Configure Access to Atlas
To connect to the Atlas Administration API, Atlas Kubernetes Operator reads the organization ID and API keys from Atlas Kubernetes Operator secrets. You can also configure private endpoints or x509 authentication. To learn more about creating an Atlas account, see Register a new Atlas Account.
Atlas Kubernetes Operator Secrets
Depending on your configuration, Atlas Kubernetes Operator reads from one of the following Atlas Kubernetes Operator secrets:
Scope | Location | Description |
---|---|---|
Global | Atlas Kubernetes Operator uses this secret data to connect to the
Atlas Administration API unless the
The default name of the Atlas Kubernetes Operator deployment is
| |
Project | Atlas Kubernetes Operator secret referenced with
The secret must reside in
the same namespace as the | Atlas Kubernetes Operator uses this secret data to connect to
the Atlas Administration API for any
If you do not specify
Atlas Kubernetes Operator secrets per project allow for more granular access. You may want a single API key to have access to a single Atlas project. |
Parameters
Both global
and project
secrets require the following
information:
Parameter | Description |
---|---|
orgId | Unique 24-digit hexadecimal string used to identify
your Atlas organization. |
publicAPIKey | Public part of the API key. |
privateAPIKey | Private part of the API key. |
Prerequisites
You need the following public API key, private API key, and the organization ID information to configure Atlas Kubernetes Operator access to Atlas.
If you want Atlas Kubernetes Operator to create a new Atlas project, Create an API Key in an Organization and configure the API Access List.
ImportantYou must assign the API key the Organization Project Creator organization role or higher.
If you want to work with an existing Atlas project, Create an API Key for a Project and configure the API Access List.
ImportantYou must assign the API key the Project Owner project role.
Procedure
To configure Atlas Kubernetes Operator access to Atlas, do one of the following steps.
For a
global
Atlas Kubernetes Operator secret, run the following commands:NoteThe name of the
global
Atlas Kubernetes Operator secret must conform to the predefined format. The default name of the Atlas Kubernetes Operator deployment ismongodb-atlas-operator
. So, the secret should be namedmongodb-atlas-operator-api-key
.kubectl create secret generic mongodb-atlas-operator-api-key \ --from-literal="orgId=<the_atlas_organization_id>" \ --from-literal="publicApiKey=<the_atlas_api_public_key>" \ --from-literal="privateApiKey=<the_atlas_api_private_key>" \ -n <operator_namespace> kubectl label secret mongodb-atlas-operator-api-key atlas.mongodb.com/type=credentials -n mongodb-atlas-system For a
project
Atlas Kubernetes Operator secret, run the following commands:kubectl create secret generic my-project-connection \ --from-literal="orgId=<the_atlas_organization_id>" \ --from-literal="publicApiKey=<the_atlas_api_public_key>" \ --from-literal="privateApiKey=<the_atlas_api_private_key>" \ -n <atlas_project_namespace> kubectl label secret mongodb-atlas-operator-api-key atlas.mongodb.com/type=credentials -n mongodb-atlas-system