diff --git a/docs/guides/high-availability/deploy-keycloak-kubernetes.adoc b/docs/guides/high-availability/deploy-keycloak-kubernetes.adoc index 3a603dfe0427..28b493175a4b 100644 --- a/docs/guides/high-availability/deploy-keycloak-kubernetes.adoc +++ b/docs/guides/high-availability/deploy-keycloak-kubernetes.adoc @@ -43,10 +43,7 @@ As most requests will not touch the database due to the {project_name} embedded See the <@links.ha id="concepts-database-connections" /> {section} for details. <2> Specify the URL to your custom {project_name} image. If your image is optimized, set the `startOptimized` flag to `true`. <3> Enable additional features for multi-site support like the loadbalancer probe `/lb-check`. -<4> XA transactions are not supported by the https://github.com/awslabs/aws-advanced-jdbc-wrapper/releases/[Amazon Web Services JDBC Driver]. -<5> To be able to analyze the system under load, enable the metrics endpoint. -The disadvantage of the setting is that the metrics will be available at the external {project_name} endpoint, so you must add a filter so that the endpoint is not available from the outside. -Use a reverse proxy in front of {project_name} to filter out those URLs. +<4> To be able to analyze the system under load, enable the metrics endpoint. == Verifying the deployment diff --git a/docs/guides/high-availability/examples/generated/ispn-single.yaml b/docs/guides/high-availability/examples/generated/ispn-single.yaml index a820756add4e..cd68883c4c7c 100644 --- a/docs/guides/high-availability/examples/generated/ispn-single.yaml +++ b/docs/guides/high-availability/examples/generated/ispn-single.yaml @@ -24,6 +24,12 @@ data: metrics: namesAsTags: true histograms: false + tracing: + enabled: true + collector-endpoint: "http://tempo-tempo.monitoring.svc:4318" + exporter-protocol: "OTLP" + service-name: "infinispan-server" + security: false server: endpoints: - securityRealm: default @@ -305,12 +311,12 @@ spec: expose: type: Route configMapName: "cluster-config" - image: quay.io/infinispan/server:15.0.11.Final - version: 15.0.4 + image: quay.io/infinispan/server:15.0.15.Final + version: 15.0.15 configListener: enabled: false container: - extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000' + extraJvmOpts: '-Dorg.infinispan.openssl=false -Dorg.infinispan.threads.virtual=true -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000 -Dotel.traces.sampler=parentbased_always_off' cpu: 4:2 memory: 2Gi:1Gi logging: diff --git a/docs/guides/high-availability/examples/generated/ispn-site-a.yaml b/docs/guides/high-availability/examples/generated/ispn-site-a.yaml index fa331d38a824..7951e9cd2101 100644 --- a/docs/guides/high-availability/examples/generated/ispn-site-a.yaml +++ b/docs/guides/high-availability/examples/generated/ispn-site-a.yaml @@ -36,6 +36,12 @@ data: metrics: namesAsTags: true histograms: false + tracing: + enabled: true + collector-endpoint: "http://tempo-tempo.monitoring.svc:4318" + exporter-protocol: "OTLP" + service-name: "infinispan-server" + security: false server: endpoints: - securityRealm: default @@ -339,12 +345,12 @@ spec: expose: type: Route configMapName: "cluster-config" - image: quay.io/infinispan/server:15.0.11.Final - version: 15.0.4 + image: + version: 15.0.15 configListener: enabled: false container: - extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000' + extraJvmOpts: '-Dorg.infinispan.openssl=false -Dorg.infinispan.threads.virtual=true -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000 -Dotel.traces.sampler=parentbased_always_off' logging: categories: org.infinispan: info diff --git a/docs/guides/high-availability/examples/generated/ispn-site-b.yaml b/docs/guides/high-availability/examples/generated/ispn-site-b.yaml index e730098c1a05..397f5852e25d 100644 --- a/docs/guides/high-availability/examples/generated/ispn-site-b.yaml +++ b/docs/guides/high-availability/examples/generated/ispn-site-b.yaml @@ -36,6 +36,12 @@ data: metrics: namesAsTags: true histograms: false + tracing: + enabled: true + collector-endpoint: "http://tempo-tempo.monitoring.svc:4318" + exporter-protocol: "OTLP" + service-name: "infinispan-server" + security: false server: endpoints: - securityRealm: default @@ -339,12 +345,12 @@ spec: expose: type: Route configMapName: "cluster-config" - image: quay.io/infinispan/server:15.0.11.Final - version: 15.0.4 + image: + version: 15.0.15 configListener: enabled: false container: - extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000' + extraJvmOpts: '-Dorg.infinispan.openssl=false -Dorg.infinispan.threads.virtual=true -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000 -Dotel.traces.sampler=parentbased_always_off' cpu: 4:2 memory: 2Gi:1Gi logging: diff --git a/docs/guides/high-availability/examples/generated/ispn-volatile.yaml b/docs/guides/high-availability/examples/generated/ispn-volatile.yaml index d126a78e5875..361dfae06886 100644 --- a/docs/guides/high-availability/examples/generated/ispn-volatile.yaml +++ b/docs/guides/high-availability/examples/generated/ispn-volatile.yaml @@ -36,6 +36,12 @@ data: metrics: namesAsTags: true histograms: false + tracing: + enabled: true + collector-endpoint: "http://tempo-tempo.monitoring.svc:4318" + exporter-protocol: "OTLP" + service-name: "infinispan-server" + security: false server: endpoints: - securityRealm: default @@ -507,12 +513,12 @@ spec: expose: type: Route configMapName: "cluster-config" - image: quay.io/infinispan/server:15.0.11.Final - version: 15.0.4 + image: + version: 15.0.15 configListener: enabled: false container: - extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000' + extraJvmOpts: '-Dorg.infinispan.openssl=false -Dorg.infinispan.threads.virtual=true -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000 -Dotel.traces.sampler=parentbased_always_off' cpu: 4:2 memory: 2Gi:1Gi logging: diff --git a/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml b/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml index bcbb91d06828..7a6e27ed209e 100644 --- a/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml +++ b/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml @@ -54,7 +54,7 @@ metadata: name: keycloak-providers namespace: keycloak binaryData: - keycloak-benchmark-dataset-0.15-SNAPSHOT.jar: ... + keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar: ... --- # Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml apiVersion: v1 @@ -206,7 +206,7 @@ spec: value: keycloak - name: POSTGRES_DB value: keycloak - image: postgres:15 + image: mirror.gcr.io/postgres:15 volumeMounts: # Using volume mount for PostgreSQL's data folder as it is otherwise not writable - mountPath: /var/lib/postgresql @@ -351,7 +351,7 @@ spec: - name: SQLPAD_CONNECTIONS__pgdemo__username value: keycloak - name: SQLPAD_CONNECTIONS__pgdemo__password - value: pass + value: secret99 - name: SQLPAD_CONNECTIONS__pgdemo__database value: keycloak - name: SQLPAD_CONNECTIONS__pgdemo__driver @@ -362,7 +362,7 @@ spec: value: '86400' - name: SQLPAD_QUERY_RESULT_MAX_ROWS value: '100000' - image: sqlpad/sqlpad:6.11.0 + image: mirror.gcr.io/sqlpad/sqlpad:6.11.0 imagePullPolicy: Always startupProbe: httpGet: @@ -451,14 +451,10 @@ spec: startOptimized: false # <2> features: enabled: - - user-event-metrics - multi-site # <3> - transaction: - xaEnabled: false # <4> # tag::keycloak-ispn[] additionalOptions: # end::keycloak-ispn[] - # end::keycloak[] - name: http-metrics-histograms-enabled value: 'true' @@ -473,7 +469,7 @@ spec: # tag::keycloak[] - name: log-console-output value: json - - name: metrics-enabled # <5> + - name: metrics-enabled # <4> value: 'true' - name: event-metrics-user-enabled value: 'true' @@ -490,10 +486,9 @@ spec: secret: name: remote-store-secret key: password - - name: spi-cache-embedded-default-site-name # <5> - value: keycloak - # end::keycloak-ispn[] - name: db-driver + # end::keycloak-ispn[] + value: software.amazon.jdbc.Driver http: tlsSecret: keycloak-tls-secret @@ -503,7 +498,7 @@ spec: podTemplate: metadata: annotations: - checksum/config: a6e4c8f98e1b1035942cd1121684f817d533021a392be90b5df784f474146350-9bfd430c6539df907f0421bb34c92fb32194d461565bd342f7f96ff5a5408273--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/config: 74d09d74f6547eec9888f07648f5f5be52afa1be1a6231f286cbd368e86e6f19-099f6e0e31165c359aa5534e8dc6e42b603410742f45fefbc62d923ea6cb7e64--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b spec: containers: - env: @@ -520,10 +515,11 @@ spec: name: keycloak-preconfigured-admin key: password optional: false - - name: JAVA_OPTS_APPEND # <5> - value: "" + - name: JAVA_OPTS_APPEND + value: > + -Djdk.tracePinnedThreads=full + ports: - # end::keycloak[] # readinessProbe: # exec: # command: @@ -534,8 +530,8 @@ spec: # - 'true' volumeMounts: - name: keycloak-providers - mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.15-SNAPSHOT.jar - subPath: keycloak-benchmark-dataset-0.15-SNAPSHOT.jar + mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar + subPath: keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar readOnly: true volumes: - name: keycloak-providers @@ -552,11 +548,26 @@ spec: selector: matchLabels: app: keycloak + # Use pod target labels "as is" without any renaming + # podTargetLabels: + # - app + # Since at least Keycloak 26.2 and the latest Quarkus 3.19 version, it requires "OpenMetricsText1.0.0" to retrieve exemplars, + # as at least some of the other protocols don't support exemplars. + scrapeProtocols: + - OpenMetricsText1.0.0 podMetricsEndpoints: - port: management scheme: https tlsConfig: insecureSkipVerify: true + relabelings: + - targetLabel: application + # Alternative: hard-coded value + # replacement: "keycloak" + sourceLabels: + - __meta_kubernetes_pod_label_app + regex: (.