diff --git a/.gitignore b/.gitignore
index 3683e58..a15ca75 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,3 +64,5 @@ vagrant/vagrantkey*
 
 # generated openrc
 openrc
+
+tests/.cache*
diff --git a/docker/mariadb/Dockerfile.j2 b/docker/mariadb/Dockerfile.j2
index 1a1969a..33396e3 100644
--- a/docker/mariadb/Dockerfile.j2
+++ b/docker/mariadb/Dockerfile.j2
@@ -9,9 +9,6 @@ RUN apt-get install -y --no-install-recommends \
     && apt-get clean \
     && rm -rf /var/lib/mysql/*
 
-# delme in future
-COPY my.cnf /etc/mysql/my.cnf
-
 COPY mariadb_sudoers /etc/sudoers.d/mariadb_sudoers
 COPY bootstrap.sh /usr/local/bin/bootstrap.sh
 COPY security_reset.expect /usr/local/bin/mysql_security_reset
@@ -20,9 +17,3 @@ RUN chmod 755 /usr/local/bin/bootstrap.sh \
     && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/mariadb_sudoers \
     && usermod -a -G microservices mysql
-
-### delme in future
-ENV DB_ROOT_PASSWORD "password"
-
-USER mysql
-CMD ["bootstrap.sh"]
diff --git a/docker/mariadb/bootstrap.sh b/docker/mariadb/bootstrap.sh
index cac95bc..3914e3b 100644
--- a/docker/mariadb/bootstrap.sh
+++ b/docker/mariadb/bootstrap.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -e
 
 function bootstrap_db {
     mysqld_safe --wsrep-new-cluster &
@@ -13,14 +13,16 @@ function bootstrap_db {
         fi
     done
     echo "mysql_security_reset"
-    sudo -E mysql_security_reset
-    echo "PASSWORD: $DB_ROOT_PASSWORD"
+    sudo -E mysql_security_reset ${DB_ROOT_PASSWORD}
     mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
     mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
-    echo "SHUTDOWN"
     mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
+    wait $(jobs -p)
 }
 
+DB_ROOT_PASSWORD="$1"
+DB_MAX_TIMEOUT="$2"
+
 # Only update permissions if permissions need to be updated
 if [[ $(stat -c %U:%G /var/lib/mysql) != "mysql:mysql" ]]; then
     sudo chown mysql: /var/lib/mysql
@@ -29,6 +31,4 @@ fi
 # Bootstrap
 mysql_install_db
 bootstrap_db
-
-# Run daemon
-mysqld
+touch /tmp/mariadb_ok
diff --git a/docker/mariadb/security_reset.expect b/docker/mariadb/security_reset.expect
index 7b78e3e..8cbf703 100644
--- a/docker/mariadb/security_reset.expect
+++ b/docker/mariadb/security_reset.expect
@@ -1,5 +1,7 @@
 #!/usr/bin/expect -f
 
+set passwd [lindex $argv 0]
+
 set timeout 10
 spawn mysql_secure_installation
 expect {
@@ -19,14 +21,14 @@ expect {
   eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
   "New password:"
 }
-send "$env(DB_ROOT_PASSWORD)\r"
+send "$passwd\r"
 
 expect {
   timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
   eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
   "Re-enter new password:"
 }
-send "$env(DB_ROOT_PASSWORD)\r"
+send "$passwd\r"
 
 expect {
   timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml
new file mode 100644
index 0000000..cf96c0b
--- /dev/null
+++ b/service/files/defaults.yaml
@@ -0,0 +1,5 @@
+configs:
+    db_max_timeout: 60
+    db_root_password: password
+    mariadb_addr: 0.0.0.0
+    mariadb_port: 3306
diff --git a/docker/mariadb/my.cnf b/service/files/my.cnf.j2
similarity index 90%
rename from docker/mariadb/my.cnf
rename to service/files/my.cnf.j2
index 4aa6374..3b1d5a5 100644
--- a/docker/mariadb/my.cnf
+++ b/service/files/my.cnf.j2
@@ -1,6 +1,6 @@
 [mysqld]
-#bind-address={{ mariadb_addr }}
-#port={{ mariadb_port }}
+bind-address = {{ mariadb_addr }}
+port = {{ mariadb_port }}
 
