[VFC] Use common secret template for DB root password

Issue-ID: VFC-1600
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I9f83c6f6eaace60c3e974218810e5943c5758c06
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
index f5fc284..e70bf0e 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
@@ -37,7 +37,7 @@
         - /root/ready.py
         args:
         - --container-name
-        - vfc-mariadb
+        - {{ .Values.config.mariadbService }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -49,6 +49,11 @@
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
+          command:
+            - sh
+          args:
+            - -c
+            - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
@@ -75,11 +80,14 @@
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
-              value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+              value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
             - name: REDIS_ADDR
               value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
-            - name: MYSQL_AUTH
-              value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+            - name: MYSQL_ROOT_USER
+              value: "{{ .Values.global.config.mariadb_admin }}"
+            - name: MYSQL_ROOT_PASSWORD
+              {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml
new file mode 100644
index 0000000..d053c48
--- /dev/null
+++ b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml
index 9c51d66..1a64402 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml
@@ -23,6 +23,16 @@
   loggingImage: beats/filebeat:5.5.0
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: "db-root-pass"
+    externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+    type: password
+    password: '{{ .Values.config.mariadbRootPassword }}'
+    policy: required
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -39,7 +49,12 @@
 debugEnabled: false
 
 # application configuration
-config: {}
+config:
+  mariadbService: vfc-mariadb
+  mariadbPort: 3306
+  # mariadbRootPassword: secretpassword
+  # mariadbRootPasswordExternalSecret: some secret
+
 
 # default number of instances
 replicaCount: 1
@@ -88,4 +103,4 @@
     requests:
       cpu: 200m
       memory: 500Mi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}