review

infinispan · Jan 31, 2024 · f43b239 · f43b239
1 parent 2824d0e
commit f43b239
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 21 deletions.
diff --git a/.github/workflows/test-chart.yml b/.github/workflows/test-chart.yml
@@ -36,7 +36,7 @@ jobs:
         run: |
             kubectl create namespace helm-test
             helm install example-infinispan . -n helm-test --set deploy.replicas=2
-            kubectl wait --for=condition=Ready pods -lapp=infinispan-pod -n helm-test --timeout=300s
+            kubectl -n helm-test rollout status --watch --timeout=300s statefulset/example-infinispan
             helm uninstall example-infinispan -n helm-test
             kubectl delete namespace helm-test
 
@@ -46,6 +46,6 @@ jobs:
             kubectl apply -f test/tls_secret.yaml -n helm-test
             kubectl apply -f test/transport_tls_secret.yaml -n helm-test
             helm install example-infinispan . -n helm-test -f values.yaml -f test/tls_values.snippet.yaml --set deploy.replicas=2
-            kubectl wait --for=condition=Ready pods -lapp=infinispan-pod -n helm-test --timeout=300s
+            kubectl -n helm-test rollout status --watch --timeout=300s statefulset/example-infinispan
             helm uninstall example-infinispan -n helm-test
             kubectl delete namespace helm-test
diff --git a/documentation/asciidoc/topics/proc_enabling_encryption.adoc b/documentation/asciidoc/topics/proc_enabling_encryption.adoc
@@ -1,4 +1,4 @@
-[id='enabling-endpoint-encryption_{context}']
+[id='enabling-encryption_{context}']
 = Enabling TLS encryption
 
 [role="_abstract"]
@@ -12,34 +12,32 @@ different secrets.
 
 .Set the secret name in the deploy configuration
 
-Provide the name of the secret containing the certificate.
+Provide the name of the secret containing the keystore.
 [source,yaml,options="nowrap",subs=attributes+]
 ----
 include::yaml/tls_secretname.yaml[]
 ----
 
 .Enable cluster transport TLS
 
-- Configure the keystore path in the transport realm; secret is mounted at `/etc/encrypt/transport`. The truststore must be configured
-with the same certificates, this allow the nodes to authenticate each other.
-Alias and password must be provided in case the secret contains a keystore.
-- Configure the transport stack to use the realm.
-
 [source,yaml,options="nowrap",subs=attributes+]
 ----
 include::yaml/transport_encryption.yaml[]
 ----
-
+<1> Configures the transport stack to use the specified security-realm to provide cluster encryption.
+<2> Configure the keystore path in the transport realm; secret is mounted at `/etc/encrypt/transport`.
+<3> Configures the truststore with the same keystore, this allow the nodes to authenticate each other.
+<4> Alias and password must be provided in case the secret contains a keystore.
 
 .Enable endpoint TLS
 
-Configure the keystore path in the endpoint realm, secret is mounted at `/etc/encrypt/endpoint`.
-Alias and password must be provided in case the secret contains a keystore.
 
 [source,yaml,options="nowrap",subs=attributes+]
 ----
 include::yaml/endpoint_encryption.yaml[]
 ----
+<1> Configure the keystore path in the endpoint realm; secret is mounted at `/etc/encrypt/endpoint`.
+<2> Alias and password must be provided in case the secret contains a keystore.
 
 [role="_additional-resources"]
 .Additional resources

diff --git a/documentation/asciidoc/topics/yaml/endpoint_encryption.yaml b/documentation/asciidoc/topics/yaml/endpoint_encryption.yaml
@@ -7,6 +7,6 @@ deploy:
             serverIdentities:
               ssl:
                 keystore:
-                  alias: "server"
-                  path: "/etc/encrypt/endpoint/keystore.p12"
-                  password: "password"
+                  path: "/etc/encrypt/endpoint/keystore.p12" #<1>
+                  alias: "server" #<2>
+                  password: "password" #<2>
diff --git a/documentation/asciidoc/topics/yaml/transport_encryption.yaml b/documentation/asciidoc/topics/yaml/transport_encryption.yaml
@@ -2,18 +2,18 @@ deploy:
   infinispan:
     cacheContainer:
       transport:
-         stack: "kubernetes"
-         urn:infinispan:server:14.0:securityRealm: "cluster-transport"
+         urn:infinispan:server:14.0:securityRealm: >
+          "cluster-transport" #<1>
     server:
       security:
         securityRealms:
           - name: cluster-transport
             serverIdentities:
               ssl:
-                keystore:
+                keystore: #<2>
                   alias: "server"
                   path: "/etc/encrypt/endpoint/cert.p12"
                   password: "password"
-                truststore:
-                  alias: "server"
-                  path: "/etc/encrypt/endpoint/cert.p12"
+                truststore: #<3>
+                  alias: "server" #<4>
+                  path: "/etc/encrypt/endpoint/cert.p12" #<4>