From f43b2394bccfe6f105020c6b3c7da4877e7fd962 Mon Sep 17 00:00:00 2001
From: rigazilla <vrigamon@redhat.com>
Date: Wed, 31 Jan 2024 17:15:38 +0100
Subject: [PATCH] review

---
 .github/workflows/test-chart.yml               |  4 ++--
 .../topics/proc_enabling_encryption.adoc       | 18 ++++++++----------
 .../topics/yaml/endpoint_encryption.yaml       |  6 +++---
 .../topics/yaml/transport_encryption.yaml      | 12 ++++++------
 4 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/test-chart.yml b/.github/workflows/test-chart.yml
index 5da5711..c0aa7f3 100644
--- a/.github/workflows/test-chart.yml
+++ b/.github/workflows/test-chart.yml
@@ -36,7 +36,7 @@ jobs:
         run: |
             kubectl create namespace helm-test
             helm install example-infinispan . -n helm-test --set deploy.replicas=2
-            kubectl wait --for=condition=Ready pods -lapp=infinispan-pod -n helm-test --timeout=300s
+            kubectl -n helm-test rollout status --watch --timeout=300s statefulset/example-infinispan
             helm uninstall example-infinispan -n helm-test
             kubectl delete namespace helm-test
 
@@ -46,6 +46,6 @@ jobs:
             kubectl apply -f test/tls_secret.yaml -n helm-test
             kubectl apply -f test/transport_tls_secret.yaml -n helm-test
             helm install example-infinispan . -n helm-test -f values.yaml -f test/tls_values.snippet.yaml --set deploy.replicas=2
-            kubectl wait --for=condition=Ready pods -lapp=infinispan-pod -n helm-test --timeout=300s
+            kubectl -n helm-test rollout status --watch --timeout=300s statefulset/example-infinispan
             helm uninstall example-infinispan -n helm-test
             kubectl delete namespace helm-test
diff --git a/documentation/asciidoc/topics/proc_enabling_encryption.adoc b/documentation/asciidoc/topics/proc_enabling_encryption.adoc
index 6e5646b..fd03ebd 100644
--- a/documentation/asciidoc/topics/proc_enabling_encryption.adoc
+++ b/documentation/asciidoc/topics/proc_enabling_encryption.adoc
@@ -1,4 +1,4 @@
-[id='enabling-endpoint-encryption_{context}']
+[id='enabling-encryption_{context}']
 = Enabling TLS encryption
 
 [role="_abstract"]
@@ -12,7 +12,7 @@ different secrets.
 
 .Set the secret name in the deploy configuration
 
-Provide the name of the secret containing the certificate.
+Provide the name of the secret containing the keystore.
 [source,yaml,options="nowrap",subs=attributes+]
 ----
 include::yaml/tls_secretname.yaml[]
@@ -20,26 +20,24 @@ include::yaml/tls_secretname.yaml[]
 
 .Enable cluster transport TLS
 
-- Configure the keystore path in the transport realm; secret is mounted at `/etc/encrypt/transport`. The truststore must be configured
-with the same certificates, this allow the nodes to authenticate each other.
-Alias and password must be provided in case the secret contains a keystore.
-- Configure the transport stack to use the realm.
-
 [source,yaml,options="nowrap",subs=attributes+]
 ----
 include::yaml/transport_encryption.yaml[]
 ----
-
+<1> Configures the transport stack to use the specified security-realm to provide cluster encryption.
+<2> Configure the keystore path in the transport realm; secret is mounted at `/etc/encrypt/transport`.
+<3> Configures the truststore with the same keystore, this allow the nodes to authenticate each other.
+<4> Alias and password must be provided in case the secret contains a keystore.
 
 .Enable endpoint TLS
 
-Configure the keystore path in the endpoint realm, secret is mounted at `/etc/encrypt/endpoint`.
-Alias and password must be provided in case the secret contains a keystore.
 
 [source,yaml,options="nowrap",subs=attributes+]
 ----
 include::yaml/endpoint_encryption.yaml[]
 ----
+<1> Configure the keystore path in the endpoint realm; secret is mounted at `/etc/encrypt/endpoint`.
+<2> Alias and password must be provided in case the secret contains a keystore.
 
 [role="_additional-resources"]
 .Additional resources
diff --git a/documentation/asciidoc/topics/yaml/endpoint_encryption.yaml b/documentation/asciidoc/topics/yaml/endpoint_encryption.yaml
index 5542e33..95c5e81 100644
--- a/documentation/asciidoc/topics/yaml/endpoint_encryption.yaml
+++ b/documentation/asciidoc/topics/yaml/endpoint_encryption.yaml
@@ -7,6 +7,6 @@ deploy:
             serverIdentities:
               ssl:
                 keystore:
-                  alias: "server"
-                  path: "/etc/encrypt/endpoint/keystore.p12"
-                  password: "password"
+                  path: "/etc/encrypt/endpoint/keystore.p12" #<1>
+                  alias: "server" #<2>
+                  password: "password" #<2>
diff --git a/documentation/asciidoc/topics/yaml/transport_encryption.yaml b/documentation/asciidoc/topics/yaml/transport_encryption.yaml
index 86bde1f..f5c4252 100644
--- a/documentation/asciidoc/topics/yaml/transport_encryption.yaml
+++ b/documentation/asciidoc/topics/yaml/transport_encryption.yaml
@@ -2,18 +2,18 @@ deploy:
   infinispan:
     cacheContainer:
       transport:
-         stack: "kubernetes"
-         urn:infinispan:server:14.0:securityRealm: "cluster-transport"
+         urn:infinispan:server:14.0:securityRealm: >
+          "cluster-transport" #<1>
     server:
       security:
         securityRealms:
           - name: cluster-transport
             serverIdentities:
               ssl:
-                keystore:
+                keystore: #<2>
                   alias: "server"
                   path: "/etc/encrypt/endpoint/cert.p12"
                   password: "password"
-                truststore:
-                  alias: "server"
-                  path: "/etc/encrypt/endpoint/cert.p12"
+                truststore: #<3>
+                  alias: "server" #<4>
+                  path: "/etc/encrypt/endpoint/cert.p12" #<4>