Docs Menu
Docs Home
/
MongoDB Atlas
/
MongoDB Atlas Kubernetes Operator
/
Get Started

Independent Custom Resource Definitions

On this page

  • Considerations
  • Migration to Independent CRD

You can use Atlas Kubernetes Operator to manage resources in an Atlas project without using Atlas Kubernetes Operator to manage the project itself. In this independent custom resource definition ("independent CRD") model, you associate resources such as AtlasDeployment Custom Resource and AtlasDatabaseUser Custom Resource with an Atlas project directly by its Atlas ID.

Independent CRDs allow you to use different programmatic infrastructure management systems for your projects, while you use Atlas Kubernetes Operator to manage more frequently-altered resources such as database users or individual deployments.

By separating the management of the Atlas project from the management of subresources such as users and deployments, independent CRDs allow you to allocate these responsibilities to different personnel or different teams within your organization as suits your needs.

Considerations

When you use Atlas Kubernetes Operator to manage a project, you can either configure Atlas Administration API authentication using the spec.connectionSecretRef.name parameter of the atlasProject resource, or leave this parameter unset to default to global Atlas credentials. When using independent CRDs, you can specify a spec.connectionSecret.name for each resource. This parameter, if set, takes precedence over spec.connectionSecretRef.name or global Atlas credentials.

Setting this parameter is required for any resource whose parent resource is referenced using an Atlas project ID, and optional otherwise.

Example

You define an atlasDeployment CRD that references its parent project by Atlas ID instead of an atlasProject spec.name parameter. You must define a spec.connectSecret.name for the atlasDeployment resource, as in the following:

apiVersion: atlas.mongodb.com/v1
kind: AtlasDeployment
metadata:
  name: test-cluster-name
  namespace: mongodb-atlas-system
spec:
  externalProjectRef:
    id: 671998971c8520583f24f411
  connectionSecret:
    name: my-atlas-key
  deploymentSpec:
    clusterType: REPLICASET
    name: service-name
    tags:
    - key: "environment"
      value: "production"
    backupEnabled: true
    replicationSpecs:
      - zoneName: US-Zone
        numShards: 3
        regionConfigs:
          - regionName: CENTRAL_US
            providerName: GCP
            backingProviderName: GCP
            priority: 7
            electableSpecs:
              instanceSize: M10
              nodeCount: 3

Migration to Independent CRD

To migrate existing CRDs from atlasProject-level management to independent management:

1

Disable project reconciliation and edit subresource references

  1. Add the mongodb.com/atlas-reconciliation-policy: "skip" annotation to the parent resource's metadata. This prevents Atlas Kubernetes Operator from attempting to reconcile the parent resource and its subresources. Consider the following:

    apiVersion: atlas.mongodb.com/v1
    kind: AtlasProject
    metadata:
     name: my-project
     annotations:
       mongodb.com/atlas-reconciliation-policy: "skip"
    spec:
     name: Test project
     connectionSecretRef:
       name: my-atlas-key
     projectIpAccessList:
       - cidrBlock: "203.0.113.0/24"
         comment: "CIDR block for Application Server B - D"

    Warning

    If you do not apply this annotation, Atlas Kubernetes Operator will continue to attempt reconciliation as you modify your other resources. For users with New Default: Deletion Protection in Atlas Kubernetes Operator 2.0 disabled, this can result in Atlas Kubernetes Operator removing the Atlas project when you remove the atlasProject resource, or entering a blocked state attempting to remove a project with active subresources such as database users or deployments.

  2. Modify the project reference to point to an Atlas project ID instead of an atlasProject name.

    For example, to decouple an atlasDatabaseUser resource:

    apiVersion: atlas.mongodb.com/v1
    kind: AtlasDatabaseUser
    metadata:
     name: my-database-user
    spec:
     roles:
       - roleName: readWriteAnyDatabase
         databaseName: admin
     externalProjectRef:
       id: 671998971c8520583f24f411
     username: theuser
     passwordSecretRef:
       name: the-user-password
2

Wait for Atlas Kubernetes Operator to sync the new resource status.

3

(Conditional) Remove the atlasProject CRD.

To stop managing your project with Atlas Kubernetes Operator, you can now remove the atlasProject CRD. To continue managing your project and attached subresources with Atlas Kubernetes Operator, skip to the next step.

4

(Conditional) Remove the reconciliation policy annotation

If you want to continue managing your project with Atlas Kubernetes Operator, as in a scenario where you still have resources subordinate to your atlasProject, reactivate reconciliation by removing the reconciliation policy annotation from the atlasProject CRD.

Back

Atlas for Government

Next

Compatibility