/ /

Custom Resources

Docs Home

Management

Atlas Kubernetes Operator

Custom Resources

Docs Home

Management

Atlas Kubernetes Operator

Custom Resources

`AtlasNetworkPeering` Custom Resource

Important

Legacy subresources are deprecated as of the release of their corresponding CRDs. If your configuration currently relies on the subresource form of this resource definition, migrate to a CRD.

The AtlasNetworkPeering custom resource defines a network peering connection for a Atlas project. Network peering connections isolate traffic from public networks for added security.

Important

Custom Resources No Longer Delete Objects by Default

Atlas Kubernetes Operator uses custom resource configuration files to manage your Atlas configuration, but as of Atlas Kubernetes Operator 2.0, custom resources you delete in Kubernetes are no longer (by default) deleted in Atlas. Instead, Atlas Kubernetes Operator simply stops managing those resources in Atlas. For example, if you delete an AtlasProject Custom Resource in Kubernetes, by default the Atlas Kubernetes Operator no longer automatically deletes the corresponding project from Atlas. This change in behavior is intended to help prevent accidental or unexpected deletions. To learn more, including how to revert this behavior to the default used prior to Atlas Kubernetes Operator 2.0, see New Default: Deletion Protection in Atlas Kubernetes Operator 2.0.
Similarly, Atlas Kubernetes Operator does not delete teams from Atlas if you remove them from an Atlas project in Kubernetes with the Atlas Kubernetes Operator.

Explicitly define your desired configuration details in order to avoid implicitly using default Atlas configuration values. In some cases, inheriting Atlas defaults may result in a reconciliation loop which can prevent your custom resource from achieving a READY state. For example, explicitly defining your desired autoscaling behavior in your AtlasDeployment custom resource, as shown in the included example, ensures that a static instance size in your custom resource is not being repeatedly applied to an Atlas deployment which has autoscaling enabled.

autoScaling:
  diskGB:
    enabled: true
  compute:
    enabled: true
    scaleDownEnabled: true
    minInstanceSize: M30
    maxInstanceSize: M40

Atlas Kubernetes Operator does one of the following actions using the Atlas Network Peering API Resource:

Creates a new network peering connection.
Updates an existing network peering connection.

Note

A network peering connection can belong only to one project. To define the same network peering connection for multiple projects, create custom resource definitions for each project.

Examples

The following examples illustrate configurations for AtlasNetworkPeering CRDs.

The basic example configuration defines a resource that you manage with the same Atlas Kubernetes Operator instance with which you manage its parent Atlas project.
The Independent CRD example configures the same VPC peering connection as the basic example, but for a Atlas project that you manage outside of the Atlas Kubernetes Operator instance with which you manage the VPC peering connection.

Basic Example

The following example shows an AtlasNetworkPeering custom resource that defines the green-leaf-peering connection between the my-project project VPC and your AWS VPC. To manage this resource in the same Atlas Kubernetes Operator instance as its parent Atlas project, you must identify the project with projectRef instead of externalProjectRef.

apiVersion: atlas.mongodb.com/v1
kind: AtlasNetworkPeering
metadata:
  name: green-leaf-peering
spec:
  projectRef:
    name: my-project
    namespace: my-operator-namespace
  containerRef:
    id: 72a6d2a69388ba121943ae27
  id: 72a6d2a69388ba121943ae27
  provider: AWS
  awsConfiguration:
    accepterRegionName: us-east-1
    awsAccountId: 389226183042
    routeTableCiderBlock: 10.0.0.0/21
    vpcId: vpc-abc

Independent CRD Example

The following example shows an AtlasNetworkPeering independent CRD that configures the same VPC peering connection defined by the Basic Example. To enable resource management independent of the parent project, you must use an externalProjectRef instead of a projectRef, and you must supply a connectionSecret directly since this resource can't inherit API credentials from its parent project.

apiVersion: atlas.mongodb.com/v1
kind: AtlasNetworkPeering
metadata:
  name: green-leaf-peering
spec:
  externalProjectRef:
    projectId: 66e2f2b621571b7e69a89b66
  connectionSecret:
    name: atlas-connection-secret
  containerRef:
    id: 72a6d2a69388ba121943ae27
  id: 72a6d2a69388ba121943ae27
  provider: AWS
  awsConfiguration:
    accepterRegionName: us-east-1
    awsAccountId: 389226183042
    routeTableCiderBlock: 10.0.0.0/21
    vpcId: vpc-abc

