New scenario to claim a service

[cmoulliard]

New scenario to claim a service

Here is how I think we should manage on the new platform the Service and Credentials binding :

1. When an application requires to access a service AND to get the needed credentials + URL, then they will post a ServiceClaim (e.g: Postgresql, version 10, namespace x.y.z or cluster A)
2. The ServiceBox will query the Skupper VAN to figure out if a service of type + version matching the criteria exist (one of the endpoints)
3. If a Skupper endpoint exists, then the URL will be returned
4. If no skupper endpoint exists, then a service could be instantiated if the KCP registry contains a service of type + version (= GVK)
5. kcp and skupper creates an instance in a cluster (or when specified within the target cluster and/or namespace) and register the endpoint
6. Ideally, we should use a system like (https://www.vaultproject.io/docs/secrets/databases) able to generate/populate the credentials of the service and to register them using the service ADMIN. Why: Many customers will never accept that a kubernetes controller generates a user/pwd, create a k8s secret BUT instead will prefer to have control over apps/users having credentials + if they can write/read/....
7. The ServiceClaim is updated with the information: URL + credentials and SBO will then been able to mount the data within the pod/deployment/etc resource

Remark: The step 6 is definitively the most challenging !!