Manage Private Endpoints
On this page
Note
This feature is not available for any of the following deployments:
M0
clustersM2/M5
clustersFlex clusters
Atlas Kubernetes Operator supports private endpoints to connect to dedicated clusters, Serverless instances, and federated database instances.
When you use Atlas Kubernetes Operator to configure private links in Atlas, Atlas creates its own VPC or a Private Link service and places dedicated clusters or Serverless instances within a region behind a load balancer in the Atlas VPC or Atlas VNet. To learn more, see the Private Endpoint Overview.
To manage your private endpoints with Atlas Kubernetes Operator, you can specify and update one of the following parameters:
For dedicated clusters, specify the
spec.privateEndpoints
parameter for theAtlasProject
Custom Resource.For Serverless instances, specify the
spec.serverlessSpec.privateEndpoints
parameter for theAtlasDeployment
Custom Resource.For federated database instances, specify the spec.privateEndpoints parameter for the
AtlasDataFederation
Custom Resource.
Each time you change the spec
field in any of the supported custom
resources, Atlas Kubernetes Operator creates or updates the corresponding Atlas
configuration.
Certain considerations and limitations apply to private endpoints. To learn more, see Configure Private Endpoints.
Prerequisites
To enable connections with Atlas Kubernetes Operator to Atlas using private endpoints, you must:
Have a running Kubernetes cluster with Atlas Kubernetes Operator deployed.
Have either the
Project Owner
orOrganization Owner
role in Atlas.Have an AWS user account with an IAM user policy that grants permissions to create, modify, describe, and delete endpoints. For more information on controlling the use of interface endpoints, see the AWS Documentation.
(Recommended): Install the AWS CLI.
If you have not already done so, create your VPC and EC2 instances in AWS. See the AWS documentation for guidance.
Have running Kubernetes cluster with Atlas Kubernetes Operator deployed.
Have either the
Project Owner
orOrganization Owner
role in Atlas.Install the Azure CLI.
If you have not already done so, create your VNet and Compute instances in Azure. See the Azure documentation for guidance.
Have a running Kubernetes cluster with Atlas Kubernetes Operator deployed.
Have the
Project Owner
orOrganization Owner
role in Atlas.Have a Google Cloud user account with an IAM user policy and a Compute Network Admin role that grants permissions to create, modify, and delete networking resources. To learn more about managing private endpoints and connections, see the Google Cloud documentation.
Install the gcloud CLI.
If you have not already done so, create your VPC and Compute instances in Google Cloud. To learn more, see the GCP documentation.
Ensure egress firewall rules permit traffic to the internal IP address of the Private Service Connect endpoint.
(Optional) If you enforce a security perimeter with VPC service controls (VPC-SC), you must create ingress and egress rules to establish the connection between the Private Service Connect endpoint and Atlas clusters. To learn more, see the GCP documentation.
Have A running Kubernetes cluster with Atlas Kubernetes Operator deployed.
Have either the
Project Owner
orOrganization Owner
role in Atlas.Have an AWS user account with an IAM user policy that grants permissions to create, modify, describe, and delete endpoints. For more information on controlling the use of interface endpoints, see the AWS Documentation.
(Recommended): Install the AWS CLI.
If you have not already done so, create your VPC and EC2 instances in AWS. See the AWS documentation for guidance.
Have a running Kubernetes cluster with Atlas Kubernetes Operator deployed.
Have either the
Project Owner
orOrganization Owner
role in Atlas.Install the Azure CLI.
If you have not already done so, create your VNet and Compute instances in Azure. See the Azure documentation for guidance.
Deploy Atlas Kubernetes Operator on a running Kubernetes cluster.
Have either the
Project Owner
orOrganization Owner
role in Atlas.Have an AWS user account with an IAM user policy that grants permissions to create, modify, describe, and delete endpoints. For more information on controlling the use of interface endpoints, see the AWS Documentation.
(Recommended): Install the AWS CLI.
If you have not already done so, create your VPC and EC2 instances in AWS. See the AWS documentation for guidance.
Procedure
To enable clients to connect to Atlas dedicated clusters or Serverless instances using private endpoints, see the following procedures: