Docs Menu
Docs Home
/
MongoDB Atlas
/
Atlas Kubernetes Operator
/
Custom Resources

AtlasOrgSettings Custom Resource

The AtlasOrgSettings custom resource allows you to modify settings for a specific organization.

Important

Custom Resources No Longer Delete Objects by Default

  • Atlas Kubernetes Operator uses custom resource configuration files to manage your Atlas configuration, but as of Atlas Kubernetes Operator 2.0, custom resources you delete in Kubernetes are no longer (by default) deleted in Atlas. Instead, Atlas Kubernetes Operator simply stops managing those resources in Atlas. For example, if you delete an AtlasProject Custom Resource in Kubernetes, by default the Atlas Kubernetes Operator no longer automatically deletes the corresponding project from Atlas. This change in behavior is intended to help prevent accidental or unexpected deletions. To learn more, including how to revert this behavior to the default used prior to Atlas Kubernetes Operator 2.0, see New Default: Deletion Protection in Atlas Kubernetes Operator 2.0.

    Similarly, Atlas Kubernetes Operator does not delete teams from Atlas if you remove them from an Atlas project in Kubernetes with the Atlas Kubernetes Operator.

  • Explicitly define your desired configuration details in order to avoid implicitly using default Atlas configuration values. In some cases, inheriting Atlas defaults may result in a reconciliation loop which can prevent your custom resource from achieving a READY state. For example, explicitly defining your desired autoscaling behavior in your AtlasDeployment custom resource, as shown in the included example, ensures that a static instance size in your custom resource is not being repeatedly applied to an Atlas deployment which has autoscaling enabled.

    autoScaling:
      diskGB:
        enabled: true
      compute:
        enabled: true
        scaleDownEnabled: true
        minInstanceSize: M30
        maxInstanceSize: M40

Example

The following example shows an AtlasOrgSettings custom resource:

apiVersion: atlas.mongodb.com/v1
kind: AtlasOrgSettings
metadata:
  name: my-org-settings
  namespace: mongodb-atlas-system
spec:
  orgID: "455aff84aca055313451234c"
  connectionSecretRef:
    name: my-org-connection-secret
  apiAccessListRequired: true
  genAIFeaturesEnabled: true
  maxServiceAccountSecretValidityInHours: 42
  multiFactorAuthRequired: true
  restrictEmployeeAccess": true
  securityContact": "test@example.com"
  streamsCrossGroupEnabled": true

Parameters

This section describes the AtlasOrgSettings custom resource parameters available.

spec.orgId

Type: string

Required

Unique 24-hexadecimal digit string that identifies the organization that contains your projects. Format should match the following pattern: ^([a-f0-9]{24})$.

spec.connectionSecretRef.name

Type: string

Optional

You can use the spec.connectionSecretRef.name parameter to set the connection secret for the AtlasOrgSettings custom resource. This parameter overrides the default global connection secret.

Note

The credentials for the AtlasOrgSettings must have the Organization Owner role to modify the organization settings.

spec.apiAccessListRequired

Type: boolean

Optional

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

spec.genAIFeaturesEnabled

Type: boolean

Optional

Default: true

Flag that indicates whether this organization has access to generative AI features. This setting is enabled by default, and once it is turned on, Project Owners may be able to enable or disable individual AI features at the project level.

Note

This setting is not applicable to Atlas for Government.

spec.maxServiceAccountSecretValidityInHours

Type: integer(int32)

Optional

Minimum: 8

Maximum: 8760

The maximum period before expiry in hours for new Atlas Administration API Service Account secrets within the specified organization.

spec.multiFactorAuthRequired

Type: boolean

Optional

Flag that indicates whether to require users to set up MFA before accessing the specified organization.

To learn more, see Manage Your Multi-Factor Authentication Options.

spec.restrictEmployeeAccess

Type: boolean

Optional

Flag that indicates whether to block MongoDB Support from accessing Atlas infrastructure and cluster logs for any deployment in the specified organization without explicit permission. Once this setting is turned on, you can grant MongoDB Support a 24-hour bypass access to the Atlas deployment to resolve support issues.

To learn more, see Configure MongoDB Support Access to Atlas Backend Infrastructure.

spec.securityContact

Type: string

Optional

String that specifies a single email address for the specified organization to receive security-related notifications. Specifying a security contact does not grant them authorization or access to Atlas for security decisions or approvals. An empty string is valid and clears the existing security contact, if one is defined.

spec.orgstreamsCrossGroupEnabledId

Type: boolean

Optional

Flag that indicates whether a project's Atlas Stream Processing instances in this organization can create connections to other projects' clusters in the same organization.

Back

AtlasNetworkPeering

Next

AtlasPrivateEndpoint

On this page