`AtlasProject` Custom Resource

On this page

Example

Parameters

The AtlasProject custom resource configures the project in Atlas. When you create the AtlasProject custom resource, Atlas Kubernetes Operator tries to create a new project in Atlas.

Atlas Kubernetes Operator does one of the following actions:

Creates a new project in the organization that the connection secret configures.
Reuses an existing project. In this case, Atlas Kubernetes Operator verifies whether a project with spec.name exists. If the project exists, Atlas Kubernetes Operator skips creation. After the reconciliation, Atlas Kubernetes Operator updates the status.id field with the id of the project.

The AtasProject custom resouce has an optional spec.connectionSecretRef.name parameter. This parameter overrides the default global connection secret. To connect to the Atlas Administration API, Atlas Kubernetes Operator reads the organization ID and API keys from Atlas Kubernetes Operator secrets.

You can also edit the AtlasProject custom resource specification to configure the following options:

An IP access list with the spec.projectIpAccessList parameter. This IP access list grants network access to Atlas clusters in the project.
Private endpoints with the spec.privateEndpoints parameter.
X.509 authentication with the spec.X509CertRef.name parameter.

If you remove the AtlasProject resource from your Kubernetes cluster, Atlas Kubernetes Operator removes the project from Atlas. You must remove all the clusters in the project beforehand. Otherwise, Atlas rejects the delete request.

Example

The following example shows an AtlasProject custom resource specification:

apiVersion: atlas.mongodb.com/v1
kind: AtlasProject
metadata:
 name: my-project
spec:
 name: Test project
 connectionSecretRef:
   name: my-atlas-key
 projectIpAccessList:
   - ipAddress: "192.0.2.15"
     comment: "IP address for Application Server A"
   - cidrBlock: "203.0.113.0/24"
     comment: "CIDR block for Application Server B - D"
status:
  conditions:
  - lastTransitionTime: "2021-03-18T16:32:19Z"
    status: "True"
    type: Ready
  - lastTransitionTime: "2021-03-18T16:32:19Z"
    status: "True"
    type: ProjectReady
  - lastTransitionTime: "2021-03-18T16:32:19Z"
    status: "True"
    type: IPAccessListReady
  id: 604a47de73cdsfh1977239021
  observedGeneration: 1

Parameters

This section describes the AtlasProject custom resource parameters:

spec.name

Type: string

Required

Name of the project created or updated in Atlas. The name length must not exceed 64 characters. The name can contain only letters, numbers, spaces, dashes, and underscores.

spec.connectionSecretRef.name

Type: string

Optional

Name of the secret with the organization ID and API keys that Atlas Kubernetes Operator uses to connect to Atlas. If unspecified, Atlas Kubernetes Operator uses the default global secret.

spec.projectIpAccessList

Type: array

Required

IP access list that grants network access to Atlas clusters in the project. You can specify the following body parameters:

Parameter	Type	Necessity	Description
awsSecurityGroup	string	Conditional	Unique identifier of the AWS security group to add to the access list. Your access list entry can include only one awsSecurityGroup, one cidrBlock, or one ipAddress. Note You must configure VPC peering for your project before you can add an AWS security group to an access list.
cidrBlock	string	Conditional	Range of IP addresses in CIDR notation to be added to the access list. Your access list entry can include only one awsSecurityGroup, one cidrBlock, or one ipAddress.
comment	string	Optional	Comment associated with the access list entry.
deleteAfterDate	date	Optional	Timestamp in ISO 8601 date and time format in UTC after which Atlas removes the entry from the access list. The specified date must be in the future and within one week of the time you make the API request. Important You cannot set AWS security groups as temporary access list entries. Note You may include an ISO 8601 time zone designator to ensure that the expiration date occurs with respect to the local time in the specified time zone.
ipAddress	string	Conditional	Single IP address to be added to the access list. Mutually exclusive with awsSecurityGroup and cidrBlock. Your access list entry can include only one awsSecurityGroup, one cidrBlock, or one ipAddress.

spec.privateEndpoints

Type: array

Optional

List that contains the private endpoint configurations for the project.

spec.X509CertRef.name

Type: string

Optional

Human-readable label that identifies the secret for the X.509 certificate.

← Custom Resources AtlasCluster Custom Resource →