Parameters

AtlasNetworkPeering

AtlasNetworkPeering is the Schema for the AtlasNetworkPeering API

`Name`	Type	Description	Required
`apiVersion`	string	atlas.mongodb.com/v1	true
`kind`	string	`AtlasNetworkPeering`	true
`metadata`	object	Refer to the Kubernetes `API` documentation for the fields of the `metadata` field.	true
`spec`	object	`AtlasNetworkPeeringSpec` defines the target state of `AtlasNetworkPeering`. Validations: (has(self.``externalProjectRef``) && !has(self.``projectRef``)) \|\| (!has(self.``externalProjectRef``) && has(self.``projectRef``)): must define only one project reference through `externalProjectRef` or `projectRef` (has(self.``externalProjectRef``) && has(self.``connectionSecret``)) \|\| !has(self.``externalProjectRef``): must define a local connection secret when referencing an external project (has(self.``containerRef``.name) && !has(self.``containerRef``.id)) \|\| (!has(self.``containerRef``.name) && has(self.``containerRef``.id)): must either have a container Atlas id or Kubernetes name, but not both (or neither) (self.``containerRef``.name == `oldSelf`.``containerRef``.name) \|\| (!has(self.``containerRef``.name) && !has(`oldSelf`.``containerRef``.name)): container ref name is immutable (self.``containerRef``.id == `oldSelf`.``containerRef``.id) \|\| (!has(self.``containerRef``.id) && !has(`oldSelf`.``containerRef``.id)): container ref id is immutable (self.id == `oldSelf`.id) \|\| (!has(self.id) && !has(`oldSelf`.id)): id is immutable	false
`status`	object	`AtlasNetworkPeeringStatus` is a `status` for the `AtlasNetworkPeering` Custom resource. Not the one included in the `AtlasProject`	false

AtlasNetworkPeering.spec

AtlasNetworkPeeringSpec defines the target state of AtlasNetworkPeering.

`Name`	Type	Description	Required
`containerRef`	object	`ContainerDualReference` refers to a Network Container either by Kubernetes name or Atlas `ID`.	true
`provider`	enum	Name of the cloud service `provider` for which you want to create the network peering service. Enum: `AWS`, `GCP`, `AZURE`	true
`awsConfiguration`	object	AWSConfiguration is the specific `AWS` settings for network peering.	false
`azureConfiguration`	object	`AzureConfiguration` is the specific Azure settings for network peering.	false
`connectionSecret`	object	Name of the secret containing Atlas `API` private and public keys.	false
`externalProjectRef`	object	`externalProjectRef` holds the parent Atlas project `ID`. Mutually exclusive with the "`projectRef`" field.	false
`gcpConfiguration`	object	GCPConfiguration is the specific Google Cloud settings for network peering.	false
`id`	string	`ID` is the peering identifier for an already existent network peering to be managed by the operator. This field is immutable.	false
`projectRef`	object	`projectRef` is a reference to the parent `AtlasProject` resource. Mutually exclusive with the "`externalProjectRef`" field.	false

AtlasNetworkPeering.spec.containerRef

ContainerDualReference refers to a Network Container either by Kubernetes name or Atlas ID.

`Name`	Type	Description	Required
`id`	string	`ID` is the Atlas identifier of the Network Container Atlas resource this Peering Connection relies on. Use either name or `ID`, not both.	false
`name`	string	Name of the container Kubernetes resource, must be present in the same namespace. Use either `name` or `ID`, not both.	false

AtlasNetworkPeering.spec.awsConfiguration

AWSConfiguration is the specific AWS settings for network peering.

`Name`	Type	Description	Required
`accepterRegionName`	string	`AccepterRegionName` is the provider region name of user's vpc in `AWS` native region format.	true
`awsAccountId`	string	`AccountID` of the user's vpc.	true
`routeTableCidrBlock`	string	User `VPC` `CIDR`.	true
`vpcId`	string	`AWS` `VPC` `ID`.	true

AtlasNetworkPeering.spec.azureConfiguration

AzureConfiguration is the specific Azure settings for network peering.

