Navigation

AtlasProject Custom Resource

On this page

  • Example
  • Parameters

The AtlasProject custom resource configures the project in Atlas. When you create the AtlasProject custom resource, Atlas Kubernetes Operator tries to create a new project in Atlas.

Atlas Kubernetes Operator does one of the following actions:

  • Creates a new project in the organization that the connection secret configures.
  • Reuses an existing project. In this case, Atlas Kubernetes Operator verifies whether a project with spec.name exists. If the project exists, Atlas Kubernetes Operator skips creation. After the reconciliation, Atlas Kubernetes Operator updates the status.id field with the id of the project.

The AtasProject custom resouce has an optional spec.connectionSecretRef.name parameter. This parameter overrides the default global connection secret. To connect to the Atlas API, Atlas Kubernetes Operator reads the organization ID and API keys from Atlas Kubernetes Operator secrets.

You can also edit the AtlasProject custom resource specification to configure an IP access list with the spec.projectIpAccessList parameter. This IP access list grants network access to Atlas clusters in the project.

If you remove the AtlasProject resource from your Kubernetes cluster, Atlas Kubernetes Operator removes the project from Atlas. You must remove all the clusters in the project beforehand. Otherwise, Atlas rejects the delete request.

The following example shows an AtlasProject custom resource specification:

apiVersion: atlas.mongodb.com/v1
kind: AtlasProject
metadata:
name: my-project
spec:
name: Test project
connectionSecretRef:
name: my-atlas-key
projectIpAccessList:
- ipAddress: "192.0.2.15"
comment: "IP address for Application Server A"
- cidrBlock: "203.0.113.0/24"
comment: "CIDR block for Application Server B - D"
status:
conditions:
- lastTransitionTime: "2021-03-18T16:32:19Z"
status: "True"
type: Ready
- lastTransitionTime: "2021-03-18T16:32:19Z"
status: "True"
type: ProjectReady
- lastTransitionTime: "2021-03-18T16:32:19Z"
status: "True"
type: IPAccessListReady
id: 604a47de73cdsfh1977239021
observedGeneration: 1

This section describes the AtlasProject custom resource parameters:

spec.name

Type: string

Required

Name of the project created or updated in Atlas. The name length must not exceed 64 characters. The name can contain only letters, numbers, spaces, dashes, and underscores.

spec.connectionSecretRef.name

Type: string

Optional

Name of the secret with the organization ID and API keys that Atlas Kubernetes Operator uses to connect to Atlas. If unspecified, Atlas Kubernetes Operator uses the default global secret.

spec.projectIpAccessList

Type: array

Required

IP access list that grants network access to Atlas clusters in the project. You can specify the following body parameters:

Parameter
Type
Necessity
Description
awsSecurityGroup
string
Conditional

Unique identifier of the AWS security group to add to the access list.

Your access list entry can include only one awsSecurityGroup, one cidrBlock, or one ipAddress.

Note

You must configure VPC peering for your project before you can add an AWS security group to an access list.

cidrBlock
string
Conditional

Range of IP addresses in CIDR notation to be added to the access list.

Your access list entry can include only one awsSecurityGroup, one cidrBlock, or one ipAddress.

comment
string
Optional
Comment associated with the access list entry.
deleteAfterDate
date
Optional

Timestamp in ISO 8601 date and time format in UTC after which Atlas removes the entry from the access list. The specified date must be in the future and within one week of the time you make the API request.

Important

You cannot set AWS security groups as temporary access list entries.

Note

You may include an ISO 8601 time zone designator to ensure that the expiration date occurs with respect to the local time in the specified time zone.

ipAddress
string
Conditional

Single IP address to be added to the access list. Mutually exclusive with awsSecurityGroup and cidrBlock.

Your access list entry can include only one awsSecurityGroup, one cidrBlock, or one ipAddress.

Give Feedback

On this page

  • Example
  • Parameters