Independent Custom Resource Definitions
On this page
You can use Atlas Kubernetes Operator to manage resources in an Atlas project
without using Atlas Kubernetes Operator to manage the project itself. In this
independent custom resource definition ("independent CRD") model, you
associate resources such as AtlasDeployment
Custom Resource and
AtlasDatabaseUser
Custom Resource with an Atlas project
directly by its Atlas ID.
Independent CRDs allow you to use different programmatic infrastructure management systems for your projects, while you use Atlas Kubernetes Operator to manage more frequently-altered resources such as database users or individual deployments.
By separating the management of the Atlas project from the management of subresources such as users and deployments, independent CRDs allow you to allocate these responsibilities to different personnel or different teams within your organization as suits your needs.
Considerations
When you use Atlas Kubernetes Operator to manage a project, you can either configure
Atlas Administration API authentication using the
spec.connectionSecretRef.name
parameter of the atlasProject
resource, or leave this parameter unset to default to global Atlas
credentials. When using independent CRDs, you
can specify a spec.connectionSecret.name
for each resource. This
parameter, if set, takes precedence over
spec.connectionSecretRef.name
or global Atlas
credentials.
Setting this parameter is required for any resource whose parent resource is referenced using an Atlas project ID, and optional otherwise.
Example
You define an atlasDeployment
CRD that references its parent
project by Atlas ID instead of an atlasProject
spec.name
parameter. You must define a
spec.connectSecret.name
for the atlasDeployment
resource, as in the following:
apiVersion: atlas.mongodb.com/v1 kind: AtlasDeployment metadata: name: test-cluster-name namespace: mongodb-atlas-system spec: externalProjectRef: id: 671998971c8520583f24f411 connectionSecret: name: my-atlas-key deploymentSpec: clusterType: REPLICASET name: service-name tags: - key: "environment" value: "production" backupEnabled: true replicationSpecs: - zoneName: US-Zone numShards: 3 regionConfigs: - regionName: CENTRAL_US providerName: GCP backingProviderName: GCP priority: 7 electableSpecs: instanceSize: M10 nodeCount: 3
Migration to Independent CRD
To migrate existing CRDs from atlasProject
-level management to
independent management:
Disable project reconciliation and edit subresource references
Add the
mongodb.com/atlas-reconciliation-policy: "skip"
annotation to the parent resource'smetadata
. This prevents Atlas Kubernetes Operator from attempting to reconcile the parent resource and its subresources. Consider the following:apiVersion: atlas.mongodb.com/v1 kind: AtlasProject metadata: name: my-project annotations: mongodb.com/atlas-reconciliation-policy: "skip" spec: name: Test project connectionSecretRef: name: my-atlas-key projectIpAccessList: - cidrBlock: "203.0.113.0/24" comment: "CIDR block for Application Server B - D" Warning
If you do not apply this annotation, Atlas Kubernetes Operator will continue to attempt reconciliation as you modify your other resources. For users with New Default: Deletion Protection in Atlas Kubernetes Operator 2.0 disabled, this can result in Atlas Kubernetes Operator removing the Atlas project when you remove the
atlasProject
resource, or entering a blocked state attempting to remove a project with active subresources such as database users or deployments.Modify the project reference to point to an Atlas project ID instead of an
atlasProject
name.For example, to decouple an
atlasDatabaseUser
resource:apiVersion: atlas.mongodb.com/v1 kind: AtlasDatabaseUser metadata: name: my-database-user spec: roles: - roleName: readWriteAnyDatabase databaseName: admin externalProjectRef: id: 671998971c8520583f24f411 username: theuser passwordSecretRef: name: the-user-password
(Conditional) Remove the reconciliation policy annotation
If you want to continue managing your project with Atlas Kubernetes Operator, as in
a scenario where you still have resources subordinate to your
atlasProject
, reactivate reconciliation by removing the
reconciliation policy annotation from the atlasProject
CRD.