[APPC] Don't hardcode mariadb root password

You should never ever assume that secretpassword is a production ready password for your mariadb-galera instance. Instead let's just share a secret with our instance of mariadb-galera. Issue-ID: OOM-2275 Change-Id: I25486ad81a2ec428dbbd379ab3529c84f55acc4b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
author: Krzysztof Opasiak <k.opasiak@samsung.com> 2020-01-23 11:49:25 +0100
committer: Krzysztof Opasiak <k.opasiak@samsung.com> 2020-02-01 00:10:01 +0100
commit: e74ed5cd24df70e1e9b137eadf8e32d5c89f236b (patch)
tree: 09e2881a74abd0833dd7328364c6a666dbeba67c /kubernetes/appc/templates/statefulset.yaml
parent: 3ed9c940d61526344303ad29d9ce1dc50eb4117a (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml
index 9a62426adb..5ed2970c45 100644
--- a/kubernetes/appc/templates/statefulset.yaml
+++ b/kubernetes/appc/templates/statefulset.yaml
@@ -69,10 +69,7 @@ spec:
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
             - name: MYSQL_ROOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "common.fullname" . }}
-                  key: db-root-password
+              {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
             - name: SDNC_CONFIG_DIR
               value: "{{ .Values.config.configDir }}"
             - name: APPC_CONFIG_DIR
author	Krzysztof Opasiak <k.opasiak@samsung.com>	2020-01-23 11:49:25 +0100
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	2020-02-01 00:10:01 +0100
commit	e74ed5cd24df70e1e9b137eadf8e32d5c89f236b (patch)
tree	09e2881a74abd0833dd7328364c6a666dbeba67c /kubernetes/appc/templates/statefulset.yaml
parent	3ed9c940d61526344303ad29d9ce1dc50eb4117a (diff)