actions/infinispan-create-deployment/action.yml deleted file mode 100644 index df26f3e1a..000000000 --- a/.github/actions/infinispan-create-deployment/action.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Create Infinispan Deployment -description: Create Infinispan Deployment for running OpenShift project - -inputs: - cluster1: - description: 'The first ROSA cluster' - required: true - namespace1: - description: 'The namespace to install Infinispan in the first ROSA cluster.' - required: true - cluster2: - description: 'The second ROSA cluster (optional)' - namespace2: - description: 'The namespace to install Infinispan in the second ROSA cluster.' - - -runs: - using: "composite" - steps: - - id: install_infinispan - shell: bash - run: ./create_ispn_clusters.sh - working-directory: provision/infinispan - env: - CLUSTER_1: ${{ inputs.cluster1 }} - NS_1: ${{ inputs.namespace1 }} - CLUSTER_2: ${{ inputs.cluster2 }} - NS_2: ${{ inputs.namespace2 }} diff --git a/.github/workflows/infinispan-cross-site-mutiple-clusters.yml b/.github/workflows/infinispan-create-deployment.yml similarity index 74% rename from .github/workflows/infinispan-cross-site-mutiple-clusters.yml rename to .github/workflows/infinispan-create-deployment.yml index 92516cc10..697a2bca7 100644 --- a/.github/workflows/infinispan-cross-site-mutiple-clusters.yml +++ b/.github/workflows/infinispan-create-deployment.yml @@ -34,10 +34,13 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-default-region: ${{ vars.AWS_DEFAULT_REGION }} rosa-token: ${{ secrets.ROSA_TOKEN }} + - name: Setup Go Task + uses: ./.github/actions/task-setup - name: Create Infinispan deployment - uses: ./.github/actions/infinispan-create-deployment - with: - cluster1: ${{ inputs.clusterName1 }} - namespace1: ${{ inputs.namespace1 }} - cluster2: ${{ inputs.clusterName2 }} - namespace2: ${{ inputs.namespace2 }} + working-directory: provision/infinispan + run: task crossdc + env: + ROSA_CLUSTER_NAME_1: "${{ inputs.clusterName1 }}" + ROSA_CLUSTER_NAME_2: "${{ inputs.clusterName2 }}" + OC_NAMESPACE_1: "${{ inputs.namespace1 }}" + OC_NAMESPACE_2: "${{ inputs.namespace2 }}" diff --git a/.github/workflows/infinispan-cross-site-single-cluster.yml b/.github/workflows/infinispan-cross-site-single-cluster.yml deleted file mode 100644 index 710d830f0..000000000 --- a/.github/workflows/infinispan-cross-site-single-cluster.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Infinispan - Cross-site in Single Cluster Deployment - -on: - workflow_dispatch: - inputs: - clusterName: - description: 'Name of the ROSA cluster' - type: string - required: true - namespace1: - description: 'Namespace to deploy the first Infinispan clusters' - type: string - required: true - namespace2: - description: 'Namespace to deploy the second Infinispan cluster' - type: string - required: true - -jobs: - prepare: - name: Create Infinispan deployment - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Setup ROSA CLI - uses: ./.github/actions/rosa-cli-setup - with: - aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-default-region: ${{ vars.AWS_DEFAULT_REGION }} - rosa-token: ${{ secrets.ROSA_TOKEN }} - - name: Create Infinispan deployment - uses: ./.github/actions/infinispan-create-deployment - with: - cluster1: ${{ inputs.clusterName }} - namespace1: ${{ inputs.namespace1 }} - namespace2: ${{ inputs.namespace2 }} diff --git a/.github/workflows/infinispan-delete-deployment.yml b/.github/workflows/infinispan-delete-deployment.yml index a8c2de785..a4eac3b56 100644 --- a/.github/workflows/infinispan-delete-deployment.yml +++ b/.github/workflows/infinispan-delete-deployment.yml @@ -14,11 +14,11 @@ on: clusterName2: description: 'Name of the second ROSA cluster' type: string - required: false + required: true namespace2: description: 'Namespace to deploy Infinispan in the second ROSA cluster' type: string - required: false + required: true jobs: prepare: @@ -34,10 +34,13 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-default-region: ${{ vars.AWS_DEFAULT_REGION }} rosa-token: ${{ secrets.ROSA_TOKEN }} - - name: Create Infinispan deployment - uses: ./.github/actions/infinispan-delete-deployment - with: - cluster1: ${{ inputs.clusterName1 }} - namespace1: ${{ inputs.namespace1 }} - cluster2: ${{ inputs.clusterName2 }} - namespace2: ${{ inputs.namespace2 }} + - name: Setup Go Task + uses: ./.github/actions/task-setup + - name: Delete Infinispan deployment + working-directory: provision/infinispan + run: task crossdc-delete + env: + ROSA_CLUSTER_NAME_1: "${{ inputs.clusterName1 }}" + ROSA_CLUSTER_NAME_2: "${{ inputs.clusterName2 }}" + OC_NAMESPACE_1: "${{ inputs.namespace1 }}" + OC_NAMESPACE_2: "${{ inputs.namespace2 }}" diff --git a/.github/workflows/infinispan-single-cluster.yml b/.github/workflows/infinispan-single-cluster.yml deleted file mode 100644 index 4c6085da4..000000000 --- a/.github/workflows/infinispan-single-cluster.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Infinispan - Single Cluster Deployment - -on: - workflow_dispatch: - inputs: - clusterName: - description: 'Name of the ROSA cluster' - type: string - required: true - namespace: - description: 'Namespace to deploy Infinispan' - type: string - required: true - -jobs: - prepare: - name: Create Infinispan deployment - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Setup ROSA CLI - uses: ./.github/actions/rosa-cli-setup - with: - aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-default-region: ${{ vars.AWS_DEFAULT_REGION }} - rosa-token: ${{ secrets.ROSA_TOKEN }} - - name: Create Infinispan deployment - uses: ./.github/actions/infinispan-create-deployment - with: - cluster1: ${{ inputs.clusterName }} - namespace1: ${{ inputs.namespace }} diff --git a/provision/infinispan/.gitignore b/provision/infinispan/.gitignore index d08453e8f..b989cb90a 100644 --- a/provision/infinispan/.gitignore +++ b/provision/infinispan/.gitignore @@ -1,2 +1,4 @@ kubecfg_1 kubecfg_2 +.env +.task diff --git a/provision/infinispan/README.adoc b/provision/infinispan/README.adoc index 8f0bdf633..de1c1c77a 100644 --- a/provision/infinispan/README.adoc +++ b/provision/infinispan/README.adoc @@ -2,55 +2,26 @@ Deploy an Infinispan cluster (with or without cross-site) and configures the necessary caches for Keycloak. -== Required variables +== Taskfile -* `CLUSTER_1`: The ROSA cluster name of site 1. -* `CLUSTER_2`: The ROSA cluster name of site 2. -* `NS_1`: The namespace to install Infinispan in site 1. -* `NS_2`: The namespace to install Infinispan in site 2. +For single cluster mode: -== Optional variables: -* `KUBECONFIG_1`: Path to `KUBECONFIG` to use for CLUSTER_1. -* `KUBECONFIG_2`: Path to `KUBECONFIG` to use for CLUSTER_2. - -If file does not exist, rosa_oc_login will be invoked and the configuration stored in this path. - -== Infinispan cluster customization: - -* `XSITE_MODE`: The cross-site strategy, default to SYNC. -* `ISPN_REPLICAS`: The number of Infinispan pods. - -== Operation Modes - -* CLUSTER_1 == CLUSTER_2 and NS_1 == NS_2 -> Single Infinispan cluster without cross-site. - -Example: -[source, bash] ----- -CLUSTER_1="gh-pruivo" CLUSTER_2="gh-pruivo" NS_1="ispn-server" NS_2="ispn-server" ./create_ispn_clusters.sh ----- - -* CLUSTER_1 == CLUSTER_2 and NS_1 != NS_2 -> Infinispan clusters with cross-site enabled in a single OCP cluster. -Each namespace gets an Infinispan cluster, and they are linked together with cross-site. - -Example: [source, bash] ---- -CLUSTER_1="gh-pruivo" CLUSTER_2="gh-pruivo" NS_1="server-site-1" NS_2="server-site-2" ./create_ispn_clusters.sh +task single-cluster ROSA_CLUSTER_NAME=gh-keycloak OC_NAMESPACE=infinispan ---- -* CLUSTER_1 != CLUSTER_2 -> Infinispan clusters with cross-site enabled in 2 different OCP clusters. -The namespaces must be set and they can be the same or different namespaces. +For cross-site between different namespaces: -Example: [source, bash] ---- -CLUSTER_1="gh-pruivo" CLUSTER_2="gh-keycloak" NS_1="ispn-server" NS_2="ispn-server" ./create_ispn_clusters.sh +task crossdc-single ROSA_CLUSTER_NAME=gh-keycloak OC_NAMESPACE_1=ispn-1 OC_NAMESPACE_2=ispn-2 ---- +And finally, for cross-site between different OCP clusters: [source, bash] ---- -CLUSTER_1="gh-pruivo" CLUSTER_2="gh-keycloak" NS_1="server-site-1" NS_2="server-site-2" ./create_ispn_clusters.sh +task crossdc ROSA_CLUSTER_NAME_1=gh-keycloak ROSA_CLUSTER_NAME_2=gh-pruivo OC_NAMESPACE_1=infinispan OC_NAMESPACE_2=infinispan ---- == Provision Keycloak @@ -83,7 +54,8 @@ following commands from this directory (assuming `.env` is properly configured t [source, bash] ---- -CLUSTER_1="gh-pruivo" CLUSTER_2="gh-pruivo" NS_1="ispn-server" NS_2="ispn-server" ./create_ispn_clusters.sh +cd provistion/infinispan +task single-cluster ROSA_CLUSTER_NAME=gh-keycloak OC_NAMESPACE=ispn-server cd ../provistion/openshift -go-task KC_CUSTOM_INFINISPAN_CONFIG_FILE=config/kcb-infinispan-cache-remote-store-config.xml KC_ISPN_CLUSTER=infinispan KC_ISPN_NAMESPACE=ispn-server +task KC_CUSTOM_INFINISPAN_CONFIG_FILE=config/kcb-infinispan-cache-remote-store-config.xml KC_ISPN_CLUSTER=infinispan KC_ISPN_NAMESPACE=ispn-server ---- diff --git a/provision/infinispan/Taskfile.yaml b/provision/infinispan/Taskfile.yaml new file mode 100644 index 000000000..bda001087 --- /dev/null +++ b/provision/infinispan/Taskfile.yaml @@ -0,0 +1,416 @@ +# https://taskfile.dev +version: '3' +includes: + common: ../common +output: prefixed +dotenv: [ '.env' ] +vars: + CROSS_DC_ENABLED: '{{ default "false" .CROSS_DC_ENABLED}}' + CROSS_DC_EXTERNAL_ROUTER_ENABLED: '{{ default "false" .CROSS_DC_EXTERNAL_ROUTER_ENABLED}}' + CROSS_DC_JGRP_KS_SECRET: '{{ default "xsite-keystore-secret" .CROSS_DC_JGRP_KS_SECRET}}' + CROSS_DC_JGRP_TS_SECRET: '{{ default "xsite-truststore-secret" .CROSS_DC_JGRP_TS_SECRET}}' + CROSS_DC_SERVICE_ACCOUNT: '{{ default "xsite-sa" .CROSS_DC_SERVICE_ACCOUNT}}' + CROSS_DC_SA_TOKEN_SECRET: '{{ default "xsite-token-secret" .CROSS_DC_SA_TOKEN_SECRET}}' + CROSS_DC_WAIT_TIMEOUT: '{{ default "300" .CROSS_DC_WAIT_TIMEOUT}}' + +tasks: + rosa-oc-login: + desc: "Login into ROSA cluster" + deps: + - common:split + requires: + vars: + - ROSA_CLUSTER_NAME + cmds: + - mkdir -p .task/kubecfg + - KUBECONFIG=".task/kubecfg/{{.ROSA_CLUSTER_NAME}}" CLUSTER_NAME="{{.ROSA_CLUSTER_NAME}}" ../aws/rosa_oc_login.sh + generates: + - .task/kubecfg/{{.ROSA_CLUSTER_NAME}} + sources: + - .task/subtask-{{.TASK}}.yaml + internal: true + + create-namespace: + desc: "Creates a new namespace if missing" + deps: + - common:split + requires: + vars: + - NAMESPACE + - KUBECONFIG + cmds: + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc new-project "{{.NAMESPACE}}" || true + sources: + - .task/subtask-{{.TASK}}.yaml + preconditions: + - test -f ".task/kubecfg/{{.KUBECONFIG}}" + status: + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc project "{{.NAMESPACE}}" -q + internal: true + + deploy-infinispan: + internal: true + desc: "Deploys Infinispan CR" + deps: + - common:split + requires: + vars: + - KUBECONFIG + - NAMESPACE + cmds: + - > + KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" helm upgrade --install infinispan --namespace {{.NAMESPACE}} + --set namespace={{.NAMESPACE}} + --set crossdc.enabled={{.CROSS_DC_ENABLED}} + --set crossdc.local.name={{.CROSS_DC_LOCAL_SITE}} + --set crossdc.remote.name={{.CROSS_DC_REMOTE_SITE}} + --set crossdc.remote.namespace={{.CROSS_DC_REMOTE_SITE_NAMESPACE}} + --set crossdc.remote.url={{.CROSS_DC_API_URL}} + --set crossdc.remote.secret={{.CROSS_DC_SA_TOKEN_SECRET}} + --set crossdc.route.enabled={{.CROSS_DC_EXTERNAL_ROUTER_ENABLED}} + --set crossdc.route.tls.keystore.secret={{.CROSS_DC_JGRP_KS_SECRET}} + --set crossdc.route.tls.truststore.secret={{.CROSS_DC_JGRP_TS_SECRET}} + --set image={{.CROSS_DC_IMAGE}} + ./ispn-helm + preconditions: + - test -f ".task/kubecfg/{{.KUBECONFIG}}" + status: + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc -n {{.NAMESPACE}} get infinispans.infinispan.org infinispan + + create-jgroups-tls-secret: + internal: true + desc: "Creates Keystore and Truststore secrets used by JGroups to establish TLS connections" + deps: + - common:split + requires: + vars: + - NAMESPACE + - KUBECONFIG + cmds: + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc -n "{{.NAMESPACE}}" delete secret "{{.CROSS_DC_JGRP_KS_SECRET}}" || true + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc -n "{{.NAMESPACE}}" delete secret "{{.CROSS_DC_JGRP_TS_SECRET}}" || true + - > + KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" + oc -n "{{.NAMESPACE}}" create secret generic "{{.CROSS_DC_JGRP_KS_SECRET}}" + --from-file=keystore.p12="./certs/keystore.p12" + --from-literal=password=secret + --from-literal=type=pkcs12 + - > + KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" + oc -n "{{.NAMESPACE}}" create secret generic "{{.CROSS_DC_JGRP_TS_SECRET}}" + --from-file=truststore.p12="./certs/truststore.p12" + --from-literal=password=caSecret + --from-literal=type=pkcs12 + sources: + - ./certs/keystore.p12 + - ./certs/truststore.p12 + - .task/subtask-{{.TASK}}.yaml + preconditions: + - test -f ".task/kubecfg/{{.KUBECONFIG}}" + + create-xsite-service-account: + internal: true + desc: "Creates a service account for Cross-Site. Infinispan operator uses to connect to the remote site" + deps: + - common:split + requires: + vars: + - NAMESPACE + - KUBECONFIG + - TOKEN_FILE + cmds: + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc create sa -n "{{.NAMESPACE}}" "{{.CROSS_DC_SERVICE_ACCOUNT}}" || true + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc policy add-role-to-user view -n "{{.NAMESPACE}}" -z "{{.CROSS_DC_SERVICE_ACCOUNT}}" || true + - mkdir -p .task/tokens + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc create token -n "{{.NAMESPACE}}" "{{.CROSS_DC_SERVICE_ACCOUNT}}" > .task/tokens/{{.TOKEN_FILE}} + sources: + - .task/subtask-{{.TASK}}.yaml + generates: + - .task/tokens/{{.TOKEN_FILE}} + preconditions: + - test -f ".task/kubecfg/{{.KUBECONFIG}}" + + deploy-xsite-service-account-token: + internal: true + desc: "Creates a secret with the service account token" + deps: + - common:split + requires: + vars: + - NAMESPACE + - KUBECONFIG + - TOKEN_FILE + cmds: + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc delete secret -n "{{.NAMESPACE}}" "{{.CROSS_DC_SA_TOKEN_SECRET}}" || true + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc create secret generic -n "{{.NAMESPACE}}" "{{.CROSS_DC_SA_TOKEN_SECRET}}" --from-literal=token="$(cat .task/tokens/{{.TOKEN_FILE}})" + sources: + - .task/subtask-{{.TASK}}.yaml + - .task/tokens/{{.TOKEN_FILE}} + preconditions: + - test -f ".task/kubecfg/{{.KUBECONFIG}}" + + fetch_ocp_api_url: + internal: true + desc: "Fetches and stores the OCP API URL" + deps: + - common:split + requires: + vars: + - KUBECONFIG + - FILENAME + cmds: + - mkdir -p .task/apiurl + - KUBECONFIG=".task/kubecfg/{{.KUBECONFIG}}" oc config view -o jsonpath='{.clusters[0].cluster.server}' | sed 's|^http[s]://||g' > .task/apiurl/{{.FILENAME}} + generates: + - .task/apiurl/{{.FILENAME}} + sources: + - .task/subtask-{{.TASK}}.yaml + preconditions: + - test -f ".task/kubecfg/{{.KUBECONFIG}}" + + wait-cluster: + desc: "Waits for the Infinispan cluster to form" + deps: + - common:split + requires: + vars: + - ROSA_CLUSTER_NAME + - NAMESPACE + cmds: + - echo "Waiting for the Infinispan cluster to form on namespace '{{.NAMESPACE}}' (timeout after {{.CROSS_DC_WAIT_TIMEOUT}} seconds)" + - KUBECONFIG=".task/kubecfg/{{.ROSA_CLUSTER_NAME}}" oc wait --for condition=WellFormed --timeout={{.CROSS_DC_WAIT_TIMEOUT}}s infinispans.infinispan.org -n "{{.NAMESPACE}}" infinispan + preconditions: + - test -f ".task/kubecfg/{{.ROSA_CLUSTER_NAME}}" + + wait-crossdc: + desc: "Waits for the Infinispan Cross-Site to form" + deps: + - common:split + requires: + vars: + - ROSA_CLUSTER_NAME + - NAMESPACE + cmds: + - echo "Waiting for the Infinispan cross-site to form on namespace '{{.NAMESPACE}}' (timeout after {{.CROSS_DC_WAIT_TIMEOUT}} seconds)" + - KUBECONFIG=".task/kubecfg/{{.ROSA_CLUSTER_NAME}}" oc wait --for condition=CrossSiteViewFormed --timeout={{.CROSS_DC_WAIT_TIMEOUT}}s infinispans.infinispan.org -n "{{.NAMESPACE}}" infinispan + preconditions: + - test -f ".task/kubecfg/{{.ROSA_CLUSTER_NAME}}" + + single-cluster: + desc: "Creates a single cluster Infinispan deployment" + deps: + - common:split + requires: + vars: + - ROSA_CLUSTER_NAME + - OC_NAMESPACE + cmds: + - task: rosa-oc-login + - task: create-namespace + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME}}" + NAMESPACE: "{{.OC_NAMESPACE}}" + - task: deploy-infinispan + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME}}" + NAMESPACE: "{{.OC_NAMESPACE}}" + CROSS_DC_ENABLED: "false" + - task: wait-cluster + vars: + NAMESPACE: "{{.OC_NAMESPACE}}" + + crossdc-single: + desc: "Creates a cross-site enabled Infinispan deployment between 2 namespaces" + deps: + - common:split + requires: + vars: + - ROSA_CLUSTER_NAME + - OC_NAMESPACE_1 + - OC_NAMESPACE_2 + cmds: + - task: rosa-oc-login + - task: create-namespace + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME}}" + NAMESPACE: "{{.OC_NAMESPACE_1}}" + - task: create-namespace + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME}}" + NAMESPACE: "{{.OC_NAMESPACE_2}}" + - task: deploy-infinispan + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME}}" + NAMESPACE: "{{.OC_NAMESPACE_1}}" + CROSS_DC_ENABLED: "true" + CROSS_DC_LOCAL_SITE: "{{.OC_NAMESPACE_1}}" + CROSS_DC_REMOTE_SITE: "{{.OC_NAMESPACE_2}}" + CROSS_DC_REMOTE_SITE_NAMESPACE: "{{.OC_NAMESPACE_2}}" + - task: deploy-infinispan + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME}}" + NAMESPACE: "{{.OC_NAMESPACE_2}}" + CROSS_DC_ENABLED: "true" + CROSS_DC_LOCAL_SITE: "{{.OC_NAMESPACE_2}}" + CROSS_DC_REMOTE_SITE: "{{.OC_NAMESPACE_1}}" + CROSS_DC_REMOTE_SITE_NAMESPACE: "{{.OC_NAMESPACE_1}}" + - task: wait-cluster + vars: + NAMESPACE: "{{.OC_NAMESPACE_1}}" + - task: wait-cluster + vars: + NAMESPACE: "{{.OC_NAMESPACE_2}}" + - task: wait-crossdc + vars: + NAMESPACE: "{{.OC_NAMESPACE_1}}" + - task: wait-crossdc + vars: + NAMESPACE: "{{.OC_NAMESPACE_2}}" + + crossdc: + desc: "Creates a cross-site enabled Infinispan deployment between 2 OCP clusters" + deps: + - common:split + requires: + vars: + - ROSA_CLUSTER_NAME_1 + - ROSA_CLUSTER_NAME_2 + - OC_NAMESPACE_1 + - OC_NAMESPACE_2 + cmds: + - task: rosa-oc-login + vars: + ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME_1}}" + - task: rosa-oc-login + vars: + ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME_2}}" + + - task: create-namespace + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_1}}" + NAMESPACE: "{{.OC_NAMESPACE_1}}" + - task: create-namespace + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_2}}" + NAMESPACE: "{{.OC_NAMESPACE_2}}" + + - task: create-jgroups-tls-secret + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_1}}" + NAMESPACE: "{{.OC_NAMESPACE_1}}" + - task: create-jgroups-tls-secret + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_2}}" + NAMESPACE: "{{.OC_NAMESPACE_2}}" + + - task: create-xsite-service-account + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_1}}" + NAMESPACE: "{{.OC_NAMESPACE_1}}" + TOKEN_FILE: "site-1" + - task: create-xsite-service-account + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_2}}" + NAMESPACE: "{{.OC_NAMESPACE_2}}" + TOKEN_FILE: "site-2" + + - task: deploy-xsite-service-account-token + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_1}}" + NAMESPACE: "{{.OC_NAMESPACE_1}}" + TOKEN_FILE: "site-2" + - task: deploy-xsite-service-account-token + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_2}}" + NAMESPACE: "{{.OC_NAMESPACE_2}}" + TOKEN_FILE: "site-1" + + - task: fetch_ocp_api_url + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_1}}" + FILENAME: "site-1" + - task: fetch_ocp_api_url + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_2}}" + FILENAME: "site-2" + + - task: deploy-infinispan + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_1}}" + NAMESPACE: "{{.OC_NAMESPACE_1}}" + CROSS_DC_ENABLED: "true" + CROSS_DC_EXTERNAL_ROUTER_ENABLED: "true" + CROSS_DC_LOCAL_SITE: "{{.ROSA_CLUSTER_NAME_1}}" + CROSS_DC_REMOTE_SITE: "{{.ROSA_CLUSTER_NAME_2}}" + CROSS_DC_API_URL: "openshift://$(cat .task/apiurl/site-2)" + - task: deploy-infinispan + vars: + KUBECONFIG: "{{.ROSA_CLUSTER_NAME_2}}" + NAMESPACE: "{{.OC_NAMESPACE_2}}" + CROSS_DC_ENABLED: "true" + CROSS_DC_EXTERNAL_ROUTER_ENABLED: "true" + CROSS_DC_LOCAL_SITE: "{{.ROSA_CLUSTER_NAME_2}}" + CROSS_DC_REMOTE_SITE: "{{.ROSA_CLUSTER_NAME_1}}" + CROSS_DC_API_URL: "openshift://$(cat .task/apiurl/site-1)" + - task: wait-cluster + vars: + ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME_1}}" + NAMESPACE: "{{.OC_NAMESPACE_1}}" + - task: wait-cluster + vars: + ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME_2}}" + NAMESPACE: "{{.OC_NAMESPACE_2}}" + - task: wait-crossdc + vars: + ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME_1}}" + NAMESPACE: "{{.OC_NAMESPACE_1}}" + - task: wait-crossdc + vars: + ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME_2}}" + NAMESPACE: "{{.OC_NAMESPACE_2}}" + + delete-infinispan: + desc: "Deletes the Infinispan CR" + deps: + - common:split + requires: + vars: + - ROSA_CLUSTER_NAME + - OC_NAMESPACE + cmds: + - task: rosa-oc-login + - KUBECONFIG=".task/kubecfg/{{.ROSA_CLUSTER_NAME}}" oc delete infinispans.infinispan.org -n "{{.OC_NAMESPACE}}" infinispan + + delete-crossdc-single: + desc: "Deletes the Infinispan CR in a cross-site deployment in a single OCP cluster" + deps: + - common:split + requires: + vars: + - ROSA_CLUSTER_NAME + - OC_NAMESPACE_1 + - OC_NAMESPACE_2 + cmds: + - task: rosa-oc-login + - KUBECONFIG=".task/kubecfg/{{.ROSA_CLUSTER_NAME}}" oc delete infinispans.infinispan.org -n "{{.OC_NAMESPACE_1}}" infinispan + - KUBECONFIG=".task/kubecfg/{{.ROSA_CLUSTER_NAME}}" oc delete infinispans.infinispan.org -n "{{.OC_NAMESPACE_2}}" infinispan + + delete-crossdc: + desc: "Deletes the Infinispan CR from cross-site deployment" + deps: + - common:split + requires: + vars: + - ROSA_CLUSTER_NAME_1 + - ROSA_CLUSTER_NAME_2 + - OC_NAMESPACE_1 + - OC_NAMESPACE_2 + cmds: + - task: rosa-oc-login + vars: + ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME_1}}" + - task: rosa-oc-login + vars: + ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME_2}}" + - KUBECONFIG=".task/kubecfg/{{.ROSA_CLUSTER_NAME_1}}" oc delete infinispans.infinispan.org -n "{{.OC_NAMESPACE_1}}" infinispan + - KUBECONFIG=".task/kubecfg/{{.ROSA_CLUSTER_NAME_2}}" oc delete infinispans.infinispan.org -n "{{.OC_NAMESPACE_2}}" infinispan diff --git a/provision/infinispan/commons.sh b/provision/infinispan/commons.sh deleted file mode 100644 index 515392d32..000000000 --- a/provision/infinispan/commons.sh +++ /dev/null @@ -1,20 +0,0 @@ -function error_and_exit() { - echo "Error: ${@:2}" - exit "${1}" -} - -# required! -[ -z "${CLUSTER_1}" ] && error_and_exit 1 "CLUSTER_1 is required. CLUSTER_1 is the name of the first ROSA cluster." -[ -z "${NS_1}" ] && error_and_exit 3 "NS_1 is required. NS_1 is the namespace to install Infinispan in the first ROSA cluster" - -KUBECONFIG_1=${KUBECONFIG_1:-"./kubecfg_1"} -KUBECONFIG_2=${KUBECONFIG_2:-"./kubecfg_2"} - - -function rosa_oc_login() { - local kubecfg="${1}" - local cluster="${2}" - - # if file exists, assume oc login is done - [ -f "${kubecfg}" ] || KUBECONFIG="${kubecfg}" CLUSTER_NAME="${cluster}" ${WD}/../aws/rosa_oc_login.sh -} diff --git a/provision/infinispan/create_ispn_clusters.sh b/provision/infinispan/create_ispn_clusters.sh deleted file mode 100755 index 8b6497851..000000000 --- a/provision/infinispan/create_ispn_clusters.sh +++ /dev/null @@ -1,393 +0,0 @@ -#!/bin/bash - -set -e - -if [[ "$RUNNER_DEBUG" == "1" ]]; then - set -x -fi - -WD=$(dirname $0) - -# Required options set in commons.sh -. ${WD}/commons.sh - -# Options -XSITE_SERVICE_ACCOUNT=${XSITE_SERVICE_ACCOUNT:-"xsite-sa"} -XSITE_TOKEN_SECRET=${XSITE_TOKEN_SECRET:-"xsite-token-secret"} -XSITE_KS_TLS_SECRET=${XSITE_KS_TLS_SECRET:-"xsite-keystore-secret"} -XSITE_TS_TLS_SECRET=${XSITE_TS_TLS_SECRET:-"xsite-trustatore-secret"} -XSITE_MODE=${XSITE_MODE:-"SYNC"} -ISPN_REPLICAS=${ISPN_REPLICAS:-"2"} - - -function create_tls_secrets() { - local kubecfg="${1}" - local namespace="${2}" - local certs_path="${WD}/certs" - local ks_args="--from-file=keystore.p12="${certs_path}/keystore.p12" --from-literal=password=secret --from-literal=type=pkcs12" - local ts_args="--from-file=truststore.p12="${certs_path}/truststore.p12" --from-literal=password=caSecret --from-literal=type=pkcs12" - KUBECONFIG="${kubecfg}" oc -n "${namespace}" delete secret "${XSITE_KS_TLS_SECRET}" || true - KUBECONFIG="${kubecfg}" oc -n "${namespace}" delete secret "${XSITE_TS_TLS_SECRET}" || true - KUBECONFIG="${kubecfg}" oc -n "${namespace}" create secret generic "${XSITE_KS_TLS_SECRET}" ${ks_args} - KUBECONFIG="${kubecfg}" oc -n "${namespace}" create secret generic "${XSITE_TS_TLS_SECRET}" ${ts_args} -} - -function create_service_account() { - local kubecfg="${1}" - local namespace="${2}" - KUBECONFIG="${kubecfg}" oc create sa -n "${namespace}" "${XSITE_SERVICE_ACCOUNT}" || true - KUBECONFIG="${kubecfg}" oc policy add-role-to-user view -n "${namespace}" -z "${XSITE_SERVICE_ACCOUNT}" || true -} - -function get_service_account_token() { - local kubecfg="${1}" - local namespace="${2}" - KUBECONFIG="${kubecfg}" oc create token -n "${namespace}" "${XSITE_SERVICE_ACCOUNT}" -} - -function create_token_secret() { - local kubecfg="${1}" - local namespace="${2}" - local secret="${3}" - local token="${4}" - KUBECONFIG="${kubecfg}" oc delete secret -n "${namespace}" "${secret}" || true - KUBECONFIG="${kubecfg}" oc create secret generic -n "${namespace}" "${secret}" --from-literal=token="${token}" -} - -function deploy_infinispan_cr_same_cluster() { - local kubecfg="${1}" - local namespace="${2}" - local local_site="${3}" - local remote_namespace="${4}" - local remote_site="${5}" - KUBECONFIG="${kubecfg}" oc apply -f - << EOF -apiVersion: infinispan.org/v1 -kind: Infinispan -metadata: - name: infinispan - namespace: ${namespace} - annotations: - infinispan.org/monitoring: 'true' -spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app: infinispan-pod - clusterName: infinispan - infinispan_cr: infinispan - topologyKey: "kubernetes.io/hostname" - replicas: ${ISPN_REPLICAS} - service: - type: DataGrid - sites: - local: - name: ${local_site} - expose: - type: ClusterIP - maxRelayNodes: 128 - locations: - - name: ${remote_site} - clusterName: infinispan - namespace: ${remote_namespace} -EOF -} - -function deploy_infinispan_cr() { - local kubecfg="${1}" - local namespace="${2}" - local local_site="${3}" - local remote_namespace="${4}" - local remote_site="${5}" - local api_url="${6}" - KUBECONFIG="${kubecfg}" oc apply -f - << EOF -apiVersion: infinispan.org/v1 -kind: Infinispan -metadata: - name: infinispan - namespace: ${namespace} - annotations: - infinispan.org/monitoring: 'true' -spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app: infinispan-pod - clusterName: infinispan - infinispan_cr: infinispan - topologyKey: "kubernetes.io/hostname" - replicas: ${ISPN_REPLICAS} - service: - type: DataGrid - sites: - local: - name: ${local_site} - expose: - type: Route - maxRelayNodes: 128 - encryption: - protocol: TLSv1.3 - transportKeyStore: - secretName: ${XSITE_KS_TLS_SECRET} - alias: xsite - filename: keystore.p12 - routerKeyStore: - secretName: ${XSITE_KS_TLS_SECRET} - alias: xsite - filename: keystore.p12 - trustStore: - secretName: ${XSITE_TS_TLS_SECRET} - filename: truststore.p12 - locations: - - name: ${remote_site} - url: ${api_url} - namespace: ${remote_namespace} - secretName: ${XSITE_TOKEN_SECRET} -EOF -} - -function deploy_infinispan_cr_without_cross_site() { - local kubecfg="${1}" - local namespace="${2}" - KUBECONFIG="${kubecfg}" oc apply -f - << EOF -apiVersion: infinispan.org/v1 -kind: Infinispan -metadata: - name: infinispan - namespace: ${namespace} - annotations: - infinispan.org/monitoring: 'true' -spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app: infinispan-pod - clusterName: infinispan - infinispan_cr: infinispan - topologyKey: "kubernetes.io/hostname" - replicas: ${ISPN_REPLICAS} - service: - type: DataGrid -EOF -} - -function deploy_distributed_cache_cr() { - local kubecfg="${1}" - local namespace="${2}" - local cache_name="${3}" - local remote_site="${4}" - local xsite_mode="${5}" - local cr_name=$(echo "${cache_name}" | awk '{print tolower($0)}') - - KUBECONFIG="${kubecfg}" oc apply -f - << EOF -apiVersion: infinispan.org/v2alpha1 -kind: Cache -metadata: - name: ${cr_name} - namespace: ${namespace} -spec: - clusterName: infinispan - name: ${cache_name} - template: |- - distributedCache: - mode: "SYNC" - owners: "2" - statistics: "true" - stateTransfer: - chunkSize: 16 - backups: - ${remote_site}: - backup: - strategy: ${xsite_mode} - stateTransfer: - chunkSize: 16 -EOF -} - -function deploy_replicated_cache_cr() { - local kubecfg="${1}" - local namespace="${2}" - local cache_name="${3}" - local remote_site="${4}" - local xsite_mode="${5}" - local cr_name=$(echo "${cache_name}" | awk '{print tolower($0)}') - - KUBECONFIG="${kubecfg}" oc apply -f - << EOF -apiVersion: infinispan.org/v2alpha1 -kind: Cache -metadata: - name: ${cr_name} - namespace: ${namespace} -spec: - clusterName: infinispan - name: ${cache_name} - template: |- - replicatedCache: - mode: "SYNC" - statistics: "true" - stateTransfer: - chunkSize: 16 - backups: - ${remote_site}: - backup: - strategy: ${xsite_mode} - stateTransfer: - chunkSize: 16 -EOF -} - -function deploy_cache_cr_without_cross_site() { - local kubecfg="${1}" - local namespace="${2}" - local cache_name="${3}" - local cr_name=$(echo "${cache_name}" | awk '{print tolower($0)}') - - KUBECONFIG="${kubecfg}" oc apply -f - << EOF -apiVersion: infinispan.org/v2alpha1 -kind: Cache -metadata: - name: ${cr_name} - namespace: ${namespace} -spec: - clusterName: infinispan - name: ${cache_name} - template: |- - distributedCache: - mode: "SYNC" - owners: "2" - statistics: "true" - stateTransfer: - chunkSize: 16 -EOF -} - -function deploy_all_caches() { - local kubecfg="${1}" - local namespace="${2}" - local remote_site="${3}" - deploy_distributed_cache_cr "${kubecfg}" "${namespace}" "sessions" "${remote_site}" "${XSITE_MODE}" - deploy_distributed_cache_cr "${kubecfg}" "${namespace}" "actionTokens" "${remote_site}" "${XSITE_MODE}" - deploy_distributed_cache_cr "${kubecfg}" "${namespace}" "authenticationSessions" "${remote_site}" "${XSITE_MODE}" - deploy_distributed_cache_cr "${kubecfg}" "${namespace}" "offlineSessions" "${remote_site}" "${XSITE_MODE}" - deploy_distributed_cache_cr "${kubecfg}" "${namespace}" "clientSessions" "${remote_site}" "${XSITE_MODE}" - deploy_distributed_cache_cr "${kubecfg}" "${namespace}" "offlineClientSessions" "${remote_site}" "${XSITE_MODE}" - deploy_distributed_cache_cr "${kubecfg}" "${namespace}" "loginFailures" "${remote_site}" "${XSITE_MODE}" - deploy_replicated_cache_cr "${kubecfg}" "${namespace}" "work" "${remote_site}" "${XSITE_MODE}" -} - -function get_api_url() { - local kubecfg="${1}" - KUBECONFIG="${kubecfg}" oc config view -o jsonpath='{.clusters[0].cluster.server}' | sed 's|^http[s]://||g' -} - -function