AtlasNetworkPeering Custom Resource
The AtlasNetworkPeering custom resource defines a network
peering connection for a Atlas
project. Network peering connections isolate traffic from public
networks for added security.
Important
Custom Resources No Longer Delete Objects by Default
Atlas Kubernetes Operator uses custom resource configuration files to manage your Atlas configuration, but as of Atlas Kubernetes Operator 2.0, custom resources you delete in Kubernetes are no longer (by default) deleted in Atlas. Instead, Atlas Kubernetes Operator simply stops managing those resources in Atlas. For example, if you delete an
AtlasProjectCustom Resource in Kubernetes, by default the Atlas Kubernetes Operator no longer automatically deletes the corresponding project from Atlas. This change in behavior is intended to help prevent accidental or unexpected deletions. To learn more, including how to revert this behavior to the default used prior to Atlas Kubernetes Operator 2.0, see New Default: Deletion Protection in Atlas Kubernetes Operator 2.0.Similarly, Atlas Kubernetes Operator does not delete teams from Atlas if you remove them from an Atlas project in Kubernetes with the Atlas Kubernetes Operator.
Explicitly define your desired configuration details in order to avoid implicitly using default Atlas configuration values. In some cases, inheriting Atlas defaults may result in a reconciliation loop which can prevent your custom resource from achieving a
READYstate. For example, explicitly defining your desired autoscaling behavior in yourAtlasDeploymentcustom resource, as shown in the included example, ensures that a static instance size in your custom resource is not being repeatedly applied to an Atlas deployment which has autoscaling enabled.autoScaling: diskGB: enabled: true compute: enabled: true scaleDownEnabled: true minInstanceSize: M30 maxInstanceSize: M40
Atlas Kubernetes Operator does one of the following actions using the Atlas Network Peering API Resource:
Creates a new network peering connection.
Updates an existing network peering connection.
Note
A network peering connection can belong only to one project. To define the same network peering connection for multiple projects, create custom resource definitions for each project.
Examples
The following examples illustrate configurations for
AtlasNetworkPeering CRDs.
The basic example configuration defines a resource that you manage with the same Atlas Kubernetes Operator instance with which you manage its parent Atlas project.
The Independent CRD example configures the same VPC peering connection as the basic example, but for a Atlas project that you manage outside of the Atlas Kubernetes Operator instance with which you manage the VPC peering connection.
Basic Example
The following example shows an AtlasNetworkPeering custom resource
that defines the green-leaf-peering connection between the
my-project project VPC and your AWS VPC. To manage this
resource in the same Atlas Kubernetes Operator instance as its parent Atlas
project, you must identify the project with projectRef instead of
externalProjectRef.
apiVersion: atlas.mongodb.com/v1 kind: AtlasNetworkPeering metadata: name: green-leaf-peering spec: projectRef: name: my-project namespace: my-operator-namespace containerRef: id: 72a6d2a69388ba121943ae27 id: 72a6d2a69388ba121943ae27 provider: AWS awsConfiguration: accepterRegionName: us-east-1 awsAccountId: 389226183042 routeTableCiderBlock: 10.0.0.0/21 vpcId: vpc-abc
Independent CRD Example
The following example shows an AtlasNetworkPeering
independent CRD that configures the
same VPC peering connection defined by the Basic Example. To enable resource management
independent of the parent project, you must use an
externalProjectRef instead of a projectRef, and you must
supply a connectionSecret directly since this resource can't
inherit API credentials from its parent project.
apiVersion: atlas.mongodb.com/v1 kind: AtlasNetworkPeering metadata: name: green-leaf-peering spec: externalProjectRef: projectId: 66e2f2b621571b7e69a89b66 connectionSecret: name: atlas-connection-secret containerRef: id: 72a6d2a69388ba121943ae27 id: 72a6d2a69388ba121943ae27 provider: AWS awsConfiguration: accepterRegionName: us-east-1 awsAccountId: 389226183042 routeTableCiderBlock: 10.0.0.0/21 vpcId: vpc-abc
Parameters
This section describes the AtlasNetworkPeering parameters
available in this custom resource definition.
metadata.nameType: string
Required
Name that the
AtlasNetworkPeeringCustom Resource uses to add this network peering connection to a project.
metadata.namespaceType: string
Optional
Namespace other than
defaultthat you want to contain theAtlasNetworkPeeringcustom resource.
spec.connectionSecret.nameType: string
Conditional
Name of the opaque secret that contains the organization ID and API keys that Atlas Kubernetes Operator uses to connect to Atlas. If unspecified, Atlas Kubernetes Operator defaults to one of the following options:
The
spec.connectionSecretRef.nameparameter of the parentatlasProjectThe default
globalsecret, if you haven't defined thespec.connectionSecretRef.namefor the parentatlasProject
This parameter is required for independent CRDs.
