/ /

Custom Resources

Docs Home

Management

Atlas Kubernetes Operator

Custom Resources

Docs Home

Management

Atlas Kubernetes Operator

Custom Resources

`AtlasIPAccessList` Custom Resource

Important

Legacy subresources are deprecated as of the release of their corresponding CRDs. If your configuration currently relies on the subresource form of this resource definition, migrate to a CRD.

The AtlasIPAccessList custom resource configures an IP access list for an Atlas project. An IP access list allows you to secure your project using a minimum-access policy.

Important

Custom Resources No Longer Delete Objects by Default

Atlas Kubernetes Operator uses custom resource configuration files to manage your Atlas configuration, but as of Atlas Kubernetes Operator 2.0, custom resources you delete in Kubernetes are no longer (by default) deleted in Atlas. Instead, Atlas Kubernetes Operator simply stops managing those resources in Atlas. For example, if you delete an AtlasProject Custom Resource in Kubernetes, by default the Atlas Kubernetes Operator no longer automatically deletes the corresponding project from Atlas. This change in behavior is intended to help prevent accidental or unexpected deletions. To learn more, including how to revert this behavior to the default used prior to Atlas Kubernetes Operator 2.0, see New Default: Deletion Protection in Atlas Kubernetes Operator 2.0.
Similarly, Atlas Kubernetes Operator does not delete teams from Atlas if you remove them from an Atlas project in Kubernetes with the Atlas Kubernetes Operator.

Explicitly define your desired configuration details in order to avoid implicitly using default Atlas configuration values. In some cases, inheriting Atlas defaults may result in a reconciliation loop which can prevent your custom resource from achieving a READY state. For example, explicitly defining your desired autoscaling behavior in your AtlasDeployment custom resource, as shown in the included example, ensures that a static instance size in your custom resource is not being repeatedly applied to an Atlas deployment which has autoscaling enabled.

autoScaling:
  diskGB:
    enabled: true
  compute:
    enabled: true
    scaleDownEnabled: true
    minInstanceSize: M30
    maxInstanceSize: M40

Atlas Kubernetes Operator does one of the following actions using the Atlas Project IP Access List API Resource:

Creates a new IP access list.
Replace an existing IP access list.

Examples

Basic Example

The following example shows an AtlasIPAccessList custom resource that permits access to the my-project project from the following sources:

CIDR block 192.168.1.0/24
IP address 10.0.0.1
AWS security group

Access from 10.0.0.1 expires after the 31st of March, 2025.

apiVersion: atlas.mongodb.com/v1
kind: AtlasIPAccessList
metadata:
  name: atlasipaccesslist-sample
spec:
  projectRef:
    name: my-project
    namespace: my-operator-namespace
  entries:
    - cidrBlock: 192.168.1.0/24
    - ipAddress: 10.0.0.1
      deleteAfterDate: 2025-03-31T23:59:59+02:00
    - awsSecurityGroup: sg-1234
      comment: "AWS Access to my network peering"

Independent CRD Example

The following example shows an AtlasIPAccessList independent CRD that permits access from the same CIDR block and IP address permitted by the Basic Example. This custom resource definition allows you to create an IP access list in a project you manage outside the instance of Atlas Kubernetes Operator with which you define this resource. To enable independent operation, you must use an externalProjectRef instead of a projectRef, and you must supply a connectionSecret directly since this resource can't inherit API credentials from its parent project.

apiVersion: atlas.mongodb.com/v1
kind: AtlasIPAccessList
metadata:
  name: atlasipaccesslist-sample
spec:
  externalProjectRef:
    projectId: 66e2f2b621571b7e69a89b66
  connectionSecret:
    name: atlas-connection-secret
  entries:
    - cidrBlock: 192.168.1.0/24
    - ipAddress: 10.0.0.1
      deleteAfterDate: 2025-03-31T23:59:59+02:00
    - awsSecurityGroup: sg-1234
      comment: "AWS Access to my network peering"

Parameters

AtlasIPAccessList

AtlasIPAccessList is the Schema for the atlasipaccesslists API.

