Navigation

Whitelist Cloud Providers and Instance Sizes

Important

Atlas Open Service Broker is deprecated. Use the MongoDB Atlas Operator instead.

You can specify a list of allowed cloud service providers and instance sizes for Atlas clusters deployed with the Atlas Open Service Broker. This whitelist can help control costs or ensure compliance by limiting Atlas clusters to certain cloud providers and sizes. When you apply a whitelist and then deploy a cluster, only the providers and instance sizes listed in the whitelist appear in the Service Catalog marketplace.

You must have the Atlas Open Service Broker installed.

The whitelist applies only to Atlas clusters created through the Atlas Open Service Broker. Atlas clusters created in the same project through the UI are not limited by the whitelist.

You can create and apply a whitelist at any time. If you have existing Atlas clusters in your project, make sure that their cloud service providers and instance sizes are included in the whitelist to prevent possible issues with the Atlas Open Service Broker.

1

The whitelist is a JSON object that contains a key for each cloud service provider. Each cloud service provider key takes an array of corresponding instance sizes as its value. To view a list of available instance sizes, see the providerSettings.instanceSizeName parameter in the Atlas Create a Cluster API.

  1. Open your preferred text editor and create a JSON file using the following key-value pairs:

    Key
    Type
    Description
    TENANT
    string array

    Array of allowed instance sizes on shared Atlas tenants. Supported values are:

    • M2
    • M5
    Note

    The value you specify for the spec.regionName setting when you deploy a cluster determines which cloud provider the cluster is deployed to.

    AWS
    string array
    Array of allowed Amazon Web Services instance sizes.
    GCP
    string array
    Array of allowed Google Cloud Platform instance sizes.
    AZURE
    string array
    Array of allowed Microsoft Azure instance sizes.
    Example

    This example JSON file whitelists the following cloud service providers and instance sizes:

    • Shared Atlas tenants: M2 and M5
    • Google Cloud Platform: M10, M20, and M200
    • Amazon Web Services: M10, M20, M100, and M140
    • Microsoft Azure: M10, M20, and M200
    {
    "TENANT": [
    "M2",
    "M5"
    ],
    "GCP": [
    "M10",
    "M20",
    "M200"
    ],
    "AWS": [
    "M10",
    "M20",
    "M100",
    "M140"
    ],
    "AZURE": [
    "M10",
    "M20",
    "M200"
    ]
    }
  2. Save this file as providers-whitelist.json.
2

You use a configMap resource to add the whitelist data into your deployment.

Invoke the following command to create a configMap resource named providers-whitelist from the providers-whitelist.json file:

kubectl create configmap providers-whitelist --from-file=providers-whitelist.json -n <NAMESPACE>
3
  1. Open your Deployment resource definition YAML file in your preferred text editor.

    Tip

    If you followed the Installation tutorial, this resource is defined in deployment-and-service.yaml.

  2. Copy the highlighted parameters and paste them into to the kind: Deployment resource definition.

    These parameters direct Kubernetes to mount the ConfigMap to this deployment as a volume at the specified path.

    spec:
    template:
    spec:
    containers:
    - name: atlas-service-broker
    image: quay.io/mongodb/mongodb-atlas-service-broker:latest
    ports:
    - containerPort: 4000
    env:
    - name: BROKER_HOST
    value: 0.0.0.0
    - name: PROVIDERS_WHITELIST_FILE
    value: <PATH_TO_WHITELIST_FILE>
    volumeMounts:
    - name: <VOLUME_NAME>
    mountPath: <PATH_TO_MOUNT_VOLUME>
    volumes:
    - name: <VOLUME_NAME>
    configMap:
    name: <CONFIGMAP_NAME>
  3. Configure the required settings.

    Key
    Description
    Example
    spec.template.spec
    .containers.env.value
    Absolute path to the whitelist JSON file.
    /etc/config/providers-whitelist.json
    spec.template.spec
    .containers.volumeMounts.name
    Name of the volume that contains the whitelist data.
    This value must match
    spec.template.spec.volumes.name.
    config-volume
    spec.template.spec
    .containers.mountPath.value
    Absolute path to mount the volume to in this deployment.
    /etc/config
    spec.template.spec
    .volumes.name
    Name of the volume that contains the whitelist data.
    This value must match
    spec.template.spec
    .containers.volumeMounts.name.
    config-volume
    spec.template.spec
    .volumes.configMap.name
    Name of the configMap that corresponds to the whitelist.
    providers-whitelist
  4. Save the Deployment resource definition.
4

Invoke the following kubectl command:

kubectl apply -f <DEPLOYMENT_RESOURCE_DEFINITION>.yaml -n <NAMESPACE>
Give Feedback