+) + replacement: ${1} --- # Source: keycloak/templates/postgres/postgres-exporter.yaml apiVersion: monitoring.coreos.com/v1 diff --git a/docs/guides/high-availability/examples/generated/keycloak.yaml b/docs/guides/high-availability/examples/generated/keycloak.yaml index 7df8f4644ab3..1bed3e371a71 100644 --- a/docs/guides/high-availability/examples/generated/keycloak.yaml +++ b/docs/guides/high-availability/examples/generated/keycloak.yaml @@ -41,7 +41,7 @@ metadata: name: keycloak-providers namespace: keycloak binaryData: - keycloak-benchmark-dataset-0.15-SNAPSHOT.jar: ... + keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar: ... --- # Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml apiVersion: v1 @@ -193,7 +193,7 @@ spec: value: keycloak - name: POSTGRES_DB value: keycloak - image: postgres:15 + image: mirror.gcr.io/postgres:15 volumeMounts: # Using volume mount for PostgreSQL's data folder as it is otherwise not writable - mountPath: /var/lib/postgresql @@ -338,7 +338,7 @@ spec: - name: SQLPAD_CONNECTIONS__pgdemo__username value: keycloak - name: SQLPAD_CONNECTIONS__pgdemo__password - value: pass + value: secret99 - name: SQLPAD_CONNECTIONS__pgdemo__database value: keycloak - name: SQLPAD_CONNECTIONS__pgdemo__driver @@ -349,7 +349,7 @@ spec: value: '86400' - name: SQLPAD_QUERY_RESULT_MAX_ROWS value: '100000' - image: sqlpad/sqlpad:6.11.0 + image: mirror.gcr.io/sqlpad/sqlpad:6.11.0 imagePullPolicy: Always startupProbe: httpGet: @@ -440,14 +440,10 @@ spec: startOptimized: false # <2> features: enabled: - - user-event-metrics - multi-site # <3> - transaction: - xaEnabled: false # <4> # tag::keycloak-ispn[] additionalOptions: # end::keycloak-ispn[] - # end::keycloak[] - name: http-metrics-histograms-enabled value: 'true' @@ -462,7 +458,7 @@ spec: # tag::keycloak[] - name: log-console-output value: json - - name: metrics-enabled # <5> + - name: metrics-enabled # <4> value: 'true' - name: event-metrics-user-enabled value: 'true' @@ -481,8 +477,6 @@ spec: secret: name: remote-store-secret key: password - - name: spi-cache-embedded-default-site-name - value: keycloak - name: db-driver value: software.amazon.jdbc.Driver http: @@ -493,7 +487,7 @@ spec: podTemplate: metadata: annotations: - checksum/config: a6e4c8f98e1b1035942cd1121684f817d533021a392be90b5df784f474146350-9af6f9e8393229798cfb789798e36f84e39803616fe3e51b2a38e3ce05830565--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/config: 74d09d74f6547eec9888f07648f5f5be52afa1be1a6231f286cbd368e86e6f19-b9788fd7a0f3ed13e27c33f89e0e1019fc1fb7d445005dada32fab73b68c335b--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b spec: containers: - env: @@ -510,10 +504,11 @@ spec: name: keycloak-preconfigured-admin key: password optional: false - - name: JAVA_OPTS_APPEND # <5> - value: "" + - name: JAVA_OPTS_APPEND + value: > + -Djdk.tracePinnedThreads=full + ports: - # end::keycloak[] # readinessProbe: # exec: # command: @@ -524,8 +519,8 @@ spec: # - 'true' volumeMounts: - name: keycloak-providers - mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.15-SNAPSHOT.jar - subPath: keycloak-benchmark-dataset-0.15-SNAPSHOT.jar + mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar + subPath: keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar readOnly: true volumes: - name: keycloak-providers @@ -542,11 +537,26 @@ spec: selector: matchLabels: app: keycloak + # Use pod target labels "as is" without any renaming + # podTargetLabels: + # - app + # Since at least Keycloak 26.2 and the latest Quarkus 3.19 version, it requires "OpenMetricsText1.0.0" to retrieve exemplars, + # as at least some of the other protocols don't support exemplars. + scrapeProtocols: + - OpenMetricsText1.0.0 podMetricsEndpoints: - port: management scheme: https tlsConfig: insecureSkipVerify: true + relabelings: + - targetLabel: application + # Alternative: hard-coded value + # replacement: "keycloak" + sourceLabels: + - __meta_kubernetes_pod_label_app + regex: (.+) + replacement: ${1} --- # Source: keycloak/templates/postgres/postgres-exporter.yaml apiVersion: monitoring.coreos.com/v1