Enable Authentication
On this page
The Kubernetes Operator supports X.509, LDAP, and SCRAM user authentication.
Note
For LDAP configuration, see the
spec.security.authentication.agents.automationLdapGroupDN
setting.
You must create an additional CustomResourceDefinition for your MongoDB users and the MongoDB Agent instances. The Kubernetes Operator generates and distributes the certificate.
See the full X.509 certificates configuration examples in the x509 Authentication directory in the Authentication samples directory. This directory also contains sample LDAP and SCRAM configurations.
Example Deployment CRD
1 apiVersion: mongodb.com/v1 2 kind: MongoDB 3 metadata: 4 name: my-tls-enabled-rs 5 spec: 6 type: ReplicaSet 7 members: 3 8 version: "4.0.4-ent" 9 opsManager: 10 configMapRef: 11 name: my-configmap-name 12 credentials: my-credentials 13 security: 14 tls: 15 enabled: true 16 authentication: 17 enabled: true 18 modes: ["X509"] 19 internalCluster: "X509"
Example User CRD
1 apiVersion: mongodb.com/v1 2 kind: MongoDBUser 3 metadata: 4 name: user-with-roles 5 spec: 6 username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US" 7 db: "$external" 8 mongodbResourceRef: 9 name: my-resource 10 roles: 11 - db: "admin" 12 name: "clusterAdmin"