design.adoc

Infinispan Operator - API Documentation

Table of Contents

• Infinispan
  • InfinispanSpec
  • InfinispanStatus
• Full Cache Example
• Full DataGrid Example

This document describes the types introduced by the Infinispan Operator to be consumed by users.

Infinispan

Infinispan defines a custom Infinispan resource.

Field	Description	Scheme	Required
metadata	Standard object’s metadata (more info)	metav1.ObjectMeta	false
spec	Specification of the desired behaviour of the Infinispan deployment (more info)	InfinispanSpec	true
status	Most recent observed status of the Infinispan deployment. Read-only. (more info)	InfinispanStatus	false

InfinispanSpec

InfinispanSpec is a specification of the desired behavior of the Infinispan resource.

Field	Description	Scheme	Required	Default
image	Operator image	string	false	jboss/infinispan-server:latest
replicas	Number of instances for a Infinispan resource.	int32	true
profile	Profile in use. See profiles for details.	Default / Performance / Development	false	Default
service	Service specific configuration.	InfinispanServiceSpec	false
security	Security configuration.	InfinispanSecuritySpec	false
container	Per instance configuration.	InfinispanContainerSpec	false
logging	Logging categories	[][infinispanloggingcategoryspec]	false

InfinispanServiceSpec

InfinispanServiceSpec configures aspects related to the cache or datagrid service.

Field	Description	Scheme	Required	Default
type	Type of service	Cache / Data Grid	true	Cache
evictionPolicy	Cache service eviction policy	Reject / Evict	false	Evict
replicationFactor	Cache service replication factor	int32	false	1
container	Service specific container configuration.	InfinispanServiceContainerSpec	false
sites	Cross-site configuration	InfinispanSitesSpec	false

InfinispanServiceContainerSpec

InfinispanServiceContainerSpec defines service specific container configurations.

Field	Description	Scheme	Required	Default
storage	Storage per Infinispan container in the data grid service. Defines as indicated here.	string	false	1Gi

Profiles

Profile	Connector Authentication	Connector Encryption	Cluster Authentication	Cluster Encryption
Default	X	X	X	X
Performance	X	X	X
Development

InfinispanSecuritySpec

InfinispanSecuritySpec defines Infinispan security settings.

Field	Description	Scheme	Required	Default
roles	Roles for interacting with Infinispan.	[]InfinispanRoleSpec	false
endpointSecret	Secret containing identities allowed to interact with Infinispan. The format of the metadata in the secret can be found here.	string	false

InfinispanRoleSpec

InfinispanRoleSpec defines Infinispan role definitions.

Field	Description	Scheme	Required	Default
name	Name of role.	string	true
permissions	List of permissions. Valid values are defined here.	[]string	true

InfinispanContainerSpec

InfinispanContainerSpec is a specification of the resource needed by the Infinispan container.

Field	Description	Scheme	Required	Default
extraJvmOpts	Extra Java opts to pass to Infinispan JVM	string	false
memory	Amount of memory required by the container	string	false	512Mi
cpu	Cpu to be allocated to the Infinispan container	string	false	0.5

InfinispanLoggingSpec

InfinispanLoggingSpec configures logging.

Field	Description	Scheme	Required	Default
categories	Logging categories	InfinispanLoggingCategoriesSpec	false

InfinispanLoggingCategoriesSpec

InfinispanLoggingCategoriesSpec configures logging categories.

Field	Description	Scheme	Required	Default
<category-name>	Logging category name, e.g. org.infinispan	error / warn / info / debug / trace	true

InfinispanPrometheusSpec

InfinispanPrometheusSpec.

Field	Description	Scheme	Required	Default
enabled	Enable prometheus.	boolean	false	false

InfinispanSitesSpec

InfinispanSpitesSpec.

Field	Description	Scheme	Required	Default
local	Local site information.	InfinispanLocalSiteSpec	true
remotes	Remote site information.	[]InfinispanRemoteSiteSpec	true

InfinispanLocalSiteSpec

InfinispanLocalSiteSpec.

Field	Description	Scheme	Required	Default
externalService	External service that is accessible from other sites.	coreV1.Service	true

InfinispanRemoteSiteSpec

InfinispanRemoteSiteSpec.

