Atlas Kubernetes Operator supports teams for controlling access to your Atlas projects.
You can use teams to grant project access roles to multiple users. Add any number of organization users to a team. Grant a team roles for specific projects. All members of a team share the same project access.
Organization users can belong to multiple teams.
To manage teams with Atlas Kubernetes Operator, specify and update the following custom resources:
Defines the team name and the users who belong to it.
Defines the team's access roles for this project. You must set the
Each time you change any of the supported custom resources, such as updating or removing a team, Atlas Kubernetes Operator creates or updates the corresponding Atlas configuration.
You must assign the team to a project by configuring both the
AtlasTeam Custom Resource and the
AtlasProject Custom Resource for
the team to appear in the Atlas UI.
For other limitations that apply to teams, see Manage Organization Teams.
To enable teams for your Atlas Kubernetes Operator-managed cluster, you must:
Have a running Kubernetes cluster with Atlas Kubernetes Operator deployed.
Ensure your IP address is in the organization's API access list.
Follow these steps to enable teams for your Atlas Kubernetes Operator-managed projects:
Create the team.
AtlasTeam Custom Resource for each team using the following
example. Specify a
metadata.name so that you can reference this
file from the
AtlasProject Custom Resource and a
spec.name so you
can differentiate this team from other teams in your organization.
Add only users who are part of the organization.
To learn more about the parameters for a team, see
AtlasTeam Custom Resource.
cat <<EOF | kubectl apply -f - apiVersion: atlas.mongodb.com/v1 kind: AtlasTeam metadata: name: green-leaf-team labels: app.kubernetes.io/version: 1.6.0 spec: name: "greenLeafTeam" usernames: - "firstname.lastname@example.org" - "email@example.com" - "firstname.lastname@example.org" - "email@example.com" EOF
Grant the team access to a project.
To assign this team to a project, set the
field in the
AtlasProject Custom Resource to match the
metadata.name from the previous step.
spec.teams.teamRef.roles field, specify the team's
Atlas User Roles for this project.
You can add more than one team. The following example shows two teams with different access roles for the same project.
To learn about the other parameters for a team,
AtlasProject Custom Resource.
cat <<EOF | kubectl apply -f - apiVersion: atlas.mongodb.com/v1 kind: AtlasProject metadata: name: my-project labels: app.kubernetes.io/version: 1.6.0 spec: name: Test project teams: - teamRef: name: green-leaf-team roles: - GROUP_OWNER - teamRef: name: no-leaf-team roles: - GROUP_CLUSTER_MANAGER - GROUP_DATA_ACCESS_ADMIN EOF