(DOCSP-29355): Add externalAccess steps for standalone and sharded clusters (#1313)

* Add externalAccess procedure for standalone and sharded clusters

* small fixes

* tech review feedback

* additional fixes

* tech review feedback

* copy review feedback

* copy review 2

* small update to release notes

Author: davidhou17

source/includes/code-examples/yaml-files/example-sharded-cluster.yaml

@@ -470,7 +470,7 @@ spec:
   credentials: my-secret
   type: ShardedCluster
   persistent: true
-  exposedExternally: true
+  externalAccess: {}
 ...
 END-exposed-sharded-full
 
@@ -496,7 +496,7 @@ spec:
 END-exposed-sharded-upper
 
 START-exposed-sharded-lower
-  exposedExternally: true
+  externalAccess: {}
 ...
 END-exposed-sharded-lower
 
@@ -518,13 +518,12 @@ spec:
   configServerCount: 3
   credentials: my-secret
   type: ShardedCluster
-  persistent: true
-  exposedExternally: true
+  externalAccess: {}
   security:
     tls:
-      enabled: true
+      certsSecretPrefix: <prefix>
       additionalCertificateDomains:
-        - "additional-cert-test.com"
+         - "<external-domain>"
 ...
 END-exposed-sharded-tls-full
 
@@ -550,7 +549,7 @@ spec:
 END-exposed-sharded-tls-upper
 
 START-exposed-sharded-tls-lower
-  exposedExternally: true
+  externalAccess: {}
   security:
     tls:
       enabled: true

source/includes/code-examples/yaml-files/example-standalone.yaml

@@ -30,8 +30,6 @@ spec:
             # Must match metadata.name in ConfigMap file
   credentials: <mycredentials>
   type: Standalone
-  persistent: true
-  exposedExternally: true
 ...
 END-standalone-exposed-full
 
@@ -49,10 +47,9 @@ spec:
             # Must match metadata.name in ConfigMap file
   credentials: <mycredentials>
   type: Standalone
-  persistent: true
 END-standalone-exposed-upper
 
 START-standalone-exposed-lower
-  exposedExternally: true
+  externalAccess: {}
 ...
 END-standalone-exposed-lower

source/includes/facts/fact-external-access-spec.rst

@@ -1,6 +1,7 @@
 If you add ``spec.externalAccess``, the |k8s-op-short| creates an external service 
 for each Pod in a replica set. External services provide an external entry point 
-for each MongoDB database Pod in a cluster. Each external service has selectors 
+for each MongoDB database Pod in a cluster. Each external service has 
+:k8sdocs:`selectors </concepts/overview/working-with-objects/labels/>`
 that match the external service to a specific Pod.
 
 If you add this setting without any values, the |k8s-op-short| creates 

source/includes/facts/fact-external-service-spec.rst

@@ -1,5 +1,5 @@
-When you set the :setting:`spec.externalAccess` setting, the |k8s-op-short| 
-automatically creates an external load balancer service with preset values. 
+When you set the |external-access| setting, the |k8s-op-short| 
+automatically creates an external load balancer service with |default-values|. 
 You can override certain values or add new values depending on your needs. 
 For example, if you intend to create :k8sdocs:`NodePort services
 </concepts/services-networking/service/#type-nodeport>`

source/includes/list-tables/external-service-default.rst

@@ -17,8 +17,7 @@
 
   * - ``Port``
     - ``<Port Number>``
-    - A port for |mongod|. If you set |external-domain|,
-      the external service adds another port (``Port Number + 1``) for backups.
+    - A port for |mongod|.
 
   * - ``publishNotReadyAddress``
     - ``true``

source/includes/list-tables/resource-keys-external-access-sharded.rst

@@ -8,13 +8,13 @@
      - Description
      - Example
 
-   * - :setting:`spec.exposedExternally`
-     - Boolean
-     - Optional
-     - Set this value to ``true`` to allow external services to connect
-       to the MongoDB deployment. This results in |k8s| creating a
-       :k8sdocs:`NodePort service </concepts/services-networking/service/#nodeport>`.
-     - ``true``
+   * - | ``spec.security``
+       | :setting:`.certsSecretPrefix<spec.security.certsSecretPrefix>`
+     - string
+     - Required
+     - Add the ``<prefix>`` of the secret 
+       name that contains your MongoDB deployment's |tls| certificates.
+     - ``devDb``
 
