Permalink
Fetching contributors…
Cannot retrieve contributors at this time
854 lines (852 sloc) 41.6 KB
apiVersion: v1
kind: Template
labels:
template: infinispan-ephemeral
metadata:
annotations:
description: Infinispan 9 (Ephemeral)
iconClass: icon-infinispan
openshift.io/display-name: Infinispan 9 (Ephemeral)
openshift.io/documentation-url: http://infinispan.org/documentation/
openshift.io/long-description: This template provides a standalone Infinispan
server (a high performance, scalable, key/value data grid solution) without
persistence (in other words your data will be lost upon restart). In order to
provide custom configuration, please update the $ApplicationName-configuration
ConfigMap and restart a Pod.
openshift.io/provider-display-name: Red Hat, Inc.
openshift.io/support-url: http://infinispan.org
tags: java,database,datagrid,jboss
labels:
template: infinispan-ephemeral
creationTimestamp: null
name: infinispan-ephemeral
objects:
- apiVersion: v1
kind: ServiceAccount
metadata:
name: ${APPLICATION_NAME}
- apiVersion: v1
groupNames: null
kind: RoleBinding
metadata:
name: ${APPLICATION_NAME}-view
roleRef:
name: view
subjects:
- kind: ServiceAccount
name: ${APPLICATION_NAME}
userNames:
- system:serviceaccount:${NAMESPACE}:${APPLICATION_NAME}
- apiVersion: v1
kind: Secret
metadata:
annotations:
template.openshift.io/expose-infinispan.client.hotrod.auth_password: '{.data[''application-password'']}'
template.openshift.io/expose-infinispan.client.hotrod.auth_username: '{.data[''application-user'']}'
name: ${APPLICATION_NAME}
stringData:
application-password: ${APPLICATION_PASSWORD}
application-user: ${APPLICATION_USER}
management-password: ${MANAGEMENT_PASSWORD}
management-user: ${MANAGEMENT_USER}
- apiVersion: v1
kind: Service
metadata:
annotations:
description: Headless service for StatefulSets
labels:
application: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}-headless
spec:
clusterIP: None
ports:
- name: http
port: 8080
targetPort: 8080
- name: hotrod
port: 11222
targetPort: 11222
selector:
application: ${APPLICATION_NAME}
- apiVersion: v1
kind: Service
metadata:
annotations:
description: The web server's HTTP port.
labels:
application: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}-http
spec:
ports:
- port: 8080
targetPort: 8080
selector:
deploymentConfig: ${APPLICATION_NAME}
- apiVersion: v1
kind: Service
metadata:
annotations:
description: Hot Rod's port.
template.openshift.io/expose-infinispan.client.hotrod.server_list: '{.spec.clusterIP}:{.spec.ports[0].port}'
labels:
application: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}-hotrod
spec:
ports:
- port: 11222
targetPort: 11222
selector:
deploymentConfig: ${APPLICATION_NAME}
- apiVersion: v1
kind: Service
metadata:
annotations:
description: The management console.
