The Infinispan Operator provides operational intelligence and reduces management complexity for deploying Infinispan on Kubernetes clusters.

1. Spinning Up Infinispan Clusters

You create Infinispan clusters from custom resource definitions.

Prerequisites

Either install the Infinispan Operator from OperatorHub.io or manually deploy it.

1.1. Creating Minimal Infinispan Clusters

Quickly spin up a Infinispan cluster with two nodes and let the Infinispan Operator generate credentials. You can retrieve the credentials from the pods after you create the Infinispan cluster. However, because Infinispan clusters require authentication, you cannot connect to the pods without the credentials.

Procedure
  1. Apply the custom resource yaml.

    $ oc apply -f https://raw.githubusercontent.com/infinispan/infinispan-operator/master/deploy/cr/cr_minimal.yaml
  2. Verify that the Infinispan Operator creates the pods.

    $ oc get pods -w
    
    NAME                        READY  STATUS              RESTARTS   AGE
    example-ispn-1               0/1    ContainerCreating   0          4s
    example-ispn-2               0/1    ContainerCreating   0          4s
    example-ispn-3               0/1    ContainerCreating   0          5s
    infinispan-operator-0        1/1    Running             0          3m
    example-ispn-3               1/1    Running             0          8s
    example-ispn-2               1/1    Running             0          8s
    example-ispn-1               1/1    Running             0          8s

1.2. Creating Infinispan Clusters with Credentials

Create secrets that contain credentials so application users can authenticate to Infinispan nodes. You can then specify the name of the secret in a custom resource yaml and spin up clusters with the Infinispan Operator.

Procedure
  1. Create a secret that contains credentials for the application user.

    1. Add an authentication secret yaml, for example:

      $ cat > connect_secret.yaml<<EOF
      apiVersion: v1
      kind: Secret
      metadata:
        name: connect-secret
      type: Opaque
      stringData:
        username: developer
        password: changeme
      EOF

      The secret must:

      • Be type: Opaque.

      • Have username and password fields.

        The preceding authentication secret contains sample values for the username and password fields. You should replace these values with credentials that conform to your organization’s security requirements.

    2. Apply the authentication secret yaml.

      $ oc apply -f connect_secret.yaml
  2. Apply the custom resource yaml.

    $ oc apply -f https://raw.githubusercontent.com/infinispan/infinispan-operator/master/deploy/cr/cr_minimal_with_auth.yaml
  3. Verify that the Infinispan Operator creates the pods.

    $ oc get pods -w
    
    NAME                        READY  STATUS              RESTARTS   AGE
    example-ispn-1               0/1    ContainerCreating   0          4s
    example-ispn-2               0/1    ContainerCreating   0          4s
    example-ispn-3               0/1    ContainerCreating   0          5s
    infinispan-operator-0        1/1    Running             0          3m
    example-ispn-3               1/1    Running             0          8s
    example-ispn-2               1/1    Running             0          8s
    example-ispn-1               1/1    Running             0          8s

1.3. Verifying Infinispan Clusters

Review log messages to verify that the Infinispan Operator has successfully created a Infinispan cluster.

Procedure
  • Check that the Infinispan nodes have received a clustered view. Do either of the following:

    • Retrieve the cluster view from the pod log files.

      $ oc logs example-ispn-0 | grep ISPN000094
      
      INFO  [org.infinispan.CLUSTER] (MSC service thread 1-2) \
      ISPN000094: Received new cluster view for channel cluster: \
      [example-ispn-0|0] (1) [example-ispn-0]
      
      INFO  [org.infinispan.CLUSTER] (jgroups-3,{example_crd_name-0) \
      ISPN000094: Received new cluster view for channel cluster: \
      [example-ispn-0|1] (2) [example-ispn-0, example-ispn-1]
    • Retrieve the custom resource type for the Infinispan Operator.

      $ oc get infinispan -o yaml

      The output of the preceding command contains the following message to indicate that the Infinispan nodes have received a clustered view:

      conditions:
          - message: 'View: [example-ispn-0, example-ispn-1]'
            status: "True"
            type: wellFormed

2. Managing Cluster Credentials

Perform tasks to manage authentication for Infinispan clusters.

Prerequisites
  • A kubectl client in your $PATH.

2.1. Retrieving Cluster Credentials

You can retrieve credentials for your Infinispan clusters as base64-encoded strings from secrets in your cluster namespace.

If you do not create secrets and credentials when you create clusters, the Infinispan Operator automatically generates them with the following defaults:

Default usernames
  • Management user is admin.

  • Application user is developer.

Default credentials secrets
  • example-ispn-mgmt-generated-secret contains credentials for the management user.

  • example-ispn-app-generated-secret contains credentials for the application user.

Procedure
  • Get the credentials from the secret. For example, to get the password for the application user from the default secret:

    $ oc get secret example-ispn-app-generated-secret \
    -n my_namespace -o jsonpath="{.data.password}" | base64 --decode

    Use the jp JSON processor to retrieve credentials as follows:

    $ oc get secret example-ispn-app-generated-secret \
    -n my_namespace -o json | jq '.data | map_values(@base64d)'
    
    {
      "password": "tUElqbfoJmT,NJVN",
      "username": "developer"
    }