Docs Menu
Docs Home
/
MongoDB Atlas
/
MongoDB Atlas Kubernetes Operator
/
Custom Resources

AtlasNetworkContainer Custom Resource

On this page

  • Examples
  • Basic Example
  • Independent CRD Example
  • Parameters

The AtlasNetworkContainer custom resource defines a network container for a Atlas project. You create VPC peering connections between network containers and the networks hosting your applications.

Important

Custom Resources No Longer Delete Objects by Default

  • Atlas Kubernetes Operator uses custom resource configuration files to manage your Atlas configuration, but as of Atlas Kubernetes Operator 2.0, custom resources you delete in Kubernetes are no longer (by default) deleted in Atlas. Instead, Atlas Kubernetes Operator simply stops managing those resources in Atlas. For example, if you delete an AtlasProject Custom Resource in Kubernetes, by default the Atlas Kubernetes Operator no longer automatically deletes the corresponding project from Atlas. This change in behavior is intended to help prevent accidental or unexpected deletions. To learn more, including how to revert this behavior to the default used prior to Atlas Kubernetes Operator 2.0, see New Default: Deletion Protection in Atlas Kubernetes Operator 2.0.

    Similarly, Atlas Kubernetes Operator does not delete teams from Atlas if you remove them from an Atlas project in Kubernetes with the Atlas Kubernetes Operator.

  • Explicitly define your desired configuration details in order to avoid implicitly using default Atlas configuration values. In some cases, inheriting Atlas defaults may result in a reconciliation loop which can prevent your custom resource from achieving a READY state. For example, explicitly defining your desired autoscaling behavior in your AtlasDeployment custom resource, as shown in the included example, ensures that a static instance size in your custom resource is not being repeatedly applied to an Atlas deployment which has autoscaling enabled.

    autoScaling:
      diskGB:
        enabled: true
      compute:
        enabled: true
        scaleDownEnabled: true
        minInstanceSize: M30
        maxInstanceSize: M40

Atlas Kubernetes Operator does one of the following actions using the Atlas Network Peering API Resource:

  • Creates a new network container.

  • Updates an existing network container.

Examples

The following examples illustrate configurations for AtlasNetworkContainer CRDs.

  • The basic example configuration defines a resource that you manage with the same Atlas Kubernetes Operator instance with which you manage its parent Atlas project.

  • The Independent CRD example configures the same network container as the basic example, but for a Atlas project that you manage outside of the Atlas Kubernetes Operator instance with which you manage the network container.

Basic Example

The following shows an AtlasNetworkContainer custom resource for a container named my-atlas-nc that allows you to create a VPC peering connection between Atlas and AWS within the my-project project. To manage this resource in the same Atlas Kubernetes Operator instance as its parent Atlas project, you must identify the project with projectRef instead of externalProjectRef.

apiVersion: atlas.mongodb.com/v1
kind: AtlasNetworkContainer
metadata:
  name: my-atlas-nc
spec:
  projectRef:
    name: my-project
    namespace: my-operator-namespace
  provider: AWS
  id: 66e2f2b7e69a89b66b621571
  cidrBlock: 10.11.0.0/16
  region: US_EAST_1

Independent CRD Example

The following example shows an AtlasNetworkContainer independent CRD that enables VPC peering under the same parameters enabled by the Basic Example. To enable independent operation, you must use an externalProjectRef instead of a projectRef, and you must supply a connectionSecret directly since this resource can't inherit API credentials from its parent project.

apiVersion: atlas.mongodb.com/v1
kind: AtlasNetworkContainer
metadata:
  name: my-atlas-nc
spec:
  externalProjectRef:
    projectId: 66e2f2b621571b7e69a89b66
  connectionSecret:
    name: atlas-connection-secret
  provider: AWS
  id: 66e2f2b7e69a89b66b621571
  cidrBlock: 10.11.0.0/16
  region: US_EAST_1

Parameters

This section describes the AtlasNetworkContainer parameters available in this custom resource definition.

metadata.name

Type: string

Required

Name that the AtlasNetworkContainer Custom Resource uses to add this network container to a project.

metadata.namespace

Type: string

Optional

Namespace other than default that you want to contain the AtlasNetworkContainer custom resource.

spec.connectionSecret.name

Type: string

Conditional

Name of the opaque secret that contains the organization ID and API keys that Atlas Kubernetes Operator uses to connect to Atlas. If unspecified, Atlas Kubernetes Operator defaults to one of the following options:

  • The spec.connectionSecretRef.name parameter of the parent atlasProject

  • The default global secret, if you haven't defined the spec.connectionSecretRef.name for the parent atlasProject

This parameter is required for independent CRDs.

Atlas Kubernetes Operator watches secrets only with the label atlas.mongodb.com/type=credentials to avoid watching unnecessary secrets.

The following example labels a secret:

kubectl label secret the-user-password atlas.mongodb.com/type=credentials
spec.externalProjectRef.id

Type: string

Conditional

ID of the project to which the network container belongs. You must specify the project ID of an existing Atlas Project. You must specify this parameter for network containers that belong to projects managed by either:

  • A different instance of Atlas Kubernetes Operator

  • Tooling other than Atlas Kubernetes Operator

For deployments that belong to projects managed by the same instance of Atlas Kubernetes Operator, use spec.projectRef.name. These parameters are mutually exclusive with each other.

spec.projectRef.name

Type: string

Conditional

Name of the project to which the network container belongs. You must specify an existing AtlasProject Custom Resource. This parameter applies only to network containers that belong to projects managed by the same instance Atlas Kubernetes Operator.

For network containers that belong to projects managed by either:

  • a different instance of Atlas Kubernetes Operator

  • tooling other than Atlas Kubernetes Operator

use spec.externalProjectRef.id. These parameters are mutually exclusive with each other.

spec.projectRef.namespace

Type: string

Conditional

Namespace in which the AtlasProject Custom Resource specified in spec.projectRef.name exists.

Don't set this parameter for deployments that belong to projects managed by either:

  • a different instance of Atlas Kubernetes Operator

  • tooling other than Atlas Kubernetes Operator

spec.provider

Type: string

Required

Cloud provider with which to support a VPC peering connection. Must be one of the following:

  • AWS

  • Azure

  • GCP

spec.id

Type: string

Conditional

Unique identifier of the existing network container within Atlas. This parameter is required for and limited to scenarios in which Atlas Kubernetes Operator manages a pre-existing network peering container.

spec.cidrBlock

Type: string

Required

CIDR block of your Atlas network container.

spec.region

Type: string

Conditional

Atlas region within which to host the network container. Must conform to the Atlas format for hosting regions. This parameter is required for and limited to AWS and Azure network containers.

Back

AtlasIPAccessList

Next

AtlasPrivateEndpoint