From 11d2f55e7058c677ae3d55610886d4fe8d18f5de Mon Sep 17 00:00:00 2001
From: Werner Dijkerman <werner.dijkerman@alliander.com>
Date: Thu, 19 Dec 2024 13:42:37 +0100
Subject: [PATCH 1/5] Updating path to certs directory;Failure on
 UpgradeProtocol when using Http11AprProtocol and recommends to use
 Http11NioProtocol

Signed-off-by: Werner Dijkerman <werner.dijkerman@alliander.com>
---
 charts/gxf/config/tomcat/server.xml  | 2 +-
 charts/gxf/templates/deployment.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/gxf/config/tomcat/server.xml b/charts/gxf/config/tomcat/server.xml
index 4564952..1a7ecd9 100644
--- a/charts/gxf/config/tomcat/server.xml
+++ b/charts/gxf/config/tomcat/server.xml
@@ -47,7 +47,7 @@ SPDX-License-Identifier: Apache-2.0
                secretRequired="false" />
     {{- end }}
     {{- if and .Values.httpsConnector.enabled (not .Values.httpdSidecar.enabled) }}
-    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="{{ $maxThreads }}" SSLEnabled="true" >
         <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
         <SSLHostConfig>
diff --git a/charts/gxf/templates/deployment.yaml b/charts/gxf/templates/deployment.yaml
index 8b499f1..89eac72 100644
--- a/charts/gxf/templates/deployment.yaml
+++ b/charts/gxf/templates/deployment.yaml
@@ -112,7 +112,7 @@ spec:
           mountPath: /usr/local/bin
         {{- if .Values.httpsConnector.enabled }}
         - name: server-certs
-          mountPath: /certs
+          mountPath: /etc/ssl/certs
         {{- end }}
         {{- if .Values.extraVolumeMounts }}
         {{- toYaml .Values.extraVolumeMounts | nindent 8 }}

From a4ce1d1c8a3ac9f4ab9e608029db236003d9edbd Mon Sep 17 00:00:00 2001
From: Werner Dijkerman <werner.dijkerman@alliander.com>
Date: Thu, 19 Dec 2024 13:45:24 +0100
Subject: [PATCH 2/5] Updating chart version to newer semver

Signed-off-by: Werner Dijkerman <werner.dijkerman@alliander.com>
---
 charts/gxf/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/gxf/Chart.yaml b/charts/gxf/Chart.yaml
index 5ac46a3..9494efc 100644
--- a/charts/gxf/Chart.yaml
+++ b/charts/gxf/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: gxf
 description: Generic GXF Helm chart
-version: '1.8.3'
+version: '1.8.4'
 icon: https://artwork.lfenergy.org/projects/grid-exchange-fabric/abbrev/color/grid-exchange-fabric-abbrev-color.png
 maintainers:
   - name: OSGP

From f2e9c698d21692d948055125a069a771fa934b16 Mon Sep 17 00:00:00 2001
From: Werner Dijkerman <werner.dijkerman@alliander.com>
Date: Thu, 19 Dec 2024 13:50:28 +0100
Subject: [PATCH 3/5] Updating to newer/allowed Python version as part of the
 CI test

Signed-off-by: Werner Dijkerman <werner.dijkerman@alliander.com>
---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index b6c91bc..3e435a3 100755
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -20,7 +20,7 @@ jobs:
         
       - uses: actions/setup-python@v4
         with:
-          python-version: 3.7
+          python-version: 3.11
         
       - name: Set up chart-testing
         uses: helm/chart-testing-action@v2.1.0

From 1677a8da59d6aa9b6164be32f63d6dfcc4c275ee Mon Sep 17 00:00:00 2001
From: Werner Dijkerman <werner.dijkerman@alliander.com>
Date: Thu, 19 Dec 2024 16:55:44 +0100
Subject: [PATCH 4/5] Added missing port for tls

Signed-off-by: Werner Dijkerman <werner.dijkerman@alliander.com>
---
 charts/gxf/templates/deployment.yaml | 5 +++++
 charts/gxf/templates/service.yaml    | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/charts/gxf/templates/deployment.yaml b/charts/gxf/templates/deployment.yaml
index 89eac72..36676c5 100644
--- a/charts/gxf/templates/deployment.yaml
+++ b/charts/gxf/templates/deployment.yaml
@@ -92,6 +92,11 @@ spec:
             name: http
             protocol: TCP
         {{- end }}
+        {{- if .Values.httpsConnector.enabled }}
+          - containerPort: 8443
+            name: https
+            protocol: TCP
+        {{- end }}
         {{- range .Values.extraPorts }}
           - containerPort: {{ .port }}
             name: {{ .name }}
diff --git a/charts/gxf/templates/service.yaml b/charts/gxf/templates/service.yaml
index 3738e5a..e1d2be0 100644
--- a/charts/gxf/templates/service.yaml
+++ b/charts/gxf/templates/service.yaml
@@ -12,6 +12,11 @@ spec:
       port: 443
       targetPort: https
     {{- end }}
+    {{- if .Values.httpsConnector.enabled }}
+    - name: https
+      port: 8443
+      targetPort: https
+    {{- end }}
     {{- range .Values.extraServicePorts }}
     - name: {{ $.Release.Name }}-{{ .name }}
       port: {{ .port }}

From fbcda4db1abcaf70bc33d928d173a193c4bf131e Mon Sep 17 00:00:00 2001
From: Werner Dijkerman <werner.dijkerman@alliander.com>
Date: Fri, 20 Dec 2024 09:13:28 +0100
Subject: [PATCH 5/5] Changing paths back to /certs to not override system wide
 certificaties

Signed-off-by: Werner Dijkerman <werner.dijkerman@alliander.com>
---
 charts/gxf/config/tomcat/server.xml  | 6 +++---
 charts/gxf/templates/deployment.yaml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/charts/gxf/config/tomcat/server.xml b/charts/gxf/config/tomcat/server.xml
index 1a7ecd9..34db344 100644
--- a/charts/gxf/config/tomcat/server.xml
+++ b/charts/gxf/config/tomcat/server.xml
@@ -51,11 +51,11 @@ SPDX-License-Identifier: Apache-2.0
                maxThreads="{{ $maxThreads }}" SSLEnabled="true" >
         <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
         <SSLHostConfig>
-            <Certificate certificateKeyFile="/etc/ssl/certs/server.key"
+            <Certificate certificateKeyFile="/certs/server.key"
                          certificateKeyPassword="${CERTIFICATE_KEY_PASSWORD}"
-                         certificateFile="/etc/ssl/certs/server.crt"
+                         certificateFile="/certs/server.crt"
                          {{- if .Values.httpsConnector.clientAuthEnabled }}
-                         caCertificateFile="/etc/ssl/certs/root.crt"
+                         caCertificateFile="/certs/root.crt"
                          SSLVerifyClient={{ .Values.httpsConnector.SSLVerifyClient | default "optional" | quote }}
                          {{- end }}
                          type="RSA" />
diff --git a/charts/gxf/templates/deployment.yaml b/charts/gxf/templates/deployment.yaml
index 36676c5..086948a 100644
--- a/charts/gxf/templates/deployment.yaml
+++ b/charts/gxf/templates/deployment.yaml
@@ -117,7 +117,7 @@ spec:
           mountPath: /usr/local/bin
         {{- if .Values.httpsConnector.enabled }}
         - name: server-certs
-          mountPath: /etc/ssl/certs
+          mountPath: /certs
         {{- end }}
         {{- if .Values.extraVolumeMounts }}
         {{- toYaml .Values.extraVolumeMounts | nindent 8 }}