labels:
application: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}-management
spec:
ports:
- port: 9990
targetPort: 9990
selector:
deploymentConfig: ${APPLICATION_NAME}
- apiVersion: v1
data:
cloud-ephemeral.xml: |
<?xml version='1.0' encoding='UTF-8'?>
<server xmlns="urn:jboss:domain:8.0">
<extensions>
<extension module="org.infinispan.extension"/>
<extension module="org.infinispan.server.endpoint"/>
<extension module="org.jboss.as.connector"/>
<extension module="org.jboss.as.deployment-scanner"/>
<extension module="org.jboss.as.jdr"/>
<extension module="org.jboss.as.jmx"/>
<extension module="org.jboss.as.logging"/>
<extension module="org.jboss.as.naming"/>
<extension module="org.jboss.as.remoting"/>
<extension module="org.jboss.as.security"/>
<extension module="org.jboss.as.transactions"/>
<extension module="org.jgroups.extension"/>
<extension module="org.wildfly.extension.elytron"/>
<extension module="org.wildfly.extension.io"/>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
</handlers>
<logger log-boot="true" enabled="false">
<handlers>
<handler name="file"/>
</handlers>
</logger>
</audit-log>
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true"/>
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
<access-control>
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local"/>
</include>
</role>
</role-mapping>
</access-control>
</management>
<profile>
<subsystem xmlns="urn:jboss:domain:logging:3.0">
<console-handler name="CONSOLE">
<level name="INFO"/>
<formatter>
<named-formatter name="COLOR-PATTERN"/>
</formatter>
</console-handler>
<periodic-rotating-file-handler name="FILE" autoflush="true">
<formatter>
<named-formatter name="PATTERN"/>
</formatter>
<file relative-to="jboss.server.log.dir" path="server.log"/>
<suffix value=".yyyy-MM-dd"/>
<append value="true"/>
</periodic-rotating-file-handler>
<size-rotating-file-handler name="HR-ACCESS-FILE" autoflush="true">
<formatter>
<named-formatter name="ACCESS-LOG"/>
</formatter>
<file relative-to="jboss.server.log.dir" path="hotrod-access.log"/>
<append value="true"/>
<rotate-size value="10M"/>
<max-backup-index value="10"/>
</size-rotating-file-handler>
<size-rotating-file-handler name="REST-ACCESS-FILE" autoflush="true">
<formatter>
<named-formatter name="ACCESS-LOG"/>
</formatter>
<file relative-to="jboss.server.log.dir" path="rest-access.log"/>
<append value="true"/>
<rotate-size value="10M"/>
<max-backup-index value="10"/>
</size-rotating-file-handler>
<logger category="com.arjuna">
<level name="WARN"/>
</logger>
<logger category="org.jboss.as.config">
<level name="DEBUG"/>
</logger>
<logger category="sun.rmi">
<level name="WARN"/>
</logger>
<logger category="org.infinispan.HOTROD_ACCESS_LOG" use-parent-handlers="false">
<!-- Set to TRACE to enable access logging for hot rod or use DMR -->
<level name="INFO"/>
<handlers>
<handler name="HR-ACCESS-FILE"/>
</handlers>
</logger>
<logger category="org.infinispan.REST_ACCESS_LOG" use-parent-handlers="false">
<!-- Set to TRACE to enable access logging for rest or use DMR -->
<level name="INFO"/>
<handlers>
<handler name="REST-ACCESS-FILE"/>
</handlers>
</logger>
<root-logger>
<level name="INFO"/>
<handlers>
<handler name="CONSOLE"/>
<handler name="FILE"/>
</handlers>
</root-logger>
<formatter name="PATTERN">
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
</formatter>
<formatter name="COLOR-PATTERN">
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
</formatter>
<formatter name="ACCESS-LOG">
<pattern-formatter pattern="%X{address} %X{user} [%d{dd/MMM/yyyy:HH:mm:ss z}] &quot;%X{method} %m %X{protocol}&quot; %X{status} %X{requestSize} %X{responseSize} %X{duration}%n"/>
</formatter>
</subsystem>
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
<subsystem xmlns="urn:wildfly:elytron:4.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
<providers name="openssl"/>
</aggregate-providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
<provider-loader name="openssl" module="org.wildfly.openssl"/>
</providers>
<audit-logging>
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
</audit-logging>
<security-domains>
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
<realm name="local"/>
</security-domain>
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
<realm name="local" role-mapper="super-user-mapper"/>
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local"/>
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
</security-realms>
<mappers>
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
<permission-mapping>
<principal name="anonymous"/>
<permission-set name="default-permissions"/>
</permission-mapping>
<permission-mapping match-all="true">
<permission-set name="login-permission"/>
<permission-set name="default-permissions"/>
</permission-mapping>
</simple-permission-mapper>
<constant-realm-mapper name="local" realm-name="local"/>
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
<constant-role-mapper name="super-user-mapper">
<role name="SuperUser"/>
</constant-role-mapper>
