AtlasProject Custom Resource¶
On this page
The AtlasProject custom resource configures the project in
Atlas. When you create the AtlasProject custom resource,
Atlas Kubernetes Operator tries to create a new project in Atlas.
Atlas Kubernetes Operator does one of the following actions:
- Creates a new project in the organization that the connection secret configures.
- Reuses an existing project. In this case, Atlas Kubernetes Operator verifies
whether a project with
spec.nameexists. If the project exists, Atlas Kubernetes Operator skips creation. After the reconciliation, Atlas Kubernetes Operator updates thestatus.idfield with the id of the project.
The AtasProject custom resouce has an optional
spec.connectionSecretRef.name parameter. This parameter
overrides the default global connection secret. To
connect to the Atlas Administration API,
Atlas Kubernetes Operator reads the organization ID and API keys from Atlas Kubernetes Operator secrets.
You can also edit the AtlasProject custom resource specification to
configure an IP access list with the
spec.projectIpAccessList parameter. This IP access list
grants network access to Atlas clusters in the project.
If you remove the AtlasProject resource from your Kubernetes cluster,
Atlas Kubernetes Operator removes the project from Atlas. You must remove all the
clusters in the project beforehand. Otherwise, Atlas rejects the
delete request.
Example¶
The following example shows an AtlasProject custom resource
specification:
apiVersion: atlas.mongodb.com/v1 kind: AtlasProject metadata: name: my-project spec: name: Test project connectionSecretRef: name: my-atlas-key projectIpAccessList: - ipAddress: "192.0.2.15" comment: "IP address for Application Server A" - cidrBlock: "203.0.113.0/24" comment: "CIDR block for Application Server B - D" status: conditions: - lastTransitionTime: "2021-03-18T16:32:19Z" status: "True" type: Ready - lastTransitionTime: "2021-03-18T16:32:19Z" status: "True" type: ProjectReady - lastTransitionTime: "2021-03-18T16:32:19Z" status: "True" type: IPAccessListReady id: 604a47de73cdsfh1977239021 observedGeneration: 1
Parameters¶
This section describes the AtlasProject custom resource parameters:
spec.name¶Type: string
Required
Name of the project created or updated in Atlas. The name length must not exceed 64 characters. The name can contain only letters, numbers, spaces, dashes, and underscores.
spec.connectionSecretRef.name¶Type: string
Optional
Name of the secret with the organization ID and API keys that Atlas Kubernetes Operator uses to connect to Atlas. If unspecified, Atlas Kubernetes Operator uses the default
globalsecret.
spec.projectIpAccessList¶Type: array
Required
IP access list that grants network access to Atlas clusters in the project. You can specify the following body parameters:
ParameterTypeNecessityDescriptionawsSecurityGroupstringConditionalUnique identifier of the AWS security group to add to the access list.
Your access list entry can include only one awsSecurityGroup, one cidrBlock, or one ipAddress.
NoteYou must configure VPC peering for your project before you can add an AWS security group to an access list.
cidrBlockstringConditionalRange of IP addresses in CIDR notation to be added to the access list.
Your access list entry can include only one awsSecurityGroup, one cidrBlock, or one ipAddress.
commentstringOptionalComment associated with the access list entry.deleteAfterDatedateOptionalTimestamp in ISO 8601 date and time format in UTC after which Atlas removes the entry from the access list. The specified date must be in the future and within one week of the time you make the API request.
ImportantYou cannot set AWS security groups as temporary access list entries.
NoteYou may include an ISO 8601 time zone designator to ensure that the expiration date occurs with respect to the local time in the specified time zone.
ipAddressstringConditionalSingle IP address to be added to the access list. Mutually exclusive with awsSecurityGroup and cidrBlock.
Your access list entry can include only one awsSecurityGroup, one cidrBlock, or one ipAddress.