Closed sunib closed 1 year ago
Hi @sunib. By default, the user has access to all deployments in the project. You can define user access to some deployments by adding a scope section. For example:
spec:
passwordSecretRef:
name: atlas-user-password2
projectRef:
name: my-project
namespace: default
roles:
- databaseName: some-database
roleName: readWrite
scopes:
- name: some-instance
type: CLUSTER
username: user2
Also, you can create separate projects for customers.
Thanks! I tried it and it actually works as I expected.
What did you do to encounter the bug?
We are building a cloud solution where we want to give every customer it's own dedicated environment to prevent data leakage and performance influence. Kubernetes is used for this and we give every customer it's own namespace.
Inside this customer namespace, we create an AtlasDeployment and AtlasDatabaseUser.
This all creates the database, and even the connectionstring secret. But it also seems to itterate all the users from other namespaces. So what happens is that I also get the connectionstrings for other users in my namespace.
What did you expect?
I only expect the connectionstring in the namespace where the AtlasDeployment is created.
What happened instead?
It's now duplicated in all namespaces.
Customer 1:
atlas-deployment
).atlas-deployment
, should not matter that it's not unique?).Operator Information
https://mongodb.github.io/helm-charts mongodb-atlas-operator 1.5.0
No value overrides.
Kubernetes Cluster Information AKS 1.24.3