</mappers>
<permission-sets>
<permission-set name="login-permission">
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
</permission-set>
<permission-set name="default-permissions"/>
</permission-sets>
<http>
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
</http>
<sasl>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ApplicationRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
<properties>
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
</properties>
</configurable-sasl-server-factory>
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron"/>
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global"/>
</sasl>
</subsystem>
<subsystem xmlns="urn:infinispan:server:core:9.4" default-cache-container="clustered">
<cache-container name="clustered" default-cache="default" statistics="true">
<transport lock-timeout="60000"/>
<global-state/>
<distributed-cache-configuration name="transactional">
<transaction mode="NON_XA" locking="PESSIMISTIC"/>
</distributed-cache-configuration>
<distributed-cache-configuration name="async" mode="ASYNC"/>
<replicated-cache-configuration name="replicated"/>
<distributed-cache-configuration name="persistent-file-store">
<file-store shared="false" fetch-state="true" passivation="false"/>
</distributed-cache-configuration>
<distributed-cache-configuration name="indexed">
<indexing index="LOCAL" auto-config="true"/>
</distributed-cache-configuration>
<distributed-cache-configuration name="memory-bounded">
<memory>
<binary size="10000000" eviction="MEMORY"/>
</memory>
</distributed-cache-configuration>
<distributed-cache-configuration name="persistent-file-store-passivation">
<memory>
<object size="10000"/>
</memory>
<file-store shared="false" fetch-state="true" passivation="true">
<write-behind modification-queue-size="1024" thread-pool-size="1"/>
</file-store>
</distributed-cache-configuration>
<distributed-cache-configuration name="persistent-file-store-write-behind">
<file-store shared="false" fetch-state="true" passivation="false">
<write-behind modification-queue-size="1024" thread-pool-size="1"/>
</file-store>
</distributed-cache-configuration>
<distributed-cache-configuration name="persistent-rocksdb-store">
<rocksdb-store shared="false" fetch-state="true" passivation="false"/>
</distributed-cache-configuration>
<distributed-cache-configuration name="persistent-jdbc-string-keyed">
<string-keyed-jdbc-store datasource="java:jboss/datasources/ExampleDS" fetch-state="true" preload="false" purge="false" shared="false" passivation="false">
<string-keyed-table prefix="ISPN">
<id-column name="id" type="VARCHAR"/>
<data-column name="datum" type="BINARY"/>
<timestamp-column name="version" type="BIGINT"/>
</string-keyed-table>
<write-behind modification-queue-size="1024" thread-pool-size="1"/>
</string-keyed-jdbc-store>
</distributed-cache-configuration>
<distributed-cache name="default"/>
<replicated-cache name="repl" configuration="replicated"/>
</cache-container>
</subsystem>
<subsystem xmlns="urn:infinispan:server:endpoint:9.4">
<hotrod-connector socket-binding="hotrod" cache-container="clustered">
<topology-state-transfer lazy-retrieval="false" lock-timeout="1000" replication-timeout="5000"/>
</hotrod-connector>
<rest-connector socket-binding="rest" cache-container="clustered">
<authentication security-realm="ApplicationRealm" auth-method="BASIC"/>
</rest-connector>
</subsystem>
<subsystem xmlns="urn:infinispan:server:jgroups:9.4">
<channels default="cluster">
<channel name="cluster"/>
</channels>
<stacks default="${jboss.default.jgroups.stack:tcp-gossip}">
<stack name="tcp-gossip">
<transport type="TCP" socket-binding="jgroups-tcp"/>
<protocol type="TCPGOSSIP">
<property name="initial_hosts">${jgroups.gossip.initial_hosts:}</property>
</protocol>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
<protocol type="FD_ALL"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2">
<property name="use_mcast_xmit">false</property>
</protocol>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
</stack>
<stack name="azure">
<transport type="TCP" socket-binding="jgroups-tcp"/>
<protocol type="azure.AZURE_PING">
<property name="storage_account_name">${jgroups.azure.storage_account_name:}</property>
<property name="storage_access_key">${jgroups.azure.storage_access_key:}</property>
<property name="container">${jgroups.azure.container:}</property>
</protocol>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
<protocol type="FD_ALL"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2">
<property name="use_mcast_xmit">false</property>
</protocol>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
<protocol type="FRAG3"/>
</stack>
<stack name="s3-private">
<transport type="TCP" socket-binding="jgroups-tcp"/>
<protocol type="S3_PING">
<property name="location">${jgroups.s3.bucket:}</property>
<property name="access_key">${jgroups.s3.access_key:}</property>
<property name="secret_access_key">${jgroups.s3.secret_access_key:}</property>
</protocol>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