Field	Description	Scheme	Required	Default
name	Name of remote site.	string	true
url	URL for remote site. xsite:// scheme denotes that the remote site is configured with static host:port combination. openshift:// scheme denotes that site external setting sare extracted from the remote OpenShift host:port.	string	true
secret	Only in use with OpenShift URLs. Contains the secret details for accessing remote OpenShift instances.	string	false

InfinispanStatus

InfinispanStatus is the most recent observed status of the InfinispanSpec. Read-only.

TODO: @Vittorio, update with your proposal

Field	Description	Scheme	Required
pods	Status of the pods.	[]PodStatus	true

PodStatus

PodStatus is the most recent observed status of a pod running InfinispanSpec.

Field	Description	Scheme	Required
name	Name of the Pod.	string	true
podIP	IP address allocated to the pod.	string	true

[[ ies]] ## Identities

Identities defines the identities configuration that’s stored within a Secret.

Field	Description	Scheme	Required
credentials	Credentials (username and password) based identities.	[]Credentials	true
certificates	Certificate (p12 format) based identities.	[]Certificate	true
oauth	Identities provided by OAuth servers.	[]OAuth	true
tokens	Token-based identities.	[]Token	true

Credentials

Credentials.

Field	Description	Scheme	Required
username	Username.	string	false
password	Password.	string	true
roles	Roles of credentials	[]string	false

Certificate

Certificate.

Field	Description	Scheme	Required
p12	Certificate encoded in base 64 format.	string	true
roles	Roles of credentials	[]string	false

OAuth

OAuth.

Field	Description	Scheme	Required
clientId	TODO	string	true
clientSecret	TODO	string	true
introspectionUrl	TODO	string	true

Token

Token.

Field	Description	Scheme	Required
token	Authentication token for an identity.	string	true

Full Cache Example

full-cache-example.yaml

apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
  name: full-cache-example-infinispan
spec:
  image: jboss/infinispan-server:latest
  replicas: 4
  profile: Development
  service:
    type: Cache
    evictionPolicy: Reject
    replicationFactor: 3
  security:
    roles:
    - name: admin
      permissions:
      - ADMIN
    - name: developer
      permissions:
      - WRITE
    - name: collaborator
      permissions:
      - READ
    endpointSecret: endpoint-identities
  container:
    extraJvmOpts: "-XX:NativeMemoryTracking=summary"
    cpu: "2000m"
    memory: 1Gi
  logging:
    categories:
      org.infinispan: trace
      org.jgroups: trace

endpoint-identities.yaml

apiVersion: v1
kind: Secret
metadata:
  name: endpoint-identities
type: Opaque
stringData:
  identities.yaml: |-
    credentials:
    - username: connectusr
      password: connectpass
      roles:
      - admin
      - developer
      - collaborator
    certificates:
    - p12: "FQSmxHHvFvrhEfKIq15axg=="
      roles:
      - admin
    oauth:
    - clientId: infinispan-server
      clientSecret: 1fdca4ec-c416-47e0-867a-3d471af7050f
      introspectionUrl: "http://..."

Full DataGrid Example

full-datagrid-example.yaml

apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
  name: full-datagrid-example-infinispan
spec:
  image: jboss/infinispan-server:latest
  replicas: 6
  profile: Performance
  service:
    type: Data Grid
    container:
      storage: 2Gi
    sites:
      local:
        externalService:
          type: LoadBalancer
          ports:
            - port: 12345
      remotes:
      - name: google
        url: xsite://google.host:23456
      - name: azure
        url: openshift://api.azure.host:6443
        secret: azure-identities
      - name: aws
        url: openshift://api.aws.host:6443
        secret: aws-identities
  container:
    extraJvmOpts: "-XX:NativeMemoryTracking=summary"
    cpu: "1000m"
    memory: 1Gi
  logging:
    categories:
      org.infinispan: debug
      org.jgroups: debug

azure-identities.yaml

apiVersion: v1
kind: Secret
metadata:
  name: azure-identities
type: Opaque
stringData:
  identities.yaml: |-
    credentials:
    - username: openshifazrusr
      password: openshifazrpass
    tokens:
    - gl8xTESu_j_tzMQhpe_P-It6IcWFQUm94WsuR3VFkUw

aws-identities.yaml

apiVersion: v1
kind: Secret
metadata:
  name: aws-identities
type: Opaque
stringData:
  identities.yaml: |-
    tokens:
    - LdqA1uM0e3wxhwOf0WRaP7Je3RdOjtrpai1jONQg7z0