Updated per @jwilliams-mongo review 2.

Author: Tony Sansone

source/includes/code-examples/yaml-files/example-replica-set.yaml

@@ -278,12 +278,9 @@ spec:
       enabled: true
   connectivity:
     replicaSetHorizons:
-      - "example-localhost": "repl-0-svc.dev.svc.cluster.local:27017"
-        "example-website": "web1.example.com:27017"
-      - "example-localhost": "repl-1-svc.dev.svc.cluster.local:27017"
-        "example-website": "web2.example.com:27017"
-      - "example-localhost": "repl-2-svc.dev.svc.cluster.local:27017"
-        "example-website": "web3.example.com:27017"
+      - "example-website": "web1.example.com:27017"
+      - "example-website": "web2.example.com:27017"
+      - "example-website": "web3.example.com:27017"
 ...
 END-horizon-replset
 
@@ -310,12 +307,9 @@ START-horizon-replset-lower
       enabled: true
   connectivity:
     replicaSetHorizons:
-      - "example-localhost": "repl-0-svc.dev.svc.cluster.local:27017"
-        "example-website": "web1.example.com:27017"
-      - "example-localhost": "repl-1-svc.dev.svc.cluster.local:27017"
-        "example-website": "web2.example.com:27017"
-      - "example-localhost": "repl-2-svc.dev.svc.cluster.local:27017"
-        "example-website": "web3.example.com:27017"
+      - "example-website": "web1.example.com:27017"
+      - "example-website": "web2.example.com:27017"
+      - "example-website": "web3.example.com:27017"
 END-horizon-replset-lower
 
 START-horizon-addcert-replset

source/includes/code-examples/yaml-files/example-sharded-cluster.yaml

@@ -291,3 +291,84 @@ spec:
   persistent: true
 ...
 END-scaled-sharded
+
+START-exposed-sharded-full
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: <my-sharded-cluster>
+spec:
+  version: 4.2.1
+  opsManager:
+    configMapRef:
+      name: <configMap.metadata.name>
+            # Must match metadata.name in ConfigMap file
+  shardCount: 2
+  mongodsPerShardCount: 3
+  mongosCount: 2
+  configServerCount: 3
+  credentials: my-secret
+  type: ShardedCluster
+  persistent: true
+  exposedExternally: true
+...
+END-exposed-sharded-full
+
+START-exposed-sharded-upper
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: <my-sharded-cluster>
+spec:
+  version: 4.2.1
+  opsManager:
+    configMapRef:
+      name: <configMap.metadata.name>
+            # Must match metadata.name in ConfigMap file
+  shardCount: 2
+  mongodsPerShardCount: 3
+  mongosCount: 2
+  configServerCount: 3
+  credentials: my-secret
+  type: ShardedCluster
+  persistent: true
+END-exposed-sharded-upper
+
+START-exposed-sharded-lower
+  exposedExternally: true
+...
+END-exposed-sharded-lower
+
+START-exposed-sharded-tls-upper
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: <my-sharded-cluster>
+spec:
+  version: 4.2.1
+  opsManager:
+    configMapRef:
+      name: <configMap.metadata.name>
+            # Must match metadata.name in ConfigMap file
+  shardCount: 2
+  mongodsPerShardCount: 3
+  mongosCount: 2
+  configServerCount: 3
+  credentials: my-secret
+  type: ShardedCluster
+  persistent: true
+END-exposed-sharded-tls-upper
+
+START-exposed-sharded-tls-lower
+  exposedExternally: true
+  security:
+    tls:
+      enabled: true
+      additionalCertificateDomains:
+        - "additional-cert-test.com"
+...
+END-exposed-sharded-tls-lower
+

source/includes/code-examples/yaml-files/example-standalone.yaml

@@ -15,3 +15,44 @@ spec:
   persistent: true
 ...
 END-regular-standalone
+
+START-standalone-exposed-full
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: <my-standalone>
+spec:
+  version: 4.2.1
+  opsManager:
+    configMapRef:
+      name: <configMap.metadata.name>
+            # Must match metadata.name in ConfigMap file
+  credentials: <mycredentials>
+  type: Standalone
+  persistent: true
+  exposedExternally: true
+...
+END-standalone-exposed-full
+
+START-standalone-exposed-upper
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: <my-standalone>
+spec:
+  version: 4.2.1
+  opsManager:
+    configMapRef:
+      name: <configMap.metadata.name>
+            # Must match metadata.name in ConfigMap file
+  credentials: <mycredentials>
+  type: Standalone
+  persistent: true
+END-standalone-exposed-upper
+
+START-standalone-exposed-lower
+  exposedExternally: true
+...
+END-standalone-exposed-lower