<protocol type="FD_ALL"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2">
<property name="use_mcast_xmit">false</property>
</protocol>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
<protocol type="FRAG3"/>
</stack>
<stack name="s3-presigned">
<transport type="TCP" socket-binding="jgroups-tcp"/>
<protocol type="S3_PING">
<property name="pre_signed_delete_url">${jgroups.s3.pre_signed_delete_url:}</property>
<property name="pre_signed_put_url">${jgroups.s3.pre_signed_put_url:}</property>
</protocol>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
<protocol type="FD_ALL"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2">
<property name="use_mcast_xmit">false</property>
</protocol>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
<protocol type="FRAG3"/>
</stack>
<stack name="s3-public">
<transport type="TCP" socket-binding="jgroups-tcp"/>
<protocol type="S3_PING">
<property name="location">${jgroups.s3.bucket:}</property>
</protocol>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
<protocol type="FD_ALL"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2">
<property name="use_mcast_xmit">false</property>
</protocol>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
<protocol type="FRAG3"/>
</stack>
<stack name="google">
<transport type="TCP" socket-binding="jgroups-tcp"/>
<protocol type="GOOGLE_PING">
<property name="location">${jgroups.google.bucket:}</property>
<property name="access_key">${jgroups.google.access_key:}</property>
<property name="secret_access_key">${jgroups.google.secret_access_key:}</property>
</protocol>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
<protocol type="FD_ALL"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2">
<property name="use_mcast_xmit">false</property>
</protocol>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
<protocol type="FRAG3"/>
</stack>
<stack name="kubernetes">
<transport type="TCP" socket-binding="jgroups-tcp">
<property name="logical_addr_cache_expiration">360000</property>
</transport>
<protocol type="kubernetes.KUBE_PING"/>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
<protocol type="FD_ALL"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2">
<property name="use_mcast_xmit">false</property>
</protocol>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
<protocol type="FRAG3"/>
</stack>
</stacks>
</subsystem>
<subsystem xmlns="urn:jboss:domain:io:3.0">
<worker name="default" io-threads="2" task-max-threads="2"/>
<buffer-pool name="default"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jca:5.0">
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
<bean-validation enabled="true"/>
<default-workmanager>
<short-running-threads>
<core-threads count="50"/>
<queue-length count="50"/>
<max-threads count="50"/>
<keepalive-time time="10" unit="seconds"/>
</short-running-threads>
<long-running-threads>
<core-threads count="50"/>
<queue-length count="50"/>
<max-threads count="50"/>
<keepalive-time time="10" unit="seconds"/>
</long-running-threads>
</default-workmanager>
<cached-connection-manager/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
<expose-resolved-model/>
<expose-expression-model/>
<remoting-connector/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:naming:2.0">
<remote-naming/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
</security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
<core-environment node-identifier="${jboss.tx.node.id:1}">
<process-id>
<uuid/>
</process-id>
</core-environment>
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
</subsystem>
</profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
<socket-binding name="hotrod" port="11222"/>
<socket-binding name="hotrod-internal" port="11223"/>
<socket-binding name="hotrod-multi-tenancy" port="11224"/>
<socket-binding name="jgroups-mping" port="0" multicast-address="${jboss.default.multicast.address:234.99.54.14}" multicast-port="45700"/>
<socket-binding name="jgroups-tcp" port="7600"/>
<socket-binding name="jgroups-tcp-fd" port="57600"/>
<socket-binding name="jgroups-udp" port="55200" multicast-address="${jboss.default.multicast.address:234.99.54.14}" multicast-port="45688"/>
<socket-binding name="jgroups-udp-fd" port="54200"/>
<socket-binding name="memcached" port="11211"/>
<socket-binding name="rest" port="8080"/>
<socket-binding name="rest-multi-tenancy" port="8081"/>
<socket-binding name="rest-ssl" port="8443"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="remote-store-hotrod-server">
<remote-destination host="remote-host" port="11222"/>
</outbound-socket-binding>
<outbound-socket-binding name="remote-store-rest-server">
<remote-destination host="remote-host" port="8080"/>
</outbound-socket-binding>
</socket-binding-group>
</server>
kind: ConfigMap
metadata:
labels:
application: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}-configuration
- apiVersion: v1
id: ${APPLICATION_NAME}-management
kind: Route
metadata:
annotations:
description: Route for the management console.
