DSM API Guide for VCF Automation Tenant User

Overview

As a tenant user, you can create and manage DSM database instances (Postgres clusters, MySQL clusters, and SQL Server databases) within your assigned namespaces, subject to the constraints defined by your organization’s Data Service Policies.

For the full API reference, see the DSM Kubernetes API.

Configure DSM API Client

The VCF CLI simplifies accessing VCF Automation resources and automatically configures your kubeconfig to interact with DSM Kubernetes APIs for your tenant namespaces.

Prerequisites

Install the VCF CLI.
Obtain a VCF Automation API token. For details on obtaining tokens, refer to the VCF Automation documentation.

Create VCF CLI Context

Create a VCF CLI context using your VCF Automation endpoint, tenant name, and API token:

vcf context create my-vcfa-context \
  --endpoint https://{vcfa_host} \
  --tenant-name {tenant_name} \
  --api-token {api_token} \
  --type cci

Note: If your endpoint uses a self-signed certificate, you can append the --insecure-skip-tls-verify flag or provide a CA bundle with --ca-certificate /path/to/cert.

When you create a context with a VCF Automation endpoint, a primary context is created. Additionally, if you have permissions to access namespaces within VCF Automation, the CLI automatically generates additional contexts for each of those namespaces in the format {context_name}:{namespace_name}:{project_name}.

Access Tenant Namespace

List all available contexts to find your automatically generated namespace context:

vcf context list

Switch to your target namespace context:

vcf context use my-vcfa-context:{namespace_name}:{project_name}

Once the context is set, the VCF CLI automatically configures your local kubeconfig. You can now use kubectl (the Kubernetes command-line tool) to manage DSM resources within your namespace.

DataServicePolicyBinding

Before creating any database instance, inspect the DataServicePolicyBinding named binding in your namespace. Its status field enumerates all resources and configurations permitted in this namespace — including allowed infrastructure policies, backup locations, database versions, and SQL Server cluster placements.

The following kubectl command retrieves the full binding resource in YAML format:

kubectl -n {vcfa_namespace_name} get DataServicePolicyBinding binding -oyaml

The status field aggregates all matching DataServicePolicy resources defined by the provider administrator. Use the values in status to construct valid database resources. Requests that reference disallowed resources or configurations will be rejected.

For the full field reference of DataServicePolicyBinding, see the DSM Kubernetes API.

Note: The DataServicePolicyBinding is always named binding. It is automatically created by the Consumption Operator in each tenant namespace, regardless of whether any policy matches. When a namespace matches a policy’s matchCriteria, the binding’s status is automatically updated to reflect the aggregated permissions from all matched policies. Do not modify it directly.

DSM Database Resource Types

The following DSM database resource types are available in tenant namespaces. Full field specifications are available on the DSM Kubernetes API.

DatabaseConfig — custom database engine parameter configuration, referenced by a database cluster
PostgresCluster — a managed Postgres cluster instance
ArchivedPostgresCluster — an archive of a deleted Postgres cluster, used for restore
PostgresClusterBackup — an on-demand backup of a Postgres cluster
MySQLCluster — a managed MySQL cluster instance
ArchivedMySQLCluster — an archive of a deleted MySQL cluster, used for restore
SQLServerDatabase — a managed SQL Server database placed on a provider-provisioned SQL Server cluster
ArchivedSQLServerDatabase — an archive of a deleted SQL Server database, used for restore

API Samples

To provision a database resource, please refer to the API samples provided in the API Samples documentation.