You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/about/04_coherence_spec.adoc
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1029,27 +1029,27 @@ m| portName | An optional name to use to override the port name. m| *string
1029
1029
m| port | The service port value m| *int32 | false
1030
1030
m| type | Kind is the K8s service type (typically ClusterIP or LoadBalancer) The default is "ClusterIP". m| *https://pkg.go.dev/k8s.io/api/core/v1#ServiceType | false
1031
1031
m| externalIPs | externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. m| []string | false
1032
-
m| clusterIP | clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are "None", empty string (""), or a valid IP address. "None" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies m| *string | false
1032
+
m| clusterIP | clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are "None", empty string (""), or a valid IP address. "None" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/reference/networking/virtual-ips/ m| *string | false
1033
1033
m| clusterIPs | ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. +
1034
1034
+
1035
-
Unless the "IPv6DualStack" feature gate is enabled, this field is limited to one value, which must be the same as the clusterIP field. If the feature gate is enabled, this field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies m| []string | false
1035
+
Unless the "IPv6DualStack" feature gate is enabled, this field is limited to one value, which must be the same as the clusterIP field. If the feature gate is enabled, this field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/reference/networking/virtual-ips/ m| []string | false
1036
1036
m| loadBalancerIP | LoadBalancerIP is the IP address of the load balancer Deprecated: This field is deprecated in the Kubernetes API. m| *string | false
1037
1037
m| labels | The extra labels to add to the service. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ m| map[string]string | false
1038
1038
m| annotations | Annotations is free form yaml that will be added to the service annotations m| map[string]string | false
1039
-
m| sessionAffinity | Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies m| *https://pkg.go.dev/k8s.io/api/core/v1#ServiceAffinity | false
1039
+
m| sessionAffinity | Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/reference/networking/virtual-ips/ m| *https://pkg.go.dev/k8s.io/api/core/v1#ServiceAffinity | false
1040
1040
m| loadBalancerSourceRanges | If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." m| []string | false
1041
1041
m| externalName | externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Kind to be ExternalName. m| *string | false
1042
-
m| externalTrafficPolicy | externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. m| *https://{k8s-doc-link}/#serviceexternaltrafficpolicy-v1-core[corev1.ServiceExternalTrafficPolicy] | false
1042
+
m| externalTrafficPolicy | externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. m| *https://{k8s-doc-link}/#servicespec-v1-core[corev1.ServiceExternalTrafficPolicy] | false
1043
1043
m| healthCheckNodePort | healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Kind is set to LoadBalancer and ExternalTrafficPolicy is set to Local. m| *int32 | false
1044
1044
m| publishNotReadyAddresses | publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery. m| *bool | false
1045
1045
m| sessionAffinityConfig | sessionAffinityConfig contains the configurations of session affinity. m| *https://{k8s-doc-link}/#sessionaffinityconfig-v1-core[corev1.SessionAffinityConfig] | false
1046
1046
m| ipFamilies | IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service, and is gated by the "IPv6DualStack" feature gate. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are "IPv4" and "IPv6". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. +
1047
1047
+
1048
1048
This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. m| []https://pkg.go.dev/k8s.io/api/core/v1#IPFamily | false
1049
-
m| ipFamilyPolicy | IPFamilyPolicy represents the dual-stack-ness requested or required by this Service, and is gated by the "IPv6DualStack" feature gate. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. m| *https://{k8s-doc-link}/#ipfamilypolicy-v1-core[corev1.IPFamilyPolicy] | false
1049
+
m| ipFamilyPolicy | IPFamilyPolicy represents the dual-stack-ness requested or required by this Service, and is gated by the "IPv6DualStack" feature gate. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. m| *https://{k8s-doc-link}/#servicespec-v1-core[corev1.IPFamilyPolicy] | false
1050
1050
m| allocateLoadBalancerNodePorts | allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. allocateLoadBalancerNodePorts may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is alpha-level and is only honored by servers that enable the ServiceLBNodePortControl feature. m| *bool | false
1051
1051
m| loadBalancerClass | loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. m| *string | false
1052
-
m| internalTrafficPolicy | InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). m| *https://{k8s-doc-link}/#serviceinternaltrafficpolicy-v1-core[corev1.ServiceInternalTrafficPolicy] | false
1052
+
m| internalTrafficPolicy | InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). m| *https://{k8s-doc-link}/#servicespec-v1-core[corev1.ServiceInternalTrafficPolicy] | false
1053
1053
m| trafficDistribution | TrafficDistribution offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence. If the field is not set, the implementation will apply its default routing strategy. If set to "PreferClose", implementations should prioritize endpoints that are in the same zone. m| *string | false
Copy file name to clipboardExpand all lines: examples/090_tls/README.adoc
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -409,7 +409,7 @@ These images can run secure or insecure depending on various system properties p
409
409
When configuring Coherence to use TLS, we need to configure a socket provider that Coherence can use to create secure socket. We then tell Coherence to use this provider in various places, such as Extend connections, cluster member TCMP connections etc.
