├── .github
├── actions
│ ├── dependencies
│ │ └── action.yml
│ ├── inspect
│ │ └── action.yml
│ └── kind
│ │ └── action.yml
├── dependabot.yml
└── workflows
│ ├── add_operand.yml
│ ├── backport.yaml
│ ├── backport_reaper.yaml
│ ├── ci.yml
│ ├── dependabot_pull_request.yml
│ ├── image_release.yaml
│ ├── label.yml
│ ├── sync_docs.yaml
│ ├── sync_docs_with_ispn.yaml
│ ├── test_hr_rolling_upgrades.yml
│ ├── test_upgrades.yml
│ ├── test_webhooks.yml
│ ├── test_without_olm.yml
│ └── test_xsite.yml
├── .gitignore
├── Dockerfile
├── LICENSE
├── Makefile
├── PROJECT
├── README.md
├── api
├── v1
│ ├── groupversion_info.go
│ ├── infinispan_types.go
│ ├── infinispan_webhook.go
│ ├── infinispan_webhook_test.go
│ ├── types_util.go
│ ├── types_util_test.go
│ ├── webhook_suite_test.go
│ └── zz_generated.deepcopy.go
└── v2alpha1
│ ├── backup_types.go
│ ├── backup_webhook.go
│ ├── backup_webhook_test.go
│ ├── batch_types.go
│ ├── batch_webhook.go
│ ├── batch_webhook_test.go
│ ├── cache_types.go
│ ├── cache_webhook.go
│ ├── cache_webhook_test.go
│ ├── groupversion_info.go
│ ├── restore_types.go
│ ├── restore_webhook.go
│ ├── restore_webhook_test.go
│ ├── types_util.go
│ ├── webhook_suite_test.go
│ └── zz_generated.deepcopy.go
├── config
├── certmanager
│ ├── certificate.yaml
│ ├── kustomization.yaml
│ └── kustomizeconfig.yaml
├── crd
│ ├── bases
│ │ ├── infinispan.org_backups.yaml
│ │ ├── infinispan.org_batches.yaml
│ │ ├── infinispan.org_caches.yaml
│ │ ├── infinispan.org_infinispans.yaml
│ │ ├── infinispan.org_restores.yaml
│ │ ├── integreatly.org_grafanadashboards.yaml
│ │ ├── integreatly.org_grafanadatasources.yaml
│ │ └── integreatly.org_grafanas.yaml
│ ├── kustomization.yaml
│ ├── kustomizeconfig.yaml
│ └── patches
│ │ ├── cainjection_in_backups.yaml
│ │ ├── cainjection_in_batches.yaml
│ │ ├── cainjection_in_caches.yaml
│ │ ├── cainjection_in_infinispans.yaml
│ │ ├── cainjection_in_restores.yaml
│ │ ├── webhook_in_backups.yaml
│ │ ├── webhook_in_batches.yaml
│ │ ├── webhook_in_caches.yaml
│ │ ├── webhook_in_infinispans.yaml
│ │ └── webhook_in_restores.yaml
├── default
│ ├── kustomization.yaml
│ ├── manager_webhook_patch.yaml
│ └── webhookcainjection_patch.yaml
├── manager
│ ├── controller_manager_config.yaml
│ ├── kustomization.yaml
│ └── manager.yaml
├── manifests
│ ├── bases
│ │ └── infinispan-operator.clusterserviceversion.yaml
│ └── kustomization.yaml
├── prometheus
│ ├── kustomization.yaml
│ └── monitor.yaml
├── rbac
│ ├── kustomization.yaml
│ ├── leader_election_role.yaml
│ ├── leader_election_role_binding.yaml
│ ├── role.yaml
│ ├── role_binding.yaml
│ └── service_account.yaml
├── samples
│ ├── backup-restore
│ │ ├── infinispan_v2alpha1_backup.yaml
│ │ └── infinispan_v2alpha1_restore.yaml
│ ├── batch
│ │ ├── batch-cm.yaml
│ │ └── infinispan_v2alpha1_batch.yaml
│ ├── cache
│ │ └── infinispan_v2alpha1_cache.yaml
│ ├── infinispan
│ │ ├── auth
│ │ │ ├── client_cert.yaml
│ │ │ ├── connect_secret.yaml
│ │ │ ├── cr_datagrid_with_auth.yaml
│ │ │ └── cr_minimal_with_auth.yaml
│ │ ├── expose
│ │ │ └── cr_route.yaml
│ │ ├── infinispan_v1_infinispan.yaml
│ │ ├── labels
│ │ │ └── cr_custom_labels.yaml
│ │ ├── storage
│ │ │ ├── cr_storage_class.yaml
│ │ │ ├── local_persistence_volume.yaml
│ │ │ └── local_storage_class.yaml
│ │ ├── tls
│ │ │ ├── cr_minimal_with_tls.yaml
│ │ │ └── tls_secret.yaml
│ │ └── xsite
│ │ │ ├── kubernetes
│ │ │ ├── xsite_a.yaml
│ │ │ └── xsite_b.yaml
│ │ │ ├── openshift
│ │ │ ├── xsite_a.yaml
│ │ │ └── xsite_b.yaml
│ │ │ ├── static-internal
│ │ │ ├── xsite_a.yaml
│ │ │ └── xsite_b.yaml
│ │ │ └── static-loadbalancer
│ │ │ ├── xsite_a.yaml
│ │ │ └── xsite_b.yaml
│ ├── kustomization.yaml
│ └── operator-config
│ │ └── operator-config.yaml
├── scorecard
│ ├── bases
│ │ └── config.yaml
│ ├── kustomization.yaml
│ └── patches
│ │ ├── basic.config.yaml
│ │ └── olm.config.yaml
└── webhook
│ ├── kustomization.yaml
│ ├── kustomizeconfig.yaml
│ ├── manifests.yaml
│ └── service.yaml
├── controllers
├── backup_controller.go
├── batch_controller.go
├── cache_controller.go
├── cluster_client.go
├── constants
│ └── constants.go
├── grafana.go
├── infinispan.go
├── operatorconfig_controller.go
├── pods.go
├── resources
│ └── grafana_dashboard.json
├── restore_controller.go
└── zero_controller.go
├── documentation
└── asciidoc
│ ├── css
│ └── css.css
│ ├── js
│ └── ojs.js
│ ├── stories
│ ├── assembly_anti_affinity.adoc
│ ├── assembly_authentication.adoc
│ ├── assembly_authorization.adoc
│ ├── assembly_auto_scaling.adoc
│ ├── assembly_backing_up_restoring.adoc
│ ├── assembly_batch_cr.adoc
│ ├── assembly_cache_cr.adoc
│ ├── assembly_configuring_client_certificates.adoc
│ ├── assembly_configuring_clusters.adoc
│ ├── assembly_connecting_clients.adoc
│ ├── assembly_creating_clusters.adoc
│ ├── assembly_creating_services.adoc
│ ├── assembly_cross_site_replication.adoc
│ ├── assembly_deploying_code.adoc
│ ├── assembly_encryption.adoc
│ ├── assembly_installing_native_cli_plugin.adoc
│ ├── assembly_installing_operator.adoc
│ ├── assembly_monitoring.adoc
│ ├── assembly_network_access.adoc
│ ├── assembly_operator_deployments.adoc
│ └── assembly_upgrading_clusters.adoc
│ ├── titles
│ ├── operator-docinfo-footer.html
│ ├── operator-docinfo.html
│ ├── operator.asciidoc
│ └── stories.adoc
│ └── topics
│ ├── attributes
│ ├── community-attributes.adoc
│ ├── downstream-attributes.adoc
│ ├── kubectl_cmds.adoc
│ └── links.adoc
│ ├── cmd_examples
│ ├── batch.adoc
│ ├── cat_infinispan_cr.adoc
│ ├── get_infinispan.adoc
│ ├── oc_get_secret_creds.adoc
│ ├── oc_get_secret_creds_jp.adoc
│ ├── oc_get_secret_operator_creds_jp.adoc
│ └── oc_get_secret_tls.adoc
│ ├── con_anti_affinity.adoc
│ ├── con_backup_restore.adoc
│ ├── con_caches.adoc
│ ├── con_client_cert_authn.adoc
│ ├── con_client_connection_details.adoc
│ ├── con_cluster_upgrades.adoc
│ ├── con_cross_site_expose_types.adoc
│ ├── con_fips_mode_cr.adoc
│ ├── con_hotrod_clients.adoc
│ ├── con_infinispan_cr.adoc
│ ├── con_managed_cross_site_connections.adoc
│ ├── con_operator_deployments.adoc
│ ├── con_operator_managed_clusters.adoc
│ ├── con_operator_reconciliation.adoc
│ ├── con_services.adoc
│ ├── images
│ ├── custom-resources-ispn.png
│ ├── custom-resources.png
│ ├── operator-managed-clusters-ispn.png
│ └── operator-managed-clusters.png
│ ├── java
│ ├── ConfigurationBuilderClientCertificates.java
│ ├── ConfigurationBuilderExternal.java
│ ├── ConfigurationBuilderInternal.java
│ ├── RemoteCacheConfigurationBuilder.java
│ └── RemoteCacheWithXml.java
│ ├── json
│ └── cloud_events.json
│ ├── proc_adding_cache_stores.adoc
│ ├── proc_adding_credentials.adoc
│ ├── proc_adding_custom_roles_permissions.adoc
│ ├── proc_adding_labels_annotations.adoc
│ ├── proc_adding_labels_annotations_env.adoc
│ ├── proc_allocating_cpu_memory.adoc
│ ├── proc_allocating_cpu_memory_cross_site.adoc
│ ├── proc_allocating_storage.adoc
│ ├── proc_applying_custom_configuration.adoc
│ ├── proc_assigning_user_roles.adoc
│ ├── proc_backing_up_cluster.adoc
│ ├── proc_batching_configmap.adoc
│ ├── proc_batching_create_configmap.adoc
│ ├── proc_batching_inline.adoc
│ ├── proc_changing_operator_password.adoc
│ ├── proc_configuring_anti_affinity.adoc
│ ├── proc_configuring_auto_scaling.adoc
│ ├── proc_configuring_grafana_dashboards.adoc
│ ├── proc_configuring_logging_categories.adoc
│ ├── proc_configuring_logging_pattern.adoc
│ ├── proc_configuring_pod_priority.adoc
│ ├── proc_configuring_pod_probes.adoc
│ ├── proc_configuring_service_monitor_target_labels.adoc
│ ├── proc_configuring_sites_automatically.adoc
│ ├── proc_configuring_sites_manually.adoc
│ ├── proc_configuring_xsite_within_clusters.adoc
│ ├── proc_connecting_cli.adoc
│ ├── proc_connecting_console.adoc
│ ├── proc_connecting_rest.adoc
│ ├── proc_copying_code.adoc
│ ├── proc_creating_caches.adoc
│ ├── proc_creating_caches_hotrod.adoc
│ ├── proc_creating_clusters.adoc
│ ├── proc_creating_datagrid_service.adoc
│ ├── proc_creating_grafana_datasources.adoc
│ ├── proc_creating_sa_tokens_ocp.adoc
│ ├── proc_creating_service_monitor.adoc
│ ├── proc_defining_environment_var.adoc
│ ├── proc_deploying_cryostat.adoc
│ ├── proc_disabling_authentication.adoc
│ ├── proc_disabling_encryption.adoc
│ ├── proc_disabling_gossip_router_cross_site.adoc
│ ├── proc_disabling_service_monitor.adoc
│ ├── proc_downloading_code.adoc
│ ├── proc_enabling_authorization.adoc
│ ├── proc_enabling_client_cert_authn.adoc
│ ├── proc_enabling_jmx.adoc
│ ├── proc_exchanging_bound_service_account_tokens.adoc
│ ├── proc_exchanging_service_account_tokens.adoc
│ ├── proc_exposing_loadbalancer.adoc
│ ├── proc_exposing_nodeport.adoc
│ ├── proc_exposing_route.adoc
│ ├── proc_getting_internal_service.adoc
│ ├── proc_handling_failed_backups.adoc
│ ├── proc_initiating_cluster_upgrade.adoc
│ ├── proc_installing_grafana_operator.adoc
│ ├── proc_installing_native_cli_plugin.adoc
│ ├── proc_installing_operator_client.adoc
│ ├── proc_installing_operator_hub.adoc
│ ├── proc_installing_operator_manually.adoc
│ ├── proc_installing_operator_native_plugin.adoc
│ ├── proc_installing_operator_olm.adoc
│ ├── proc_modifying_clusters.adoc
│ ├── proc_providing_client_certificates.adoc
│ ├── proc_providing_client_truststores.adoc
│ ├── proc_recovering_rolling_upgrades.adoc
│ ├── proc_restoring_cluster.adoc
│ ├── proc_retrieving_cluster_ip.adoc
│ ├── proc_retrieving_credentials.adoc
│ ├── proc_retrieving_tls_certificates.adoc
│ ├── proc_securing_cross_site_connections.adoc
│ ├── proc_securing_custom_configuration.adoc
│ ├── proc_setting_jvm_options.adoc
│ ├── proc_setting_up_cross_site_kube.adoc
│ ├── proc_specifying_server_image.adoc
│ ├── proc_stopping_starting.adoc
│ ├── proc_updating_caches.adoc
│ ├── proc_upgrading_clusters_downtime.adoc
│ ├── proc_upgrading_clusters_rolling.adoc
│ ├── proc_using_custom_encryption_secrets.adoc
│ ├── proc_verifying_clusters.adoc
│ ├── properties
│ ├── hotrod-client-external.properties
│ └── hotrod-client-internal.properties
│ ├── ref_anti_affinity.adoc
│ ├── ref_backup_restore_status.adoc
│ ├── ref_batch_operations.adoc
│ ├── ref_batch_status.adoc
│ ├── ref_cross_site_resources.adoc
│ ├── ref_cross_site_tls_resources.adoc
│ ├── ref_cross_site_tls_secrets.adoc
│ ├── ref_custom_encryption_secrets.adoc
│ ├── ref_datagrid_service_resources.adoc
│ ├── ref_default_credentials.adoc
│ ├── ref_encryption_service_ca.adoc
│ ├── ref_hotrod_cert_authn.adoc
│ ├── ref_hotrod_configuration.adoc
│ ├── ref_infinispan_config.adoc
│ ├── ref_logging.adoc
│ ├── ref_native_cli_plugin_commands.adoc
│ ├── ref_network_services.adoc
│ ├── ref_persistent_cache_store.adoc
│ ├── ref_supported_versions.adoc
│ ├── ref_tech_preview.adoc
│ ├── ref_user_roles_permissions.adoc
│ ├── supported_operands
│ ├── 2_3_7.adoc
│ ├── 2_4_0.adoc
│ ├── 2_4_1.adoc
│ ├── 2_4_10.adoc
│ ├── 2_4_11.adoc
│ ├── 2_4_12.adoc
│ ├── 2_4_2.adoc
│ ├── 2_4_3.adoc
│ ├── 2_4_4.adoc
│ ├── 2_4_5.adoc
│ ├── 2_4_6.adoc
│ ├── 2_4_7.adoc
│ ├── 2_4_8.adoc
│ ├── 2_4_9.adoc
│ ├── 2_5_0.adoc
│ └── operand_table.adoc
│ ├── sync
│ ├── json
│ │ └── cache_template_inheritance.json
│ ├── xml
│ │ └── cache_template_inheritance.xml
│ └── yaml
│ │ └── cache_template_inheritance.yaml
│ ├── xml
│ ├── alias_credentials_config.xml
│ ├── dist-sync-cache.xml
│ └── file-store-cache.xml
│ └── yaml
│ ├── affinity_nodes_prefer.yaml
│ ├── affinity_nodes_require.yaml
│ ├── affinity_zones_prefer.yaml
│ ├── affinity_zones_require.yaml
│ ├── authentication_disabled.yaml
│ ├── authentication_secret.yaml
│ ├── authz_custom_roles.yaml
│ ├── authz_enable.yaml
│ ├── backup.yaml
│ ├── backup_resources.yaml
│ ├── backup_resources_glob.yaml
│ ├── basic_auth.yaml
│ ├── batch_configmap.yaml
│ ├── batch_inline.yaml
│ ├── cache_update_strategy.yaml
│ ├── cache_xml.yaml
│ ├── cache_yaml.yaml
│ ├── cert_auth_certificates.yaml
│ ├── cert_auth_enabled.yaml
│ ├── cert_auth_truststores.yaml
│ ├── cloud_events.yaml
│ ├── config-map-logging-configuration.yaml
│ ├── config_map_cache_json.yaml
│ ├── config_map_cache_xml.yaml
│ ├── config_map_cache_yaml.yaml
│ ├── config_map_name.yaml
│ ├── container_extra_jvm_opts.yaml
│ ├── container_resources.yaml
│ ├── container_storage_class_name.yaml
│ ├── container_storage_ephemeral.yaml
│ ├── credential_store.yaml
│ ├── credential_store_secret.yaml
│ ├── cryostat.yaml
│ ├── custom_annotations.yaml
│ ├── custom_code_pod.yaml
│ ├── custom_code_pvc.yaml
│ ├── custom_labels.yaml
│ ├── datagrid_service.yaml
│ ├── dependencies_download.yaml
│ ├── dependencies_pvc.yaml
│ ├── encryption_certificate_secret.yaml
│ ├── encryption_custom_secret.yaml
│ ├── encryption_disabled.yaml
│ ├── encryption_keystore_secret.yaml
│ ├── encryption_service_ca.yaml
│ ├── env_var_subscription.yaml
│ ├── env_var_timezone.yaml
│ ├── env_vars_labels_annotations.yaml
│ ├── expose_type_load_balancer.yaml
│ ├── expose_type_node_port.yaml
│ ├── expose_type_route.yaml
│ ├── grafana_datasource.yaml
│ ├── horizontal_pod_autoscaler.yaml
│ ├── identities_authz.yaml
│ ├── indentities.yaml
│ ├── infinispan-jmx-enabled.yaml
│ ├── infinispan-monitoring-false.yaml
│ ├── infinispan-monitoring-target-labels.yaml
│ ├── infinispan-monitoring-true.yaml
│ ├── infinispan_cr.yaml
│ ├── infinispan_operator_config.yaml
│ ├── logging_categories.yaml
│ ├── logging_pattern.yaml
│ ├── metadata_name.yaml
│ ├── operator_group.yaml
│ ├── operator_group_target.yaml
│ ├── operator_subscription.yaml
│ ├── priority_class.yaml
│ ├── priority_class_CR.yaml
│ ├── probes.yaml
│ ├── prometheus_service_account.yaml
│ ├── restore.yaml
│ ├── service_type_datagrid.yaml
│ ├── upgrade_type_hotrodrolling.yaml
│ ├── upgrade_type_shutdown.yaml
│ ├── verify_cluster_view.yaml
│ ├── xsite_automatic.yaml
│ ├── xsite_cluster_ip.yaml
│ ├── xsite_disable_gossip_router.yaml
│ ├── xsite_expose_nodeport.yaml
│ ├── xsite_gossip_router_resources.yaml
│ ├── xsite_local_gossip_router.yaml
│ ├── xsite_logging.yaml
│ ├── xsite_lon.yaml
│ ├── xsite_lon_static.yaml
│ ├── xsite_manual.yaml
│ ├── xsite_nyc.yaml
│ ├── xsite_nyc_static.yaml
│ ├── xsite_sa_token.yaml
│ ├── xsite_tls.yaml
│ └── xsite_tls_secrets.yaml
├── go.mod
├── go.sum
├── hack