create_cross_site_single_cluster() { - # Use namespace as site's name - local site1="${NS_1}" - local site2="${NS_2}" - # TLS not required for single cluster cross-site - # Login in cluster - rosa_oc_login "$KUBECONFIG_1" "${CLUSTER_1}" - - # Check and create the namepsaces if missing - KUBECONFIG="${KUBECONFIG_1}" oc new-project "${NS_1}" || true - KUBECONFIG="${KUBECONFIG_1}" oc new-project "${NS_2}" || true - - # Deploy an Infinispan cluster in each of the namespaces. - deploy_infinispan_cr_same_cluster "${KUBECONFIG_1}" "${NS_1}" "${site1}" "${NS_2}" "${site2}" - deploy_infinispan_cr_same_cluster "${KUBECONFIG_1}" "${NS_2}" "${site2}" "${NS_1}" "${site1}" - - # Creates caches on site A - deploy_all_caches "${KUBECONFIG_1}" "${NS_1}" "${site2}" - - # Create caches on site B - deploy_all_caches "${KUBECONFIG_1}" "${NS_2}" "${site1}" -} - -function create_cross_site_multiple_clusters() { - # Login on both clusters - rosa_oc_login "${KUBECONFIG_1}" "${CLUSTER_1}" - rosa_oc_login "${KUBECONFIG_2}" "${CLUSTER_2}" - - # Check and create the namepsaces if missing - KUBECONFIG="${KUBECONFIG_1}" oc new-project "${NS_1}" || true - KUBECONFIG="${KUBECONFIG_2}" oc new-project "${NS_2}" || true - - # Create secrets for TLS (Openshift Route) - create_tls_secrets "${KUBECONFIG_1}" "${NS_1}" - create_tls_secrets "${KUBECONFIG_2}" "${NS_2}" - - # Create and share access tokens - create_service_account "${KUBECONFIG_1}" "${NS_1}" - create_service_account "${KUBECONFIG_2}" "${NS_2}" - - local token1="$(get_service_account_token "${KUBECONFIG_1}" "${NS_1}")" - local token2="$(get_service_account_token "${KUBECONFIG_2}" "${NS_2}")" - - create_token_secret "${KUBECONFIG_1}" "${NS_1}" "${XSITE_TOKEN_SECRET}" "${token2}" - create_token_secret "${KUBECONFIG_2}" "${NS_2}" "${XSITE_TOKEN_SECRET}" "${token1}" - - local api_url_1="openshift://$(get_api_url "${KUBECONFIG_1}")" - local api_url_2="openshift://$(get_api_url "${KUBECONFIG_2}")" - - # Use cluster name as site name - local site1="${CLUSTER_1}" - local site2="${CLUSTER_2}" - - deploy_infinispan_cr "${KUBECONFIG_1}" "${NS_1}" "${site1}" "${NS_2}" "${site2}" "${api_url_2}" - deploy_infinispan_cr "${KUBECONFIG_2}" "${NS_2}" "${site2}" "${NS_1}" "${site1}" "${api_url_1}" - - # Creates caches on site A - deploy_all_caches "${KUBECONFIG_1}" "${NS_1}" "${site2}" - - # Create caches on site B - deploy_all_caches "${KUBECONFIG_2}" "${NS_2}" "${site1}" -} - -function create_cluster_without_cross_site() { - # TLS not required for single cluster cross-site - # Login in cluster - rosa_oc_login "$KUBECONFIG_1" "${CLUSTER_1}" - - # Check and create the namepsaces if missing - KUBECONFIG="${KUBECONFIG_1}" oc new-project "${NS_1}" || true - - # Deploy an Infinispan cluster in each of the namespaces. - deploy_infinispan_cr_without_cross_site "${KUBECONFIG_1}" "${NS_1}" - - deploy_cache_cr_without_cross_site "${KUBECONFIG_1}" "${NS_1}" "sessions" - deploy_cache_cr_without_cross_site "${KUBECONFIG_1}" "${NS_1}" "authenticationSessions" - deploy_cache_cr_without_cross_site "${KUBECONFIG_1}" "${NS_1}" "actionTokens" - deploy_cache_cr_without_cross_site "${KUBECONFIG_1}" "${NS_1}" "offlineSessions" - deploy_cache_cr_without_cross_site "${KUBECONFIG_1}" "${NS_1}" "clientSessions" - deploy_cache_cr_without_cross_site "${KUBECONFIG_1}" "${NS_1}" "offlineClientSessions" - deploy_cache_cr_without_cross_site "${KUBECONFIG_1}" "${NS_1}" "loginFailures" - deploy_cache_cr_without_cross_site "${KUBECONFIG_1}" "${NS_1}" "work" -} - -######## -# MAIN # -######## - -if [ "${CLUSTER_1}" == "${CLUSTER_2}" ] || [ "${CLUSTER_2}" == "" ]; then - if [ "$NS_1" == "$NS_2" ] || [ "${NS_2}" == "" ]; then - create_cluster_without_cross_site - exit 0 - fi - [ -z "${NS_2}" ] && error_and_exit 4 "NS_2 is required. NS_2 is the namespace to install Infinispan in the second ROSA cluster" - create_cross_site_single_cluster -else - [ -z "${CLUSTER_2}" ] && error_and_exit 2 "CLUSTER_2 is required. CLUSTER_2 is the name of the second ROSA cluster." - [ -z "${NS_2}" ] && error_and_exit 4 "NS_2 is required. NS_2 is the namespace to install Infinispan in the second ROSA cluster" - create_cross_site_multiple_clusters -fi diff --git a/provision/infinispan/delete_ispn_clusters.sh b/provision/infinispan/delete_ispn_clusters.sh deleted file mode 100755 index 4b4b3522a..000000000 --- a/provision/infinispan/delete_ispn_clusters.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -set -e - -if [[ "$RUNNER_DEBUG" == "1" ]]; then - set -x -fi - -WD=$(dirname $0) - -# Required options set in commons.sh -. ${WD}/commons.sh - -function delete_infinispan_cr() { - local kubecfg="${1}" - local namespace="${2}" - local infinispan_cr="${3}" - KUBECONFIG="${kubecfg}" oc delete infinispans.infinispan.org -n "${namespace}" "${infinispan_cr}" -} - -######## -# MAIN # -######## - -if [ "${CLUSTER_1}" == "${CLUSTER_2}" ] || [ "${CLUSTER_2}" == "" ]; then - rosa_oc_login "${KUBECONFIG_1}" "${CLUSTER_1}" - delete_infinispan_cr "${KUBECONFIG_1}" "${NS_1}" "infinispan" - if [ "$NS_1" == "$NS_2" ] || [ "${NS_2}" == "" ]; then - exit 0 - fi - [ -z "${NS_2}" ] && error_and_exit 4 "NS_2 is required. NS_2 is the namespace to install Infinispan in the second ROSA