Docs Menu

Docs HomeMongoDB Atlas Kubernetes Operator

Configure Teams

On this page

  • Limitations
  • Prerequisites
  • Procedure
  • Create the team.
  • Grant the team access to a project.

Atlas Kubernetes Operator supports teams for controlling access to your Atlas projects.

You can create teams at the organization level and add teams to projects to grant project access roles to multiple users. Add any number of organization users to a team.

Grant a team roles for specific projects. All members of a team share the same project access. Organization users can belong to multiple teams. To add teams to a project or edit team roles, see Manage Access to a Project.

To manage teams with Atlas Kubernetes Operator, specify and update the following custom resources:

Custom Resource
Purpose
Defines the team name and the users who belong to it.
Defines the team's access roles for this project. You must set the spec.teams.teamRef.name field to match the metadata.name of the AtlasTeam Custom Resource to assign the team to this project.

Each time you change any of the supported custom resources, such as updating or removing a team, Atlas Kubernetes Operator creates or updates the corresponding Atlas configuration.

You must assign the team to a project by configuring both the AtlasTeam Custom Resource and the AtlasProject Custom Resource for the team to appear in the Atlas UI.

For other limitations that apply to teams, see Manage Organization Teams.

To enable teams for your Atlas Kubernetes Operator-managed cluster, you must:

  • Have a running Kubernetes cluster with Atlas Kubernetes Operator deployed.

  • Ensure your IP address is in the organization's API access list.

Follow these steps to enable teams for your Atlas Kubernetes Operator-managed projects:

1

Create an AtlasTeam Custom Resource for each team using the following example. Specify a metadata.name so that you can reference this file from the AtlasProject Custom Resource and a spec.name so you can differentiate this team from other teams in your organization.

Add only users who are part of the organization.

To learn more about the parameters for a team, see the AtlasTeam Custom Resource.

Example:

cat <<EOF | kubectl apply -f -
apiVersion: atlas.mongodb.com/v1
kind: AtlasTeam
metadata:
name: green-leaf-team
spec:
name: "greenLeafTeam"
usernames:
- "atlas.user1@example.com"
- "atlas.user2@example.com"
- "atlas.user3@example.com"
- "atlas.user4@example.com"
EOF
2

To assign this team to a project, set the spec.teams.teamRef.name field in the AtlasProject Custom Resource to match the metadata.name from the previous step.

In the spec.teams.teamRef.roles field, specify the team's Atlas User Roles for this project.

You can add more than one team. The following example shows two teams with different access roles for the same project.

To learn about the other parameters for a team, see AtlasProject Custom Resource.

Example:

cat <<EOF | kubectl apply -f -
apiVersion: atlas.mongodb.com/v1
kind: AtlasProject
metadata:
name: my-project
spec:
name: Test project
teams:
- teamRef:
name: green-leaf-team
roles:
- GROUP_OWNER
- teamRef:
name: no-leaf-team
roles:
- GROUP_CLUSTER_MANAGER
- GROUP_DATA_ACCESS_ADMIN
EOF
← Configure Federated Authentication from Kubernetes