Navigation

Whitelist Cloud Providers and Instance Sizes

You can specify a list of allowed cloud service providers and instance sizes for Atlas clusters deployed with the Atlas Open Service Broker. This whitelist can help control costs or ensure compliance by limiting Atlas clusters to certain cloud providers and sizes. When you apply a whitelist and then deploy a cluster, only the providers and instance sizes listed in the whitelist appear in the Service Catalog marketplace.

Prerequisites

You must have the Atlas Open Service Broker installed.

Considerations

Whitelist Scope

The whitelist applies only to Atlas clusters created through the Atlas Open Service Broker. Atlas clusters created in the same project through the UI are not limited by the whitelist.

Existing Clusters

You can create and apply a whitelist at any time. If you have existing Atlas clusters in your project, make sure that their cloud service providers and instance sizes are included in the whitelist to prevent possible issues with the Atlas Open Service Broker.

Procedure

1

Create a whitelist JSON file.

The whitelist is a JSON object that contains a key for each cloud service provider. Each cloud service provider key takes an array of corresponding instance sizes as its value. To view a list of available instance sizes, see the providerSettings.instanceSizeName parameter in the Atlas Create a Cluster API.

  1. Open your preferred text editor and create a JSON file using the following key-value pairs:

    Key Type Description
    AWS string array Array of allowed Amazon Web Services instance sizes.
    GCP string array Array of allowed Google Cloud Platform instance sizes.
    AZURE string array Array of allowed Microsoft Azure instance sizes.

    Example

    This example JSON file whitelists the following cloud service providers and instance sizes:

    • Google Cloud Platform: M10, M20, and M200
    • Amazon Web Services: M10, M20, M100, and M140
    • Microsoft Azure: M10, M20, and M200
    {
        "GCP": [
            "M10",
            "M20",
            "M200"
        ],
        "AWS": [
            "M10",
            "M20",
            "M100",
            "M140"
        ],
        "AZURE": [
            "M10",
            "M20",
            "M200"
        ]
    }
    
  2. Save this file as providers-whitelist.json.

2

Create a ConfigMap object from your JSON file.

You use a configMap resource to add the whitelist data into your deployment.

Invoke the following command to create a configMap resource named providers-whitelist from the providers-whitelist.json file:

kubectl create configmap providers-whitelist --from-file=providers-whitelist.json -n <NAMESPACE>
3

Edit your Deployment resource definition.

  1. Open your Deployment resource definition YAML file in your preferred text editor.

    Tip

    If you followed the Installation tutorial, this resource is defined in deployment-and-service.yaml.

  2. Copy the highlighted parameters and paste them into to the kind: Deployment resource definition.

    These parameters direct Kubernetes to mount the ConfigMap to this deployment as a volume at the specified path.

    spec:
      template:
        spec:
          containers:
            - name: atlas-service-broker
              image: quay.io/mongodb/mongodb-atlas-service-broker:latest
              ports:
                - containerPort: 4000
              env:
                - name: BROKER_HOST
                  value: 0.0.0.0
                - name: PROVIDERS_WHITELIST_FILE
                  value: <PATH_TO_WHITELIST_FILE>
              volumeMounts:
                - name: <VOLUME_NAME>
                  mountPath: <PATH_TO_MOUNT_VOLUME>
          volumes:
            - name: <VOLUME_NAME>
              configMap:
                name: <CONFIGMAP_NAME>
    
  3. Configure the required settings.

    Key Description Example
    spec.template.spec
    .containers.env.value
    Absolute path to the whitelist JSON file. /etc/config/providers-whitelist.json
    spec.template.spec
    .containers.volumeMounts.name
    Name of the volume that contains the whitelist data.
    This value must match
    spec.template.spec.volumes.name.
    config-volume
    spec.template.spec
    .containers.mountPath.value
    Absolute path to mount the volume to in this deployment. /etc/config
    spec.template.spec
    .volumes.name
    Name of the volume that contains the whitelist data.
    This value must match
    spec.template.spec
    .containers.volumeMounts.name.
    config-volume
    spec.template.spec
    .volumes.configMap.name
    Name of the configMap that corresponds to the whitelist. providers-whitelist
  4. Save the Deployment resource definition.

4

Redeploy the Atlas Open Service Broker.

Invoke the following kubectl command:

kubectl apply -f <DEPLOYMENT_RESOURCE_DEFINITION>.yaml -n <NAMESPACE>