`Name`	Type	Description	Required
`azureDirectoryId`	string	`AzureDirectoryID` is the unique identifier for an Azure `AD` directory.	true
`azureSubscriptionId`	string	`AzureSubscriptionID` is the unique identifier of the Azure subscription in which the VNet resides.	true
`resourceGroupName`	string	`ResourceGroupName` is the name of your Azure resource group.	true
`vNetName`	string	VNetName is name of your Azure VNet. Its applicable only for Azure.	true

AtlasNetworkPeering.spec.connectionSecret

Name of the secret containing Atlas API private and public keys.

`Name`	Type	Description	Required
`name`	string	Name of the resource being referred to More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names	true

AtlasNetworkPeering.spec.externalProjectRef

externalProjectRef holds the parent Atlas project ID. Mutually exclusive with the "projectRef" field.

`Name`	Type	Description	Required
`id`	string	`ID` is the Atlas project `ID`.	true

AtlasNetworkPeering.spec.gcpConfiguration

GCPConfiguration is the specific Google Cloud settings for network peering.

`Name`	Type	Description	Required
`gcpProjectId`	string	User `GCP` Project `ID`. Its applicable only for `GCP`.	true
`networkName`	string	`GCP` Network Peer Name. Its applicable only for `GCP`.	true

AtlasNetworkPeering.spec.projectRef

projectRef is a reference to the parent AtlasProject resource. Mutually exclusive with the "externalProjectRef" field.

`Name`	Type	Description	Required
`name`	string	Name of the Kubernetes Resource	true
`namespace`	string	Namespace of the Kubernetes Resource	false

AtlasNetworkPeering.status

AtlasNetworkPeeringStatus is a status for the AtlasNetworkPeering Custom resource. Not the one included in the AtlasProject

`Name`	Type	Description	Required
`conditions`	[]object	Conditions is the list of statuses showing the current state of the Atlas Custom Resource	true
`awsStatus`	object	AWSStatus contains `AWS` only related status information	false
`azureStatus`	object	`AzureStatus` contains Azure only related status information	false
`gcpStatus`	object	GCPStatus contains `GCP` only related status information	false
`id`	string	`ID` recrods the identified of the peer created by Atlas	false
`observedGeneration`	integer	`ObservedGeneration` indicates the generation of the resource specification of which the Atlas Operator is aware. The Atlas Operator updates this field to the value of 'metadata.generation' as soon as it starts reconciliation of the resource. Format: int64	false
`status`	string	Status describes the last `status` seen for the network peering setup	false

AtlasNetworkPeering.status.conditions

Condition describes the state of an Atlas Custom Resource at a certain point.

`Name`	Type	Description	Required
`status`	string	Status of the condition; one of True, False, Unknown.	true
`type`	string	Type of Atlas Custom Resource condition.	true
`lastTransitionTime`	string	Last time the condition transitioned from one status to another. Represented in `ISO` 8601 format. Format: date-time	false
`message`	string	A `message` providing details about the transition.	false
`reason`	string	The `reason` for the condition's last transition.	false

AtlasNetworkPeering.status.awsStatus

AWSStatus contains AWS only related status information

`Name`	Type	Description	Required
`connectionId`	string	`ConnectionID` is the `AWS` `VPC` peering connection `ID`	false
`vpcId`	string	`VpcID` is `AWS` `VPC` id on the Atlas side	false

AtlasNetworkPeering.status.azureStatus

AzureStatus contains Azure only related status information

`Name`	Type	Description	Required
`azureSubscriptionIDpcId`	string	`AzureSubscriptionID` is Azure Subscription id on the Atlas side	false
`vNetName`	string	`VnetName` is Azure network on the Atlas side	false

AtlasNetworkPeering.status.gcpStatus

GCPStatus contains GCP only related status information

`Name`	Type	Description	Required
`gcpProjectID`	string	GCPProjectID is `GCP` project on the Atlas side	false
`networkName`	string	`NetworkName` is `GCP` network on the Atlas side	false

Back

AtlasNetworkContainer

AtlasOrgSettings