Custom Configuration of Hazelcast cluster

Hazelcast Platform Operator’s Custom Config allows users to provide a raw Hazelcast Configuration that can be directly utilized. It is perfect for those who want to take complete control over their configuration or to use new features that are not yet present in the Operator.

Configuring Hazelcast using Custom Config

To use the Custom Config as a method of configuring the Hazelcast cluster, you need to create a ConfigMap or a Secret with the member configuration. The configuration must be in YAML format and consist of valid Hazelcast configuration.

  • ConfigMap

  • Secret

apiVersion: v1
kind: ConfigMap
metadata:
  name: custom-config-cm
data:
  hazelcast: |-
    security:
      enabled: true
      realms:
      - name: simpleRealm
        authentication:
          simple:
            users:
            - username: operator
              password: 'op-pass'
              roles:
              - root
      client-authentication:
        realm: simpleRealm
      client-permissions:
        all:
          principal: root

The name of the ConfigMap should be set to the Hazelcast CR’s customConfigCmName field.

apiVersion: hazelcast.com/v1alpha1
kind: Hazelcast
metadata:
  name: hazelcast
spec:
  customConfigCmName: custom-config-cm
apiVersion: v1
kind: Secret
metadata:
  name: custom-config-secret
data:
  hazelcast: c2VjdXJpdHk6CiAgZW5hYmxlZDogdHJ1ZQogIHJlYWxtczoKICAtIG5hbWU6IHNpbXBsZVJlYWxtCiAgICBhdXRoZW50aWNhdGlvbjoKICAgICAgc2ltcGxlOgogICAgICAgIHVzZXJzOgogICAgICAgIC0gdXNlcm5hbWU6IG9wZXJhdG9yCiAgICAgICAgICBwYXNzd29yZDogJ29wLXBhc3MnCiAgICAgICAgICByb2xlczoKICAgICAgICAgIC0gcm9vdAogIGNsaWVudC1hdXRoZW50aWNhdGlvbjoKICAgIHJlYWxtOiBzaW1wbGVSZWFsbQogIGNsaWVudC1wZXJtaXNzaW9uczoKICAgIGFsbDoKICAgICAgcHJpbmNpcGFsOiByb290Cgo=

The name of the Secret should be set to the Hazelcast CR’s customConfigSecretName field.

apiVersion: hazelcast.com/v1alpha1
kind: Hazelcast
metadata:
  name: hazelcast
spec:
  customConfigSecretName: custom-config-secret

Custom Config and Hazelcast CR

The Custom Config is not designed as an alternative to the Hazelcast CR configuration, and it is not recommended to use it as the main source of the configuration. That said, Custom Config can and should be used together with the Hazelcast CR configuration.

apiVersion: v1
kind: ConfigMap
metadata:
  name: custom-config-cm
data:
  hazelcast: |-
    security:
      enabled: false
      realms:
        - name: simpleRealm
          authentication:
            simple:
              users:
                - username: dev
                  password: 'secret'
                  roles:
                    - root
apiVersion: hazelcast.com/v1alpha1
kind: Hazelcast
metadata:
  name: hazelcast
spec:
  customConfigCmName: custom-config-cm
  userCodeDeployment:
    bucketConfig:
      secretName: br-secret-gcp
      bucketURI: "gs://operator-custom-class/executorService"
  executorServices:
    - name: service1
  durableExecutorServices:
    - name: service2
  scheduledExecutorServices:
    - name: service3

The configuration from the Hazelcast CR and the Custom Config will be merged into one structure that will be used as the Hazelcast member configuration. If the same feature is configured with Custom Config ConfigMap and in the Hazelcast CR, the configuration from the Hazelcast CR will take precedence and will override the one from the Custom Config.

Cautions and limitations

The Custom Config feature contains raw Hazelcast configuration that is not being managed by the Hazelcast Platform Operator. Thus its usage has some cautions and limitations.

Combining ConfigMap and Secred based Custom Configs

It is not possible to use both ConfigMap and Secret based Custom Config. You must choose only one type of custom configuration.

Combining Hazelcast CR and Custom Config

It is not possible to combine the configuration of one feature in the Hazelcast CR and the Custom Config. The configuration from the Hazelcast CR will override the partial configuration from the Custom Config.

Operator-managed features

Some Hazelcast features require the management of additional K8s resources (e.g., Persistence requires PVCs). Custom Config does not allow configuring Kubernetes deployments, only the Hazelcast configuration. Therefore it is not possible to use Custom Config for such features; only the Hazelcast CR config is supported.

Networking configuration

The Hazelcast Platform Operator communicates with the Hazelcast cluster, requiring a specific networking configuration. Reconfiguring it using Custom Config might break communication between the Operator and the cluster. To avoid such cases, the Operator will always override the networking section of the Custom Config. If you require any specific networking setup, please use Hazelcast CR.

Security configuration

When configuring security with enabled client-authentication, you must provide a user with all permissions and a simple authentication method. The client and the operator will use this user to connect to and manage the cluster.