---
## [DBOD Operator](https://gitlab.cern.ch/drupal/paas/dbod-operator)
<br />
<br />
<br />
Konstantinos Samaras-Tsakiris
#### **IT-CDA-WF**
---
## Scope
Handle requests to create _MySQL_ DB and manage DB users at existing DBOD hosts
---
## User roles
1. DBOD Instance admin:
- provides DBOD credentials
1. DB User:
- requests DB with a `DBODRegistration`
----
### DBODRegistration
```yaml
apiVersion: dbod.cern/v1alpha1
kind: DBODRegistration
metadata:
name: example-dbodregistration
namespace: example
spec:
dbodInstanceName: dbod-kosamara-drupaldev1
dbName: db1
dbUser: user3
# Ad-hoc labels passed to the generated DB credentials
registrationLabels:
drupalSite: 'examplesite'
```
----
### `DB User` flow
```sequence
Note right of DB User: `DBODRegistration`
DB User->DBOD operator: dbodName=dbod1, dbName=db1, dbUser=u3
DBOD operator->k8s: lookup credentials for `dbod1`
k8s-->DBOD operator: <returns DBOD credentials>
Note right of DBOD operator: performs DBOD actions
DBOD operator-->DB User: <returns DB credentials>
```
----
### `DBOD instance admin` flow
Create DBOD admin credentials
- Local: usable only by `DBODRegistration` in the _same namespace_
- `DBODRegistration` namespace
- Global: secret, but usable by any `DBODRegistration`
- fallback
- operator's namespace
----
DBOD admin credentials
```yaml
apiVersion: v1
kind: Secret
metadata:
labels:
dbodInstance: dbod-kosamara-drupaldev1
name: dbod-admin-cred-rdfgod
namespace: dbod-operator
data:
DBODAdminPassword: ...
DBODAdminUser: ...
DBODInstanceHostname: ...
DBODPort: ...
```
----
### `DB User` flow: local/global credentials
```sequence
Note right of DB User: `DBODRegistration`
DB User->DBOD operator: dbodName=dbod1, dbName=db1, dbUser=u3
DBOD operator->k8s: lookup "local" credentials for `dbod1`
k8s->DBOD operator: not found in NS
DBOD operator->k8s: lookup "global" credentials for `dbod1`
k8s-->DBOD operator: <returns DBOD credentials>
Note right of DBOD operator: performs DBOD actions
DBOD operator-->DB User: <returns DB credentials>
```
---
## Policy
[Registrations in different namespaces should not be able to create the same DBs or Users](https://gitlab.cern.ch/drupal/paas/dbod-operator/issues/4)
### OPA
---
## Deploy: [Helm chart](https://gitlab.cern.ch/drupal/paas/helmcharts-dev/tree/master/dbod-operator)
---
## Development
Operator SDK with Ansible
Ansible: Not very intuitive (personal experience)
---
## Links
[DBOD Operator](https://gitlab.cern.ch/drupal/paas/dbod-operator)
[Helm chart](https://gitlab.cern.ch/drupal/paas/helmcharts-dev/tree/master/dbod-operator)
---
## Long term
Instead of operator, DBOD provide a REST API and maybe [OpenServiceBroker](https://kubernetes.io/docs/concepts/extend-kubernetes/service-catalog/)
---
{"type":"slide","title":"DBOD Operator","tags":"presentation","slideOptions":{"theme":"cern5","transition":"fade","transitionSpeed":"fast"}}