Add Tomcat HTTPS connector (#123)

Signed-off-by: Marcel Jansen <[email protected]>

charts/gxf/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: gxf
 description: Generic GXF Helm chart
-version: '1.5.36'
+version: '1.5.37'
 icon: https://artwork.lfenergy.org/projects/grid-exchange-fabric/abbrev/color/grid-exchange-fabric-abbrev-color.png
 maintainers:
   - name: OSGP

charts/gxf/config/tomcat/server.xml

@@ -1,3 +1,4 @@
+{{- $maxThreads := .Values.maxThreads | default 800 -}}
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
@@ -28,7 +29,7 @@ SPDX-License-Identifier: Apache-2.0
     {{- if .Values.httpdSidecar.enabled }}
     <Connector port="8009"
                protocol="AJP/1.3"
-               maxThreads="800"
+               maxThreads="{{ $maxThreads }}"
                minSpareThreads="10"
                connectionTimeout="10000"
                keepAliveTimeout="10000"
@@ -38,13 +39,27 @@ SPDX-License-Identifier: Apache-2.0
     {{- if or (not .Values.httpdSidecar.enabled) (.Values.httpdSidecar.tomcatHttpEnabled) }}
     <Connector port="8080"
                protocol="HTTP/1.1"
-               maxThreads="800"
+               maxThreads="{{ $maxThreads }}"
                minSpareThreads="10"
                connectionTimeout="10000"
                keepAliveTimeout="10000"
                prestartminSpareThreads="true"
                secretRequired="false" />
     {{- end }}
+    {{- if .Values.httpsConnector.enabled }}
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+               maxThreads="{{ $maxThreads }}" SSLEnabled="true" >
+        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+        <SSLHostConfig>
+            <Certificate certificateKeyFile="/etc/ssl/certs/server.key"
+                         certificateKeyPassword="${CERTIFICATE_KEY_PASSWORD}"
+                         certificateFile="/etc/ssl/certs/server.crt"
+                         caCertificateFile="/etc/ssl/certs/root.crt"
+                         SSLVerifyClient="require"
+                         type="RSA" />
+        </SSLHostConfig>
+    </Connector>
+    {{- end }}
 
     <Engine name="Catalina" defaultHost="localhost">
 

charts/gxf/templates/deployment.yaml

@@ -56,6 +56,12 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.labels['app']
+        {{- if .Values.httpsConnector.enabled }}
+        - name: CERTIFICATE_KEY_PASSWORD
+          valueFrom:
+            secretKeyRef: {{ .Release.Name }}.apache-server-certs
+            key: server-key-password
+        {{- end }}
         {{- range $key, $value := .Values.extraEnv }}
         - name: {{ $key }}
           value: {{ tpl $value $ | quote }}
@@ -96,6 +102,10 @@ spec:
           subPath: context.xml
         - name: prometheus-probe-script
           mountPath: /usr/local/bin
+        {{- if .Values.httpsConnector.enabled }}
+        - name: server-certs
+          mountPath: /certs
+        {{- end }}
         {{- if .Values.extraVolumeMounts }}
         {{- toYaml .Values.extraVolumeMounts | nindent 8 }}
         {{- end }}
@@ -147,7 +157,7 @@ spec:
         - name: apache-config
           mountPath: /usr/local/apache2/conf/extra/vhosts.conf
           subPath: vhosts.conf
-        - name: apache-server-certs
+        - name: server-certs
           mountPath: /certs
         {{- if .Values.httpdSidecar.extraVolumeMounts }}
         {{- toYaml .Values.httpdSidecar.extraVolumeMounts | nindent 8 }}
@@ -192,7 +202,9 @@ spec:
       - name: apache-config
         configMap:
           name: {{ .Release.Name }}-apache
-      - name: apache-server-certs
+      {{- end }}
+      {{- if .Values.httpsConnector.enabled }}
+      - name: server-certs
         secret:
           secretName: {{ .Release.Name }}.apache-server-certs
           defaultMode: 0555

charts/gxf/values.yaml

@@ -55,6 +55,9 @@ resources:
     # secretName: your-secret
     # secretKey: your-secret-key
 
+httpsConnector:
+  enabled: false
+
 httpdSidecar:
   enabled: false
   image: httpd