410
410
This configuration is typically done by adding the provider configuration to the Coherence operational configuration override file.
411
411
412
-
The Coherence documentation has a lot of details on configuring socket providers in the section on https://{commercial-docs-base-url}/secure/using-ssl-secure-communication.html#GUID-21CBAF48-BA78-4373-AC90-BF668CF31776[Using SSL Secure Communication]
412
+
The Coherence documentation has a lot of details on configuring socket providers in the section on https://{commercial-docs-base-url}/secure/using-ssl-secure-communication.html#GUID-94D85286-169B-4FAA-ABE1-FF2EFC82C776[Using SSL Secure Communication]
413
413
414
414
Below is an example that we will use on the server cluster members
415
415
[source,xml]
@@ -505,7 +505,7 @@ The configuration above is included in both of the example images that we built
505
505
[#tcmp]
506
506
== Secure Cluster Membership
507
507
508
-
Now we have a "tls" socket provider we can use it to secure Coherence. The Coherence documentation has a section on https://{commercial-docs-base-url}/secure/using-ssl-secure-communication.html#GUID-21CBAF48-BA78-4373-AC90-BF668CF31776[Securing Coherence TCMP with TLS].
508
+
Now we have a "tls" socket provider we can use it to secure Coherence. The Coherence documentation has a section on https://{commercial-docs-base-url}/secure/using-ssl-secure-communication.html[Using SSL/TLS to Secure Communication].
509
509
Securing communication between cluster members is very simple, we just set the `coherence.socketprovider` system property to the name of the socket provider we want to use. In our case this will be the "tls" provider we configured above, so we would use `-Dcoherence.socketprovider=tls`
510
510
511
511
The yaml below is a `Coherence` resource that will cause the Operator to create a three member Coherence cluster.
A common connection type to secure are client connections into the cluster from Coherence Extend clients. The Coherence documentation contains details on https://{commercial-docs-base-url}/secure/using-ssl-secure-communication.html#GUID-0F636928-8731-4228-909C-8B8AB09613DB[Using SSL to Secure Extend Client Communication] for more in-depth details.
729
+
A common connection type to secure are client connections into the cluster from Coherence Extend clients. The Coherence documentation contains details on https://{commercial-docs-base-url}/secure/using-ssl-secure-communication.html#GUID-C012F002-2868-401D-8A43-E9CA076DB841[Using SSL to Secure Extend and gRPC Client Communication] for more in-depth details.
730
730
731
731
As with securing TCMP, we can specify a socket provider in the Extend proxy configuration in the server's cache configuration file and also in the remote scheme in the client's cache configuration. In this example we will use exactly the same TLS socket provider configuration that we created above. The only difference being the name of the `PasswordProvider` class used by the client. At the time of writing this, Coherence does not include an implementation of `PasswordProvider` that reads from a file. The Coherence Operator injects one into the classpath of the server, but our simple client is not managed by the Operator. We have added a simple `FileBasedPasswordProvider` class to the client code in this example.
Copy file name to clipboardExpand all lines: examples/no-operator/02_metrics/README.adoc
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -253,7 +253,7 @@ spec:
253
253
The `ServiceMonitor` above contains a single endpoint that scrapes the port named `metrics` in any `Service` with labels matching those in the `matchLabels` array, which in this case are the labels we applied to the `storage-metrics` service above.
254
254
255
255
The full specification of what can be in a `ServiceMonitor` can be found in the Prometheus
0 commit comments