ProficientNowTechRFCs
Platform RFCs/RFC-DEVELOPER-PLATFORM-0001: Developer Platform Architecture

9. Database Provisioning

RFC-DEVELOPER-PLATFORM-0001                                       Section 9
Category: Standards Track                          Database Provisioning

9. Database Provisioning

← Permission Model | Index | Next: Access Management →

9.1 Supported Databases

9.1.1 Database Types

The platform supports self-service provisioning of the following databases:

DatabaseUse CasesOperator
PostgreSQLRelational data, ACID transactionsCloudNativePG, Zalando, StackGres
MongoDBDocument storage, flexible schemasPercona Everest
ClickHouseAnalytics, time-series, OLAPClickHouse Operator
RedisCaching, session storageRedis Operator

9.1.2 Feature Matrix

FeaturePostgreSQLMongoDBClickHouseRedis
HA configurationYesYesYesYes
Automated backupYesYesYesYes
Point-in-time recoveryYesYesLimitedNo
Connection poolingYesYesNoNo
Read replicasYesYesYesYes

9.1.3 Resource Types

Each database type creates catalog Resource entities:

Catalog TypeDescription
databaseDatabase instance
database-clusterMulti-node cluster
database-replicaRead replica

9.2 Environment Tiers

9.2.1 Tier Definitions

TierPurposeCharacteristics
DevelopmentFeature development, testingSingle replica, minimal resources
StagingPre-production validationProduction-like, reduced resources
ProductionLive workloadsFull HA, production resources

9.2.2 Tier Configurations

ConfigurationDevelopmentStagingProduction
Replicas123+
Backup frequencyDailyDailyContinuous
Resource limitsLowMediumAs required
Self-serviceFullFullApproval required

9.2.3 Tier Selection

Selection CriteriaTier
Feature branch testingDevelopment
Integration testingStaging
Production workloadProduction

9.3 Provisioning Workflow

9.3.1 Workflow Overview

9.3.2 Workflow Steps

StepActionActor
RequestDeveloper selects database templateDeveloper
ValidateCheck permissions, quotasPortal
TemplateExecute scaffolder templatePortal
GenerateCreate Crossplane claim YAMLScaffolder
CommitCommit to GitOps repositoryScaffolder
SyncArgoCD syncs resourcesArgoCD
ProvisionDatabase operator provisionsOperator
ReadyDatabase availableOperator
CatalogUpdate resource entityDiscovery

9.3.3 Approval Workflow

Per Invariant 6, production databases require approval:

EnvironmentApproval Required
DevelopmentNo
StagingNo
ProductionYes

9.4 Crossplane Integration

9.4.1 Claim Pattern

Database provisioning uses Crossplane claims:

ComponentPurpose
XRDComposite resource definition
CompositionResource composition logic
ClaimDeveloper request interface
XRComposed resources

9.4.2 Claim Structure

Claims include the following parameters:

ParameterDescriptionRequired
nameDatabase nameYes
environmentdev, staging, prodYes
sizeResource tierYes
storageStorage allocationYes
replicasNumber of replicasEnvironment-dependent
backupBackup configurationEnvironment-dependent

9.4.3 Provisioning Flow

9.5 Credential Management

9.5.1 Credential Flow

Per Invariant 9, database credentials MUST be short-lived:

Credential TypeSourceLifetime
Admin credentialsVault dynamic secretsShort-lived
Application credentialsVault dynamic secretsApplication rotation policy
Developer accessTeleport + VaultSession-based

9.5.2 Vault Integration

IntegrationPurpose
Dynamic secretsGenerate credentials on demand
RotationAutomated credential rotation
AuditCredential access logging

9.5.3 Connection Information

Connection details are available through:

MethodUse Case
Portal displayDeveloper access (via Teleport)
ExternalSecretApplication access
Vault pathProgrammatic access

9.6 Database Operations

9.6.1 Available Operations

OperationSelf-ServiceDescription
View statusFullDatabase health, metrics
View backupsFullBackup history, schedule
Restore (dev)FullRestore from backup
Restore (prod)ApprovalPer Invariant 11
ScaleApproval (prod)Modify resources
Delete (dev)FullRemove database
Delete (prod)ApprovalRemove database

9.6.2 Backup Management

CapabilityDescription
View scheduleSee backup frequency
View historyList available backups
View statusLast backup success/failure

9.6.3 Monitoring Integration

Metric TypeSource
Connection countOperator metrics
Query performanceDatabase metrics
Storage usagePVC metrics
Replication lagOperator metrics

9.7 Database Access

9.7.1 Access Methods

MethodDescription
TeleportJIT access with session recording
Direct connectionShort-lived credentials
Web consolePgAdmin, Mongo Express

9.7.2 Access Workflow

Access to databases follows the JIT model defined in Section 10:

StepAction
RequestDeveloper requests access
ApprovalIf required, approval workflow
CredentialTeleport/Vault issues credential
AccessDeveloper connects
RecordingSession recorded
ExpiryCredential expires

Document Navigation

PreviousIndexNext
← 8. Permission ModelTable of Contents10. Access Management →

End of Section 9 — RFC-DEVELOPER-PLATFORM-0001

Next

8. Permission Model

Next

10. Access Management

On this page