└── boilerplate.go.txt
├── infinispan_operator_stacked.png
├── launcher
├── listener
│ └── listener.go
├── operator
│ └── operator.go
└── version.go
├── main.go
├── pkg
├── apis
│ └── integreatly
│ │ └── v1alpha1
│ │ ├── grafana_types.go
│ │ ├── grafanadashboard_types.go
│ │ ├── grafanadatasource_types.go
│ │ ├── pluginsList.go
│ │ ├── register.go
│ │ └── zz_generated.deepcopy.go
├── hash
│ └── hash.go
├── http
│ ├── client.go
│ └── curl
│ │ └── curl.go
├── infinispan
│ ├── client
│ │ ├── api
│ │ │ └── infinispan.go
│ │ ├── client.go
│ │ ├── v14
│ │ │ ├── backups_restores.go
│ │ │ ├── caches.go
│ │ │ ├── container.go
│ │ │ ├── infinispan_v14.go
│ │ │ ├── logging.go
│ │ │ ├── metrics.go
│ │ │ ├── path_resolver.go
│ │ │ ├── rolling_upgrade.go
│ │ │ ├── server.go
│ │ │ └── xsite.go
│ │ └── v15
│ │ │ ├── infinispan_v15.go
│ │ │ └── path_resolver.go
│ ├── configuration
│ │ ├── container
│ │ │ └── remote_store.go
│ │ ├── logging
│ │ │ └── logging.go
│ │ └── server
│ │ │ ├── configuration.go
│ │ │ ├── configuration_test.go
│ │ │ └── testdata
│ │ │ ├── admin-14-cfg.xml
│ │ │ ├── admin-15-cfg.xml
│ │ │ ├── admin-16-cfg.xml
│ │ │ ├── base-14-cfg.xml
│ │ │ ├── base-15-cfg.xml
│ │ │ ├── base-16-cfg.xml
│ │ │ ├── zero-14-cfg.xml
│ │ │ ├── zero-15-cfg.xml
│ │ │ └── zero-16-cfg.xml
│ ├── security
│ │ ├── encryption.go
│ │ └── users.go
│ ├── upgrades
│ │ └── rolling_upgrades.go
│ └── version
│ │ ├── suite_test.go
│ │ ├── version.go
│ │ └── version_test.go
├── kubernetes
│ ├── controllerutil.go
│ ├── k8sutil.go
│ ├── kubernetes.go
│ ├── pods.go
│ └── pods_test.go
├── mime
│ └── mime.go
├── reconcile
│ └── pipeline
│ │ └── infinispan
│ │ ├── api.go
│ │ ├── api_mocks.go
│ │ ├── context
│ │ ├── context.go
│ │ ├── flow_control.go
│ │ └── resources.go
│ │ ├── handler
│ │ ├── configure
│ │ │ ├── authentication.go
│ │ │ ├── credential_store.go
│ │ │ ├── infinispan_server.go
│ │ │ ├── tls.go
│ │ │ └── xsite.go
│ │ ├── manage
│ │ │ ├── conditions.go
│ │ │ ├── console.go
│ │ │ ├── hotrod_upgrades.go
│ │ │ ├── manage.go
│ │ │ ├── statefulset_updates.go
│ │ │ └── upgrades.go
│ │ └── provision
│ │ │ ├── config_listener.go
│ │ │ ├── configmaps.go
│ │ │ ├── dependencies.go
│ │ │ ├── gossiprouter.go
│ │ │ ├── pods.go
│ │ │ ├── provision_test.go
│ │ │ ├── secrets.go
│ │ │ ├── service_monitor.go
│ │ │ ├── services.go
│ │ │ └── statefulsets.go
│ │ └── pipeline
│ │ └── pipeline.go
└── templates
│ ├── templates.go
│ └── templates
│ ├── common
│ ├── authorization.xml
│ ├── cache-container.xml
│ ├── header.xml
│ ├── jgroups.xml
│ ├── security.xml
│ └── server.xml
│ ├── infinispan-admin.xml
│ ├── infinispan-base-14.xml
│ ├── infinispan-base-15.xml
│ ├── infinispan-base-16.xml
│ ├── infinispan-zero.xml
│ └── log4j.xml
├── scripts
├── ci
│ ├── add_operand.sh
│ ├── add_operand_to_csv.sh
│ ├── configure-xsite.sh
│ ├── docs_generate_operator_operand_file.sh
│ ├── docs_generate_operator_operand_table.sh
│ ├── install-catalog-source.sh
│ ├── kind-with-olm.sh
│ ├── kind.sh
│ ├── metallb-config-xsite.yaml
│ ├── operand_common.sh
│ ├── pr-find-issues.sh
│ └── pr-label-issues.sh
├── create-olm-catalog.sh
├── run-tests.sh
└── test-catalog.yml
├── skaffold.yaml
├── test-integration
├── Dockerfile
├── README.md
├── global-test.properties
├── operator-tests
│ ├── pom.xml
│ └── src
│ │ ├── main
│ │ └── java
│ │ │ └── org
│ │ │ └── infinispan
│ │ │ ├── Caches.java
│ │ │ ├── Infinispan.java
│ │ │ ├── Infinispans.java
│ │ │ ├── TestServer.java
│ │ │ ├── cr
│ │ │ ├── InfinispanObject.java
│ │ │ ├── Metadata.java
│ │ │ ├── Spec.java
│ │ │ ├── Status.java
│ │ │ ├── spec
│ │ │ │ └── Security.java
│ │ │ └── status
│ │ │ │ └── Condition.java
│ │ │ ├── crd
│ │ │ ├── GrafanaContextProvider.java
│ │ │ ├── GrafanaDashboardContextProvider.java
│ │ │ ├── GrafanaDataSourceContextProvider.java
│ │ │ └── InfinispanContextProvider.java
│ │ │ ├── identities
│ │ │ ├── Credentials.java
│ │ │ └── Identities.java
│ │ │ └── util
│ │ │ ├── CleanUpValidator.java
│ │ │ └── KeystoreGenerator.java
│ │ └── test
│ │ ├── java
│ │ └── org
│ │ │ └── infinispan
│ │ │ └── operator
│ │ │ ├── ClientAuthenticationIT.java
│ │ │ ├── ClientValidationIT.java
│ │ │ ├── CustomLibsIT.java
│ │ │ ├── DataGridServiceIT.java
│ │ │ ├── DevSetupIT.java
│ │ │ ├── OCPCertsIT.java
│ │ │ ├── installation
│ │ │ └── MonitoringStackIT.java
│ │ │ └── package-info.java
│ │ └── resources
│ │ ├── META-INF
│ │ └── services
│ │ │ ├── cz.xtf.core.openshift.crd.CustomResourceDefinitionContextProvider
│ │ │ └── org.junit.platform.launcher.TestExecutionListener
│ │ ├── infinispans
│ │ ├── client_authentication.yaml
│ │ ├── client_validation.yaml
│ │ ├── custom_libs.yaml
│ │ ├── datagrid_service.yaml
│ │ ├── dev_setup.yaml
│ │ └── ocp_certs.yaml
│ │ ├── libs
│ │ └── custom-filter
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ └── main
│ │ │ ├── java
│ │ │ └── com
│ │ │ │ └── redhat
│ │ │ │ └── xpaas
│ │ │ │ └── jdg
│ │ │ │ └── listener
│ │ │ │ └── BasicKeyValueFilterFactory.java
│ │ │ └── resources
│ │ │ └── META-INF
│ │ │ └── services
│ │ │ └── org.infinispan.notifications.cachelistener.filter.CacheEventFilterFactory
│ │ ├── logback.xml
│ │ ├── monitoring
│ │ ├── grafana.yaml
│ │ └── grafana_sub.yaml
│ │ └── secrets
│ │ └── identities.yaml
├── pom.xml
└── test-server
│ ├── pom.xml
│ └── src
│ └── main
│ └── java
│ └── org
│ └── infinispan
│ └── operator
│ └── remote
│ ├── PingServlet.java
│ ├── auth
│ └── hotrod
│ │ ├── ClientCertificateAuthenticationServlet.java
│ │ ├── ClientCertificateValidationServlet.java
│ │ └── HotRodServlet.java
│ └── cluster
│ └── HotRodCluster.java
├── test
├── e2e
│ ├── backup-restore
│ │ ├── backup_restore_test.go
│ │ └── suite_test.go
│ ├── batch
│ │ ├── batch_helper.go
│ │ ├── batch_test.go
│ │ └── suite_test.go
│ ├── cache
│ │ └── cache_test.go
│ ├── hotrod-rolling-upgrade
│ │ └── hotrod_rolling_upgrade_test.go
│ ├── infinispan
│ │ ├── additional_vars_test.go
│ │ ├── authentication_test.go
│ │ ├── authorization_test.go
│ │ ├── client_cert_test.go
│ │ ├── config_listener_test.go
│ │ ├── credential_store_test.go
│ │ ├── custom_configuration_test.go
│ │ ├── custom_image_test.go
│ │ ├── dependencies_test.go
│ │ ├── encryption_test.go
│ │ ├── failover_test.go
│ │ ├── jmx_test.go
│ │ ├── scaling_test.go
│ │ ├── setup_test.go
│ │ ├── smoke_test.go
│ │ ├── spec_update_test.go
│ │ ├── storage_test.go
│ │ ├── suite_test.go
│ │ └── upgrade_operand_test.go
│ ├── multinamespace
│ │ └── multinamespace_test.go
│ ├── upgrade
│ │ ├── common.go
│ │ ├── dropped_operand_test.go
│ │ ├── upgrade_operands_test.go
│ │ └── upgrade_test.go
│ ├── utils
│ │ ├── asserts.go
│ │ ├── cache.go
│ │ ├── common.go
│ │ ├── constants.go
│ │ ├── data
│ │ │ └── external-libs-config.yaml
│ │ ├── httpClient.go
│ │ ├── kubernetes.go
│ │ ├── metrics.go
│ │ ├── olm.go
│ │ ├── operands.go
│ │ ├── portforward.go
│ │ └── tls.go
│ ├── webhook
│ │ └── webhook_test.go
│ └── xsite
│ │ ├── suite_test.go
│ │ └── xsite_test.go
└── tasks
│ ├── gen-test.sh
│ ├── index.html
│ ├── pom.xml
│ ├── task01
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── org
│ │ │ └── infinispan
│ │ │ └── example
│ │ │ └── HelloTask01.java
│ │ └── resources
│ │ └── META-INF
│ │ └── services
│ │ └── org.infinispan.tasks.ServerTask
│ ├── task02
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── assembly
│ │ └── zip.xml
│ │ ├── java
│ │ └── org
│ │ │ └── infinispan
│ │ │ └── example
│ │ │ └── HelloTask02.java
│ │ └── resources
│ │ └── META-INF
│ │ └── services
│ │ └── org.infinispan.tasks.ServerTask
│ └── task03
│ ├── pom.xml
│ └── src
│ └── main
│ ├── assembly
│ └── tar.xml
│ ├── java
│ └── org
│ │ └── infinispan
│ │ └── example
│ │ └── HelloTask03.java
│ └── resources
│ └── META-INF
│ └── services
│ └── org.infinispan.tasks.ServerTask
└── version.txt
/.github/actions/inspect/action.yml:
--------------------------------------------------------------------------------
1 | name: OC Inspect
2 | description: Inspect k8s cluster to obtain debugging data in the event of failure
3 |
4 | inputs:
5 | artifactPrefix:
6 | description: 'The prefix to be applied to all artifacts uploaded by this action'
7 | required: true
8 |
9 | runs:
10 | using: composite
11 | steps:
12 | - name: Inspect Cluster
13 | run: oc adm inspect ns
14 | shell: bash
15 |
16 | - name: Inspect Artifacts
17 | uses: actions/upload-artifact@v4
18 | with:
19 | name: ${{ inputs.artifactPrefix}}-oc-inspect
20 | path: inspect.*
21 |
--------------------------------------------------------------------------------
/.github/actions/kind/action.yml:
--------------------------------------------------------------------------------
1 | name: Initialize Kind Cluster
2 | description: Initialize Kind Cluster with Operator image and optional OLM CatalogSource
3 |
4 | inputs:
5 | olm:
6 | description: 'Install OLM Operator if true'
7 | default: 'true'
8 | required: false
9 |
10 | runs:
11 | using: composite
12 | steps:
13 |
14 | - name: Install Kind
15 | run: go install sigs.k8s.io/kind@v0.24.0
16 | shell: bash
17 |
18 | - name: Create Kind Cluster with OLM
19 | if: ${{ inputs.olm == 'true' }}
20 | run: ./scripts/ci/kind-with-olm.sh
21 | shell: bash
22 |
23 | - name: Create Kind Cluster without OLM
24 | if: ${{ inputs.olm == 'false' }}
25 | run: ./scripts/ci/kind.sh
26 | shell: bash
27 |
28 | - name: Build Operator Image
29 | run: make operator-build operator-push IMG="localhost:5001/infinispan-operator"
30 | shell: bash
31 |
32 | - name: Create OLM Catalog Source
33 | if: ${{ inputs.olm == 'true' }}
34 | run: ./scripts/ci/install-catalog-source.sh
35 | shell: bash
36 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: maven
4 | directory: "/"
5 | schedule:
6 | interval: daily
7 | open-pull-requests-limit: 10
8 | - package-ecosystem: github-actions
9 | directory: "/"
10 | schedule:
11 | interval: daily
12 | open-pull-requests-limit: 10
13 | - package-ecosystem: gomod
14 | directory: "/"
15 | schedule:
16 | interval: daily
17 | open-pull-requests-limit: 10
18 |
--------------------------------------------------------------------------------
/.github/workflows/backport_reaper.yaml:
--------------------------------------------------------------------------------
1 | name: Backport branch reaper
2 |
3 | on:
4 | pull_request_target:
5 | types:
6 | - closed
7 | branches:
8 | - '*.x'
9 |
10 | jobs:
11 | remove_backport_branch:
12 | if: startsWith(github.event.pull_request.head.ref, 'bp-')
13 | runs-on: ubuntu-latest
14 | steps:
15 | - name: Delete PR head branches
16 | uses: dawidd6/action-delete-branch@v3
17 | with:
18 | github_token: ${{ secrets.GITHUB_TOKEN }}
19 | numbers: ${{github.event.pull_request.number}}
20 |
--------------------------------------------------------------------------------
/.github/workflows/dependabot_pull_request.yml:
--------------------------------------------------------------------------------
1 | name: Dependabot
2 |
3 | on:
4 | pull_request_target:
5 | branches:
6 | - 2.3.x
7 | - main
8 |
9 | types:
10 | - opened
11 | - reopened
12 |
13 | jobs:
14 | jira:
15 | if: github.actor == 'dependabot[bot]'
16 | runs-on: ubuntu-latest
17 | permissions:
18 | contents: write
19 | pull-requests: write
20 | steps:
21 | - uses: actions/checkout@v4
22 |
23 | - name: Approve PR for auto-merge
24 | run: gh pr merge --auto --rebase ${{ github.event.pull_request.number }}
25 | env:
26 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
27 |
--------------------------------------------------------------------------------
/.github/workflows/label.yml:
--------------------------------------------------------------------------------
1 | name: Labeller
2 |
3 | on:
4 | pull_request_target:
5 | types: [closed]
6 |
7 | jobs:
8 | label:
9 | runs-on: ubuntu-latest
10 | permissions:
11 | contents: read
12 | issues: write
13 |
14 | steps:
15 | - name: Checkout
16 | uses: actions/checkout@v4
17 | with:
18 | repository: infinispan/infinispan-operator
19 |
20 | - name: Add release labels on merge
21 | run: scripts/ci/pr-label-issues.sh "${{ github.event.pull_request.number }}" "$GITHUB_REPOSITORY" >> "$GITHUB_STEP_SUMMARY"
22 | if: github.event.pull_request.merged == true && github.base_ref == 'main'
23 | env:
24 | GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
25 |
--------------------------------------------------------------------------------
/.github/workflows/test_webhooks.yml:
--------------------------------------------------------------------------------
1 | name: Hot Rod Rolling Upgrade Tests
2 |
3 | on:
4 | workflow_call:
5 |
6 | env:
7 | TESTING_LOG_DIR: ${{ github.workspace }}/test/reports
8 |
9 | jobs:
10 | test:
11 | runs-on: ubuntu-latest
12 |
13 | steps:
14 | - name: Checkout
15 | uses: actions/checkout@v4
16 |
17 | - name: Install Dependencies
18 | uses: ./.github/actions/dependencies
19 |
20 | - name: Initialize Kubernetes Cluster
21 | uses: ./.github/actions/kind
22 |
23 | - name: Webhook Tests
24 | run: make webhook-test PARALLEL_COUNT=5
25 |
26 | - name: Inspect Cluster
27 | if: failure()
28 | uses: ./.github/actions/inspect
29 | with:
30 | artifactPrefix: "webhooks"
31 |
32 | - name: Test Logs
33 | uses: actions/upload-artifact@v4
34 | if: failure()
35 | with:
36 | name: webhook-test-logs
37 | path: ${{ env.TESTING_LOG_DIR }}
38 |
--------------------------------------------------------------------------------
/api/v1/groupversion_info.go:
--------------------------------------------------------------------------------
1 | // Package v1 contains API Schema definitions for the infinispan v1 API group
2 | // +kubebuilder:object:generate=true
3 | // +groupName=infinispan.org
4 | package v1
5 |
6 | import (
7 | "k8s.io/apimachinery/pkg/runtime/schema"
8 | "sigs.k8s.io/controller-runtime/pkg/scheme"
9 | )
10 |
11 | var (
12 | // GroupVersion is group version used to register these objects
13 | GroupVersion = schema.GroupVersion{Group: "infinispan.org", Version: "v1"}
14 |
15 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme
16 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
17 |
18 | // AddToScheme adds the types in this group-version to the given scheme.
