diff --git a/.drone.yml b/.drone.yml
index 4b08f885..241039a1 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -20,6 +20,7 @@ steps:
     environment:
       TF_VAR_prod: "true"
     commands:
+      - "env"
       - "terraform init"
       - "terraform apply -target=module.kubernetes_cluster -auto-approve"
 
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index ee12705e..fd286d83 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -1,6 +1,21 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
+provider "registry.terraform.io/gavinbunney/kubectl" {
+  version     = "1.10.0"
+  constraints = ">= 1.10.0"
+  hashes = [
+    "h1:x5NHOW8DG0cBE1QmJ/Hl4ktMpeIfkEpoOvnf/kISdBU=",
+    "zh:0786e6cb375e4e6a70220bb67fc3de80c8c30dcb00c0f4f0ec7bb10404a120db",
+    "zh:577347a8334c8cd13215608780e03b77615d211fac64ad6e4356b7f4bb160022",
+    "zh:7d3347690a0b68dca54ae5cc90877cf82069f7ef13517668b17fd37f49c91e8c",
+    "zh:7f4eeae41b22de803ea7bf8977226c2bc0baaf204a4a2a05c421d9358c907808",
+    "zh:8db7a6550374918109d6f445c6c196f02ea3fa2029b882eca186d6e13bd1e4ce",
+    "zh:9c93ad71c3039463cf4345acb781c68d7ce82fe8f8495a94a6b588bf87259e51",
+    "zh:ee94ff2448caee374f3a3e888568d7ff48e6b9438df76f6eb72efa1aadc6391b",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/helm" {
   version = "2.0.2"
   hashes = [
diff --git a/main.tf b/main.tf
index 2be57927..379c4bcf 100644
--- a/main.tf
+++ b/main.tf
@@ -26,12 +26,14 @@ variable "bind_db_viktorbarzin_lan" {}
 variable "bind_named_conf_options" {}
 variable "alertmanager_account_password" {}
 variable "wireguard_wg_0_key" {}
+variable "dbaas_root_password" {}
 variable "drone_github_client_id" {}
 variable "drone_github_client_secret" {}
 variable "drone_rpc_secret" {}
 # variable "dockerhub_password" {}
 variable "oauth_client_id" {}
 variable "oauth_client_secret" {}
+variable "url_shortener_mysql_password" {}
 variable "url_shortener_geolite_license_key" {}
 variable "url_shortener_api_key" {}
 variable "webhook_handler_fb_verify_token" {}
@@ -69,15 +71,6 @@ provider "helm" {
     config_path = var.prod ? "" : "~/.kube/config"
   }
 }
-# provider "kubectl" {
-#   config_path = var.prod ? "" : "~/.kube/config"
-# }
-# provider "kubectl" {
-# host                   = "kubernetes.viktorbarzin.lan"
-# cluster_ca_certificate = base64decode(var.eks_cluster_ca)
-# token                  = data.aws_eks_cluster_auth.main.token
-# load_config_file = true
-# }
 
 # Main module to init infra from
 module "pxe_server" {
@@ -190,6 +183,7 @@ module "k8s_node5" {
 module "kubernetes_cluster" {
   source = "./modules/kubernetes"
 
+  prod            = var.prod
   tls_secret_name = var.tls_secret_name
   # dockerhub_password             = var.dockerhub_password
   client_certificate_secret_name = var.client_certificate_secret_name
@@ -233,4 +227,10 @@ module "kubernetes_cluster" {
 