cluster" - delete_infinispan_cr "${KUBECONFIG_1}" "${NS_2}" "infinispan" -else - [ -z "${CLUSTER_2}" ] && error_and_exit 2 "CLUSTER_2 is required. CLUSTER_2 is the name of the second ROSA cluster." - [ -z "${NS_2}" ] && error_and_exit 4 "NS_2 is required. NS_2 is the namespace to install Infinispan in the second ROSA cluster" - rosa_oc_login "${KUBECONFIG_1}" "${CLUSTER_1}" - rosa_oc_login "${KUBECONFIG_2}" "${CLUSTER_2}" - - delete_infinispan_cr "${KUBECONFIG_1}" "${NS_1}" "infinispan" - delete_infinispan_cr "${KUBECONFIG_2}" "${NS_2}" "infinispan" -fi diff --git a/provision/infinispan/ispn-helm/.helmignore b/provision/infinispan/ispn-helm/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/provision/infinispan/ispn-helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/provision/infinispan/ispn-helm/Chart.yaml b/provision/infinispan/ispn-helm/Chart.yaml new file mode 100644 index 000000000..fa991db9d --- /dev/null +++ b/provision/infinispan/ispn-helm/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ispn-helm +description: A simple Infinispan CR deployment + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "14.0" diff --git a/provision/infinispan/ispn-helm/templates/infinispan.yaml b/provision/infinispan/ispn-helm/templates/infinispan.yaml new file mode 100644 index 000000000..c6a778c7d --- /dev/null +++ b/provision/infinispan/ispn-helm/templates/infinispan.yaml @@ -0,0 +1,84 @@ +{{- $namespace := .Values.namespace | required ".Values.namespace is required." -}} +apiVersion: infinispan.org/v1 +kind: Infinispan +metadata: + name: infinispan + namespace: {{ $namespace }} + annotations: + infinispan.org/monitoring: 'true' +spec: + {{ if .Values.image }} + image: {{ .Values.image }} + {{ end }} + configListener: + enabled: false + replicas: {{ .Values.replicas }} + logging: + categories: + org.infinispan: {{ .Values.logging.infinispan }} + org.jgroups: {{ .Values.logging.jgroups }} + service: + type: DataGrid + {{ if .Values.crossdc.enabled }} + {{- $_ := .Values.crossdc.local.name | required ".Values.crossdc.local.name is required." -}} + {{- $_ := .Values.crossdc.remote.name | required ".Values.crossdc.remote.name is required." -}} + sites: + local: + name: {{ .Values.crossdc.local.name }} + expose: + type: {{ if .Values.crossdc.route.enabled }}Route{{else}}ClusterIP{{end}} + maxRelayNodes: 128 + {{ if .Values.crossdc.route.enabled }} + {{- $_ := .Values.crossdc.route.tls.keystore.secret | required ".Values.crossdc.route.tls.keystore.secret is required." -}} + {{- $_ := .Values.crossdc.route.tls.truststore.secret | required ".Values.crossdc.route.tls.truststore.secret is required." -}} + encryption: + transportKeyStore: + secretName: {{ .Values.crossdc.route.tls.keystore.secret }} + alias: {{ .Values.crossdc.route.tls.keystore.alias }} + filename: {{ .Values.crossdc.route.tls.keystore.filename }} + routerKeyStore: + secretName: {{ .Values.crossdc.route.tls.keystore.secret }} + alias: {{ .Values.crossdc.route.tls.keystore.alias }} + filename: {{ .Values.crossdc.route.tls.keystore.filename }} + trustStore: + secretName: {{ .Values.crossdc.route.tls.truststore.secret }} + filename: {{ .Values.crossdc.route.tls.truststore.filename }} + {{- end }} + locations: + - name: {{ .Values.crossdc.remote.name}} + clusterName: infinispan + namespace: {{ .Values.crossdc.remote.namespace}} + {{ if .Values.crossdc.route.enabled }} + {{- $_ := .Values.crossdc.remote.url | required ".Values.crossdc.remote.url is required." -}} + {{- $_ := .Values.crossdc.remote.secret | required ".Values.crossdc.remote.secret is required." -}} + url: {{ .Values.crossdc.remote.url }} + secretName: {{ .Values.crossdc.remote.secret }} + {{ end }} + {{- end }} +{{range $cache, $config := .Values.caches -}} +--- +apiVersion: infinispan.org/v2alpha1 +kind: Cache +metadata: + name: {{ $cache | lower }} + namespace: {{ $namespace }} +spec: + clusterName: infinispan + name: {{ $cache }} + template: |- + distributedCache: + mode: "SYNC" + owners: {{ $config.owners | default $.Values.cacheDefaults.owners | quote }} + statistics: "true" + stateTransfer: + chunkSize: 16 + {{ if $.Values.crossdc.enabled }} + {{- $_ := $.Values.crossdc.remote.name | required ".Values.crossdc.remote.name is required." -}} + backups: + {{$.Values.crossdc.remote.name }}: + backup: + strategy: {{ $config.crossSiteMode | default $.Values.cacheDefaults.crossSiteMode | quote }} + stateTransfer: + chunkSize: 16 + {{- end }} +{{end}} diff --git a/provision/infinispan/ispn-helm/values.yaml b/provision/infinispan/ispn-helm/values.yaml new file mode 100644 index 000000000..6d9ec7a43 --- /dev/null +++ b/provision/infinispan/ispn-helm/values.yaml @@ -0,0 +1,33 @@ +# Default values for ispn-helm. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicas: 3 +cacheDefaults: + owners: 2 + crossSiteMode: SYNC +caches: + sessions: + owners: 2 + actionTokens: {} + authenticationSessions: {} + offlineSessions: {} + clientSessions: {} + offlineClientSessions: {} + loginFailures: {} + work: {} +crossdc: + enabled: false + local: {} + remote: {} + route: + enabled: false + tls: + keystore: + alias: xsite + filename: keystore.p12 + truststore: + filename: truststore.p12 +logging: + infinispan: info + jgroups: info