diff --git a/api/v1alpha1/mongodbcluster_types.go b/api/v1alpha1/mongodbcluster_types.go index ca8cfc3..6aa95c0 100644 --- a/api/v1alpha1/mongodbcluster_types.go +++ b/api/v1alpha1/mongodbcluster_types.go @@ -49,8 +49,8 @@ type MongoDBClusterSpec struct { // If this is set, Atlas API will be used instead of the regular mongo auth path. UseAtlasApi bool `json:"useAtlasApi,omitempty"` - // If this is set, along with useAtlasApi, all the kubernetes nodes on the cluster will be added to the Atlas firewall, using the rke.cattle.io/external-ip annotation. - AllowOnAtlasFirewall bool `json:"allowOnAtlasFirewall,omitempty"` + // If this is set, along with useAtlasApi, all the kubernetes nodes on the cluster will be added to the Atlas firewall. The only available value right now is "rancher-annotation", which uses the rke.cattle.io/external-ip annotation. + AtlasNodeIPAccessStrategy string `json:"atlasNodeIPAccessStrategy,omitempty"` } // MongoDBClusterStatus defines the observed state of MongoDBCluster diff --git a/config/crd/bases/airlock.cloud.rocket.chat_mongodbclusters.yaml b/config/crd/bases/airlock.cloud.rocket.chat_mongodbclusters.yaml index 81a93e9..532d626 100644 --- a/config/crd/bases/airlock.cloud.rocket.chat_mongodbclusters.yaml +++ b/config/crd/bases/airlock.cloud.rocket.chat_mongodbclusters.yaml @@ -41,11 +41,12 @@ spec: type: object spec: properties: - allowOnAtlasFirewall: - description: If this is set, all the kubernetes nodes on the cluster - will be added to the Atlas firewall, using rke.cattle.io/external-ip - annotation. - type: boolean + atlasNodeIPAccessStrategy: + description: If this is set, along with useAtlasApi, all the kubernetes + nodes on the cluster will be added to the Atlas firewall. The only + available value right now is "rancher-annotation", which uses the + rke.cattle.io/external-ip annotation. + type: string connectionSecret: description: Secret in which Airlock will look for a ConnectionString or Atlas credentials, that will be used to connect to the cluster. @@ -75,7 +76,7 @@ spec: type: boolean userNamePrefix: description: Append this prefix to all default/generated usernames - for this cluster. Will be overriden if "username" is specified. + for this cluster. Will be overridden if "username" is specified. type: string required: - connectionSecret diff --git a/config/samples/airlock_v1alpha1_mongodbcluster.yaml b/config/samples/airlock_v1alpha1_mongodbcluster.yaml index 05073cd..8feb9d0 100644 --- a/config/samples/airlock_v1alpha1_mongodbcluster.yaml +++ b/config/samples/airlock_v1alpha1_mongodbcluster.yaml @@ -35,8 +35,8 @@ spec: # Optional. Append this prefix to all default/generated usernames for this cluster. Will be ignored if "username" is already set on the access request. userNamePrefix: test-use1- - # Optional. If this is set, along with useAtlasApi, all the kubernetes nodes on the cluster will be added to the Atlas firewall, using the rke.cattle.io/external-ip annotation. - allowOnAtlasFirewall: true + # Optional. If this is set, along with useAtlasApi, all the kubernetes nodes on the cluster will be added to the Atlas firewall. The only available value right now is "rancher-annotation", which uses the rke.cattle.io/external-ip annotation. + atlasNodeIPAccessStrategy: rancher-annotation --- apiVersion: v1 diff --git a/controllers/mongodbcluster_controller.go b/controllers/mongodbcluster_controller.go index 396f502..10661e9 100644 --- a/controllers/mongodbcluster_controller.go +++ b/controllers/mongodbcluster_controller.go @@ -125,7 +125,7 @@ func (r *MongoDBClusterReconciler) Reconcile(ctx context.Context, req ctrl.Reque } // Add nodes to Atlas firewall - if mongodbClusterCR.Spec.AllowOnAtlasFirewall { + if mongodbClusterCR.Spec.AtlasNodeIPAccessStrategy == "rancher-annotation" { err = r.reconcileAtlasFirewall(ctx, mongodbClusterCR, secret) if err != nil { meta.SetStatusCondition(&mongodbClusterCR.Status.Conditions, @@ -231,7 +231,7 @@ func (r *MongoDBClusterReconciler) SetupWithManager(mgr ctrl.Manager) error { requests := make([]reconcile.Request, 0) for _, item := range mongodbClusterCR.Items { - if item.Spec.AllowOnAtlasFirewall { + if item.Spec.AtlasNodeIPAccessStrategy != "" { requests = append(requests, reconcile.Request{ NamespacedName: types.NamespacedName{ Name: item.GetName(),