Docs Menu
Docs Home
/ /
MongoDB Atlas Kubernetes Operator
/

Independent Custom Resource Definitions

On this page

  • Considerations
  • Migration to Independent CRD

You can use Atlas Kubernetes Operator to manage resources in an Atlas project without using Atlas Kubernetes Operator to manage the project itself. In this independent custom resource definition ("independent CRD") model, you associate resources such as AtlasDeployment Custom Resource and AtlasDatabaseUser Custom Resource with an Atlas project directly by its Atlas ID.

Independent CRDs allow you to use different programmatic infrastructure management systems for your projects, while you use Atlas Kubernetes Operator to manage more frequently-altered resources such as database users or individual deployments.

By separating the management of the Atlas project from the management of subresources such as users and deployments, independent CRDs allow you to allocate these responsibilities to different personnel or different teams within your organization as suits your needs.

When you use Atlas Kubernetes Operator to manage a project, you can either configure Atlas Administration API authentication using the spec.connectionSecretRef.name parameter of the atlasProject resource, or leave this parameter unset to default to global Atlas credentials. When using independent CRDs, you can specify a spec.connectionSecret.name for each resource. This parameter, if set, takes precedence over spec.connectionSecretRef.name or global Atlas credentials.

Setting this parameter is required for any resource whose parent resource is referenced using an Atlas project ID, and optional otherwise.

Example

You define an atlasDeployment CRD that references its parent project by Atlas ID instead of an atlasProject spec.name parameter. You must define a spec.connectSecret.name for the atlasDeployment resource, as in the following:

apiVersion: atlas.mongodb.com/v1
kind: AtlasDeployment
metadata:
name: test-cluster-name
namespace: mongodb-atlas-system
spec:
externalProjectRef:
id: 671998971c8520583f24f411
connectionSecret:
name: my-atlas-key
deploymentSpec:
clusterType: REPLICASET
name: service-name
tags:
- key: "environment"
value: "production"
backupEnabled: true
replicationSpecs:
- zoneName: US-Zone
numShards: 3
regionConfigs:
- regionName: CENTRAL_US
providerName: GCP
backingProviderName: GCP
priority: 7
electableSpecs:
instanceSize: M10
nodeCount: 3

To migrate existing CRDs from atlasProject-level management to independent management:

1

Disable project reconciliation and edit subresource references

  1. Add the mongodb.com/atlas-reconciliation-policy: "skip" annotation to the parent resource's metadata. This prevents Atlas Kubernetes Operator from attempting to reconcile the parent resource and its subresources. Consider the following:

    apiVersion: atlas.mongodb.com/v1
    kind: AtlasProject
    metadata:
    name: my-project
    annotations:
    mongodb.com/atlas-reconciliation-policy: "skip"
    spec:
    name: Test project
    connectionSecretRef:
    name: my-atlas-key
    projectIpAccessList:
    - cidrBlock: "203.0.113.0/24"
    comment: "CIDR block for Application Server B - D"

    Warning

    If you do not apply this annotation, Atlas Kubernetes Operator will continue to attempt reconciliation as you modify your other resources. For users with New Default: Deletion Protection in Atlas Kubernetes Operator 2.0 disabled, this can result in Atlas Kubernetes Operator removing the Atlas project when you remove the atlasProject resource, or entering a blocked state attempting to remove a project with active subresources such as database users or deployments.

  2. Modify the project reference to point to an Atlas project ID instead of an atlasProject name.

    For example, to decouple an atlasDatabaseUser resource:

    apiVersion: atlas.mongodb.com/v1
    kind: AtlasDatabaseUser
    metadata:
    name: my-database-user
    spec:
    roles:
    - roleName: readWriteAnyDatabase
    databaseName: admin
    externalProjectRef:
    id: 671998971c8520583f24f411
    username: theuser
    passwordSecretRef:
    name: the-user-password
2
3

To stop managing your project with Atlas Kubernetes Operator, you can now remove the atlasProject CRD. To continue managing your project and attached subresources with Atlas Kubernetes Operator, skip to the next step.

4

If you want to continue managing your project with Atlas Kubernetes Operator, as in a scenario where you still have resources subordinate to your atlasProject, reactivate reconciliation by removing the reconciliation policy annotation from the atlasProject CRD.

Back

Atlas for Government