`Name`	Type	Description	Required
`apiVersion`	string	atlas.mongodb.com/v1	true
`kind`	string	`AtlasIPAccessList`	true
`metadata`	object	Refer to the Kubernetes `API` documentation for the fields of the `metadata` field.	true
`spec`	object	`AtlasIPAccessListSpec` defines the target state of `AtlasIPAccessList`. Validations: (has(self.``externalProjectRef``) && !has(self.``projectRef``)) \|\| (!has(self.``externalProjectRef``) && has(self.``projectRef``)): must define only one project reference through `externalProjectRef` or `projectRef` (has(self.``externalProjectRef``) && has(self.``connectionSecret``)) \|\| !has(self.``externalProjectRef``): must define a local connection secret when referencing an external project	false
`status`	object	`AtlasIPAccessListStatus` is the most recent observed `status` of the `AtlasIPAccessList` cluster. Read-only.	false

AtlasIPAccessList.spec

AtlasIPAccessListSpec defines the target state of AtlasIPAccessList.

`Name`	Type	Description	Required
`entries`	[]object	Entries is the list of `IP` Access to be managed.	true
`connectionSecret`	object	Name of the secret containing Atlas `API` private and public keys.	false
`externalProjectRef`	object	`externalProjectRef` holds the parent Atlas project `ID`. Mutually exclusive with the "`projectRef`" field.	false
`projectRef`	object	`projectRef` is a reference to the parent `AtlasProject` resource. Mutually exclusive with the "`externalProjectRef`" field.	false

AtlasIPAccessList.spec.entries

`Name`	Type	Description	Required
`awsSecurityGroup`	string	Unique identifier of `AWS` security group in this access list entry.	false
`cidrBlock`	string	Range of `IP` addresses in `CIDR` notation in this access list entry.	false
`comment`	string	Comment associated with this access list entry.	false
`deleteAfterDate`	string	Date and time after which Atlas deletes the temporary access list entry. Format: date-time	false
`ipAddress`	string	Entry using an `IP` address in this access list entry.	false

AtlasIPAccessList.spec.connectionSecret

Name of the secret containing Atlas API private and public keys.

`Name`	Type	Description	Required
`name`	string	Name of the resource being referred to More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names	true

AtlasIPAccessList.spec.externalProjectRef

externalProjectRef holds the parent Atlas project ID. Mutually exclusive with the "projectRef" field.

`Name`	Type	Description	Required
`id`	string	`ID` is the Atlas project `ID`.	true

AtlasIPAccessList.spec.projectRef

projectRef is a reference to the parent AtlasProject resource. Mutually exclusive with the "externalProjectRef" field.

`Name`	Type	Description	Required
`name`	string	Name of the Kubernetes Resource	true
`namespace`	string	Namespace of the Kubernetes Resource	false

AtlasIPAccessList.status

AtlasIPAccessListStatus is the most recent observed status of the AtlasIPAccessList cluster. Read-only.

`Name`	Type	Description	Required
`conditions`	[]object	Conditions is the list of statuses showing the current state of the Atlas Custom Resource	true
`entries`	[]object	Status is the state of the ip access list	false
`observedGeneration`	integer	`ObservedGeneration` indicates the generation of the resource specification of which the Atlas Operator is aware. The Atlas Operator updates this field to the value of 'metadata.generation' as soon as it starts reconciliation of the resource. Format: int64	false

AtlasIPAccessList.status.conditions

Condition describes the state of an Atlas Custom Resource at a certain point.

`Name`	Type	Description	Required
`status`	string	Status of the condition; one of True, False, Unknown.	true
`type`	string	Type of Atlas Custom Resource condition.	true
`lastTransitionTime`	string	Last time the condition transitioned from one status to another. Represented in `ISO` 8601 format. Format: date-time	false
`message`	string	A `message` providing details about the transition.	false
`reason`	string	The `reason` for the condition's last transition.	false

AtlasIPAccessList.status.entries

`Name`	Type	Description	Required
`entry`	string	Entry is the ip access Atlas is managing	true
`status`	string	Status is the correspondent state of the entry	true

Back

AtlasCustomRoles

AtlasNetworkContainer