@@ -232,9 +232,9 @@ built-in Azure support.
232232
233233You can configure OIDC for Azure IMDS in the following ways:
234234
235- - By creating a ``Credential`` struct and passing it to the
236- ``SetAuth()`` method when creating a client
237- - By setting parameters in your connection string
235+ - Create a ``Credential`` struct and pass it to the
236+ ``SetAuth()`` method when you create a client
237+ - Set parameters in your connection string
238238
239239.. include:: /includes/authentication/auth-properties-commas.rst
240240
@@ -321,9 +321,9 @@ support.
321321
322322You can configure OIDC for GCP IMDS in the following ways:
323323
324- - By creating a ``Credential`` struct and passing it to the
325- ``SetAuth()`` method when creating a client
326- - By setting parameters in your connection string
324+ - Create a ``Credential`` struct and pass it to the
325+ ``SetAuth()`` method when you create a client
326+ - Set parameters in your connection string
327327
328328.. include:: /includes/authentication/auth-properties-commas.rst
329329
@@ -478,6 +478,74 @@ callback function that you defined:
478478 :end-before: end-credential-callback
479479 :emphasize-lines: 6
480480
481+ Kubernetes
482+ ~~~~~~~~~~
483+
484+ If your application runs on a Kubernetes cluster with a configured service account,
485+ you can authenticate to MongoDB by using the {+driver-short+}'s built-in Kubernetes
486+ support. To learn more about how to configure a service account, see the
487+ `Managing Service Accounts <https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/>`__
488+ guide in the Kubernetes documentation.
489+
490+ You can configure OIDC for Kubernetes in the following ways:
491+
492+ - Create a ``Credential`` struct and pass it to the
493+ ``SetAuth()`` method when you create a client
494+ - Set parameters in your connection string
495+
496+ .. include:: /includes/authentication/auth-properties-commas.rst
497+
498+ .. tabs::
499+
500+ .. tab:: Credential
501+ :tabid: credential struct
502+
503+ First, create a map to store your authentication
504+ mechanism properties, as shown in the following example:
505+
506+ .. code-block:: go
507+
508+ props := map[string]string{
509+ "ENVIRONMENT": "k8s",
510+ }
511+
512+ Then, set the following ``Credential`` struct fields:
513+
514+ - ``AuthMechanism``: Set to ``"MONGODB-OIDC"``.
515+ - ``AuthMechanismProperties``: Set to the ``props`` map that you
516+ previously created.
517+
518+ The following code example shows how to set these options when creating a
519+ ``Client``:
520+
521+ .. literalinclude:: /includes/authentication/kubernetes.go
522+ :language: go
523+ :dedent:
524+ :copyable: true
525+ :start-after: start-kubernetes
526+ :end-before: end-kubernetes
527+
528+ .. tab:: Connection String
529+ :tabid: connectionstring
530+
531+ Include the following connection options in your connection string:
532+
533+ - ``authMechanism``: Set to ``MONGODB-OIDC``.
534+ - ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``.
535+
536+ The following code example shows how to set these options in your connection string:
537+
538+ .. code-block:: go
539+
540+ uri := "mongodb://<hostname>:<port>/?" +
541+ "&authMechanism=MONGODB-OIDC" +
542+ "&authMechanismProperties=ENVIRONMENT:k8s"
543+
544+ client, err := mongo.Connect(options.Client().ApplyURI(uri))
545+ if err != nil {
546+ panic(err)
547+ }
548+
481549Additional Information
482550----------------------
483551
0 commit comments