19 | AddToScheme = SchemeBuilder.AddToScheme
20 | )
21 |
--------------------------------------------------------------------------------
/api/v2alpha1/groupversion_info.go:
--------------------------------------------------------------------------------
1 | // Package v2alpha1 contains API Schema definitions for the infinispan v2alpha1 API group
2 | // +kubebuilder:object:generate=true
3 | // +groupName=infinispan.org
4 | package v2alpha1
5 |
6 | import (
7 | "k8s.io/apimachinery/pkg/runtime/schema"
8 | "sigs.k8s.io/controller-runtime/pkg/scheme"
9 | )
10 |
11 | var (
12 | // GroupVersion is group version used to register these objects
13 | GroupVersion = schema.GroupVersion{Group: "infinispan.org", Version: "v2alpha1"}
14 |
15 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme
16 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
17 |
18 | // AddToScheme adds the types in this group-version to the given scheme.
19 | AddToScheme = SchemeBuilder.AddToScheme
20 | )
21 |
--------------------------------------------------------------------------------
/config/certmanager/certificate.yaml:
--------------------------------------------------------------------------------
1 | # The following manifests contain a self-signed issuer CR and a certificate CR.
2 | # More document can be found at https://docs.cert-manager.io
3 | # WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes.
4 | apiVersion: cert-manager.io/v1
5 | kind: Issuer
6 | metadata:
7 | name: selfsigned-issuer
8 | namespace: system
9 | spec:
10 | selfSigned: {}
11 | ---
12 | apiVersion: cert-manager.io/v1
13 | kind: Certificate
14 | metadata:
15 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
16 | namespace: system
17 | spec:
18 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
19 | dnsNames:
20 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
21 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
22 | issuerRef:
23 | kind: Issuer
24 | name: selfsigned-issuer
25 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize
26 |
--------------------------------------------------------------------------------
/config/certmanager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - certificate.yaml
3 |
4 | configurations:
5 | - kustomizeconfig.yaml
6 |
--------------------------------------------------------------------------------
/config/certmanager/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | # This configuration is for teaching kustomize how to update name ref and var substitution
2 | nameReference:
3 | - kind: Issuer
4 | group: cert-manager.io
5 | fieldSpecs:
6 | - kind: Certificate
7 | group: cert-manager.io
8 | path: spec/issuerRef/name
9 |
10 | varReference:
11 | - kind: Certificate
12 | group: cert-manager.io
13 | path: spec/commonName
14 | - kind: Certificate
15 | group: cert-manager.io
16 | path: spec/dnsNames
17 |
--------------------------------------------------------------------------------
/config/crd/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD
2 | nameReference:
3 | - kind: Service
4 | version: v1
5 | fieldSpecs:
6 | - kind: CustomResourceDefinition
7 | version: v1
8 | group: apiextensions.k8s.io
9 | path: spec/conversion/webhook/clientConfig/service/name
10 |
11 | namespace:
12 | - kind: CustomResourceDefinition
13 | version: v1
14 | group: apiextensions.k8s.io
15 | path: spec/conversion/webhook/clientConfig/service/namespace
16 | create: false
17 |
18 | varReference:
19 | - path: metadata/annotations
20 |
--------------------------------------------------------------------------------
/config/crd/patches/cainjection_in_backups.yaml:
--------------------------------------------------------------------------------
1 | # The following patch adds a directive for certmanager to inject CA into the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | annotations:
6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
7 | name: backups.infinispan.org
8 |
--------------------------------------------------------------------------------
/config/crd/patches/cainjection_in_batches.yaml:
--------------------------------------------------------------------------------
1 | # The following patch adds a directive for certmanager to inject CA into the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | annotations:
6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
7 | name: batches.infinispan.org
8 |
--------------------------------------------------------------------------------
/config/crd/patches/cainjection_in_caches.yaml:
--------------------------------------------------------------------------------
1 | # The following patch adds a directive for certmanager to inject CA into the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | annotations:
6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
7 | name: caches.infinispan.org
8 |
--------------------------------------------------------------------------------
/config/crd/patches/cainjection_in_infinispans.yaml:
--------------------------------------------------------------------------------
1 | # The following patch adds a directive for certmanager to inject CA into the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | annotations:
6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
7 | name: infinispans.infinispan.org
8 |
--------------------------------------------------------------------------------
/config/crd/patches/cainjection_in_restores.yaml:
--------------------------------------------------------------------------------
1 | # The following patch adds a directive for certmanager to inject CA into the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | annotations:
6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
7 | name: restores.infinispan.org
8 |
--------------------------------------------------------------------------------
/config/crd/patches/webhook_in_backups.yaml:
--------------------------------------------------------------------------------
1 | # The following patch enables a conversion webhook for the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: backups.infinispan.org
6 | spec:
7 | conversion:
8 | strategy: Webhook
9 | webhook:
10 | clientConfig:
11 | service:
12 | namespace: system
13 | name: webhook-service
14 | path: /convert
15 | conversionReviewVersions:
16 | - v1
--------------------------------------------------------------------------------
/config/crd/patches/webhook_in_batches.yaml:
--------------------------------------------------------------------------------
1 | # The following patch enables a conversion webhook for the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: batches.infinispan.org
6 | spec:
7 | conversion:
8 | strategy: Webhook
9 | webhook:
10 | clientConfig:
11 | service:
12 | namespace: system
13 | name: webhook-service
14 | path: /convert
15 | conversionReviewVersions:
16 | - v1
--------------------------------------------------------------------------------
/config/crd/patches/webhook_in_caches.yaml:
--------------------------------------------------------------------------------
1 | # The following patch enables a conversion webhook for the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: caches.infinispan.org
6 | spec:
7 | conversion:
8 | strategy: Webhook
9 | webhook:
10 | clientConfig:
11 | service:
12 | namespace: system
13 | name: webhook-service
14 | path: /convert
15 | conversionReviewVersions:
16 | - v1
--------------------------------------------------------------------------------
/config/crd/patches/webhook_in_infinispans.yaml:
--------------------------------------------------------------------------------
1 | # The following patch enables a conversion webhook for the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: infinispans.infinispan.org
6 | spec:
7 | conversion:
8 | strategy: Webhook
9 | webhook:
10 | clientConfig:
11 | service:
12 | namespace: system
13 | name: webhook-service
14 | path: /convert
15 | conversionReviewVersions:
16 | - v1
--------------------------------------------------------------------------------
/config/crd/patches/webhook_in_restores.yaml:
--------------------------------------------------------------------------------
1 | # The following patch enables a conversion webhook for the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: restores.infinispan.org
6 | spec:
7 | conversion:
8 | strategy: Webhook
9 | webhook:
10 | clientConfig:
11 | service:
12 | namespace: system
13 | name: webhook-service
14 | path: /convert
15 | conversionReviewVersions:
16 | - v1
--------------------------------------------------------------------------------
/config/default/manager_webhook_patch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: controller-manager
5 | namespace: system
6 | spec:
7 | template:
8 | spec:
9 | containers:
10 | - name: manager
11 | ports:
12 | - containerPort: 9443
13 | name: webhook-server
14 | protocol: TCP
15 | volumeMounts:
16 | - mountPath: /tmp/k8s-webhook-server/serving-certs
17 | name: cert
18 | readOnly: true
19 | volumes:
20 | - name: cert
21 | secret:
22 | defaultMode: 420
23 | secretName: webhook-server-cert
24 |
--------------------------------------------------------------------------------
/config/default/webhookcainjection_patch.yaml:
--------------------------------------------------------------------------------
1 | # This patch add annotation to admission webhook config and
2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
3 | apiVersion: admissionregistration.k8s.io/v1
4 | kind: MutatingWebhookConfiguration
5 | metadata:
6 | name: mutating-webhook-configuration
7 | annotations:
8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
9 | ---
10 | apiVersion: admissionregistration.k8s.io/v1
11 | kind: ValidatingWebhookConfiguration
12 | metadata:
13 | name: validating-webhook-configuration
14 | annotations:
15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
16 |
--------------------------------------------------------------------------------
/config/manager/controller_manager_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
2 | kind: ControllerManagerConfig
3 | health:
4 | healthProbeBindAddress: :8081
5 | metrics:
6 | bindAddress: 127.0.0.1:8080
7 | webhook:
8 | port: 9443
9 | leaderElection:
10 | leaderElect: true
11 | resourceName: 632512e4.infinispan.org
12 |
--------------------------------------------------------------------------------
/config/manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | resources:
5 | - manager.yaml
6 |
7 | generatorOptions:
8 | disableNameSuffixHash: true
9 |
10 | configMapGenerator:
11 | - files:
12 | - controller_manager_config.yaml
13 | name: manager-config
14 |
--------------------------------------------------------------------------------
/config/manifests/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - ../default
3 | - ../samples
4 | - ../scorecard
5 |
6 | patchesJson6902:
7 | - target:
8 | group: apps
9 | version: v1
10 | kind: Deployment
11 | name: controller-manager
12 | namespace: system
13 | patch: |-
14 | # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs.
15 | # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment.
16 | - op: remove
17 | path: /spec/template/spec/containers/0/volumeMounts/0
18 | # Remove the "cert" volume, since OLM will create and mount a set of certs.
19 | # Update the indices in this path if adding or removing volumes in the manager's Deployment.
20 | - op: remove
21 | path: /spec/template/spec/volumes/0
--------------------------------------------------------------------------------
/config/prometheus/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - monitor.yaml
3 |
--------------------------------------------------------------------------------
/config/prometheus/monitor.yaml:
--------------------------------------------------------------------------------
1 |
2 | # Prometheus Monitor Service (Metrics)
3 | apiVersion: monitoring.coreos.com/v1
4 | kind: ServiceMonitor
5 | metadata:
6 | labels:
7 | control-plane: controller-manager
8 | name: controller-manager-metrics-monitor
9 | namespace: system
10 | spec:
11 | endpoints:
12 | - path: /metrics
13 | port: https
14 | scheme: https
15 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
16 | tlsConfig:
17 | insecureSkipVerify: true
18 | selector:
19 | matchLabels:
20 | control-plane: controller-manager
21 |
--------------------------------------------------------------------------------
/config/rbac/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - service_account.yaml
3 | - role.yaml
4 | - role_binding.yaml
5 | - leader_election_role.yaml
6 | - leader_election_role_binding.yaml
--------------------------------------------------------------------------------
/config/rbac/leader_election_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions to do leader election.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: Role
4 | metadata:
5 | name: leader-election-role
6 | rules:
7 | - apiGroups:
8 | - ""
9 | - coordination.k8s.io
10 | resources:
11 | - configmaps
12 | - leases
13 | verbs:
14 | - get
15 | - list
16 | - watch
17 | - create
18 | - update
19 | - patch
20 | - delete
21 | - apiGroups:
22 | - ""
23 | resources:
24 | - events
25 | verbs:
26 | - create
27 | - patch
28 |
--------------------------------------------------------------------------------
/config/rbac/leader_election_role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: RoleBinding
3 | metadata:
4 | name: leader-election-rolebinding
5 | roleRef:
6 | apiGroup: rbac.authorization.k8s.io
7 | kind: Role
8 | name: leader-election-role
9 | subjects:
10 | - kind: ServiceAccount
11 | name: controller-manager
12 | namespace: system
13 |
--------------------------------------------------------------------------------
/config/rbac/role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRoleBinding
3 | metadata:
4 | name: manager-rolebinding
5 | roleRef:
6 | apiGroup: rbac.authorization.k8s.io
7 | kind: ClusterRole
8 | name: manager-role
9 | subjects:
10 | - kind: ServiceAccount
11 | name: controller-manager
12 | namespace: system
13 | ---
14 | apiVersion: rbac.authorization.k8s.io/v1
15 | kind: RoleBinding
16 | metadata:
17 | name: manager-rolebinding
18 | roleRef:
19 | apiGroup: rbac.authorization.k8s.io
20 | kind: Role
21 | name: manager-role
22 | subjects:
23 | - kind: ServiceAccount
24 | name: controller-manager
25 | namespace: system
26 |
--------------------------------------------------------------------------------
/config/rbac/service_account.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | labels:
5 | control-plane: controller-manager
6 | name: controller-manager
7 | namespace: system
8 |
--------------------------------------------------------------------------------
/config/samples/backup-restore/infinispan_v2alpha1_backup.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v2alpha1
2 | kind: Backup
3 | metadata:
4 | name: example-backup
5 | spec:
6 | cluster: example-infinispan
7 | container:
8 | extraJvmOpts: "-Djava.property=me"
9 | memory: 1Gi
10 | cpu: "1000m"
11 |
--------------------------------------------------------------------------------
/config/samples/backup-restore/infinispan_v2alpha1_restore.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v2alpha1
2 | kind: Restore
3 | metadata:
4 | name: example-restore
5 | spec:
6 | cluster: example-infinispan
7 | container:
8 | extraJvmOpts: "-Djava.property=me"
9 | memory: 1Gi
10 | cpu: "1000m"
11 |
--------------------------------------------------------------------------------
/config/samples/batch/batch-cm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: example-batch-config-map
5 | data:
6 | batch: |
7 | create cache --file=/etc/batch/mycache.xml mycache
8 | put --cache=mycache hello world
9 | put --cache=mycache hola mundo
10 | mycache.xml: |
11 |
12 |
13 |
14 |
15 |
16 |
17 | ---
18 | apiVersion: infinispan.org/v2alpha1
19 | kind: Batch
20 | metadata:
21 | name: example-batch-cm
22 | spec:
23 | cluster: example-infinispan
24 | configMap: example-batch-config-map
25 |
--------------------------------------------------------------------------------
/config/samples/batch/infinispan_v2alpha1_batch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v2alpha1
2 | kind: Batch
3 | metadata:
4 | name: example-batch-inline
5 | spec:
6 | cluster: example-infinispan
7 | config: |
8 | create counter --concurrency-level=1 --initial-value=5 --storage=VOLATILE --type=weak batch-counter
9 |
--------------------------------------------------------------------------------
/config/samples/cache/infinispan_v2alpha1_cache.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v2alpha1
2 | kind: Cache
3 | metadata:
4 | name: example-cache
5 | spec:
6 | clusterName: example-infinispan
7 | name: mycache
8 | template:
9 |
--------------------------------------------------------------------------------
/config/samples/infinispan/auth/client_cert.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | service:
7 | type: DataGrid
8 | security:
9 | endpointEncryption:
10 | # None | Authenticate | Validate
11 | # Authenticate requires all client certificates to be in the truststore
12 | # Validate requires the signing CA certificate to be in the truststore
13 | clientCert: Validate
14 | clientCertSecretName: truststore-secret
15 |
--------------------------------------------------------------------------------
/config/samples/infinispan/auth/connect_secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 | name: connect-secret
5 | type: Opaque
6 | stringData:
7 | identities.yaml: |-
8 | credentials:
9 | - username: developer
10 | password: changeme
11 | - username: operator
12 | password: changemetoo
13 |
--------------------------------------------------------------------------------
/config/samples/infinispan/auth/cr_datagrid_with_auth.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 1
7 | service:
8 | type: DataGrid
9 | security:
10 | endpointSecretName: connect-secret
--------------------------------------------------------------------------------
/config/samples/infinispan/auth/cr_minimal_with_auth.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 2
7 | security:
8 | endpointSecretName: connect-secret
9 |
--------------------------------------------------------------------------------
/config/samples/infinispan/expose/cr_route.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 2
7 | expose:
8 | type: Route
9 | host: www.example.org
10 |
--------------------------------------------------------------------------------
/config/samples/infinispan/infinispan_v1_infinispan.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 1
7 |
--------------------------------------------------------------------------------
/config/samples/infinispan/labels/cr_custom_labels.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | annotations:
6 | infinispan.org/podTargetLabels: propagateMeToPods, meTooToPods
7 | infinispan.org/targetLabels: propagateMeToServices, meTooToServices
8 | labels:
9 | propagateMeToPods: value1
10 | meTooToPods: value2
11 | propagateMeToServices: value3
12 | meTooToServices: value4
13 | spec:
14 | replicas: 1
15 |
--------------------------------------------------------------------------------
/config/samples/infinispan/storage/cr_storage_class.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 1
7 | service:
8 | type: DataGrid
9 | container:
10 | storage: 1Gi
11 | storageClassName: local-storage
12 |
--------------------------------------------------------------------------------
/config/samples/infinispan/storage/local_persistence_volume.yaml:
--------------------------------------------------------------------------------
1 | # Please note, this is example only file
2 | # nodeSelectorTerms and path can be changed related to your running environment
3 |
4 | apiVersion: v1
5 | kind: PersistentVolume
6 | metadata:
7 | name: example-infinispan-pv
8 | spec:
9 | capacity:
10 | storage: 1Gi
11 | accessModes:
12 | - ReadWriteOnce
13 | persistentVolumeReclaimPolicy: Retain
14 | storageClassName: local-storage
15 | local:
16 | path: /tmp/
17 | nodeAffinity:
18 | required:
19 | nodeSelectorTerms:
20 | - matchExpressions:
21 | - key: node-role.kubernetes.io/worker
22 | operator: In
23 | values:
24 | - 'true'
25 | - ''
26 |
--------------------------------------------------------------------------------
/config/samples/infinispan/storage/local_storage_class.yaml:
--------------------------------------------------------------------------------
1 | kind: StorageClass
2 | apiVersion: storage.k8s.io/v1
3 | metadata:
4 | name: local-storage
5 | provisioner: kubernetes.io/no-provisioner
6 | reclaimPolicy: Delete
7 | volumeBindingMode: WaitForFirstConsumer
8 |
--------------------------------------------------------------------------------
/config/samples/infinispan/tls/cr_minimal_with_tls.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 2
7 | security:
8 | endpointEncryption:
9 | # Define the certificate to encrypt endpoint traffic.