source/includes/list-tables/resource-keys-external-access-sharded.rst

@@ -0,0 +1,39 @@
+.. list-table::
+   :widths: 20 10 10 40 20
+   :header-rows: 1
+
+   * - Key
+     - Type
+     - Necessity
+     - Description
+     - Example
+
+   * - :setting:`spec.exposedExternally`
+     - Boolean
+     - Optional
+     - Set this value to ``true`` to allow external services to connect
+       to the MongoDB deployment. This results in |k8s| creating a
+       :k8sdocs:`NodePort service </concepts/services-networking/service/#nodeport>`.
+     - ``true``
+
+   * - | ``spec.security``
+       | :setting:`.tls.enabled<spec.security.tls.enabled>`
+     - boolean
+     - Optional
+     - If this value is ``true``, |tls| is enabled on the MongoDB
+       deployment.
+
+       By default, |k8s-op-short| requires hosts to use and
+       accept |tls| encrypted connections.
+     - ``true``
+
+   * - | ``spec.security.tls``
+       | :setting:`.additionalCertificateDomains<spec.security.tls.additionalCertificateDomains>`
+     - collection
+     - Optional
+     - List of every domain that should be added to |tls| certificates
+       to each pod in this deployment. When you set this parameter,
+       every |csr| that the |k8s-op-short| transforms into a |tls|
+       certificate includes a |san-dns| in the form ``<pod
+       name>.<additional cert domain>``.
+     - ``true``

source/includes/list-tables/resource-keys-external-access-standalone.rst

@@ -0,0 +1,17 @@
+.. list-table::
+   :widths: 20 10 10 40 20
+   :header-rows: 1
+
+   * - Key
+     - Type
+     - Necessity
+     - Description
+     - Example
+
+   * - :setting:`spec.exposedExternally`
+     - Boolean
+     - Optional
+     - Set this value to ``true`` to allow external services to connect
+       to the MongoDB deployment. This results in |k8s| creating a
+       :k8sdocs:`NodePort service </concepts/services-networking/service/#nodeport>`.
+     - ``true``

source/includes/list-tables/resource-keys-split-horizons.rst

@@ -25,7 +25,7 @@
      - ``true``
 
    * - | ``spec.connectivity``
-       | ``.replicaSetHorizons``
+       | :setting:`.replicaSetHorizons<spec.connectivity.replicaSetHorizons>`
      - collection
      - Conditional
      - Add this parameter and values if you need your database to be

source/includes/list-tables/resource-keys-tls.rst

@@ -12,7 +12,7 @@
        | :setting:`.tls.enabled<spec.security.tls.enabled>`
      - boolean
      - Optional
-     - If this value is ``true``, |tls| is enabled on the MongoDB
+     - Set this value to ``true`` to enable |tls| on the MongoDB
        deployment.
 
        By default, |k8s-op-short| requires hosts to use and

source/includes/options-k8s-replica-set.yaml

@@ -376,7 +376,7 @@ description: |
   horizon |dns| for replica set members. This feature allows
   communication both within the |k8s| cluster and from outside |k8s|.
 
-       You may add multiple external mappings per host.
+  You may add multiple external mappings per host.
 
   .. admonition:: Split Horizon Requirements
      :class: note

source/includes/options-k8s-shared.yaml

@@ -580,7 +580,8 @@ default: "false"
 description: |
 
   Determines whether the MongoDB deployment is exposed outside of the
-  Kubernetes cluster. This results in |k8s| creating a `NodePort service <https://kubernetes.io/docs/concepts/services-networking/service/#nodeport>`__.
+  Kubernetes cluster. This results in |k8s| creating a
+  :k8sdocs:`NodePort service </concepts/services-networking/service/#nodeport>`.
 ---
 program: _shared
 name: spec.podSpec.podTemplate
@@ -654,8 +655,14 @@ description: |
      If you add this parameter to a |tls|\-enabled resource, |k8s|
      displays an error when the resource reaches the ``Pending`` state.
      This error displays: ``Please manually remove the |csr| in order
-     to proceed.`` To remedy this issue, remove any existing |csr|\s so
-     |k8s| can generate new |csr|\s. Approve the |csr|\s after |k8s|
-     generates them.
+     to proceed.`` To remedy this issue:
+
+     1. Remove any existing |csr|\s so that |k8s| can generate new
+        |csr|\s. To learn how to delete a resource, see the
+        :k8sdocs:`deleting resources
+        </reference/kubectl/cheatsheet/#deleting-resources>` in the
+        |k8s| documentation.
+
+     2. Approve the |csr|\s after |k8s| generates them.
 
 ...