labels:
application: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}-management
spec:
to:
kind: Service
name: ${APPLICATION_NAME}-management
- apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
labels:
application: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}
spec:
replicas: ${{NUMBER_OF_INSTANCES}}
serviceName: ${APPLICATION_NAME}-headless
strategy:
rollingParams:
intervalSeconds: 20
maxSurge: 1
maxUnavailable: 1
timeoutSeconds: 1200
updatePeriodSeconds: 20
type: Rolling
template:
metadata:
labels:
application: ${APPLICATION_NAME}
deploymentConfig: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}
spec:
containers:
- args:
- custom/cloud-ephemeral.xml
- -Djboss.default.jgroups.stack=kubernetes
env:
- name: OPENSHIFT_KUBE_PING_LABELS
value: application=${APPLICATION_NAME}
- name: OPENSHIFT_KUBE_PING_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KUBERNETES_LABELS
value: application=${APPLICATION_NAME}
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MGMT_USER
valueFrom:
secretKeyRef:
key: management-user
name: ${APPLICATION_NAME}
- name: MGMT_PASS
valueFrom:
secretKeyRef:
key: management-password
name: ${APPLICATION_NAME}
- name: APP_USER
valueFrom:
secretKeyRef:
key: application-user
name: ${APPLICATION_NAME}
- name: APP_PASS
valueFrom:
secretKeyRef:
key: application-password
name: ${APPLICATION_NAME}
image: ${IMAGE}
livenessProbe:
exec:
command:
- /usr/local/bin/is_running.sh
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 80
name: ${APPLICATION_NAME}
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 9990
name: management
protocol: TCP
- containerPort: 8888
name: ping
protocol: TCP
- containerPort: 11222
name: hotrod
protocol: TCP
readinessProbe:
exec:
command:
- /usr/local/bin/is_healthy.sh
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 80
resources:
requests:
cpu: "0.5"
memory: 512Mi
volumeMounts:
- mountPath: /opt/jboss/infinispan-server/standalone/configuration/custom
name: ${APPLICATION_NAME}-configuration
serviceAccountName: ${APPLICATION_NAME}
terminationGracePeriodSeconds: 120
volumes:
- configMap:
name: ${APPLICATION_NAME}-configuration
name: ${APPLICATION_NAME}-configuration
triggers:
- type: ConfigChange
parameters:
- description: 'Namespace for the application. Note: The namespace is required for
creating proper RoleBindings. Specifying wrong namespace will prevent cluster
from forming.'
name: NAMESPACE
required: true
value: myproject
- description: The name for the application.
name: APPLICATION_NAME
required: true
value: infinispan-app
- description: Username for accessing REST (and possible Hot Rod) endpoint.
from: '[a-zA-Z0-9]{8}'
generate: expression
name: APPLICATION_USER
required: true
- description: Password for accessing REST (and possible Hot Rod) endpoint.
from: '[a-zA-Z0-9]{8}'
generate: expression
name: APPLICATION_PASSWORD
required: true
- description: Username for accessing management console.
from: '[a-zA-Z0-9]{8}'
generate: expression
name: MANAGEMENT_USER
required: true
- description: Password for accessing management console.
from: '[a-zA-Z0-9]{8}'
generate: expression
name: MANAGEMENT_PASSWORD
required: true
- description: Infinispan image.
name: IMAGE
required: true
value: jboss/infinispan-server:9.4.1.Final
- description: Number of instances in the cluster.
name: NUMBER_OF_INSTANCES
required: true
value: "1"