10 | # `type: Service` uses platform service certificate.
11 | # `type: Secret` uses custom certificates.
12 | type: Secret
13 | # If `type: Service`, uncomment the following `certServiceName` line:
14 | # certServiceName: service.beta.openshift.io
15 | # Name the secret that contains encryption certificates.
16 | certSecretName: tls-secret
17 |
--------------------------------------------------------------------------------
/config/samples/infinispan/xsite/kubernetes/xsite_a.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 2
7 | expose:
8 | type: NodePort
9 | service:
10 | type: DataGrid
11 | sites:
12 | local:
13 | name: SiteA
14 | expose:
15 | type: NodePort
16 | locations:
17 | - name: SiteA
18 | url: kubernetes://192.168.99.101:8443
19 | secretName: site-secrets
20 | - name: SiteB
21 | url: kubernetes://192.168.99.102:8443
22 | secretName: site-secrets
23 |
--------------------------------------------------------------------------------
/config/samples/infinispan/xsite/kubernetes/xsite_b.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 2
7 | expose:
8 | type: NodePort
9 | service:
10 | type: DataGrid
11 | sites:
12 | local:
13 | name: SiteB
14 | expose:
15 | type: NodePort
16 | locations:
17 | - name: SiteA
18 | url: minikube://192.168.99.101:8443
19 | secretName: site-secrets
20 | - name: SiteB
21 | url: minikube://192.168.99.102:8443
22 | secretName: site-secrets
23 |
--------------------------------------------------------------------------------
/config/samples/infinispan/xsite/openshift/xsite_a.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 1
7 | expose:
8 | type: LoadBalancer
9 | service:
10 | type: DataGrid
11 | sites:
12 | local:
13 | name: SiteA
14 | expose:
15 | type: LoadBalancer
16 | locations:
17 | - name: SiteA
18 | url: openshift://api.infinispan-1209a.devcluster.openshift.com:6443
19 | secretName: site-a-secrets
20 | - name: SiteB
21 | url: openshift://api.infinispan-1209b.devcluster.openshift.com:6443
22 | secretName: site-b-secrets
23 |
--------------------------------------------------------------------------------
/config/samples/infinispan/xsite/openshift/xsite_b.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 1
7 | expose:
8 | type: LoadBalancer
9 | service:
10 | type: DataGrid
11 | sites:
12 | local:
13 | name: SiteB
14 | expose:
15 | type: LoadBalancer
16 | locations:
17 | - name: SiteA
18 | url: openshift://api.infinispan-1209a.devcluster.openshift.com:6443
19 | secretName: site-a-secrets
20 | - name: SiteB
21 | url: openshift://api.infinispan-1209b.devcluster.openshift.com:6443
22 | secretName: site-b-secrets
23 |
--------------------------------------------------------------------------------
/config/samples/infinispan/xsite/static-internal/xsite_a.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-clustera
5 | spec:
6 | replicas: 1
7 | expose:
8 | type: NodePort
9 | service:
10 | type: DataGrid
11 | sites:
12 | local:
13 | name: SiteA
14 | expose:
15 | type: ClusterIP
16 | locations:
17 | - name: SiteB
18 | clusterName: example-clusterb
19 |
--------------------------------------------------------------------------------
/config/samples/infinispan/xsite/static-internal/xsite_b.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-clusterb
5 | spec:
6 | replicas: 1
7 | expose:
8 | type: NodePort
9 | service:
10 | type: DataGrid
11 | sites:
12 | local:
13 | name: SiteB
14 | expose:
15 | type: ClusterIP
16 | locations:
17 | - name: SiteA
18 | clusterName: example-clustera
19 |
--------------------------------------------------------------------------------
/config/samples/infinispan/xsite/static-loadbalancer/xsite_a.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 1
7 | expose:
8 | type: LoadBalancer
9 | service:
10 | type: DataGrid
11 | sites:
12 | local:
13 | name: SiteA
14 | expose:
15 | type: LoadBalancer
16 | locations:
17 | - name: SiteA
18 | url: infinispan+xsite://infinispan-sitea.myhost.com:7900
19 | - name: SiteB
20 | url: infinispan+xsite://infinispan-siteb.myhost.com:7900
21 |
--------------------------------------------------------------------------------
/config/samples/infinispan/xsite/static-loadbalancer/xsite_b.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v1
2 | kind: Infinispan
3 | metadata:
4 | name: example-infinispan
5 | spec:
6 | replicas: 1
7 | expose:
8 | type: LoadBalancer
9 | service:
10 | type: DataGrid
11 | sites:
12 | local:
13 | name: SiteB
14 | expose:
15 | type: LoadBalancer
16 | locations:
17 | - name: SiteA
18 | url: infinispan+xsite://infinispan-sitea.myhost.com:7900
19 | - name: SiteB
20 | url: infinispan+xsite://infinispan-siteb.myhost.com:7900
21 |
--------------------------------------------------------------------------------
/config/samples/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ## Append samples you want in your CSV to this file as resources ##
2 | resources:
3 | - infinispan/infinispan_v1_infinispan.yaml
4 | - backup-restore/infinispan_v2alpha1_backup.yaml
5 | - backup-restore/infinispan_v2alpha1_restore.yaml
6 | - batch/infinispan_v2alpha1_batch.yaml
7 | - cache/infinispan_v2alpha1_cache.yaml
8 | # +kubebuilder:scaffold:manifestskustomizesamples
9 |
--------------------------------------------------------------------------------
/config/samples/operator-config/operator-config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: infinispan-operator-config
5 | data:
6 | grafana.dashboard.namespace: namespace-for-testing
7 | grafana.dashboard.name: infinispan # default value if not provided
8 | grafana.dashboard.monitoring.key: middleware # default value
9 |
--------------------------------------------------------------------------------
/config/scorecard/bases/config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: scorecard.operatorframework.io/v1alpha3
2 | kind: Configuration
3 | metadata:
4 | name: config
5 | stages:
6 | - parallel: true
7 | tests: []
8 |
--------------------------------------------------------------------------------
/config/scorecard/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - bases/config.yaml
3 | patchesJson6902:
4 | - path: patches/basic.config.yaml
5 | target:
6 | group: scorecard.operatorframework.io
7 | version: v1alpha3
8 | kind: Configuration
9 | name: config
10 | - path: patches/olm.config.yaml
11 | target:
12 | group: scorecard.operatorframework.io
13 | version: v1alpha3
14 | kind: Configuration
15 | name: config
16 | # +kubebuilder:scaffold:patchesJson6902
17 |
--------------------------------------------------------------------------------
/config/scorecard/patches/basic.config.yaml:
--------------------------------------------------------------------------------
1 | - op: add
2 | path: /stages/0/tests/-
3 | value:
4 | entrypoint:
5 | - scorecard-test
6 | - basic-check-spec
7 | image: quay.io/operator-framework/scorecard-test:v1.24.1
8 | labels:
9 | suite: basic
10 | test: basic-check-spec-test
11 |
--------------------------------------------------------------------------------
/config/webhook/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - manifests.yaml
3 | - service.yaml
4 |
5 | configurations:
6 | - kustomizeconfig.yaml
7 |
--------------------------------------------------------------------------------
/config/webhook/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | # the following config is for teaching kustomize where to look at when substituting vars.
2 | # It requires kustomize v2.1.0 or newer to work properly.
3 | nameReference:
4 | - kind: Service
5 | version: v1
6 | fieldSpecs:
7 | - kind: MutatingWebhookConfiguration
8 | group: admissionregistration.k8s.io
9 | path: webhooks/clientConfig/service/name
10 | - kind: ValidatingWebhookConfiguration
11 | group: admissionregistration.k8s.io
12 | path: webhooks/clientConfig/service/name
13 |
14 | namespace:
15 | - kind: MutatingWebhookConfiguration
16 | group: admissionregistration.k8s.io
17 | path: webhooks/clientConfig/service/namespace
18 | create: true
19 | - kind: ValidatingWebhookConfiguration
20 | group: admissionregistration.k8s.io
21 | path: webhooks/clientConfig/service/namespace
22 | create: true
23 |
24 | varReference:
25 | - path: metadata/annotations
26 |
--------------------------------------------------------------------------------
/config/webhook/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: webhook-service
5 | namespace: system
6 | spec:
7 | ports:
8 | - port: 443
9 | targetPort: 9443
10 | selector:
11 | control-plane: controller-manager
12 |
--------------------------------------------------------------------------------
/documentation/asciidoc/css/css.css:
--------------------------------------------------------------------------------
1 | #toc {
2 | overflow-x: hidden;
3 | }
4 | #tocsearch {
5 | font-family: 'FontAwesome';
6 | width: 80%;
7 | }
8 | #toctreecollapse, #toctreeexpand {
9 | padding: 0 0.3em;
10 | }
11 | #toctree {
12 | font-size: 0.9em;
13 | }
14 | .jstree-children {
15 | padding-left: 0;
16 | }
17 | .jstree-default .jstree-node {
18 | margin-left: 0;
19 | }
20 | .jstree-anchor {
21 | white-space: normal;
22 | }
23 | .jstree-default .jstree-anchor,
24 | .jstree-default-small .jstree-anchor {
25 | height: auto;
26 | }
27 |
28 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_anti_affinity.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='anti-affinity']
3 | :context: availability
4 | = Guaranteeing availability with anti-affinity
5 |
6 | [role="_abstract"]
7 | Kubernetes includes anti-affinity capabilities that protect workloads from single points of failure.
8 |
9 | include::{topics}/con_anti_affinity.adoc[leveloffset=+1]
10 | include::{topics}/proc_configuring_anti_affinity.adoc[leveloffset=+1]
11 | include::{topics}/ref_anti_affinity.adoc[leveloffset=+2]
12 |
13 | // Restore the parent context.
14 | ifdef::parent-context[:context: {parent-context}]
15 | ifndef::parent-context[:!context:]
16 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_authentication.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='configuring-authentication']
3 | :context: authn
4 | = Configuring authentication
5 |
6 | [role="_abstract"]
7 | Application users need credentials to access {brandname} clusters.
8 | You can use default, generated credentials or add your own.
9 |
10 | include::{topics}/ref_default_credentials.adoc[leveloffset=+1]
11 | include::{topics}/proc_retrieving_credentials.adoc[leveloffset=+1]
12 | include::{topics}/proc_adding_credentials.adoc[leveloffset=+1]
13 | include::{topics}/proc_changing_operator_password.adoc[leveloffset=+1]
14 | include::{topics}/proc_disabling_authentication.adoc[leveloffset=+1]
15 |
16 | // Restore the parent context.
17 | ifdef::parent-context[:context: {parent-context}]
18 | ifndef::parent-context[:!context:]
19 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_authorization.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='authorization']
3 | :context: authorization
4 | = Configuring user roles and permissions
5 |
6 | [role="_abstract"]
7 | Secure access to {brandname} services by configuring role-based access control (RBAC) for users.
8 | This requires you to assign roles to users so that they have permission to access caches and {brandname} resources.
9 |
10 | include::{topics}/proc_enabling_authorization.adoc[leveloffset=+1]
11 | include::{topics}/ref_user_roles_permissions.adoc[leveloffset=+1]
12 | include::{topics}/proc_assigning_user_roles.adoc[leveloffset=+1]
13 | include::{topics}/proc_adding_custom_roles_permissions.adoc[leveloffset=+1]
14 |
15 | // Restore the parent context.
16 | ifdef::parent-context[:context: {parent-context}]
17 | ifndef::parent-context[:!context:]
18 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_backing_up_restoring.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='backing-up-restoring']
3 | :context: backup-restore
4 | = Backing up and restoring {brandname} clusters
5 |
6 | [role="_abstract"]
7 | {ispn_operator} lets you back up and restore {brandname} cluster state for disaster recovery and to migrate {brandname} resources between clusters.
8 |
9 | include::{topics}/con_backup_restore.adoc[leveloffset=+1]
10 | include::{topics}/proc_backing_up_cluster.adoc[leveloffset=+1]
11 | include::{topics}/proc_restoring_cluster.adoc[leveloffset=+1]
12 | include::{topics}/ref_backup_restore_status.adoc[leveloffset=+1]
13 | include::{topics}/proc_handling_failed_backups.adoc[leveloffset=+2]
14 |
15 | // Restore the parent context.
16 | ifdef::parent-context[:context: {parent-context}]
17 | ifndef::parent-context[:!context:]
18 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_cache_cr.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='creating-caches']
3 | :context: creating-caches
4 | = Creating caches with {ispn_operator}
5 |
6 | [role="_abstract"]
7 | Use `Cache` CRs to add cache configuration with {ispn_operator} and control how {brandname} stores your data.
8 |
9 | include::{topics}/con_caches.adoc[leveloffset=+1]
10 | include::{topics}/proc_creating_caches.adoc[leveloffset=+1]
11 | include::{topics}/proc_updating_caches.adoc[leveloffset=+1]
12 | include::{topics}/proc_adding_cache_stores.adoc[leveloffset=+1]
13 |
14 | // Restore the parent context.
15 | ifdef::parent-context[:context: {parent-context}]
16 | ifndef::parent-context[:!context:]
17 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_configuring_client_certificates.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='client-certificates']
3 | :context: client-certificates
4 | = Configuring client certificate authentication
5 |
6 | [role="_abstract"]
7 | Add client trust stores to your project and configure {brandname} to allow connections only from clients that present valid certificates.
8 | This increases security of your deployment by ensuring that clients are trusted by a public certificate authority (CA).
9 |
10 | include::{topics}/con_client_cert_authn.adoc[leveloffset=+1]
11 | include::{topics}/proc_enabling_client_cert_authn.adoc[leveloffset=+1]
12 | include::{topics}/proc_providing_client_truststores.adoc[leveloffset=+1]
13 | include::{topics}/proc_providing_client_certificates.adoc[leveloffset=+1]
14 |
15 | // Restore the parent context.
16 | ifdef::parent-context[:context: {parent-context}]
17 | ifndef::parent-context[:!context:]
18 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_configuring_clusters.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='configuring-clusters']
3 | :context: configuring-clusters
4 | = Configuring {brandname} clusters
5 |
6 | [role="_abstract"]
7 | Apply custom {brandname} configuration to clusters that {ispn_operator} manages.
8 |
9 | include::{topics}/proc_applying_custom_configuration.adoc[leveloffset=+1]
10 | include::{topics}/ref_infinispan_config.adoc[leveloffset=+1]
11 | include::{topics}/proc_securing_custom_configuration.adoc[leveloffset=+1]
12 |
13 | // Restore the parent context.
14 | ifdef::parent-context[:context: {parent-context}]
15 | ifndef::parent-context[:!context:]
16 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_connecting_clients.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='connecting-clients']
3 | :context: clients
4 | = Establishing remote client connections
5 |
6 | [role="_abstract"]
7 | Connect to {brandname} clusters from the {brandname} Console, Command Line Interface (CLI), and remote clients.
