The MongoDB Atlas Operator provides a native integration between the Kubernetes orchestration platform and MongoDB Atlas — the only multi-cloud document database service that gives you the versatility you need to build sophisticated and resilient applications that can adapt to changing customer demands and market trends.

Current Status: trial version. The Operator gives users the ability to provision Atlas projects, clusters and database users using Kubernetes Specifications and bind connection information into applications deployed to Kubernetes. More features like private endpoints, backup management, LDAP/X.509 authentication, etc. are yet to come.

The full documentation for the Operator can be found here

kubectl apply -f https://raw.githubusercontent.com/mongodb/mongodb-atlas-kubernetes/main/deploy/all-in-one.yaml

1. Create an Atlas API Key Secret In order to work with the Atlas Operator you need to provide authentication information to allow the Atlas Operator to communicate with Atlas API. Once you have generated a Public and Private key in Atlas, you can create a Kuberentes Secret with:

kubectl create secret generic mongodb-atlas-operator-api-key \
         --from-literal="orgId=<the_atlas_organization_id>" \
         --from-literal="publicApiKey=<the_atlas_api_public_key>" \
         --from-literal="privateApiKey=<the_atlas_api_private_key>" \
         -n mongodb-atlas-system

2. Create an AtlasProject Custom Resource

The AtlasProject CustomResource represents Atlas Projects in our Kubernetes cluster. You need to specify projectIpAccessList with the IP addresses or CIDR blocks of any hosts that will connect to the Atlas Cluster.

cat <<EOF | kubectl apply -f -
apiVersion: atlas.mongodb.com/v1
kind: AtlasProject
metadata:
  name: my-project
spec:
  name: Test Atlas Operator Project
  projectIpAccessList:
    - ipAddress: "192.0.2.15"
      comment: "IP address for Application Server A"
    - ipAddress: "203.0.113.0/24"
      comment: "CIDR block for Application Server B - D"
EOF

3. Create an AtlasCluster Custom Resource. The example below is a minimal configuration to create an M10 Atlas cluster in the AWS US East region. For a full list of properties, check atlasclusters.atlas.mongodb.com CRD specification):

cat <<EOF | kubectl apply -f -
apiVersion: atlas.mongodb.com/v1
kind: AtlasCluster
metadata:
  name: my-atlas-cluster
spec:
  name: "Test-cluster"
  projectRef:
    name: my-project
  providerSettings:
    instanceSizeName: M10
    providerName: AWS
    regionName: US_EAST_1
EOF

4. Create a database user password Kubernetes Secret

kubectl create secret generic the-user-password --from-literal="password=P@@sword%"

5. Create an AtlasDatabaseUser Custom Resource

In order to connect to an Atlas Cluster the database user needs to be created. AtlasDatabaseUser resource should reference the password Kubernetes Secret created in the previous step.

cat <<EOF | kubectl apply -f -
apiVersion: atlas.mongodb.com/v1
kind: AtlasDatabaseUser
metadata:
  name: my-database-user
spec:
  roles:
    - roleName: "readWriteAnyDatabase"
      databaseName: "admin"
  projectRef:
    name: my-project
  username: theuser
  passwordSecretRef:
    name: the-user-password
EOF

6. Wait for the AtlasDatabaseUser Custom Resource to be ready

Wait until the AtlasDatabaseUser resource gets to "ready" status (it will wait until the cluster is created that may take around 10 minutes):

kubectl get atlasdatabaseusers my-database-user -o=jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
True

The Atlas Operator will create a Kubernetes Secret with the information necessary to connect to the Atlas Cluster created in the previous step. An application in the same Kubernetes Cluster can mount and use the Secret:

...
containers:
      - name: test-app
        env:
         - name: "CONNECTION_STRING"
           valueFrom:
             secretKeyRef:
               name: test-atlas-operator-project-test-cluster-theuser
               key: connectionStringStandardSrv