[CPS] Security logging fields

[oom.git] / kubernetes / cps / components / cps-core / templates / deployment.yaml

diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml
index e6ee161..3684aab 100644 (file)
--- a/kubernetes/cps/components/cps-core/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml
@@ -1,7 +1,7 @@
 {{/*
 # Copyright (C) 2021 Pantheon.tech, Orange
 # Modifications Copyright (C) 2021 Bell Canada.
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -57,7 +57,10 @@ spec:
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
           - name: DMI_PASSWORD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
-
+          {{- if .Values.config.useStrimziKafka }}
+          - name: JAASLOGIN
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+          {{- end }}
         volumeMounts:
           - mountPath: /config-input
             name: init-data-input
@@ -85,9 +88,33 @@ spec:
             path: {{ .Values.readiness.path }}
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
+        startupProbe:
+          httpGet:
+            path: {{ .Values.startup.path }}
+            port: {{ .Values.startup.port }}
+          failureThreshold: {{ .Values.startup.failureThreshold }}
+          periodSeconds: {{ .Values.startup.periodSeconds }}
         env:
           - name: SPRING_PROFILES_ACTIVE
             value: {{ .Values.config.spring.profile }}
+          - name: DB_USERNAME
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+          - name: DB_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+          - name: LIQUIBASE_LABELS
+            value: {{ .Values.config.liquibaseLabels }}
+          - name: CPS_USERNAME
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+          - name: CPS_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+          - name: DMI_USERNAME
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
+          - name: DMI_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
+          {{- if .Values.config.useStrimziKafka }}
+          - name: JAASLOGIN
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+          {{- end }}
         resources: {{ include "common.resources" . | nindent 10 }}
         {{- if .Values.nodeSelector }}
         nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
@@ -99,8 +126,8 @@ spec:
           - mountPath: /app/resources/application-helm.yml
             subPath: application-helm.yml
             name: init-data
-          - mountPath: /app/resources/logback.xml
-            subPath: logback.xml
+          - mountPath: /app/resources/logback-spring.xml
+            subPath: logback-spring.xml
             name: init-data
           - mountPath: /tmp
             name: init-temp