@@ -232,9 +232,9 @@ built-in Azure support.
232
232
233
233
You can configure OIDC for Azure IMDS in the following ways:
234
234
235
- - By creating a ``Credential`` struct and passing it to the
236
- ``SetAuth()`` method when creating a client
237
- - By setting parameters in your connection string
235
+ - Create a ``Credential`` struct and pass it to the
236
+ ``SetAuth()`` method when you create a client
237
+ - Set parameters in your connection string
238
238
239
239
.. include:: /includes/authentication/auth-properties-commas.rst
240
240
@@ -321,9 +321,9 @@ support.
321
321
322
322
You can configure OIDC for GCP IMDS in the following ways:
323
323
324
- - By creating a ``Credential`` struct and passing it to the
325
- ``SetAuth()`` method when creating a client
326
- - By setting parameters in your connection string
324
+ - Create a ``Credential`` struct and pass it to the
325
+ ``SetAuth()`` method when you create a client
326
+ - Set parameters in your connection string
327
327
328
328
.. include:: /includes/authentication/auth-properties-commas.rst
329
329
@@ -478,6 +478,74 @@ callback function that you defined:
478
478
:end-before: end-credential-callback
479
479
:emphasize-lines: 6
480
480
481
+ Kubernetes
482
+ ~~~~~~~~~~
483
+
484
+ If your application runs on a Kubernetes cluster with a configured service account,
485
+ you can authenticate to MongoDB by using the {+driver-short+}'s built-in Kubernetes
486
+ support. To learn more about how to configure a service account, see the
487
+ `Managing Service Accounts <https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/>`__
488
+ guide in the Kubernetes documentation.
489
+
490
+ You can configure OIDC for Kubernetes in the following ways:
491
+
492
+ - Create a ``Credential`` struct and pass it to the
493
+ ``SetAuth()`` method when you create a client
494
+ - Set parameters in your connection string
495
+
496
+ .. include:: /includes/authentication/auth-properties-commas.rst
497
+
498
+ .. tabs::
499
+
500
+ .. tab:: Credential
501
+ :tabid: credential struct
502
+
503
+ First, create a map to store your authentication
504
+ mechanism properties, as shown in the following example:
505
+
506
+ .. code-block:: go
507
+
508
+ props := map[string]string{
509
+ "ENVIRONMENT": "k8s",
510
+ }
511
+
512
+ Then, set the following ``Credential`` struct fields:
513
+
514
+ - ``AuthMechanism``: Set to ``"MONGODB-OIDC"``.
515
+ - ``AuthMechanismProperties``: Set to the ``props`` map that you
516
+ previously created.
517
+
518
+ The following code example shows how to set these options when creating a
519
+ ``Client``:
520
+
521
+ .. literalinclude:: /includes/authentication/kubernetes.go
522
+ :language: go
523
+ :dedent:
524
+ :copyable: true
525
+ :start-after: start-kubernetes
526
+ :end-before: end-kubernetes
527
+
528
+ .. tab:: Connection String
529
+ :tabid: connectionstring
530
+
531
+ Include the following connection options in your connection string:
532
+
533
+ - ``authMechanism``: Set to ``MONGODB-OIDC``.
534
+ - ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``.
535
+
536
+ The following code example shows how to set these options in your connection string:
537
+
538
+ .. code-block:: go
539
+
540
+ uri := "mongodb://<hostname>:<port>/?" +
541
+ "&authMechanism=MONGODB-OIDC" +
542
+ "&authMechanismProperties=ENVIRONMENT:k8s"
543
+
544
+ client, err := mongo.Connect(options.Client().ApplyURI(uri))
545
+ if err != nil {
546
+ panic(err)
547
+ }
548
+
481
549
Additional Information
482
550
----------------------
483
551
0 commit comments