Skip to content

Commit f1acd71

Browse files
authored
DOCSP-48312 Kubernetes Auth Support (#476)
* DOCSP-48312 Kubernetes Auth Support * JS review * fix code block indent * code block * add link to service accounts guide
1 parent 0eca024 commit f1acd71

File tree

2 files changed

+100
-6
lines changed

2 files changed

+100
-6
lines changed

source/fundamentals/enterprise-auth.txt

Lines changed: 74 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -232,9 +232,9 @@ built-in Azure support.
232232

233233
You can configure OIDC for Azure IMDS in the following ways:
234234

235-
- By creating a ``Credential`` struct and passing it to the
236-
``SetAuth()`` method when creating a client
237-
- By setting parameters in your connection string
235+
- Create a ``Credential`` struct and pass it to the
236+
``SetAuth()`` method when you create a client
237+
- Set parameters in your connection string
238238

239239
.. include:: /includes/authentication/auth-properties-commas.rst
240240

@@ -321,9 +321,9 @@ support.
321321

322322
You can configure OIDC for GCP IMDS in the following ways:
323323

324-
- By creating a ``Credential`` struct and passing it to the
325-
``SetAuth()`` method when creating a client
326-
- By setting parameters in your connection string
324+
- Create a ``Credential`` struct and pass it to the
325+
``SetAuth()`` method when you create a client
326+
- Set parameters in your connection string
327327

328328
.. include:: /includes/authentication/auth-properties-commas.rst
329329

@@ -478,6 +478,74 @@ callback function that you defined:
478478
:end-before: end-credential-callback
479479
:emphasize-lines: 6
480480

481+
Kubernetes
482+
~~~~~~~~~~
483+
484+
If your application runs on a Kubernetes cluster with a configured service account,
485+
you can authenticate to MongoDB by using the {+driver-short+}'s built-in Kubernetes
486+
support. To learn more about how to configure a service account, see the
487+
`Managing Service Accounts <https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/>`__
488+
guide in the Kubernetes documentation.
489+
490+
You can configure OIDC for Kubernetes in the following ways:
491+
492+
- Create a ``Credential`` struct and pass it to the
493+
``SetAuth()`` method when you create a client
494+
- Set parameters in your connection string
495+
496+
.. include:: /includes/authentication/auth-properties-commas.rst
497+
498+
.. tabs::
499+
500+
.. tab:: Credential
501+
:tabid: credential struct
502+
503+
First, create a map to store your authentication
504+
mechanism properties, as shown in the following example:
505+
506+
.. code-block:: go
507+
508+
props := map[string]string{
509+
"ENVIRONMENT": "k8s",
510+
}
511+
512+
Then, set the following ``Credential`` struct fields:
513+
514+
- ``AuthMechanism``: Set to ``"MONGODB-OIDC"``.
515+
- ``AuthMechanismProperties``: Set to the ``props`` map that you
516+
previously created.
517+
518+
The following code example shows how to set these options when creating a
519+
``Client``:
520+
521+
.. literalinclude:: /includes/authentication/kubernetes.go
522+
:language: go
523+
:dedent:
524+
:copyable: true
525+
:start-after: start-kubernetes
526+
:end-before: end-kubernetes
527+
528+
.. tab:: Connection String
529+
:tabid: connectionstring
530+
531+
Include the following connection options in your connection string:
532+
533+
- ``authMechanism``: Set to ``MONGODB-OIDC``.
534+
- ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``.
535+
536+
The following code example shows how to set these options in your connection string:
537+
538+
.. code-block:: go
539+
540+
uri := "mongodb://<hostname>:<port>/?" +
541+
"&authMechanism=MONGODB-OIDC" +
542+
"&authMechanismProperties=ENVIRONMENT:k8s"
543+
544+
client, err := mongo.Connect(options.Client().ApplyURI(uri))
545+
if err != nil {
546+
panic(err)
547+
}
548+
481549
Additional Information
482550
----------------------
483551

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
package main
2+
3+
import (
4+
"go.mongodb.org/mongo-driver/v2/mongo"
5+
"go.mongodb.org/mongo-driver/v2/mongo/options"
6+
)
7+
8+
func main() {
9+
// start-kubernetes
10+
uri := "mongodb://<hostname>:<port>"
11+
props := map[string]string{
12+
"ENVIRONMENT": "k8s",
13+
}
14+
opts := options.Client().ApplyURI(uri)
15+
opts.SetAuth(
16+
options.Credential{
17+
AuthMechanism: "MONGODB-OIDC",
18+
AuthMechanismProperties: props,
19+
},
20+
)
21+
client, err := mongo.Connect(opts)
22+
if err != nil {
23+
panic(err)
24+
}
25+
// end-kubernetes
26+
}

0 commit comments

Comments
 (0)