AtlasPrivateEndpoint Custom Resource
The AtlasPrivateEndpoint custom resource configures a
private endpoint for a Atlas
project. This allows you to connect your cloud provider to Atlas
without sending information through a public network. Private
endpoints are unidirectional connections to Atlas from your
virtual network.
Important
Custom Resources No Longer Delete Objects by Default
Atlas Kubernetes Operator uses custom resource configuration files to manage your Atlas configuration, but as of Atlas Kubernetes Operator 2.0, custom resources you delete in Kubernetes are no longer (by default) deleted in Atlas. Instead, Atlas Kubernetes Operator simply stops managing those resources in Atlas. For example, if you delete an
AtlasProjectCustom Resource in Kubernetes, by default the Atlas Kubernetes Operator no longer automatically deletes the corresponding project from Atlas. This change in behavior is intended to help prevent accidental or unexpected deletions. To learn more, including how to revert this behavior to the default used prior to Atlas Kubernetes Operator 2.0, see New Default: Deletion Protection in Atlas Kubernetes Operator 2.0.Similarly, Atlas Kubernetes Operator does not delete teams from Atlas if you remove them from an Atlas project in Kubernetes with the Atlas Kubernetes Operator.
Explicitly define your desired configuration details in order to avoid implicitly using default Atlas configuration values. In some cases, inheriting Atlas defaults may result in a reconciliation loop which can prevent your custom resource from achieving a
READYstate. For example, explicitly defining your desired autoscaling behavior in yourAtlasDeploymentcustom resource, as shown in the included example, ensures that a static instance size in your custom resource is not being repeatedly applied to an Atlas deployment which has autoscaling enabled.autoScaling: diskGB: enabled: true compute: enabled: true scaleDownEnabled: true minInstanceSize: M30 maxInstanceSize: M40
Atlas Kubernetes Operator does one of the following actions using the Atlas Private Endpoint Service API Resource:
Creates a new private endpoint service.
Updates an existing private endpoint service.
To learn more about implememting private endpoints in Atlas Kubernetes Operator, see Manage Private Endpoints.
Examples
Basic Example
The following example shows an AtlasPrivateEndpoint custom resoure
that defines an AWS private endpoint within the my-project project.
apiVersion: atlas.mongodb.com/v1 kind: AtlasPrivateEndpoint metadata: name: my-atlas-pe1 spec: projectRef: name: my-project namespace: my-operator-namespace provider: AWS region: us-east-1 awsConfiguration: - id: vpcpe-xyz
Independent CRD Example
The following example shows an AtlasPrivateEndpoint
independent CRD that defines the same
private endpoint defined in the Basic Example. This custom resource definition
allows you to create this private endpoint in a project you don't
manage in the same instance of Atlas Kubernetes Operator with which you define this
resource. To enable independent operation, you must use an
externalProjectRef instead of a projectRef, and you must
supply a connectionSecret directly since this resource can't
inherit API credentials from its parent project.
apiVersion: atlas.mongodb.com/v1 kind: AtlasPrivateEndpoint metadata: name: my-atlas-pe1 spec: atlasRef: projectID: 66e2f2b621571b7e69a89b66 credentials: name: atlas-connection-secret provider: AWS region: us-east-1 awsConfiguration: - id: vpcpe-xyz
Parameters
This section describes the AtlasPrivateEndpoint custom resource parameters available.
metadata.nameType: string
Required
Name that the
AtlasProjectCustom Resource uses to add this private endpoint to a project.
metadata.namespaceType: string
Optional
Namespace other than
defaultthat you want to contain theatlasPrivateEndpointcustom resource. If you define a custom namespace, you must add it to theAtlasProjectCustom Resource in thespec.privateEndpoint.privateEndpointRef.namespacefield.
spec.awsConfiguration.idType: string
Conditional
ID of the private endpoint network interface. This parameter is mandatory for and limited to AWS private endpoints.
spec.azureConfiguration.idType: string
Conditional
ID of the private endpoint network interface. This parameter is mandatory for and limited to Azure private endpoints.
spec.azureConfiguration.ipAddressType: string
Conditional
IP address of the private endpoint in your Azure VNet. This parameter is mandatory for and limited to Azure private endpoints.
spec.connectionSecret.nameType: string
Conditional
Name of the opaque secret that contains the organization ID and API keys that Atlas Kubernetes Operator uses to connect to Atlas. If unspecified, Atlas Kubernetes Operator falls back to either:
The
spec.connectionSecretRef.nameparameter of the parentatlasProjectThe default
globalsecret, ifspec.connectionSecretRef.nameis undefined for the parentatlasProject
This parameter is mandatory for independent CRDs.
Atlas Kubernetes Operator watches secrets only with the label
atlas.mongodb.com/type=credentialsto avoid watching unnecessary secrets.The following example labels a secret:
kubectl label secret the-user-password atlas.mongodb.com/type=credentials
spec.externalProjectRef.idType: string
Conditional
ID of the project to which the private endpoint belongs. You must specify the project ID of an existing Atlas Project. This parameter is required for private endpoints that belong to projects managed by either:
A different instance of Atlas Kubernetes Operator
Tooling other than Atlas Kubernetes Operator
For deployments who belong to projects managed by the same instance of Atlas Kubernetes Operator, use
spec.projectRef.nameif you do not usespec.externalProjectRef.id.A private endpoint can only belong to one project. To define the same private endpoint for multiple projects, create custom resource definitions for each project.
spec.gcpConfiguration.endpointsType: array
Conditional
List of individual private endpoints that comprise this endpoint group. This parameter is mandatory for and limited to Google Cloud private endpoints.
spec.gcpConfiguration.endpoints.[n].ipAddressType: string
Conditional
IP address to which the given Google Cloud private endpoint resolves. This parameter is mandatory for and limited to Google Cloud private endpoints.
spec.gcpConfiguration.endpoints.[n].nameType: string
Conditional
Name uniquely identifying the given Google Cloud private endpoint. This parameter is mandatory for and limited to Google Cloud private endpoints.
spec.gcpConfiguration.groupNameType: string
Conditional
Name that uniquely identifies a set of Google Cloud private endpoints. This parameter is mandatory for and limited to Google Cloud private endpoints.
spec.gcpConfiguration.projectIdType: string
Conditional
Unique identifier for the Google Cloud project to which your private endpoints belong.
spec.projectRef.nameType: string
Conditional
Name of the project to which the private endpoint belongs. You must specify an existing
AtlasProjectCustom Resource. This parameter applies only to private endpoints that belong to projects managed by the same instance Atlas Kubernetes Operator.For deployments that belong to projects managed by either:
a different instance of Atlas Kubernetes Operator
tooling other than Atlas Kubernetes Operator
use
spec.externalProjectRef.id.A private endpoint can only belong to one project. To define the same private endpoint for multiple projects, create custom resource definitions for each project.
spec.projectRef.namespaceType: string
Conditional
Namespace in which the
AtlasProjectCustom Resource specified inspec.projectRef.nameexists.For deployments that belong to projects managed by either:
a different instance of Atlas Kubernetes Operator
tooling other than Atlas Kubernetes Operator
do not set this parameter.