diff --git a/docs/guides/high-availability/connect-keycloak-to-external-infinispan.adoc b/docs/guides/high-availability/connect-keycloak-to-external-infinispan.adoc
index 831c2fd797..b3e661521d 100644
--- a/docs/guides/high-availability/connect-keycloak-to-external-infinispan.adoc
+++ b/docs/guides/high-availability/connect-keycloak-to-external-infinispan.adoc
@@ -4,10 +4,18 @@
<@tmpl.guide
title="Connect {project_name} with an external {jdgserver_name}"
summary="Building block for an Infinispan deployment on Kubernetes"
-tileVisible="false" >
+tileVisible="false"
+includedOptions="cache-remote-*" >
This topic describes advanced {jdgserver_name} configurations for {project_name} on Kubernetes.
+== Architecture
+
+This connects {project_name} to {jdgserver_name} using TCP connections secured by TLS 1.3.
+It uses the {project_name}'s truststore to verify {jdgserver_name}'s server certificate.
+As {project_name} is deployed using its Operator on OpenShift in the prerequisites listed below, the Operator already added the `service-ca.crt` to the truststore which is used to sign {jdgserver_name}'s server certificates.
+In other environments, add the necessary certificates to {project_name}'s truststore.
+
== Prerequisites
* <@links.ha id="deploy-keycloak-kubernetes" /> as it will be extended.
@@ -15,35 +23,6 @@ This topic describes advanced {jdgserver_name} configurations for {project_name}
== Procedure
-. Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml` which is part of the {project_name} distribution:
-.. For each `distributed-cache` entry, add the tags `` as shown following.
-+
-[source,xml,indent=0]
-----
-include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore]
-----
-<1> New tag `` to connect it to the remote store.
-<2> For the address to the remote store, reference two environment variables for host name and port number.
-<3> For authentication, reference two environment variables for username and password.
-<4> To secure the remote store connection, use the Kubernetes mechanisms of the pre-configured truststore.
-
-.. Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml`, which is part of the {project_name} distribution.
-For each `replicated-cache` entry, add the tag `` as shown below.
-For additional information on the infinispan configuration options, see the https://docs.jboss.org/infinispan/14.0/configdocs/infinispan-config-14.0.html[infinispan configuration schema reference].
-+
-[source,xml,indent=0]
-----
-include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore-work]
-----
-
-. Place the {jdgserver_name} Cache configuration XML in a ConfigMap.
-+
-[source,yaml]
-----
-include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn-configmap]
-...
-----
-
. Create a Secret with the username and password to connect to the external {jdgserver_name} deployment:
+
[source,yaml]
@@ -55,9 +34,7 @@ include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn-secret]
+
[NOTE]
====
-* The new `additionalOptions` entries starting with `remote-store` used here are not official {project_name} configurations.
-Instead, they provide their values to environment variables that are then referenced in the {jdgserver_name} XML configuration.
-* All the memory, resource and database configurations are skipped from the CR below as they have been described in <@links.ha id="deploy-keycloak-kubernetes" /> {section} already.
+All the memory, resource and database configurations are skipped from the CR below as they have been described in <@links.ha id="deploy-keycloak-kubernetes" /> {section} already.
Administrators should leave those configurations untouched.
====
+
@@ -65,10 +42,12 @@ Administrators should leave those configurations untouched.
----
include::examples/generated/keycloak-ispn.yaml[tag=keycloak-ispn]
----
-<1> The `name` and `key` of the ConfigMap with the {jdgserver_name} Cache configuration XML created in the previous step.
-<2> The hostname and port of the remote cache {jdgserver_name} cluster.
-<3> The credentials required, username and password, to access the remote cache {jdgserver_name} cluster.
-<4> The `spi-connections-infinispan-quarkus-site-name` is an arbitrary {jdgserver_name} site name which {project_name} needs for its embedded {jdgserver_name} deployment when a remote store is used.
+<1> The hostname of the remote {jdgserver_name} cluster.
+<2> The port of the remote {jdgserver_name} cluster.
+This is optional and it default to `11222`.
+<3> The Secret `name` and `key` with the {jdgserver_name} username credential.
+<4> The Secret `name` and `key` with the {jdgserver_name} password credential.
+<5> The `spi-connections-infinispan-quarkus-site-name` is an arbitrary {jdgserver_name} site name which {project_name} needs for its embedded {jdgserver_name} deployment when a remote store is used.
This site-name is related only to the embedded {jdgserver_name} and does not need to match any value from the external {jdgserver_name} deployment.
If you are using multiple sites for {project_name} in a cross-DC setup such as <@links.ha id="deploy-infinispan-kubernetes-crossdc" />, the site name must be different in each site.
diff --git a/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml b/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
index c090921372..b52e8571f2 100644
--- a/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
+++ b/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
@@ -47,299 +47,6 @@ metadata:
namespace: keycloak
type: kubernetes.io/tls
---
-# Source: keycloak/templates/keycloak-infinispan-configmap.yaml
-# tag::keycloak-ispn-configmap[]
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: kcb-infinispan-cache-config
- namespace: keycloak
-data:
- kcb-infinispan-cache-remote-store-config.xml: |
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
----
# Source: keycloak/templates/keycloak-providers-configmap.yaml
apiVersion: v1
kind: ConfigMap
@@ -743,12 +450,6 @@ spec:
features:
enabled:
- multi-site # <3>
- # tag::keycloak-ispn[]
- cache:
- configMapFile:
- name: kcb-infinispan-cache-config # <1>
- key: kcb-infinispan-cache-remote-store-config.xml # <1>
- # end::keycloak-ispn[]
transaction:
xaEnabled: false # <4>
# tag::keycloak-ispn[]
@@ -765,19 +466,19 @@ spec:
- name: http-pool-max-threads # <6>
value: "200"
# tag::keycloak-ispn[]
- - name: remote-store-host # <2>
+ - name: cache-remote-host # <1>
value: "infinispan.keycloak.svc"
- - name: remote-store-port # <2>
+ - name: cache-remote-port # <2>
value: "11222"
- - name: remote-store-username # <3>
+ - name: cache-remote-username # <3>
secret:
name: remote-store-secret
key: username
- - name: remote-store-password # <3>
+ - name: cache-remote-password # <4>
secret:
name: remote-store-secret
key: password
- - name: spi-connections-infinispan-quarkus-site-name # <4>
+ - name: spi-connections-infinispan-quarkus-site-name # <5>
value: keycloak
# end::keycloak-ispn[]
- name: db-driver
@@ -790,7 +491,7 @@ spec:
podTemplate:
metadata:
annotations:
- checksum/config: ebe9b8c121995f449a1a4e339af244b2bb67769af84b3cbdff61159948447e20-4832924b47210161956e3b1718daf07ff52d801545186a76c391485eaf1897d3--dbc855dd9b7f7c0b828760ea8cd7427e8a2f5a5be303fba7dee0c6bbb68258d4-v1.27.0
+ checksum/config: 385f54cb8e4bf326f6970aa2a0c8e573d35d9071e69ab2baee252728748bca76-4832924b47210161956e3b1718daf07ff52d801545186a76c391485eaf1897d3--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-v1.27.0
spec:
containers:
- env:
diff --git a/docs/guides/high-availability/examples/src/kcb-infinispan-cache-remote-store-config.xml b/docs/guides/high-availability/examples/src/kcb-infinispan-cache-remote-store-config.xml
deleted file mode 100644
index bdf643136f..0000000000
--- a/docs/guides/high-availability/examples/src/kcb-infinispan-cache-remote-store-config.xml
+++ /dev/null
@@ -1,283 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-