Quick Start¶
On this page
- Prerequisites
- Procedure
- Register for an Atlas account or log in.
- Create API keys for your organization.
- Deploy Atlas Kubernetes Operator.
- Create a secret with your API keys and organization ID.
- Create the
AtlasProjectcustom resource. - Create the
AtlasClustercustom resource. - Create a secret with a password to log into the Atlas cluster database.
- Create the
AtlasDatabaseUsercustom resource. - Check the status of your database user.
- Retrieve the secret that Atlas Kubernetes Operator created to connect to the cluster.
You can use Atlas Kubernetes Operator to manage resources in Atlas without leaving Kubernetes. This tutorial demonstrates how to create your first cluster in Atlas from Kubernetes configuration files with Atlas Kubernetes Operator.
Prerequisites¶
This tutorial requires:
- A running Kubernetes cluster
You can access the Atlas Kubernetes Operator project on GitHub:
Procedure¶
Register for an Atlas account or log in.¶
Register a new Atlas Account or Login to Your Atlas Account.
Create API keys for your organization.¶
You need the following public API key, private API key, and the organization ID information to configure Atlas Kubernetes Operator access to Atlas.
Create One API Key in One Organization and configure the API Access List.
For Atlas Kubernetes Operator to create a new Atlas project, you must assign the Organization Project Creator organization permission.
Deploy Atlas Kubernetes Operator.¶
Run one of the following sets of commands:
If you want Atlas Kubernetes Operator to watch all the namespaces in the Kubernetes cluster, run the following command:
kubectl apply -f https://raw.githubusercontent.com/mongodb/mongodb-atlas-kubernetes/main/deploy/all-in-one.yaml If you want Atlas Kubernetes Operator to watch only its namespace, you must install the configuration files from the
deploy/namespaceddirectory:kubectl apply -f https://raw.githubusercontent.com/mongodb/mongodb-atlas-kubernetes/main/deploy/namespaced/crds.yaml kubectl apply -f https://raw.githubusercontent.com/mongodb/mongodb-atlas-kubernetes/main/deploy/namespaced/namespaced-config.yaml
Create a secret with your API keys and organization ID.¶
To create a secret, run the following command with your API keys and organization ID:
kubectl create secret generic mongodb-atlas-operator-api-key \ --from-literal="orgId=<atlas_organization_id>" \ --from-literal="publicApiKey=<atlas_api_public_key>" \ --from-literal="privateApiKey=<atlas_api_private_key>" \ -n mongodb-atlas-system
Create the AtlasProject custom resource.¶
Run the following command:
The following example does not specify
spec.connectionSecretRef.name. If unspecified, Atlas Kubernetes Operator
uses the default connection secret previously set with your
API keys and organization ID.
cat <<EOF | kubectl apply -f - apiVersion: atlas.mongodb.com/v1 kind: AtlasProject metadata: name: my-project spec: name: Test Atlas Operator Project projectIpAccessList: - ipAddress: "0.0.0.0/0" comment: "Allowing access to database from everywhere (only for Demo!)" EOF
The IP address in the example, 0.0.0.0/0, allows any client to
connect to the Atlas cluster. Do not use this IP address in
production.
Create the AtlasCluster custom resource.¶
Run the following command:
cat <<EOF | kubectl apply -f - apiVersion: atlas.mongodb.com/v1 kind: AtlasCluster metadata: name: my-atlas-cluster spec: name: "Test-cluster" projectRef: name: my-project providerSettings: instanceSizeName: M10 providerName: AWS regionName: US_EAST_1 EOF
Create a secret with a password to log into the Atlas cluster database.¶
Replace P@@ssword% with your password and run the following
command:
kubectl create secret generic the-user-password --from-literal="password=P@@sword%"
Create the AtlasDatabaseUser custom resource.¶
Run the following command:
spec.passwordSecretRef must reference the password that
you created previously.
cat <<EOF | kubectl apply -f - apiVersion: atlas.mongodb.com/v1 kind: AtlasDatabaseUser metadata: name: my-database-user spec: roles: - roleName: "readWriteAnyDatabase" databaseName: "admin" projectRef: name: my-project username: theuser passwordSecretRef: name: the-user-password EOF
Check the status of your database user.¶
Run the following command until you recieve a True response,
which indicates the database user is ready:
The AtlasDatabaseUser Custom Resource waits until the
cluster is ready. Creating a new cluster can take up to 10 minutes.
kubectl get atlasdatabaseusers my-database-user -o=jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
Retrieve the secret that Atlas Kubernetes Operator created to connect to the cluster.¶
Run the following command:
The following command requires jq 1.6 or higher.
kubectl get secret test-atlas-operator-project-test-cluster-theuser -o json | jq -r '.data | with_entries(.value |= @base64d)';
Your connection strings will differ from the following example.
{ "connectionStringStandard": "mongodb://theuser:P%40%40sword%25@test-cluster-shard-00-00.peqtm.mongodb.net:27017,test-cluster-shard-00-01.peqtm.mongodb.net:27017,test-cluster-shard-00-02.peqtm.mongodb.net:27017/?ssl=true&authSource=admin&replicaSet=atlas-pk82fl-shard-0", "connectionStringStandardSrv": "mongodb+srv://theuser:P%40%40sword%25@test-cluster.peqtm.mongodb.net", "password": "P@@sword%", "username": "theuser" }
You can use this secret in your application:
containers: - name: test-app env: - name: "CONNECTION_STRING" valueFrom: secretKeyRef: name: test-atlas-operator-project-test-cluster-theuser key: connectionStringStandardSrv