Docs Menu
Docs Home
/ /
MongoDB Atlas Kubernetes Operator
/

Manage Private Endpoints

On this page

  • Prerequisites
  • Procedure

Note

This feature is not available for any of the following deployments:

  • M0 clusters

  • M2/M5 clusters

  • Flex clusters

Atlas Kubernetes Operator supports private endpoints to connect to dedicated clusters, Serverless instances, and federated database instances.

When you use Atlas Kubernetes Operator to configure private links in Atlas, Atlas creates its own VPC or a Private Link service and places dedicated clusters or Serverless instances within a region behind a load balancer in the Atlas VPC or Atlas VNet. To learn more, see the Private Endpoint Overview.

To manage your private endpoints with Atlas Kubernetes Operator, you can specify and update one of the following parameters:

  • For dedicated clusters, specify the spec.privateEndpoints parameter for the AtlasProject Custom Resource.

  • For Serverless instances, specify the spec.serverlessSpec.privateEndpoints parameter for the AtlasDeployment Custom Resource.

  • For federated database instances, specify the spec.privateEndpoints parameter for the AtlasDataFederation Custom Resource.

Each time you change the spec field in any of the supported custom resources, Atlas Kubernetes Operator creates or updates the corresponding Atlas configuration.

Certain considerations and limitations apply to private endpoints. To learn more, see Configure Private Endpoints.

To enable connections with Atlas Kubernetes Operator to Atlas using private endpoints, you must:

  • Have a running Kubernetes cluster with Atlas Kubernetes Operator deployed.

  • Have running Kubernetes cluster with Atlas Kubernetes Operator deployed.

  • Have a running Kubernetes cluster with Atlas Kubernetes Operator deployed.

  • Have the Project Owner or Organization Owner role in Atlas.

  • Have a Google Cloud user account with an IAM user policy and a Compute Network Admin role that grants permissions to create, modify, and delete networking resources. To learn more about managing private endpoints and connections, see the Google Cloud documentation.

  • Install the gcloud CLI.

  • If you have not already done so, create your VPC and Compute instances in Google Cloud. To learn more, see the GCP documentation.

  • Ensure egress firewall rules permit traffic to the internal IP address of the Private Service Connect endpoint.

  • (Optional) If you enforce a security perimeter with VPC service controls (VPC-SC), you must create ingress and egress rules to establish the connection between the Private Service Connect endpoint and Atlas clusters. To learn more, see the GCP documentation.

  • Deploy Atlas Kubernetes Operator on a running Kubernetes cluster.

  • Have either the Project Owner or Organization Owner role in Atlas.

  • Have an AWS user account with an IAM user policy that grants permissions to create, modify, describe, and delete endpoints. For more information on controlling the use of interface endpoints, see the AWS Documentation.

  • (Recommended): Install the AWS CLI.

  • If you have not already done so, create your VPC and EC2 instances in AWS. See the AWS documentation for guidance.

To enable clients to connect to Atlas dedicated clusters or Serverless instances using private endpoints, see the following procedures:

Back

Network Peering