Atlas Kubernetes Operator watches secrets only with the label
atlas.mongodb.com/type=credentialsto avoid watching unnecessary secrets.The following example labels a secret:
kubectl label secret the-user-password atlas.mongodb.com/type=credentials
spec.containerRef.idType: string
Conditional
If this resource represents a new network peering connection, omit this parameter.
ID of the existing network peering container. Provide this field only if you want this resource to manage an existing network peering connection within Atlas Kubernetes Operator. If you prefer that this resource starts managing a Kubernetes local resource, use the
spec.containerRef.nameparameter.
spec.containerRef.nameType: string
Conditional
Name of an existing network peering container which you manage with a Kubernetes local resource in your project namespace. Provide this field only if you want this resource to manage a Kubernetes local resource. If you prefer that this resource starts managing a network peering connection already managed by Atlas Kubernetes Operator, use the
spec.containerRef.idparameter. If this resource represents a new network peering connection, omit this field.
spec.externalProjectRef.idType: string
Conditional
ID of the project to which the network peering connection belongs. You must specify the project ID of an existing Atlas Project. You must specify this parameter for network peering connections that belong to projects managed by either:
A different instance of Atlas Kubernetes Operator
Tooling other than Atlas Kubernetes Operator
For deployments that belong to projects managed by the same instance of Atlas Kubernetes Operator, use
spec.projectRef.name. These parameters are mutually exclusive with each other.A network peering connection can belong to only one project. To define the same network peering connection for multiple projects, create custom resource definitions for each project.
spec.projectRef.nameType: string
Conditional
Name of the project to which the network peering connection belongs. You must specify an existing
AtlasProjectCustom Resource. This parameter applies only to network peering connections that belong to projects managed by the same instance Atlas Kubernetes Operator.For deployments that belong to projects managed by either:
a different instance of Atlas Kubernetes Operator
tooling other than Atlas Kubernetes Operator
use
spec.externalProjectRef.id. These parameters are mutually exclusive with each other.A network peering connection can belong only to one project. To define the same network peering connection for multiple projects, create custom resource definitions for each project.
spec.projectRef.namespaceType: string
Conditional
Namespace in which the
AtlasProjectCustom Resource specified inspec.projectRef.nameexists.Do not set this parameter for deployments that belong to projects managed by either:
a different instance of Atlas Kubernetes Operator
tooling other than Atlas Kubernetes Operator
spec.idType: string
Conditional
Unique identifier of the existing network peering connection within Atlas. This parameter is required for and limited to scenarios in which Atlas Kubernetes Operator assumes management of a pre-existing network peering connection.
spec.providerType: string
Required
Cloud provider with which to establish a VPC peering connection. Must be one of the following:
AWSAzureGCP
spec.awsConfiguration.accepterRegionNameType: string
Conditional
AWS region to which to establish a VPC peering connection. Required for and limited to AWS connections.
spec.awsConfiguration.awsAccountIdType: string
Conditional
Unique identifier of the AWS account to which the connection belongs. Required for and limited to AWS connections.
spec.awsConfiguration.routeTableCidrBlockType: string
Conditional
CIDR block of your AWS VPC. Required for and limited to AWS connections.
spec.awsConfiguration.vpcIdType: string
Conditional
Unique identifier of your AWS VPC. Required for and limited to AWS connections.
spec.azureConfiguration.azureDirectoryIdType: string
Conditional
Unique identifier of your Azure directory. Required for and limited to Azure connections.
spec.azureConfiguration.azureSubscriptionIdType: string
Conditional
Unique identifier of your Azure subscription. Required for and limited to Azure connections.
spec.azureConfiguration.resourceGroupNameType: string
Conditional
Name of the Azure Resource Group to which the connection belongs. Required for and limited to Azure connections.
spec.azureConfiguration.vNetNameType: string
Conditional
Name of your Azure Virtual Network. Required for and limited to Azure connections.