add httpsConnector config

OSGP · Feb 29, 2024 · 6f1a6c2 · 6f1a6c2
1 parent 6223500
commit 6f1a6c2
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 11 deletions.
diff --git a/charts/gxf/config/tomcat/server.xml b/charts/gxf/config/tomcat/server.xml
@@ -1,3 +1,4 @@
+{{- $maxThreads := .Values.maxThreads | default 800 -}}
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
@@ -28,7 +29,7 @@ SPDX-License-Identifier: Apache-2.0
     {{- if .Values.httpdSidecar.enabled }}
     <Connector port="8009"
                protocol="AJP/1.3"
-               maxThreads="800"
+               maxThreads="{{ $maxThreads }}"
                minSpareThreads="10"
                connectionTimeout="10000"
                keepAliveTimeout="10000"
@@ -38,23 +39,24 @@ SPDX-License-Identifier: Apache-2.0
     {{- if or (not .Values.httpdSidecar.enabled) (.Values.httpdSidecar.tomcatHttpEnabled) }}
     <Connector port="8080"
                protocol="HTTP/1.1"
-               maxThreads="800"
+               maxThreads="{{ $maxThreads }}"
                minSpareThreads="10"
                connectionTimeout="10000"
                keepAliveTimeout="10000"
                prestartminSpareThreads="true"
                secretRequired="false" />
     {{- end }}
-    {{- if .Values.tomcatHttpsEnabled }}
-    <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
-                maxThreads="150" SSLEnabled="true" >
+    {{- if .Values.httpsConnector.enabled }}
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+               maxThreads="{{ $maxThreads }}" SSLEnabled="true" >
         <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
         <SSLHostConfig>
             <Certificate certificateKeyFile="/etc/ssl/certs/server.key"
-                          certificateFile="/etc/ssl/certs/server.crt"
-                          caCertificateFile="/etc/ssl/certs/root.crt"
-                          SSLVerifyClient="require"
-                          type="RSA" />
+                         certificateKeyPassword="${CERTIFICATE_KEY_PASSWORD}"
+                         certificateFile="/etc/ssl/certs/server.crt"
+                         caCertificateFile="/etc/ssl/certs/root.crt"
+                         SSLVerifyClient="require"
+                         type="RSA" />
         </SSLHostConfig>
     </Connector>
     {{- end }}

diff --git a/charts/gxf/templates/deployment.yaml b/charts/gxf/templates/deployment.yaml
@@ -56,6 +56,12 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.labels['app']
+        {{- if .Values.httpsConnector.enabled }}
+        - name: CERTIFICATE_KEY_PASSWORD
+          valueFrom:
+            secretKeyRef: {{ .Release.Name }}.apache-server-certs
+            key: server-key-password
+        {{- end }}
         {{- range $key, $value := .Values.extraEnv }}
         - name: {{ $key }}
           value: {{ tpl $value $ | quote }}
@@ -96,7 +102,7 @@ spec:
           subPath: context.xml
         - name: prometheus-probe-script
           mountPath: /usr/local/bin
-        {{- if .Values.tomcatHttpsEnabled }}
+        {{- if .Values.httpsConnector.enabled }}
         - name: server-certs
           mountPath: /certs
         {{- end }}
@@ -197,7 +203,7 @@ spec:
         configMap:
           name: {{ .Release.Name }}-apache
       {{- end }}
-      {{- if or (.Values.tomcatHttpsEnabled) (.Values.httpdSidecar.enabled) }}
+      {{- if .Values.httpsConnector.enabled }}
       - name: server-certs
         secret:
           secretName: {{ .Release.Name }}.apache-server-certs

diff --git a/charts/gxf/values.yaml b/charts/gxf/values.yaml
@@ -55,6 +55,9 @@ resources:
     # secretName: your-secret
     # secretKey: your-secret-key
 
+httpsConnector:
+  enabled: true
+
 httpdSidecar:
   enabled: false
   image: httpd