   url_shortener_geolite_license_key = var.url_shortener_geolite_license_key
   url_shortener_api_key             = var.url_shortener_api_key
+  url_shortener_mysql_password      = var.url_shortener_mysql_password
+
+  # dbaas
+  dbaas_root_password = var.dbaas_root_password
+
+
 }
diff --git a/modules/kubernetes/dbaas/mysql_chart_values.yaml b/modules/kubernetes/dbaas/mysql_chart_values.yaml
index e0a7934d..5dbeb1e8 100644
--- a/modules/kubernetes/dbaas/mysql_chart_values.yaml
+++ b/modules/kubernetes/dbaas/mysql_chart_values.yaml
@@ -1,7 +1,7 @@
 ---
 orchestrator:
-  persistence:
-    enabled: false
+  # persistence:
+    # enabled: false
   ingress:
     enable: false
     hosts:
diff --git a/modules/kubernetes/dbaas/versions.tf b/modules/kubernetes/dbaas/versions.tf
new file mode 100644
index 00000000..89ee8b53
--- /dev/null
+++ b/modules/kubernetes/dbaas/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.10.0"
+    }
+  }
+  required_version = ">= 0.13"
+}
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index c50e3865..1c583373 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -1,3 +1,4 @@
+variable "prod" {}
 variable "tls_secret_name" {}
 variable "client_certificate_secret_name" {}
 variable "hackmd_db_password" {}
@@ -13,6 +14,7 @@ variable "bind_db_viktorbarzin_me" {}
 variable "bind_db_viktorbarzin_lan" {}
 variable "bind_named_conf_options" {}
 variable "alertmanager_account_password" {}
+variable "dbaas_root_password" {}
 variable "drone_github_client_id" {}
 variable "drone_github_client_secret" {}
 variable "drone_rpc_secret" {}
@@ -21,6 +23,7 @@ variable "oauth_client_id" {}
 variable "oauth_client_secret" {}
 variable "url_shortener_geolite_license_key" {}
 variable "url_shortener_api_key" {}
+variable "url_shortener_mysql_password" {}
 variable "webhook_handler_fb_verify_token" {}
 variable "webhook_handler_fb_page_token" {}
 variable "webhook_handler_fb_app_secret" {}
@@ -51,8 +54,10 @@ module "bind" {
 }
 
 module "dbaas" {
-  source          = "./dbaas"
-  tls_secret_name = var.tls_secret_name
+  source              = "./dbaas"
+  prod                = var.prod
+  tls_secret_name     = var.tls_secret_name
+  dbaas_root_password = var.dbaas_root_password
 }
 
 module "descheduler" {
@@ -188,6 +193,7 @@ module "url" {
   tls_secret_name     = var.tls_secret_name
   geolite_license_key = var.url_shortener_geolite_license_key
   api_key             = var.url_shortener_api_key
+  mysql_password      = var.url_shortener_mysql_password
 }
 
 module "webhook_handler" {
diff --git a/modules/kubernetes/url-shortener/versions.tf b/modules/kubernetes/url-shortener/versions.tf
new file mode 100644
index 00000000..89ee8b53
--- /dev/null
+++ b/modules/kubernetes/url-shortener/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.10.0"
+    }
+  }
+  required_version = ">= 0.13"
+}
diff --git a/modules/kubernetes/versions.tf b/modules/kubernetes/versions.tf
index d0e41025..5d7c4592 100644
--- a/modules/kubernetes/versions.tf
+++ b/modules/kubernetes/versions.tf
@@ -3,10 +3,6 @@ terraform {
     kubernetes = {
       source = "hashicorp/kubernetes"
     }
-    # kubectl = {
-    #   source  = "gavinbunney/kubectl"
-    #   version = ">= 1.10.0"
-    # }
   }
   required_version = ">= 0.13"
 }
diff --git a/versions.tf b/versions.tf
index d0e41025..65b30d16 100644
--- a/versions.tf
+++ b/versions.tf
@@ -3,10 +3,10 @@ terraform {
     kubernetes = {
       source = "hashicorp/kubernetes"
     }
-    # kubectl = {
-    #   source  = "gavinbunney/kubectl"
-    #   version = ">= 1.10.0"
-    # }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.10.0"
+    }
   }
   required_version = ">= 0.13"
 }