[APPC] Don't hardcode mariadb root password

You should never ever assume that secretpassword is a production
ready password for your mariadb-galera instance. Instead let's
just share a secret with our instance of mariadb-galera.

Issue-ID: OOM-2275
Change-Id: I25486ad81a2ec428dbbd379ab3529c84f55acc4b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>

2 files changed, 2 insertions, 17 deletions

diff --git a/kubernetes/appc/templates/secrets.yaml b/kubernetes/appc/templates/secrets.yaml
index 57311a0077..65a6b24eb7 100644
--- a/kubernetes/appc/templates/secrets.yaml
+++ b/kubernetes/appc/templates/secrets.yaml
@@ -12,16 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.fullname" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
+{{ include "common.secret" . }}
diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml
index 9a62426adb..5ed2970c45 100644
--- a/kubernetes/appc/templates/statefulset.yaml
+++ b/kubernetes/appc/templates/statefulset.yaml
@@ -69,10 +69,7 @@ spec:
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
             - name: MYSQL_ROOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "common.fullname" . }}
-                  key: db-root-password
+              {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
             - name: SDNC_CONFIG_DIR
               value: "{{ .Values.config.configDir }}"
             - name: APPC_CONFIG_DIR