diff --git a/templates/certificates.cue b/templates/certificates.cue
index 5a8a3b6..6ebdaac 100644
--- a/templates/certificates.cue
+++ b/templates/certificates.cue
@@ -27,7 +27,11 @@ import (
annotations: #config.metadata.annotations
}
#Data: {
- "password-jks": "changeme" // it's fine, secret don't add any security here
+ // it's fine, secret don't add any security here
+ // TODO Next version of cert manager, a pwd will be set by default
+ // https://github.com/cert-manager/cert-manager/pull/6657
+ // then we can remove this secret and use the default
+ "password-jks": "changeit" // it's fine, secret don't add any security here
}
}
diff --git a/templates/config.cue b/templates/config.cue
index ffaa020..b0114be 100644
--- a/templates/config.cue
+++ b/templates/config.cue
@@ -169,7 +169,6 @@ import (
stack: *"kubernetes" | "tcp" | "udp" | "ec2" | "azure" | "google"
jgroups: {
name: *"jgroups" | string
- port: *7800 | int & >0 & <=65535
}
}
diff --git a/templates/configmap.cue b/templates/configmap.cue
index bdbf466..4095249 100644
--- a/templates/configmap.cue
+++ b/templates/configmap.cue
@@ -20,17 +20,19 @@ import (
source: https://infinispan.org/docs/13.0.x/titles/embedding/embedding.html
-->
-
diff --git a/templates/deployment.cue b/templates/deployment.cue
index b8c2791..f0de392 100644
--- a/templates/deployment.cue
+++ b/templates/deployment.cue
@@ -105,20 +105,23 @@ import (
volumeMounts: [
if #config.ha {
{
- mountPath: "/opt/keycloak/conf"
name: "cache"
+ mountPath: "/opt/keycloak/conf"
+ readOnly: true
}
},
if #certSecretName != _|_ {
{
- mountPath: "/certs"
name: "certs"
+ mountPath: "/certs"
+ readOnly: true
}
},
if #jksSecretName != _|_ {
{
- mountPath: "/jks"
name: "jks"
+ mountPath: "/jks"
+ readOnly: true
}
},
]
diff --git a/templates/networking.cue b/templates/networking.cue
index 9edafbb..89e7234 100644
--- a/templates/networking.cue
+++ b/templates/networking.cue
@@ -43,7 +43,10 @@ import (
]
ports: [{
protocol: "TCP"
- port: #config.cache.jgroups.port
+ port: 7800
+ }, {
+ protocol: "TCP"
+ port: 2157
},
]}
},
diff --git a/templates/services.cue b/templates/services.cue
index 5fc18c9..3194cfe 100644
--- a/templates/services.cue
+++ b/templates/services.cue
@@ -59,7 +59,14 @@ import (
ports: [
{
name: "jgroups"
- port: #config.cache.jgroups.port
+ port: 7800
+ protocol: "TCP"
+ targetPort: "jgroups"
+ appProtocol: "tcp"
+ },
+ {
+ name: "jgroups-ssl"
+ port: 2157
protocol: "TCP"
targetPort: "jgroups"
appProtocol: "tcp"
diff --git a/test/certificate.yaml b/test/certificate.yaml
index cdb0d70..c9ae57b 100644
--- a/test/certificate.yaml
+++ b/test/certificate.yaml
@@ -38,10 +38,10 @@ metadata:
app.kubernetes.io/managed-by: timoni
app.kubernetes.io/name: keycloak-jks-pwd
app.kubernetes.io/version: 0.0.0-devel
- name: keycloak-jks-pwd-86dfda33
+ name: keycloak-jks-pwd-d89b3236
namespace: test
stringData:
- password-jks: changeme
+ password-jks: changeit
---
apiVersion: cert-manager.io/v1
kind: Certificate
@@ -64,7 +64,7 @@ spec:
create: true
passwordSecretRef:
key: password-jks
- name: keycloak-jks-pwd-86dfda33
+ name: keycloak-jks-pwd-d89b3236
secretName: keycloak-jks
---
apiVersion: cert-manager.io/v1
@@ -118,6 +118,11 @@ spec:
port: 7800
protocol: TCP
targetPort: jgroups
+ - appProtocol: tcp
+ name: jgroups-ssl
+ port: 2157
+ protocol: TCP
+ targetPort: jgroups
publishNotReadyAddresses: true
selector:
app.kubernetes.io/name: keycloak
@@ -130,11 +135,11 @@ data:
\ xmlns=\"urn:infinispan:config:11.0\">\n \n \n \n\t\t\t\t\t\t\t\n
+ keystore_name=\"/jks/keystore.jks\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tkeystore_password=\"changeit\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tport=\"2157\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tport_range=\"0\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tstack.combine=\"INSERT_AFTER\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tstack.position=\"VERIFY_SUSPECT2\"/>\n
\ \n \n
\ \n\n \n \n