    * - | ``spec.security.tls``
        | :setting:`.additionalCertificateDomains<spec.security.tls.additionalCertificateDomains>`
@@ -25,12 +25,4 @@
        every |csr| that the |k8s-op-short| transforms into a |tls|
        certificate includes a |san-dns| in the form ``<pod
        name>.<additional cert domain>``.
-     - ``true``
-
-   * - | ``spec.security``
-       | :setting:`.certsSecretPrefix<spec.security.certsSecretPrefix>`
-     - string
-     - Required
-     - Add the ``<prefix>`` of the secret 
-       name that contains your MongoDB deployment's |tls| certificates.
-     - ``devDb``
+     - ``example.com``

source/includes/list-tables/resource-keys-external-access-standalone.rst

@@ -2,7 +2,7 @@
 stepnum: 0
 level: 4
 ref: create-external-services
-title: "Create an external service for each of the Pods."
+title: Create an external service for {{podType}}.
 content: |
   To connect to your {{k8sResource}} from an external resource, configure the 
   :ref:`spec.externalAccess <multi-spec-externalaccess>` setting:
@@ -12,7 +12,7 @@ content: |
     externalAccess: {}
 
   This setting instructs the |k8s-op-short| to create an external :k8sdocs:`LoadBalancer 
-  </concepts/services-networking/service/#loadbalancer>` service for each Pod in your 
+  </concepts/services-networking/service/#loadbalancer>` service for {{podType}} in your 
   {{k8sResource}}. The external service provides an entry point for external connections.
   Adding this setting with no values creates an external service with the following default
   values:
@@ -27,8 +27,8 @@ content: |
   - Overrides for the service specification, in {{overrides}}.
 
   For example, the following settings override the default values for the external service 
-  to configure your {{k8sResource}} to create a :k8sdocs:`NodePort service 
-  </concepts/services-networking/service/#type-nodeport>` that exposes the {{k8sResource}}:
+  to configure your {{k8sResource}} to create :k8sdocs:`NodePort services 
+  </concepts/services-networking/service/#type-nodeport>` that expose {{podType}}:
   
   .. code-block:: yaml
 
@@ -52,24 +52,48 @@ content: |
 stepnum: 0
 level: 4
 ref: verify-external-services
-title: "Verify the external services."
+title: Verify the external services.
 content: |
-  In {{deployment}}, run the following command to verify that the external services
-  have been created.
+  In {{deployment}}, run the following command to verify that the 
+  |k8s-op-short| created the external service for your deployment.
 
   .. code-block:: sh
 
      $ kubectl get services
 
   The command returns a list of services similar to the following output.
   For each database Pod in the cluster, the |k8s-op-short| creates an external service 
-  named ``<pod-name>-svc-external``. This service is configured according to the values 
-  and overrides you provide in the :ref:`external service specification <k8s-specification>`.
+  named ``{{format}}``. This service is configured according to the values 
+  and overrides you provide in the {{spec}}.
 
   .. code-block:: sh
      :copyable: false
 
      NAME                                  TYPE         CLUSTER-IP   EXTERNAL-IP       PORT(S)           AGE
-     {{example}}   LoadBalancer   10.102.27.116    1.2.3.4      27017:27017/TCP     8m30s
+     {{example}}   LoadBalancer   10.102.27.116    <lb-ip-or-fqdn>   27017:27017/TCP    8m30s
+    
+  Depending on your cluster configuration or cloud provider, 
+  the IP address of the LoadBalancer service is an externally 
+  accessible IP address or |fqdn|. You can use the IP address or |fqdn| 
+  to route traffic from your external domain. 
+---
+stepnum: 0
+level: 4
+ref: test-connection-external-services
+title: Test the connection to the {{k8sResource}}.
+content: |
+  To connect to your deployment from outside of the |k8s| cluster, 
+  use the MongoDB Shell (``mongosh``) and specify the {{podType}} 
+  that you've exposed through the external domain. 
+
+  .. example::
+
+     If you have {{addressExample}}, you can
+     connect to this sharded cluster instance from outside of the |k8s|
+     cluster by using the following command:
+
+     .. code-block:: sh
+
+        mongosh "{{addressCommand}}"
   
 ...