8 |
9 | include::{topics}/con_client_connection_details.adoc[leveloffset=+1]
10 |
11 | //CLI
12 | include::{topics}/proc_connecting_cli.adoc[leveloffset=+1]
13 |
14 | //Console
15 | include::{topics}/proc_connecting_console.adoc[leveloffset=+1]
16 |
17 | //Hot Rod
18 | include::{topics}/con_hotrod_clients.adoc[leveloffset=+1]
19 | include::{topics}/ref_hotrod_configuration.adoc[leveloffset=+2]
20 | include::{topics}/ref_hotrod_cert_authn.adoc[leveloffset=+2]
21 | include::{topics}/proc_creating_caches_hotrod.adoc[leveloffset=+2]
22 |
23 | //REST
24 | include::{topics}/proc_connecting_rest.adoc[leveloffset=+1]
25 |
26 | // Restore the parent context.
27 | ifdef::parent-context[:context: {parent-context}]
28 | ifndef::parent-context[:!context:]
29 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_creating_clusters.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='creating-clusters']
3 | :context: creating-clusters
4 | = Creating {brandname} clusters
5 |
6 | [role="_abstract"]
7 | Create {brandname} clusters running on {k8s} with the `Infinispan` CR or with the native {brandname} CLI plugin for `{kube_client}` clients.
8 |
9 | include::{topics}/con_infinispan_cr.adoc[leveloffset=+1]
10 | include::{topics}/proc_creating_clusters.adoc[leveloffset=+1]
11 | include::{topics}/proc_verifying_clusters.adoc[leveloffset=+1]
12 | include::{topics}/proc_modifying_clusters.adoc[leveloffset=+1]
13 | include::{topics}/proc_stopping_starting.adoc[leveloffset=+1]
14 |
15 | // Restore the parent context.
16 | ifdef::parent-context[:context: {parent-context}]
17 | ifndef::parent-context[:!context:]
18 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_deploying_code.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='deploying-code']
3 | :context: custom-code
4 | = Deploying custom code to {brandname}
5 |
6 | [role="_abstract"]
7 | Add custom code, such as scripts and event listeners, to your {brandname} clusters.
8 |
9 | Before you can deploy custom code to {brandname} clusters, you need to make it available.
10 | To do this you can copy artifacts from a persistent volume (PV), download artifacts from an HTTP or FTP server, or use both methods.
11 |
12 | include::{topics}/proc_copying_code.adoc[leveloffset=+1]
13 | include::{topics}/proc_downloading_code.adoc[leveloffset=+1]
14 |
15 | ifdef::parent-context[:context: {parent-context}]
16 | ifndef::parent-context[:!context:]
17 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_encryption.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='configuring-encryption']
3 | :context: tls
4 | = Configuring encryption
5 |
6 | [role="_abstract"]
7 | Encrypt connections between clients and {brandname} pods with {openshift}
8 | service certificates or custom TLS certificates.
9 |
10 | include::{topics}/ref_encryption_service_ca.adoc[leveloffset=+1]
11 | include::{topics}/proc_retrieving_tls_certificates.adoc[leveloffset=+1]
12 | include::{topics}/proc_disabling_encryption.adoc[leveloffset=+1]
13 | include::{topics}/proc_using_custom_encryption_secrets.adoc[leveloffset=+1]
14 | include::{topics}/ref_custom_encryption_secrets.adoc[leveloffset=+2]
15 |
16 | // Restore the parent context.
17 | ifdef::parent-context[:context: {parent-context}]
18 | ifndef::parent-context[:!context:]
19 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_installing_native_cli_plugin.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='installing-native-cli-plugin']
3 | :context: installing-native-cli-plugin
4 | = Installing the native {brandname} CLI as a client plugin
5 |
6 | [role="_abstract"]
7 | {brandname} provides a command line interface (CLI) compiled to a native executable that you can install as a plugin for `{kube_client}` clients.
8 | You can then use your `{kube_client}` client to:
9 |
10 | * Create {ispn_operator} subscriptions and remove {ispn_operator} installations.
11 | * Set up {brandname} clusters and configure services.
12 | * Work with {brandname} resources via remote shells.
13 |
14 | include::{topics}/proc_installing_native_cli_plugin.adoc[leveloffset=+1]
15 | include::{topics}/ref_native_cli_plugin_commands.adoc[leveloffset=+1]
16 |
17 | // Restore the parent context.
18 | ifdef::parent-context[:context: {parent-context}]
19 | ifndef::parent-context[:!context:]
20 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_installing_operator.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='installation']
3 | :context: install
4 | = Installing {ispn_operator}
5 |
6 | [role="_abstract"]
7 | Install {ispn_operator} into a {k8s} namespace to create and manage {brandname} clusters.
8 |
9 | include::{topics}/proc_installing_operator_olm.adoc[leveloffset=+1]
10 | include::{topics}/proc_installing_operator_native_plugin.adoc[leveloffset=+1]
11 | //Downstream content
12 | ifdef::downstream[]
13 | include::{topics}/proc_installing_operator_client.adoc[leveloffset=+1]
14 | endif::downstream[]
15 | //Community Only
16 | ifdef::community[]
17 | include::{topics}/proc_installing_operator_hub.adoc[leveloffset=+1]
18 | include::{topics}/proc_installing_operator_manually.adoc[leveloffset=+1]
19 | endif::community[]
20 |
21 | // Restore the parent context.
22 | ifdef::parent-context[:context: {parent-context}]
23 | ifndef::parent-context[:!context:]
24 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_network_access.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='creating-network']
3 | :context: network-services
4 | = Configuring network access to {brandname}
5 |
6 | [role="_abstract"]
7 | Expose {brandname} clusters so you can access {brandname} Console, the
8 | {brandname} command line interface (CLI), REST API, and Hot Rod endpoint.
9 |
10 | include::{topics}/proc_getting_internal_service.adoc[leveloffset=+1]
11 | include::{topics}/proc_exposing_loadbalancer.adoc[leveloffset=+1]
12 | include::{topics}/proc_exposing_nodeport.adoc[leveloffset=+1]
13 | include::{topics}/proc_exposing_route.adoc[leveloffset=+1]
14 | include::{topics}/ref_network_services.adoc[leveloffset=+1]
15 |
16 | // Restore the parent context.
17 | ifdef::parent-context[:context: {parent-context}]
18 | ifndef::parent-context[:!context:]
19 |
--------------------------------------------------------------------------------
/documentation/asciidoc/stories/assembly_operator_deployments.adoc:
--------------------------------------------------------------------------------
1 | ifdef::context[:parent-context: {context}]
2 | [id='operator']
3 | :context: operator
4 | = {ispn_operator}
5 |
6 | [role="_abstract"]
7 | {ispn_operator} provides operational intelligence and reduces management complexity for deploying {brandname} on Kubernetes and {openshift}.
8 |
9 | //Community content
10 | ifdef::community[]
11 | include::{topics}/ref_supported_versions.adoc[leveloffset=+1]
12 | endif::community[]
13 |
14 | include::{topics}/con_operator_deployments.adoc[leveloffset=+1]
15 | include::{topics}/con_operator_managed_clusters.adoc[leveloffset=+1]
16 | include::{topics}/con_operator_reconciliation.adoc[leveloffset=+1]
17 |
18 | // Restore the parent context.
19 | ifdef::parent-context[:context: {parent-context}]
20 | ifndef::parent-context[:!context:]
21 |
--------------------------------------------------------------------------------
/documentation/asciidoc/titles/operator-docinfo-footer.html:
--------------------------------------------------------------------------------
1 |
11 |
--------------------------------------------------------------------------------
/documentation/asciidoc/titles/operator-docinfo.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/documentation/asciidoc/titles/operator.asciidoc:
--------------------------------------------------------------------------------
1 | //Community attributes
2 | :toc2:
3 | :icons: font
4 | :toclevels: 4
5 | :sectnums:
6 | :sectanchors:
7 | :docinfo: private-head,private-footer
8 |
9 | //Avoid symlinks in community docs
10 | :topics: ../topics
11 | :stories: ../stories
12 | :imagesdir: {topics}/images
13 |
14 | //Include community attributes
15 | include::{topics}/attributes/community-attributes.adoc[]
16 | include::{topics}/attributes/kubectl_cmds.adoc[]
17 | include::{topics}/attributes/links.adoc[]
18 |
19 | [id='infinispan_operator']
20 | = {ispn_operator} {ispn_operator_version} Guide
21 |
22 | include::stories.adoc[]
23 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/cmd_examples/batch.adoc:
--------------------------------------------------------------------------------
1 | create cache mycache --file=/etc/batch/mycache.xml
2 | put --cache=mycache hello world
3 | put --cache=mycache hola mundo
4 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/cmd_examples/cat_infinispan_cr.adoc:
--------------------------------------------------------------------------------
1 | cat > cr_minimal.yaml<
9 | service:
10 | type: DataGrid
11 | EOF
12 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/cmd_examples/get_infinispan.adoc:
--------------------------------------------------------------------------------
1 | {oc_get_infinispan} -o yaml
2 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/cmd_examples/oc_get_secret_creds.adoc:
--------------------------------------------------------------------------------
1 | {oc_get_secret} {example_crd_name}-generated-secret
2 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/cmd_examples/oc_get_secret_creds_jp.adoc:
--------------------------------------------------------------------------------
1 | {oc_get_secret} {example_crd_name}-generated-secret -o jsonpath="{.data.identities\.yaml}" | base64 --decode
2 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/cmd_examples/oc_get_secret_operator_creds_jp.adoc:
--------------------------------------------------------------------------------
1 | {oc_get_secret} {example_crd_name}-generated-operator-secret -o jsonpath="{.data.identities\.yaml}" | base64 --decode
2 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/cmd_examples/oc_get_secret_tls.adoc:
--------------------------------------------------------------------------------
1 | {oc_get_secret} {example_crd_name}-cert-secret -o jsonpath='{.data.tls\.crt}' | base64 --decode > tls.crt
2 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/con_fips_mode_cr.adoc:
--------------------------------------------------------------------------------
1 | [id="fips-mode-CR_{context}"]
2 | = FIPS mode for your `Infinispan` CR
3 |
4 | [role="_abstract"]
5 | The {openshiftplatform} can use certain Federal Information Processing Standards (FIPS) components that ensure {openshiftshort} clusters meet the requirements of a FIPS compliance audit.
6 |
7 | If you enabled FIPS mode on your {openshiftshort} cluster then the {ispn_operator} automatically enables FIPS mode for your `Infinispan` custom resource (CR).
8 |
9 | [IMPORTANT]
10 | ====
11 | Client certificate authentication is not currently supported with FIPS mode. Attempts to create `Infinispan` CR with `spec.security.endpointEncryption.clientCert` set to a value other than `None` will fail.
12 | ====
13 |
14 | [role="_additional-resources"]
15 | .Additional resources
16 | * link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/installing/installing-fips#doc-wrapper[Support for FIPS cryptography {openshiftplatform}]
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/con_operator_managed_clusters.adoc:
--------------------------------------------------------------------------------
1 | [id='operator-managed-clusters_{context}']
2 | = Cluster management
3 |
4 | A single {ispn_operator} installation can manage multiple clusters with different {brandname} versions in separate namespaces.
5 | Each time a user applies CRs to modify the deployment, {ispn_operator} applies the changes globally to all {brandname} clusters.
6 |
7 | .Operator-managed clusters
8 | //Community content
9 | ifdef::community[]
10 | image::operator-managed-clusters-ispn.png[This illustration depicts how {ispn_operator} manages multiple clusters on {k8s}.]
11 | endif::community[]
12 | //Downstream content
13 | ifdef::downstream[]
14 | image::operator-managed-clusters.png[This illustration depicts how {ispn_operator} manages multiple clusters on {openshiftshort}.]
15 | endif::downstream[]
16 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/con_services.adoc:
--------------------------------------------------------------------------------
1 | [id='services_{context}']
2 | = Service types
3 |
4 | [role="_abstract"]
5 | Services are stateful applications, based on the {brandname} Server image, that provide flexible and robust in-memory data storage.
6 | {brandname} operator supports only `DataGrid` service type which deploys {brandname} clusters with full configuration and capabilities. `Cache` service type is no longer supported.
7 |
8 | DataGrid` service type for clusters lets you:
9 |
10 | * Back up data across global clusters with cross-site replication.
11 | * Create caches with any valid configuration.
12 | * Add file-based cache stores to save data in a persistent volume.
13 | * Query values across caches using the {brandname} Query API.
14 | * Use advanced {brandname} features and capabilities.
15 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/images/custom-resources-ispn.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/infinispan/infinispan-operator/2e103f5922c4289b67c0da047a47a62ebc306464/documentation/asciidoc/topics/images/custom-resources-ispn.png
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/images/custom-resources.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/infinispan/infinispan-operator/2e103f5922c4289b67c0da047a47a62ebc306464/documentation/asciidoc/topics/images/custom-resources.png
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/images/operator-managed-clusters-ispn.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/infinispan/infinispan-operator/2e103f5922c4289b67c0da047a47a62ebc306464/documentation/asciidoc/topics/images/operator-managed-clusters-ispn.png
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/images/operator-managed-clusters.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/infinispan/infinispan-operator/2e103f5922c4289b67c0da047a47a62ebc306464/documentation/asciidoc/topics/images/operator-managed-clusters.png
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/java/ConfigurationBuilderClientCertificates.java:
--------------------------------------------------------------------------------
1 | import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
2 | ...
3 |
4 | ConfigurationBuilder builder = new ConfigurationBuilder();
5 | builder.security()
6 | .authentication()
7 | .saslMechanism("EXTERNAL")
8 | .ssl()
9 | .keyStoreFileName("/path/to/keystore")
10 | .keyStorePassword("keystorepassword".toCharArray())
11 | .keyStoreType("PCKS12");
12 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/java/ConfigurationBuilderExternal.java:
--------------------------------------------------------------------------------
1 | import org.infinispan.client.hotrod.configuration.ClientIntelligence;
2 | import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
3 | import org.infinispan.client.hotrod.configuration.SaslQop;
4 | ...
5 |
6 | ConfigurationBuilder builder = new ConfigurationBuilder();
7 | builder.addServer()
8 | .host("$HOSTNAME")
9 | .port("$PORT")
10 | .security().authentication()
11 | .username("username")
12 | .password("changeme")
13 | .realm("default")
14 | .saslQop(SaslQop.AUTH)
15 | .saslMechanism("SCRAM-SHA-512")
16 | .ssl()
17 | .sniHostName("$SERVICE_HOSTNAME")
18 | //Create a client trust store with tls.crt from your project.
19 | .trustStoreFileName("/path/to/truststore.pkcs12")
20 | .trustStorePassword("trust_store_password")
21 | .trustStoreType("PCKS12");
22 | builder.clientIntelligence(ClientIntelligence.BASIC);
23 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/java/ConfigurationBuilderInternal.java:
--------------------------------------------------------------------------------
1 | import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
2 | import org.infinispan.client.hotrod.configuration.SaslQop;
3 | import org.infinispan.client.hotrod.impl.ConfigurationProperties;
4 | ...
5 |
6 | ConfigurationBuilder builder = new ConfigurationBuilder();
7 | builder.addServer()
8 | .host("$HOSTNAME")
9 | .port(ConfigurationProperties.DEFAULT_HOTROD_PORT)
10 | .security().authentication()
11 | .username("username")
12 | .password("changeme")
13 | .realm("default")
14 | .saslQop(SaslQop.AUTH)
15 | .saslMechanism("SCRAM-SHA-512")
16 | .ssl()
17 | .sniHostName("$SERVICE_HOSTNAME")
18 | .trustStoreFileName("/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt")
19 | .trustStoreType("pem");
20 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/java/RemoteCacheConfigurationBuilder.java:
--------------------------------------------------------------------------------
1 | import org.infinispan.client.hotrod.DefaultTemplate;
2 | import org.infinispan.client.hotrod.RemoteCache;
3 | import org.infinispan.client.hotrod.RemoteCacheManager;
4 | ...
5 |
6 | builder.remoteCache("my-cache")
7 | .templateName(DefaultTemplate.DIST_SYNC);
8 | builder.remoteCache("another-cache")
9 | .configuration("");
10 | try (RemoteCacheManager cacheManager = new RemoteCacheManager(builder.build())) {
11 | // Get a remote cache that does not exist.
12 | // Rather than return null, create the cache from a template.
13 | RemoteCache cache = cacheManager.getCache("my-cache");
14 | // Store a value.
15 | cache.put("hello", "world");
16 | // Retrieve the value and print it.
17 | System.out.printf("key = %s\n", cache.get("hello"));
18 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/java/RemoteCacheWithXml.java:
--------------------------------------------------------------------------------
1 | import org.infinispan.client.hotrod.RemoteCacheManager;
2 | import org.infinispan.commons.configuration.XMLStringConfiguration;
3 | ...
4 |
5 | private void createCacheWithXMLConfiguration() {
6 | String cacheName = "CacheWithXMLConfiguration";
7 | String xml = String.format("" +
8 | "" +
9 | "" +
10 | "" +
11 | "" +
12 | ""
13 | , cacheName);
14 | manager.administration().getOrCreateCache(cacheName, new XMLStringConfiguration(xml));
15 | System.out.println("Cache with configuration exists or is created.");
16 | }
17 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/json/cloud_events.json:
--------------------------------------------------------------------------------
1 | {
2 | "specversion": "1.0",
3 | "source": "/infinispan//",
4 | "type": "org.infinispan.entry.created",
5 | "time": "",
6 | "subject": "",
7 | "id": "key-name:CommandInvocation:node-name:0",
8 | "data": {
9 | "property": "value"
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_adding_cache_stores.adoc:
--------------------------------------------------------------------------------
1 | [id='adding-cache-stores_{context}']
2 | = Adding persistent cache stores
3 |
4 | [role="_abstract"]
5 | You can add persistent cache stores to {datagridservice} pods to save data to the persistent volume.
