separate values for tls

README-tls.md

@@ -1,4 +1,4 @@
 ## Deploy a TLS cluster with HELM
 
 kubectl apply -f tls_secret.yaml
-helm install infinispan .
+helm install -f values-tls.yaml infinispan .

values-tls.yaml

@@ -0,0 +1,172 @@
+# Default values for infinispan-helm-charts.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+images:
+  # [USER] The container images for server pods.
+  server: quay.io/infinispan/server:14.0
+  initContainer: registry.access.redhat.com/ubi8-micro
+
+deploy:
+  # [USER] Specify the number of nodes in the cluster.
+  replicas: 1
+
+  clusterDomain: cluster.local
+
+  container:
+    extraJvmOpts: ""
+    libraries: ""
+    # [USER] Define custom environment variables using standard K8s format
+    # env:
+    #  - name: STANDARD_KEY
+    #    value: standard value
+    #  - name: CONFIG_MAP_KEY
+    #    valueFrom:
+    #      configMapKeyRef:
+    #        name: special-config
+    #        key: special.how
+    #  - name: SECRET_KEY
+    #    valueFrom:
+    #      secretKeyRef:
+    #        name: special-secret
+    #        key: special.how
+    env:
+    storage:
+      size: 1Gi
+      storageClassName: ""
+      # [USER] Set `ephemeral: true` to delete all persisted data when clusters shut down or restart.
+      ephemeral: false
+    resources:
+      # [USER] Specify the CPU limit and the memory limit for each pod.
+      limits:
+        cpu: 500m
+        memory: 512Mi
+      # [USER] Specify the maximum CPU requests and the maximum memory requests for each pod.
+      requests:
+        cpu: 500m
+        memory: 512Mi
+
+  security:
+    secretName: ""
+    batch: ""
+  ssl:
+   secretName: "tls-secret"
+  expose:
+    # [USER] Specify `type: ""` to disable network access to clusters.
+    type: Route
+    nodePort: 0
+    host: ""
+    annotations: []
+
+  monitoring:
+    enabled: false
+
+  logging:
+    categories:
+      # [USER] Specify the FQN of a package from which you want to collect logs.
+      - category: com.arjuna
+        # [USER] Specify the level of log messages.
+        level: warn
+      # No need to warn about not being able to TLS/SSL handshake
+      - category: io.netty.handler.ssl.ApplicationProtocolNegotiationHandler
+        level: error
+
+  makeDataDirWritable: false
+
+  nameOverride: ""
+
+  resourceLabels: []
+
+  podLabels: []
+
+  svcLabels: []
+
+  tolerations: []
+
+  nodeAffinity: {}
+
+  nodeSelector: {}
+
+  infinispan:
+    cacheContainer:
+      # [USER] Add cache, template, and counter configuration.
+      name: default
+      # [USER] Specify `security: null` to disable security authorization.
+      security:
+        authorization: {}
+      transport:
+        cluster: ${infinispan.cluster.name:cluster}
+        node-name: ${infinispan.node.name:}
+        stack: kubernetes
+        urn:infinispan:server:14.0:securityRealm: default
+    server:
+      endpoints:
+      # [USER] Hot Rod and REST endpoints.
+      - securityRealm: default
+        socketBinding: default
+        connectors:
+          rest:
+            restConnector:
+          hotrod:
+            hotrodConnector:
+          # [MEMCACHED] Uncomment to enable Memcached endpoint
+          # memcached:
+          #   memcachedConnector:
+          #     socketBinding: memcached
+      # [METRICS] Metrics endpoint for cluster monitoring capabilities.
+      - connectors:
+          rest:
+            restConnector:
+              authentication:
+                mechanisms: BASIC
+        securityRealm: metrics
+        socketBinding: metrics
+      interfaces:
+      - inetAddress:
+          value: ${infinispan.bind.address:127.0.0.1}
+        name: public
+      security:
+        credentialStores:
+        - clearTextCredential:
+            clearText: secret
+          name: credentials
+          path: credentials.pfx
+        securityRealms:
+        # [USER] Security realm for the Hot Rod and REST endpoints.
+        - name: default
+          serverIdentities:
+            ssl:
+              keystore:
+                alias: "server"
+                path: "/etc/encrypt/keystore.p12"
+                password: "password"
+          # [USER] Comment or remove this properties realm to disable authentication.
+          propertiesRealm:
+            groupProperties:
+              path: groups.properties
+            groupsAttribute: Roles
+            userProperties:
+              path: users.properties
+          # [METRICS] Security realm for the metrics endpoint.
+        - name: metrics
+          propertiesRealm:
+            groupProperties:
+              path: metrics-groups.properties
+              relativeTo: infinispan.server.config.path
+            groupsAttribute: Roles
+            userProperties:
+              path: metrics-users.properties
+              relativeTo: infinispan.server.config.path
+      socketBindings:
+        defaultInterface: public
+        portOffset: ${infinispan.socket.binding.port-offset:0}
+        socketBinding:
+          # [USER] Socket binding for the Hot Rod and REST endpoints.
+        - name: default
+          port: 11222
+          # [METRICS] Socket binding for the metrics endpoint.
+        - name: metrics
+          port: 11223
+          # [MEMCACHED] Uncomment to enable Memcached endpoint
+        # - name: memcached
+        #   port: 11221