 datadir=/var/lib/mysql/
 log-error=/var/log/mysql.log
diff --git a/service/files/readiness.sh.j2 b/service/files/readiness.sh.j2
new file mode 100644
index 0000000..bc11c21
--- /dev/null
+++ b/service/files/readiness.sh.j2
@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+test -f /tmp/mariadb_ok && nc -z localhost {{ mariadb_port }}
diff --git a/service/mariadb.yaml b/service/mariadb.yaml
new file mode 100644
index 0000000..42043c0
--- /dev/null
+++ b/service/mariadb.yaml
@@ -0,0 +1,26 @@
+service:
+    name: mariadb
+    ports:
+        - mariadb_port
+    probes:
+        readiness: mariadb-readiness.sh
+        liveness: "true"
+    pre:
+        - name: mariadb-bootstrap
+          command: bootstrap.sh {{ db_root_password }} {{ db_max_timeout }}
+          user: mysql
+    daemon:
+        command: mysqld
+        files:
+            - mariadb-my-cnf
+            - mariadb-readiness
+        user: mysql
+
+files:
+    mariadb-my-cnf:
+        path: /etc/mysql/my.cnf
+        content: my.cnf.j2
+    mariadb-readiness:
+        path: /usr/local/bin/mariadb-readiness.sh
+        content: readiness.sh.j2
+        perm: "755"
diff --git a/service/mcp-mysql.yaml.j2 b/service/mcp-mysql.yaml.j2
deleted file mode 100644
index d3c6337..0000000
--- a/service/mcp-mysql.yaml.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: mariadb
-  labels:
-    app: mariadb
-spec:
-  containers:
-    - name: mariadb
-      image: {{ namespace }}/mariadb:{{ tag }}
-      env:
-        - name: DB_ROOT_PASSWORD
-          value: password
-      imagePullPolicy: Always
-      ports:
-        - containerPort: 3306
-          hostPort: 3306
diff --git a/service/service-mysql.yaml.j2 b/service/service-mysql.yaml.j2
deleted file mode 100644
index b2ee5f3..0000000
--- a/service/service-mysql.yaml.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-kind: "Service"
-apiVersion: "v1"
-metadata:
-  name: "openstack-mysql"
-spec:
-  selector:
-    app: "mariadb"
-  ports:
-    -
-      protocol: "TCP"
-      port: 3306
-      targetPort: 3306
diff --git a/test-requirements.txt b/test-requirements.txt
new file mode 100644
index 0000000..85fef07
--- /dev/null
+++ b/test-requirements.txt
@@ -0,0 +1,4 @@
+docker-py
+docker-compose
+requests==2.7.0  # dirty hack for CI
+pytest
diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml
index 2b7b46f..481f3af 100644
--- a/tests/docker-compose.yml
+++ b/tests/docker-compose.yml
@@ -1,6 +1,5 @@
 mariadb:
-    image: mcp/mariadb
-    environment:
-        DB_ROOT_PASSWORD: r00tme
+    image: mariadbbuild/mariadb:latest
     ports:
       - 33306:3306
+    command: "bootstrap.sh r00tme 60 && mysqld"
diff --git a/tests/test_mariadb.py b/tests/test_mariadb.py
index 7d46e01..02326e0 100644
--- a/tests/test_mariadb.py
+++ b/tests/test_mariadb.py
@@ -36,8 +36,7 @@ def test_mysql_is_running():
 
 
 def test_mysql_is_accessible(cli, container):
-    cmd = ("bash -c 'mysql -Ns -h127.0.0.1 -uroot -p$DB_ROOT_PASSWORD"
-           " -e \"SHOW DATABASES\"'")
+    cmd = ("bash -c 'mysql -Ns -h127.0.0.1 -uroot -e \"SHOW DATABASES\"'")
     res = cli.exec_create(container['Id'], cmd)
     out = cli.exec_start(res)
     assert cli.exec_inspect(res)['ExitCode'] == 0
diff --git a/tox.ini b/tox.ini
index 02025d0..5fd89c9 100644
--- a/tox.ini
+++ b/tox.ini
@@ -17,10 +17,7 @@ commands =
 
 [testenv:py27]
 deps =
-    docker-py
-    docker-compose
-    pytest
+    -r{toxinidir}/test-requirements.txt
 changedir={toxinidir}/tests
 commands =
     py.test -vv {posargs}
-