6 |
7 | {brandname} creates a Single File cache store, `.dat` file, in the `{pv_path}` directory.
8 |
9 | .Procedure
10 |
11 | * Add the `` element to the `persistence` configuration in your {brandname} cache, as in the following example:
12 | +
13 | [source,xml,options="nowrap",subs=attributes+]
14 | ----
15 | include::xml/file-store-cache.xml[]
16 | ----
17 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_adding_credentials.adoc:
--------------------------------------------------------------------------------
1 | [id='adding-credentials_{context}']
2 | = Adding custom user credentials
3 |
4 | [role="_abstract"]
5 | Configure access to {brandname} cluster endpoints with custom credentials.
6 |
7 | [NOTE]
8 | ====
9 | Modifying `spec.security.endpointSecretName` triggers a cluster restart.
10 | ====
11 |
12 | .Procedure
13 |
14 | . Create an `identities.yaml` file with the credentials that you want to add.
15 | +
16 | [source,yaml,options="nowrap",subs=attributes+]
17 | ----
18 | include::yaml/indentities.yaml[]
19 | ----
20 | +
21 | . Create an authentication secret from `identities.yaml`.
22 | +
23 | [source,options="nowrap",subs=attributes+]
24 | ----
25 | {oc_create} secret generic --from-file=identities.yaml connect-secret
26 | ----
27 | +
28 | . Specify the authentication secret with `spec.security.endpointSecretName` in your `Infinispan` CR and then apply the changes.
29 | +
30 | [source,options="nowrap",subs=attributes+]
31 | ----
32 | include::yaml/authentication_secret.yaml[]
33 | ----
34 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_adding_custom_roles_permissions.adoc:
--------------------------------------------------------------------------------
1 | [id='adding-custom-roles-permissions_{context}']
2 | = Adding custom roles and permissions
3 |
4 | [role="_abstract"]
5 | You can define custom roles with different combinations of permissions.
6 |
7 | .Procedure
8 |
9 | . Open your `Infinispan` CR for editing.
10 | . Specify custom roles and their associated permissions with the `spec.security.authorization.roles` field.
11 | +
12 | [source,yaml,options="nowrap",subs=attributes+]
13 | ----
14 | include::yaml/authz_custom_roles.yaml[]
15 | ----
16 | +
17 | . Apply the changes.
18 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_adding_labels_annotations_env.adoc:
--------------------------------------------------------------------------------
1 | [id='adding-labels-annotations-env_{context}']
2 | = Adding labels and annotations with environment variables
3 |
4 | [role="_abstract"]
5 | Set environment variables for {ispn_operator} to add labels and annotations that automatically propagate to all {brandname} pods and services.
6 |
7 | .Procedure
8 |
9 | Add labels and annotations to your {ispn_operator} subscription with the `spec.config.env` field in one of the following ways:
10 |
11 | * Use the `{oc_edit} subscription` command.
12 | +
13 | [source,options="nowrap",subs=attributes+]
14 | ----
15 | {oc_edit} subscription {subscription_name} -n {subscription_namespace}
16 | ----
17 |
18 | * Use the {openshift} Console.
19 | +
20 | . Navigate to **Operators** > **Installed Operators** > *{ispn_operator}*.
21 | . From the *Actions* menu, select *Edit Subscription*.
22 |
23 | .Labels and annotations with environment variables
24 | [source,yaml,options="nowrap",subs=attributes+]
25 | ----
26 | include::yaml/env_vars_labels_annotations.yaml[]
27 | ----
28 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_allocating_cpu_memory_cross_site.adoc:
--------------------------------------------------------------------------------
1 | [id='allocating-cpu-and-memory-cross-site_{context}']
2 | = Allocating CPU and memory for Gossip router pod
3 |
4 | [role="_abstract"]
5 | Allocate CPU and memory resources to {brandname} Gossip router.
6 |
7 | .Prerequisite
8 | * Have Gossip router enabled. The `service.sites.local.discovery.launchGossipRouter` property must be set to `true`, which is the default value.
9 |
10 | .Procedure
11 |
12 | . Allocate the number of CPU units using the `service.sites.local.discovery.cpu` field.
13 | . Allocate the amount of memory, in bytes, using the `service.sites.local.discovery.memory` field.
14 | +
15 | The `cpu` and `memory` fields have values in the format of `:`.
16 | For example, `cpu: "2000m:1000m"` limits pods to a maximum of `2000m` of CPU and requests `1000m` of CPU for each pod at startup.
17 | Specifying a single value sets both the limit and request.
18 | +
19 | . Apply your `Infinispan` CR.
20 |
21 | [source,options="nowrap",subs=attributes+]
22 | ----
23 | include::yaml/xsite_gossip_router_resources.yaml[]
24 | ----
25 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_batching_configmap.adoc:
--------------------------------------------------------------------------------
1 | [id='batching-configmap_{context}']
2 | = Running batch operations with ConfigMaps
3 |
4 | [role="_abstract"]
5 | Run batch operations that include configuration artifacts.
6 |
7 | .Prerequisites
8 |
9 | * Create a `ConfigMap` that contains any files your batch operations require.
10 |
11 | .Procedure
12 |
13 | . Create a `Batch` CR that specifies the name of a {brandname} cluster as the value of the `spec.cluster` field.
14 | . Set the name of the `ConfigMap` that contains your `batch` file and configuration artifacts with the `spec.configMap` field.
15 | +
16 | [source,yaml,options="nowrap",subs=attributes+]
17 | ----
18 | cat > mybatch.yaml< The name of your `Infinispan` CR
17 |
18 | NOTE: If using metric resource of type `cpu` or `memory`, you must configure request/limits for this resource in your `Infinispan` CR.
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_configuring_logging_categories.adoc:
--------------------------------------------------------------------------------
1 | [id='configuring-logging-levels_{context}']
2 | = Adjusting log levels
3 |
4 | [role="_abstract"]
5 | Change levels for different {brandname} logging categories when you need to debug issues.
6 | You can also adjust log levels to reduce the number of messages for certain categories to minimize the use of container resources.
7 |
8 | .Procedure
9 |
10 | . Configure {brandname} logging with the `spec.logging.categories` field in your `Infinispan` CR.
11 | +
12 | [source,options="nowrap",subs=attributes+]
13 | ----
14 | include::yaml/logging_categories.yaml[]
15 | ----
16 | +
17 | . Apply the changes.
18 | . Retrieve logs from {brandname} pods as required.
19 | +
20 | [source,options="nowrap",subs=attributes+]
21 | ----
22 | {oc_logs} -f $POD_NAME
23 | ----
24 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_configuring_logging_pattern.adoc:
--------------------------------------------------------------------------------
1 | [id='configuring-logging-pattern_{context}']
2 | = Adjusting log pattern
3 |
4 | [role="_abstract"]
5 | To customize the log display for {brandname} log traces, update the log pattern.
6 | If no custom pattern is set, the default format is:
7 | `%d{HH:mm:ss,SSS} %-5p (%t) [%c] %m%throwable%n`
8 |
9 | .Procedure
10 |
11 | . Configure {brandname} logging with the `spec.logging.pattern` field in your `Infinispan` CR.
12 | +
13 | [source,options="nowrap",subs=attributes+]
14 | ----
15 | include::yaml/logging_pattern.yaml[]
16 | ----
17 | +
18 | . Apply the changes.
19 | . Retrieve logs from {brandname} pods as required.
20 | +
21 | [source,options="nowrap",subs=attributes+]
22 | ----
23 | {oc_logs} -f $POD_NAME
24 | ----
25 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_configuring_pod_probes.adoc:
--------------------------------------------------------------------------------
1 | [id='configuring-pod-probes{context}']
2 | = Configuring pod probes
3 |
4 | [role="_abstract"]
5 |
6 | Optionally configure the values of the Liveness, Readiness and Startup probes used by {brandname} pods.
7 |
8 | The {ispn_operator} automatically configures the probe values to sensible defaults. We only recommend providing your own
9 | values once you have determined that the default values do not match your requirements.
10 |
11 | .Procedure
12 | . Configure probe values using the `spec.service.container.*Probe` fields:
13 | +
14 | [source,yaml]
15 | ----
16 | include::yaml/probes.yaml[]
17 | ----
18 | +
19 | [IMPORTANT]
20 | ====
21 | If no value is specified for a given probe value, then the {ispn_operator} default is used.
22 | ====
23 | +
24 | . Apply your `Infinispan` CR.
25 | +
26 | If your cluster is running, {ispn_operator} restarts the {brandname} pods in order for the changes to take effect.
27 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_configuring_service_monitor_target_labels.adoc:
--------------------------------------------------------------------------------
1 | [id='configuring-service-monitor-target-labels_{context}']
2 | = Configuring Service Monitor Target Labels
3 |
4 | [role="_abstract"]
5 | You can configure the generated `ServiceMonitor` to propagate Service labels to the underlying metrics using the ServiceMonitor `spec.targetLabels` field.
6 | Use the Service labels to filter and aggregate the metrics collected from the monitored endpoints.
7 |
8 | .Procedure
9 |
10 | . Define labels to apply to your service by setting the `infinispan.org/targetLabels` annotation in your `Infinispan` CR.
11 | . Specify a comma-separated list of the labels required in your metrics using the `infinispan.org/serviceMonitorTargetLabels` annotation on your `Infinispan` CR.
12 | +
13 | [source,yaml,options="nowrap",subs=attributes+]
14 | ----
15 | include::yaml/infinispan-monitoring-target-labels.yaml[]
16 | ----
17 | +
18 | . Apply the changes.
19 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_connecting_console.adoc:
--------------------------------------------------------------------------------
1 | [id='connecting-console_{context}']
2 | = Accessing {brandname} Console
3 |
4 | [role="_abstract"]
5 | Access the console to create caches, perform adminstrative operations, and monitor your {brandname} clusters.
6 |
7 | .Prerequisites
8 |
9 | * Expose {brandname} on the network so you can access the console through a browser. +
10 | For example, configure a `LoadBalancer` service or create a `Route`.
11 |
12 | .Procedure
13 |
14 | * Access the console from any browser at `$HOSTNAME:$PORT`.
15 | +
16 | Replace `$HOSTNAME:$PORT` with the network location where {brandname} is available.
17 |
18 | NOTE: The {brandname} Console should only be accessed via {k8s} services or an {openshiftshort} `Route` exposing port 11222.
19 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_connecting_rest.adoc:
--------------------------------------------------------------------------------
1 | [id='connecting-rest_{context}']
2 | = Accessing the REST API
3 |
4 | [role="_abstract"]
5 | {brandname} provides a RESTful interface that you can interact with using HTTP clients.
6 |
7 | .Prerequisites
8 |
9 | * Expose {brandname} on the network so you can access the REST API. +
10 | For example, configure a `LoadBalancer` service or create a `Route`.
11 |
12 | .Procedure
13 |
14 | * Access the REST API with any HTTP client at `$HOSTNAME:$PORT/rest/v2`.
15 | +
16 | Replace `$HOSTNAME:$PORT` with the network location where {brandname} listens for client connections.
17 |
18 | [role="_additional-resources"]
19 | .Additional resources
20 | * link:{rest_docs}[{brandname} REST API]
21 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_creating_datagrid_service.adoc:
--------------------------------------------------------------------------------
1 | [id='creating-datagrid-service_{context}']
2 | = Creating {datagridservice} pods
3 |
4 | [role="_abstract"]
5 | To use custom cache definitions along with {brandname} capabilities such as cross-site replication, create clusters of {datagridservice} pods.
6 |
7 | .Procedure
8 |
9 | . Create an `Infinispan` CR that sets `spec.service.type: DataGrid` and configures any other {datagridservice} resources.
10 | +
11 | [source,yaml,options="nowrap",subs=attributes+]
12 | ----
13 | include::yaml/service_type_datagrid.yaml[]
14 | ----
15 | +
16 | [IMPORTANT]
17 | ====
18 | You cannot change the `spec.service.type` field after you create pods.
19 | To change the service type, you must delete the existing pods and create new ones.
20 | ====
21 | . Apply your `Infinispan` CR to create the cluster.
22 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_disabling_authentication.adoc:
--------------------------------------------------------------------------------
1 | [id='disabling-authentication_{context}']
2 | = Disabling user authentication
3 |
4 | [role="_abstract"]
5 | Allow users to access {brandname} clusters and manipulate data without providing credentials.
6 |
7 | [IMPORTANT]
8 | ====
9 | Do not disable authentication if endpoints are accessible from outside the {k8s} cluster via `spec.expose.type`.
10 | You should disable authentication for development environments only.
11 | ====
12 |
13 | .Procedure
14 |
15 | . Set `false` as the value for the `spec.security.endpointAuthentication` field in your `Infinispan` CR.
16 | +
17 | [source,options="nowrap",subs=attributes+]
18 | ----
19 | include::yaml/authentication_disabled.yaml[]
20 | ----
21 | +
22 | . Apply the changes.
23 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_disabling_encryption.adoc:
--------------------------------------------------------------------------------
1 | [id='disabling-encryption_{context}']
2 | = Disabling encryption
3 |
4 | [role="_abstract"]
5 | You can disable encryption so clients do not need TLS certificates to establish connections with {brandname}.
6 |
7 | [IMPORTANT]
8 | ====
9 | Do not disable encryption if endpoints are accessible from outside the {k8s} cluster via `spec.expose.type`.
10 | You should disable encryption for development environments only.
11 | ====
12 |
13 | .Procedure
14 |
15 | . Set `None` as the value for the `spec.security.endpointEncryption.type` field in your `Infinispan` CR.
16 | +
17 | [source,options="nowrap",subs=attributes+]
18 | ----
19 | include::yaml/encryption_disabled.yaml[]
20 | ----
21 | +
22 | . Apply the changes.
23 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_disabling_service_monitor.adoc:
--------------------------------------------------------------------------------
1 | [id='disabling-service-monitor_{context}']
2 | = Disabling the Prometheus service monitor
3 |
4 | [role="_abstract"]
5 | You can disable the `ServiceMonitor` if you do not want Prometheus to scrape metrics for your {brandname} cluster.
6 |
7 | .Procedure
8 |
9 | . Set `'false'` as the value for the `infinispan.org/monitoring` annotation in your `Infinispan` CR.
10 | +
11 | [source,yaml,options="nowrap",subs=attributes+]
12 | ----
13 | include::yaml/infinispan-monitoring-false.yaml[]
14 | ----
15 | +
16 | . Apply the changes.
17 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_enabling_authorization.adoc:
--------------------------------------------------------------------------------
1 | [id='allocating-storage_{context}']
2 | = Enabling security authorization
3 |
4 | [role="_abstract"]
5 | By default authorization is disabled to ensure backwards compatibility with `Infinispan` CR instances.
6 | Complete the following procedure to enable authorization and use role-based access control (RBAC) for {brandname} users.
7 |
8 | .Procedure
9 |
10 | . Set `true` as the value for the `spec.security.authorization.enabled` field in your `Infinispan` CR.
11 | +
12 | [source,yaml,options="nowrap",subs=attributes+]
13 | ----
14 | include::yaml/authz_enable.yaml[]
15 | ----
16 | +
17 | . Apply the changes.
18 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_exposing_loadbalancer.adoc:
--------------------------------------------------------------------------------
1 | [id='exposing-loadbalancer_{context}']
2 | = Exposing {brandname} through a LoadBalancer service
3 |
4 | [role="_abstract"]
5 | Use a `LoadBalancer` service to make {brandname} clusters available to clients running outside {k8s}.
6 |
7 | [NOTE]
8 | ====
9 | To access {brandname} with unencrypted Hot Rod client connections you must use
10 | a `LoadBalancer` service.
11 | ====
12 |
13 | .Procedure
14 |
15 | . Include `spec.expose` in your `Infinispan` CR.
16 | . Specify `LoadBalancer` as the service type with the `spec.expose.type` field.
17 | . Optionally specify the network port where the service is exposed with the `spec.expose.port` field.
18 | +
19 | [source,options="nowrap",subs=attributes+]
20 | ----
21 | include::yaml/expose_type_load_balancer.yaml[]
22 | ----
23 | +
24 | . Apply the changes.
25 | . Verify that the `-external` service is available.
26 | +
27 | [source,options="nowrap",subs=attributes+]
28 | ----
29 | {oc_get_services} | grep external
30 | ----
31 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_exposing_nodeport.adoc:
--------------------------------------------------------------------------------
1 | [id='exposing-nodeport_{context}']
2 | = Exposing {brandname} through a NodePort service
3 |
4 | [role="_abstract"]
5 | Use a `NodePort` service to expose {brandname} clusters on the network.
6 |
7 | .Procedure
8 |
9 | . Include `spec.expose` in your `Infinispan` CR.
10 | . Specify `NodePort` as the service type with the `spec.expose.type` field.
11 | . Configure the port where {brandname} is exposed with the `spec.expose.nodePort` field.
12 | +
13 | [source,options="nowrap",subs=attributes+]
14 | ----
15 | include::yaml/expose_type_node_port.yaml[]
16 | ----
17 | +
18 | . Apply the changes.
19 | . Verify that the `-external` service is available.
20 | +
21 | [source,options="nowrap",subs=attributes+]
22 | ----
23 | {oc_get_services} | grep external
24 | ----
25 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_getting_internal_service.adoc:
--------------------------------------------------------------------------------
1 | [id='getting-internal-service_{context}']
2 | = Getting the service for internal connections
3 |
4 | [role="_abstract"]
5 | By default, {ispn_operator} creates a service that provides access to {brandname} clusters from clients running on {k8s}.
6 |
7 | This internal service has the same name as your {brandname} cluster, for example:
8 |
9 | [source,yaml,options="nowrap",subs=attributes+]
10 | ----
11 | include::yaml/metadata_name.yaml[]
12 | ----
13 |
14 | .Procedure
15 |
16 | * Check that the internal service is available as follows:
17 | +
18 | [source,options="nowrap",subs=attributes+]
19 | ----
20 | {oc_get_services}
21 | ----
22 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_handling_failed_backups.adoc:
--------------------------------------------------------------------------------
1 | [id='handling-failed-backups_{context}']
2 | = Handling failed backup and restore operations
3 |
4 | [role="_abstract"]
5 | If the `status.phase` field of the `Backup` or `Restore` CR is `Failed`, you should examine pod logs to determine the root cause before you attempt the operation again.
6 |
7 | .Procedure
8 |
9 | . Examine the logs for the pod that performed the failed operation.
10 | +
11 | Pods are terminated but remain available until you delete the `Backup` or `Restore` CR.
12 | +
13 | [source,options="nowrap",subs=attributes+]
14 | ----
15 | {oc_logs}
16 | ----
17 | +
18 | . Resolve any error conditions or other causes of failure as indicated by the pod logs.
19 | . Create a new instance of the `Backup` or `Restore` CR and attempt the operation again.
20 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_initiating_cluster_upgrade.adoc:
--------------------------------------------------------------------------------
1 | [id='initiating-cluster-upgrades_{context}']
2 | = Initiating cluster upgrades
3 |
4 | [role="_abstract"]
5 | Modify the `spec.version` field in your `Infinispan` CR to upgrade the {brandname} version of your cluster.
6 |
7 | .Prerequisite
8 |
9 | * The {ispn_operator} version you have installed supports the {brandname} target version.
10 |
11 | .Procedure
12 |
13 | . Specify the version number in the `spec.version` field in your `Infinispan` CR.
14 | +
15 | [source,yaml,options="nowrap",subs=attributes+]
16 | ----
17 | spec:
18 | replicas: 2
19 | version: <{brandname}_version>
20 | ----
21 | +
22 | . Apply your changes.
23 | +
24 | {ispn_operator} initiates the upgrade of your cluster to the version you specified.
25 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_installing_grafana_operator.adoc:
--------------------------------------------------------------------------------
1 | [id='installing-grafana-operator_{context}']
2 | = Installing the Grafana Operator
3 |
4 | [role="_abstract"]
5 | To support various needs, {ispn_operator} integrates with the community version of the Grafana Operator to create dashboards for {brandname} services.
6 |
7 | Until Grafana is integrated with {openshiftshort} user workload monitoring, the only option is to rely on the community version.
8 | You can install the Grafana Operator on {openshiftshort} from the **OperatorHub** and should create a subscription for the **alpha** channel.
9 |
10 | However, as is the policy for all Community Operators, Red Hat does not certify the Grafana Operator and does not provide support for it in combination with {brandname}.
11 | When you install the Grafana Operator you are prompted to acknowledge a warning about the community version before you can continue.
12 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_installing_operator_hub.adoc:
--------------------------------------------------------------------------------
1 | [id='install-operatorhub_{context}']
2 | = Installing {ispn_operator} from OperatorHub.io
3 |
4 | [role="_abstract"]
5 | Use the command line to install {ispn_operator} from https://operatorhub.io/operator/infinispan[OperatorHub.io].
6 |
7 | .Prerequisites
8 |
9 | * {okd} 3.11 or later.
10 | * {k8s} 1.11 or later.
11 | * Ensure the Operator Lifecycle Manager (OLM) is installed.
12 | * Have administrator access on the {k8s} cluster.
13 | * Have a `kubectl` or `oc` client.
14 |
15 | .Procedure
16 |
17 | . Navigate to the {ispn_operator} entry on https://operatorhub.io/operator/infinispan[OperatorHub.io].
18 | . Follow the instructions to install {ispn_operator} into your {k8s} cluster.
19 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_installing_operator_manually.adoc:
--------------------------------------------------------------------------------
1 | [id='install-manually_{context}']
2 | = Building and installing {ispn_operator} manually
3 |
4 | [role="_abstract"]
5 | Manually build and install {ispn_operator} from the GitHub repository.
6 |
7 | .Procedure
8 |
9 | * Follow the appropriate instructions in the link:https://github.com/infinispan/infinispan-operator/blob/main/README.md[{ispn_operator} README].
10 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_providing_client_truststores.adoc:
--------------------------------------------------------------------------------
1 | [id='providing-client-truststores_{context}']
2 | = Providing client truststores
3 |
4 | [role="_abstract"]
5 | If you have a trust store that contains the required certificates you can make it available to {ispn_operator}.
6 |
7 | {brandname} supports trust stores in `PKCS12` format only.
8 |
9 | .Procedure
10 |
11 | . Specify the name of the secret that contains the client trust store as the value of the `metadata.name` field.
12 | +
13 | [NOTE]
14 | ====
15 | The name must match the value of the `spec.security.endpointEncryption.clientCertSecretName` field.
16 | ====
17 | +
18 | . Provide the password for the trust store with the `stringData.truststore-password` field.
19 | . Specify the trust store with the `data.truststore.p12` field.
20 | +
21 | [source,yaml,options="nowrap",subs=attributes+]
22 | ----
23 | include::yaml/cert_auth_truststores.yaml[]
24 | ----
25 | +
26 | . Apply the changes.
27 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_recovering_rolling_upgrades.adoc:
--------------------------------------------------------------------------------
1 | [id='recovering_rolling_upgrades_{context}']
2 | = Recovering from a failed Hot Rod rolling upgrade
3 |
4 | [role="_abstract"]
5 | You can roll back a failed Hot Rod rolling upgrade to the previous version if the original cluster is still present.
6 |
7 | .Prerequisites
8 |
9 | * Hot Rod rolling upgrade is in progress and the initial {brandname} cluster is present.
10 |
11 | .Procedure
12 | . Ensure the Hot Rod rolling upgrade is in progress.
13 | +
14 | [source,options="nowrap",subs=attributes+]
15 | ----
16 | {oc_get_infinispan} -o yaml
17 | ----
18 | +
19 | The `status.hotRodRollingUpgradeStatus` field must be present.
20 | +
21 | . Update `spec.version` field of your `Infinispan CR` to the original cluster version defined in the `status.hotRodRollingUpgradeStatus`.
22 | +
23 | {ispn_operator} deletes the newly created cluster.
24 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_retrieving_cluster_ip.adoc:
--------------------------------------------------------------------------------
1 | [id='retrieving-cluster-ip_{context}']
2 | = Retrieving cluster IP addresses
3 |
4 | [role="_abstract"]
5 | Services that provide access to {brandname} have cluster IP addresses that you
6 | can use with client connections.
7 |
8 | .Procedure
9 |
10 | * Get {brandname} cluster IP address as follows:
11 | +
12 | [source,options="nowrap",subs=attributes+]
13 | ----
14 | {oc_get_service} {example_crd_name} -o jsonpath={.spec.clusterIP}
15 | ----
16 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_retrieving_credentials.adoc:
--------------------------------------------------------------------------------
1 | [id='retrieving-credentials_{context}']
2 | = Retrieving credentials
3 |
4 | [role="_abstract"]
5 | Get credentials from authentication secrets to access {brandname} clusters.
6 |
7 | .Procedure
8 |
9 | * Retrieve credentials from authentication secrets.
10 | +
11 | [source,options="nowrap",subs=attributes+]
12 | ----
13 | include::cmd_examples/oc_get_secret_creds.adoc[]
14 | ----
15 | +
16 | Base64-decode credentials.
17 | +
18 | [source,options="nowrap",subs=attributes+]
19 | ----
20 | include::cmd_examples/oc_get_secret_creds_jp.adoc[]
21 | ----
22 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_retrieving_tls_certificates.adoc:
--------------------------------------------------------------------------------
1 | [id='retrieving-tls-certificates_{context}']
2 | = Retrieving TLS certificates
3 |
4 | [role="_abstract"]
5 | Get TLS certificates from encryption secrets to create client trust stores.
6 |
7 | .Procedure
8 |
9 | * Retrieve `tls.crt` from encryption secrets as follows:
10 | +
11 | [source,options="nowrap",subs=attributes+]
12 | ----
13 | include::cmd_examples/oc_get_secret_tls.adoc[]
14 | ----
15 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_setting_jvm_options.adoc:
--------------------------------------------------------------------------------
1 | [id='setting-jvm-options_{context}']
2 | = Setting JVM options
3 |
4 | [role="_abstract"]
5 | Pass additional JVM options to {brandname} pods at startup.
6 |
7 | .Procedure
8 |
9 | . Configure JVM options with the `spec.container` filed in your `Infinispan` CR.
10 | . Apply your `Infinispan` CR.
11 | +
12 | If your cluster is running, {ispn_operator} restarts the {brandname} pods so changes take effect.
13 |
14 | .JVM options
15 | [source,options="nowrap",subs=attributes+]
16 | ----
17 | include::yaml/container_extra_jvm_opts.yaml[]
18 | ----
19 |
20 | [%autowidth,cols="1,1",stripes=even]
21 | |===
22 | |Field | Description
23 |
24 | |`spec.container.extraJvmOpts`
25 | | Specifies additional JVM options for the {brandname} Server.
26 |
27 | |`spec.container.routerExtraJvmOpts`
28 | | Specifies additional JVM options for the Gossip router.
29 |
30 | | `spec.container.cliExtraJvmOpts`
31 | | Specifies additional JVM options for the {brandname} CLI.
32 | |===
33 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_specifying_server_image.adoc:
--------------------------------------------------------------------------------
1 | [id='specifying-server-image_{context}']
2 | = Specifying {brandname} Server images
3 |
4 | [role="_abstract"]
5 | Specify which {brandname} Server image {ispn_operator} should use to create pods with the `spec.image` field.
6 |
7 | [source,yaml,options="nowrap",subs=attributes+]
8 | ----
9 | spec:
10 | image: {server_image}:latest
11 | ----
12 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_upgrading_clusters_rolling.adoc:
--------------------------------------------------------------------------------
1 | [id='upgrading-clusters-rolling_{context}']
2 | = Performing Hot Rod rolling upgrades for {brandname} clusters
3 |
4 | [role="_abstract"]
5 | Performing Hot Rod rolling upgrades lets you move to a new {brandname} version without service disruption.
6 | However, this upgrade type requires additional capacity and temporarily results in two {brandname} clusters with different versions running concurrently.
7 |
8 | .Prerequisite
9 |
10 | * The {ispn_operator} version you have installed supports the {brandname} target version.
11 |
12 | .Procedure
13 |
14 | . Specify the {brandname} version number in the `spec.version` field.
15 | . Specify `HotRodRolling` as the value for the `spec.upgrades.type` field.
16 | +
17 | [source,options="nowrap",subs=attributes+]
18 | ----
19 | include::yaml/upgrade_type_hotrodrolling.yaml[]
20 | ----
21 | +
22 | . Apply your changes.
23 |
24 | When new {brandname} version becomes available, you must manually change the value in the `spec.version` field to trigger the upgrade.
25 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/proc_using_custom_encryption_secrets.adoc:
--------------------------------------------------------------------------------
1 | [id='using-custom-encryption-secrets_{context}']
2 | = Using custom TLS certificates
3 |
4 | [role="_abstract"]
5 | Use custom PKCS12 keystore or TLS certificate/key pairs to encrypt connections between clients and {brandname} clusters.
6 |
7 | .Prerequisites
8 |
9 | * Create either a keystore or certificate secret.
10 | +
11 | [NOTE]
12 | ====
13 | The secret must be unique to each `Infinispan` CR instance in the {k8s} cluster.
14 | When you delete the `Infinispan` CR, {k8s} also automatically deletes the associated secret.
15 | ====
16 |
17 | .Procedure
18 |
19 | . Add the encryption secret to your {openshiftshort} namespace, for example:
20 | +
21 | [source,options="nowrap",subs=attributes+]
22 | ----
23 | {oc_apply_cr} tls_secret.yaml
24 | ----
25 | +
26 | . Specify the encryption secret with the `spec.security.endpointEncryption.certSecretName` field in your
27 | `Infinispan` CR.
28 | +
29 | [source,options="nowrap",subs=attributes+]
30 | ----
31 | include::yaml/encryption_custom_secret.yaml[]
32 | ----
33 | +
34 | . Apply the changes.
35 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/properties/hotrod-client-external.properties:
--------------------------------------------------------------------------------
1 | # Connection
2 | infinispan.client.hotrod.server_list=$HOSTNAME:$PORT
3 |
4 | # Client intelligence
5 | infinispan.client.hotrod.client_intelligence=BASIC
6 |
7 | # Authentication
8 | infinispan.client.hotrod.use_auth=true
9 | infinispan.client.hotrod.auth_username=developer
10 | infinispan.client.hotrod.auth_password=$PASSWORD
11 | infinispan.client.hotrod.auth_server_name=$CLUSTER_NAME
12 | infinispan.client.hotrod.sasl_properties.javax.security.sasl.qop=auth
13 | infinispan.client.hotrod.sasl_mechanism=SCRAM-SHA-512
14 |
15 | # Encryption
16 | infinispan.client.hotrod.sni_host_name=$SERVICE_HOSTNAME
17 | # Create a client trust store with tls.crt from your project.
18 | infinispan.client.hotrod.trust_store_file_name=/path/to/truststore.pkcs12
19 | infinispan.client.hotrod.trust_store_password=trust_store_password
20 | infinispan.client.hotrod.trust_store_type=PCKS12
21 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/properties/hotrod-client-internal.properties:
--------------------------------------------------------------------------------
1 | # Connection
2 | infinispan.client.hotrod.server_list=$HOSTNAME:$PORT
3 |
4 | # Authentication
5 | infinispan.client.hotrod.use_auth=true
6 | infinispan.client.hotrod.auth_username=developer
7 | infinispan.client.hotrod.auth_password=$PASSWORD
8 | infinispan.client.hotrod.auth_server_name=$CLUSTER_NAME
9 | infinispan.client.hotrod.sasl_properties.javax.security.sasl.qop=auth
10 | infinispan.client.hotrod.sasl_mechanism=SCRAM-SHA-512
11 |
12 | # Encryption
13 | infinispan.client.hotrod.sni_host_name=$SERVICE_HOSTNAME
14 | infinispan.client.hotrod.trust_store_file_name=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
15 | infinispan.client.hotrod.trust_store_type=pem
16 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/ref_backup_restore_status.adoc:
--------------------------------------------------------------------------------
1 | [id='backup-restore-status_{context}']
2 | = Backup and restore status
3 |
4 | [role="_abstract"]
5 | `Backup` and `Restore` CRs include a `status.phase` field that provides the status for each phase of the operation.
6 |
7 | [%header,cols=2*]
8 | |===
9 | |Status
10 | |Description
11 |
12 | |`Initializing`
13 | |The system has accepted the request and the controller is preparing the underlying resources to create the pod.
14 |
15 | |`Initialized`
16 | |The controller has prepared all underlying resources successfully.
17 |
18 | |`Running`
19 | |The pod is created and the operation is in progress on the {brandname} cluster.
20 |
21 | |`Succeeded`
22 | |The operation has completed successfully on the {brandname} cluster and the pod is terminated.
23 |
24 | |`Failed`
25 | |The operation did not successfully complete and the pod is terminated.
26 |
27 | |`Unknown`
28 | |The controller cannot obtain the status of the pod or determine the state of the operation. This condition typically indicates a temporary communication error with the pod.
29 | |===
30 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/ref_batch_status.adoc:
--------------------------------------------------------------------------------
1 | [id='batch-status_{context}']
2 | = Batch status messages
3 |
4 | [role="_abstract"]
5 | Verify and troubleshoot batch operations with the `status.Phase` field in the `Batch` CR.
6 |
7 | [%header,cols=2*]
8 | |===
9 | |Phase
10 | |Description
11 |
12 | |`Succeeded`
13 | |All batch operations have completed successfully.
14 |
15 | |`Initializing`
16 | |Batch operations are queued and resources are initializing.
17 |
18 | |`Initialized`
19 | |Batch operations are ready to start.
20 |
21 | |`Running`
22 | |Batch operations are in progress.
23 |
24 | |`Failed`
25 | |One or more batch operations were not successful.
26 |
27 | |===
28 |
29 | .Failed operations
30 |
31 | Batch operations are not atomic.
32 | If a command in a batch script fails, it does not affect the other operations or cause them to rollback.
33 |
34 | [NOTE]
35 | ====
36 | If your batch operations have any server or syntax errors, you can view log messages in the `Batch` CR in the `status.Reason` field.
37 | ====
38 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/ref_cross_site_tls_secrets.adoc:
--------------------------------------------------------------------------------
1 | [id='cross-site-encryption-secrets_{context}']
2 | = Cross-site encryption secrets
3 |
4 | [role="_abstract"]
5 | Cross-site replication encryption secrets add keystores and trust store for securing cross-site connections.
6 |
7 | .Cross-site encryption secrets
8 | [source,options="nowrap",subs=attributes+]
9 | ----
10 | include::yaml/xsite_tls_secrets.yaml[]
11 | ----
12 |
13 | [%header,cols=2*]
14 | |===
15 | |Field
16 | |Description
17 |
18 | |`stringData.password`
19 | |Specifies the password for the keystore or trust store.
20 |
21 | |`stringData.type`
22 | |Optionally specifies the keystore or trust store type. The default value is `pkcs12`.
23 |
24 | |`data.`
25 | |Adds a base64-encoded keystore or trust store.
26 |
27 | |===
28 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/ref_custom_encryption_secrets.adoc:
--------------------------------------------------------------------------------
1 | [id='custom-encryption-secrets_{context}']
2 | = Custom encryption secrets
3 |
4 | [role="_abstract"]
5 | Custom encryption secrets that add keystores or certificate/key pairs to secure {brandname} connections must contain specific fields.
6 |
7 | .Keystore secrets
8 | [source,options="nowrap",subs=attributes+]
9 | ----
10 | include::yaml/encryption_keystore_secret.yaml[]
11 | ----
12 |
13 | [%header,cols=2*]
14 | |===
15 | |Field
16 | |Description
17 |
18 | |`stringData.alias`
19 | |Specifies an alias for the keystore.
20 |
21 | |`stringData.password`
22 | |Specifies the keystore password.
23 |
24 | |`data.keystore.p12`
25 | |Adds a base64-encoded keystore.
26 |
27 | |===
28 |
29 | .Certificate secrets
30 | [source,options="nowrap",subs=attributes+]
31 | ----
32 | include::yaml/encryption_certificate_secret.yaml[]
33 | ----
34 |
35 | [%header,cols=2*]
36 | |===
37 | |Field
38 | |Description
39 |
40 | |`data.tls.key`
41 | |Adds a base64-encoded TLS key.
42 |
43 | |`data.tls.crt`
44 | |Adds a base64-encoded TLS certificate.
45 |
46 | |===
47 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/ref_default_credentials.adoc:
--------------------------------------------------------------------------------
1 | [id='default-credentials_{context}']
2 | = Default credentials
3 |
4 | [role="_abstract"]
5 | {ispn_operator} generates base64-encoded credentials for the following users:
6 |
7 | [%autowidth,cols="1,1,1",stripes=even]
8 | |===
9 | |User |Secret name |Description
10 |
11 | |`developer`
12 | |`{example_crd_name}-generated-secret`
13 | |Credentials for the default application user.
14 |
15 | |`operator`
16 | |`{example_crd_name}-generated-operator-secret`
17 | |Credentials that {ispn_operator} uses to interact with {brandname} resources.
18 | |===
19 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/ref_persistent_cache_store.adoc:
--------------------------------------------------------------------------------
1 | [id='persistent-volume-claims_{context}']
2 | = Persistent volume claims
3 |
4 | [role="_abstract"]
5 | {ispn_operator} creates a persistent volume claim (PVC) and mounts container storage at: +
6 | `{pv_path}`
7 |
8 | .Caches
9 | When you create caches, {brandname} permanently stores their configuration so your caches are available after cluster restarts.
10 |
11 | .Data
12 | Use a file-based cache store, by adding the `` element to your {brandname} cache configuration, if you want {datagridservice} pods to persist data during cluster shutdown.
13 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/ref_supported_versions.adoc:
--------------------------------------------------------------------------------
1 | [id='supported-versions_{context}']
2 | = Supported versions
3 |
4 | [role="_abstract"]
5 | Since version 2.3.0 {ispn_operator} supports multiple {brandname} Server versions.
6 | You can upgrade the version of your cluster between supported {brandname} versions:
7 |
8 | include::supported_operands/operand_table.adoc[]
9 |
10 | [IMPORTANT]
11 | ====
12 | Operand versions `15.1.0` and `15.1.1` should be skipped when upgrading from the `15.0.x` stream,
13 | due to https://github.com/infinispan/infinispan/issues/13519[#13519] which may cause issues if invalidation caches are present or if attempting to restore from backups created with prior Infinispan versions.
14 | ====
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/ref_tech_preview.adoc:
--------------------------------------------------------------------------------
1 | // Downstream only
2 | [id='tech-preview_{context}']
3 | = Technology Previews
4 |
5 | [role="_abstract"]
6 | Technology Preview features or capabilities are not supported with Red Hat
7 | production service-level agreements (SLAs) and might not be functionally
8 | complete.
9 |
10 | Red Hat does not recommend using Technology Preview features or capabilities for production.
11 | These features provide early access to upcoming product features, which enables you to test functionality and provide feedback during the development process.
12 |
13 | For more information, see link:{link_tech_preview}.
14 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_3_7.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 13.0.10
6 | 14.0.1
7 | 14.0.6
8 | 14.0.9
9 | 14.0.13
10 | 14.0.17
11 | 14.0.19
12 | 14.0.20
13 | 14.0.21
14 | 14.0.24
15 | 14.0.27
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_0.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 13.0.10
6 | 14.0.1
7 | 14.0.6
8 | 14.0.9
9 | 14.0.13
10 | 14.0.17
11 | 14.0.19
12 | 14.0.20
13 | 14.0.21
14 | 14.0.24
15 | 14.0.27
16 | 15.0.0
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_1.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 13.0.10
6 | 14.0.1
7 | 14.0.6
8 | 14.0.9
9 | 14.0.13
10 | 14.0.17
11 | 14.0.19
12 | 14.0.20
13 | 14.0.21
14 | 14.0.24
15 | 14.0.27
16 | = 15.0.0
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_10.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.5
20 | 15.0.8
21 | 15.0.10
22 | 15.0.11
23 | 15.0.13
24 | 15.1.0
25 | 15.1.1
26 | 15.1.3
27 | 15.1.4
28 | 15.1.5
29 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_11.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.5
20 | 15.0.8
21 | 15.0.10
22 | 15.0.11
23 | 15.0.13
24 | 15.0.14
25 | 15.1.0
26 | 15.1.1
27 | 15.1.3
28 | 15.1.4
29 | 15.1.5
30 | 15.1.7
31 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_12.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.5
20 | 15.0.8
21 | 15.0.10
22 | 15.0.11
23 | 15.0.13
24 | 15.0.14
25 | 15.1.0
26 | 15.1.1
27 | 15.1.3
28 | 15.1.4
29 | 15.1.5
30 | 15.1.7
31 | 15.2.1
32 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_2.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 13.0.10
6 | 14.0.1
7 | 14.0.6
8 | 14.0.9
9 | 14.0.13
10 | 14.0.17
11 | 14.0.19
12 | 14.0.20
13 | 14.0.21
14 | 14.0.24
15 | 14.0.27
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_3.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 15.0.0
16 | 15.0.3
17 | 15.0.4
18 | 15.0.5
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_4.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.8
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_5.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.5
20 | 15.0.8
21 | 15.0.10
22 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_6.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.5
20 | 15.0.8
21 | 15.0.10
22 | 15.0.11
23 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_7.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.5
20 | 15.0.8
21 | 15.0.10
22 | 15.0.11
23 | 15.1.0
24 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_8.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.5
20 | 15.0.8
21 | 15.0.10
22 | 15.0.11
23 | 15.1.0
24 | 15.1.1
25 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_4_9.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.5
20 | 15.0.8
21 | 15.0.10
22 | 15.0.11
23 | 15.1.0
24 | 15.1.1
25 | 15.1.3
26 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/2_5_0.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually.
3 | To add additional Operands to this file, update the `INFINISPAN_OPERAND_VERSIONS` array in `config/manager/manager.yaml`.
4 | ////
5 | 14.0.1
6 | 14.0.6
7 | 14.0.9
8 | 14.0.13
9 | 14.0.17
10 | 14.0.19
11 | 14.0.20
12 | 14.0.21
13 | 14.0.24
14 | 14.0.27
15 | 14.0.32
16 | 15.0.0
17 | 15.0.3
18 | 15.0.4
19 | 15.0.5
20 | 15.0.8
21 | 15.0.10
22 | 15.0.11
23 | 15.0.13
24 | 15.0.14
25 | 15.0.15
26 | 15.1.0
27 | 15.1.1
28 | 15.1.3
29 | 15.1.4
30 | 15.1.5
31 | 15.1.7
32 | 15.2.1
33 | 15.2.2
34 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/supported_operands/operand_table.adoc:
--------------------------------------------------------------------------------
1 | ////
2 | Auto-generated file, do not update this manually, instead update `scripts/ci/docs_generate_operator_operand_table.sh`
3 | ////
4 | [%header,cols=2*]
5 | |===
6 | | {ispn_operator} version
7 | | {brandname} Server versions
8 | |
9 | 2.3.7
10 | a|
11 | include::2_3_7.adoc[]
12 | |
13 | 2.4.0
14 | a|
15 | include::2_4_0.adoc[]
16 | |
17 | 2.4.1
18 | a|
19 | include::2_4_1.adoc[]
20 | |
21 | 2.4.10
22 | a|
23 | include::2_4_10.adoc[]
24 | |
25 | 2.4.11
26 | a|
27 | include::2_4_11.adoc[]
28 | |
29 | 2.4.12
30 | a|
31 | include::2_4_12.adoc[]
32 | |
33 | 2.4.2
34 | a|
35 | include::2_4_2.adoc[]
36 | |
37 | 2.4.3
38 | a|
39 | include::2_4_3.adoc[]
40 | |
41 | 2.4.4
42 | a|
43 | include::2_4_4.adoc[]
44 | |
45 | 2.4.5
46 | a|
47 | include::2_4_5.adoc[]
48 | |
49 | 2.4.6
50 | a|
51 | include::2_4_6.adoc[]
52 | |
53 | 2.4.7
54 | a|
55 | include::2_4_7.adoc[]
56 | |
57 | 2.4.8
58 | a|
59 | include::2_4_8.adoc[]
60 | |
61 | 2.4.9
62 | a|
63 | include::2_4_9.adoc[]
64 | |
65 | 2.5.0
66 | a|
67 | include::2_5_0.adoc[]
68 | |===
69 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/sync/json/cache_template_inheritance.json:
--------------------------------------------------------------------------------
1 | {
2 | "infinispan" : {
3 | "cache-container" : {
4 | "caches" : {
5 | "base-template" : {
6 | "distributed-cache-configuration" : {
7 | "expiration" : {
8 | "lifespan" : "5000"
9 | }
10 | }
11 | },
12 | "extended-template" : {
13 | "distributed-cache-configuration" : {
14 | "configuration" : "base-template",
15 | "encoding": {
16 | "media-type": "application/x-protostream"
17 | },
18 | "expiration" : {
19 | "lifespan" : "10000",
20 | "max-idle" : "1000"
21 | }
22 | }
23 | }
24 | }
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/sync/xml/cache_template_inheritance.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
8 |
9 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/sync/yaml/cache_template_inheritance.yaml:
--------------------------------------------------------------------------------
1 | infinispan:
2 | cacheContainer:
3 | caches:
4 | base-template:
5 | distributedCacheConfiguration:
6 | expiration:
7 | lifespan: "5000"
8 | extended-template:
9 | distributedCacheConfiguration:
10 | configuration: "base-template"
11 | encoding:
12 | mediaType: "application/x-protostream"
13 | expiration:
14 | lifespan: "10000"
15 | maxIdle: "1000"
16 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/xml/alias_credentials_config.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/xml/dist-sync-cache.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/xml/file-store-cache.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/affinity_nodes_prefer.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | affinity:
3 | podAntiAffinity:
4 | preferredDuringSchedulingIgnoredDuringExecution:
5 | - weight: 100
6 | podAffinityTerm:
7 | labelSelector:
8 | matchLabels:
9 | app: infinispan-pod
10 | clusterName:
11 | infinispan_cr:
12 | topologyKey: "kubernetes.io/hostname"
13 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/affinity_nodes_require.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | affinity:
3 | podAntiAffinity:
4 | requiredDuringSchedulingIgnoredDuringExecution:
5 | - labelSelector:
6 | matchLabels:
7 | app: infinispan-pod
8 | clusterName:
9 | infinispan_cr:
10 | topologyKey: "topology.kubernetes.io/hostname"
11 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/affinity_zones_prefer.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | affinity:
3 | podAntiAffinity:
4 | preferredDuringSchedulingIgnoredDuringExecution:
5 | - weight: 100
6 | podAffinityTerm:
7 | labelSelector:
8 | matchLabels:
9 | app: infinispan-pod
10 | clusterName:
11 | infinispan_cr:
12 | topologyKey: "topology.kubernetes.io/zone"
13 | - weight: 90
14 | podAffinityTerm:
15 | labelSelector:
16 | matchLabels:
17 | app: infinispan-pod
18 | clusterName:
19 | infinispan_cr:
20 | topologyKey: "kubernetes.io/hostname"
21 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/affinity_zones_require.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | affinity:
3 | podAntiAffinity:
4 | requiredDuringSchedulingIgnoredDuringExecution:
5 | - labelSelector:
6 | matchLabels:
7 | app: infinispan-pod
8 | clusterName:
9 | infinispan_cr:
10 | topologyKey: "topology.kubernetes.io/zone"
11 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/authentication_disabled.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | security:
3 | endpointAuthentication: false
4 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/authentication_secret.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | security:
3 | endpointSecretName: connect-secret
4 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/authz_custom_roles.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | security:
3 | authorization:
4 | enabled: true
5 | roles:
6 | - name: my-role-1
7 | permissions:
8 | - ALL
9 | - name: my-role-2
10 | permissions:
11 | - READ
12 | - WRITE
13 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/authz_enable.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | security:
3 | authorization:
4 | enabled: true
5 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/backup.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v2alpha1
2 | kind: Backup
3 | metadata:
4 | name: my-backup
5 | spec:
6 | cluster: source-cluster
7 | volume:
8 | storage: 1Gi
9 | storageClassName: my-storage-class
10 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/backup_resources.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | ...
3 | resources:
4 | templates:
5 | - distributed-sync-prod
6 | - distributed-sync-dev
7 | caches:
8 | - cache-one
9 | - cache-two
10 | counters:
11 | - counter-name
12 | protoSchemas:
13 | - authors.proto
14 | - books.proto
15 | tasks:
16 | - wordStream.js
17 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/backup_resources_glob.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | ...
3 | resources:
4 | caches:
5 | - "*"
6 | protoSchemas:
7 | - "*"
8 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/basic_auth.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | stringData:
3 | username: operator # The operator user.
4 | password: O9R95c56fI4WhGeW # Corresponding password.
5 | kind: Secret
6 | metadata:
7 | name: basic-auth
8 | type: Opaque
9 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/batch_configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v2alpha1
2 | kind: Batch
3 | metadata:
4 | name: mybatch
5 | spec:
6 | cluster: {example_crd_name}
7 | configMap: mybatch-config-map
8 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/batch_inline.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v2alpha1
2 | kind: Batch
3 | metadata:
4 | name: mybatch
5 | spec:
6 | cluster: {example_crd_name}
7 | config: |
8 | create counter --concurrency-level=1 --initial-value=5 --storage=VOLATILE --type=weak batch-counter
9 |
10 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/cache_update_strategy.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | updates:
3 | strategy: recreate
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/cache_xml.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v2alpha1
2 | kind: Cache
3 | metadata:
4 | name: mycachedefinition
5 | spec:
6 | clusterName: {example_crd_name}
7 | name: myXMLcache
8 | template:
9 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/cache_yaml.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: infinispan.org/v2alpha1
2 | kind: Cache
3 | metadata:
4 | name: mycachedefinition
5 | spec:
6 | clusterName: infinispan
7 | name: myYAMLcache
8 | template: |-
9 | distributedCache:
10 | mode: "SYNC"
11 | owners: "2"
12 | statistics: "true"
13 | encoding:
14 | mediaType: "application/x-protostream"
15 | persistence:
16 | fileStore: ~
17 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/cert_auth_certificates.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 | name: {example_crd_name}-client-cert-secret
5 | type: Opaque
6 | stringData:
7 | truststore-password: changme
8 | data:
9 | trust.ca: ""
10 | trust.cert.client1: ""
11 | trust.cert.client2: ""
12 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/cert_auth_enabled.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | security:
3 | endpointEncryption:
4 | type: Secret
5 | certSecretName: tls-secret
6 | clientCert: Validate
7 | clientCertSecretName: {example_crd_name}-client-cert-secret
8 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/cert_auth_truststores.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 | name: {example_crd_name}-client-cert-secret
5 | type: Opaque
6 | stringData:
7 | truststore-password: changme
8 | data:
9 | truststore.p12: ""
10 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/cloud_events.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | cloudEvents:
3 | acks: "1"
4 | bootstrapServers: my-cluster-kafka-bootstrap_1..svc:9092,my-cluster-kafka-bootstrap_2..svc:9092
5 | cacheEntriesTopic: target-topic
6 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/config_map_cache_json.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: cluster-config
5 | namespace: {example_namespace}
6 | data:
7 | infinispan-config.json: >
8 | {
9 | "infinispan": {
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/config_map_cache_xml.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: cluster-config
5 | namespace: {example_namespace}
6 | data:
7 | infinispan-config.xml: >
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/config_map_cache_yaml.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: cluster-config
5 | namespace: {example_namespace}
6 | data:
7 | infinispan-config.yaml: >
8 | infinispan:
9 | # Custom configuration goes here.
10 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/config_map_name.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | configMapName: "cluster-config"
3 |
--------------------------------------------------------------------------------
/documentation/asciidoc/topics/yaml/container_extra_jvm_opts.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | container:
3 | extraJvmOpts: "-